Return-Path: X-Original-To: apmail-hive-dev-archive@www.apache.org Delivered-To: apmail-hive-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 591421059C for ; Fri, 30 May 2014 19:18:04 +0000 (UTC) Received: (qmail 88952 invoked by uid 500); 30 May 2014 19:18:04 -0000 Delivered-To: apmail-hive-dev-archive@hive.apache.org Received: (qmail 88885 invoked by uid 500); 30 May 2014 19:18:04 -0000 Mailing-List: contact dev-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list dev@hive.apache.org Received: (qmail 88874 invoked by uid 99); 30 May 2014 19:18:04 -0000 Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 30 May 2014 19:18:04 +0000 Received: from reviews.apache.org (localhost [127.0.0.1]) by reviews.apache.org (Postfix) with ESMTP id A72EB1D995F; Fri, 30 May 2014 19:17:55 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============1924863603532829056==" MIME-Version: 1.0 Subject: Re: Review Request 22016: HIVE-7119 Extended ACL's should be inherited if warehouse perm inheritance enabled From: "Szehon Ho" To: "Szehon Ho" , "Xuefu Zhang" , "hive" , "Ashish Singh" Date: Fri, 30 May 2014 19:17:55 -0000 Message-ID: <20140530191755.12586.58026@reviews.apache.org> X-ReviewBoard-URL: https://reviews.apache.org Auto-Submitted: auto-generated Sender: "Szehon Ho" X-ReviewGroup: hive X-ReviewRequest-URL: https://reviews.apache.org/r/22016/ X-Sender: "Szehon Ho" References: <20140529224947.12586.57784@reviews.apache.org> In-Reply-To: <20140529224947.12586.57784@reviews.apache.org> Reply-To: "Szehon Ho" X-ReviewRequest-Repository: hive-git --===============1924863603532829056== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/22016/ ----------------------------------------------------------- (Updated May 30, 2014, 7:17 p.m.) Review request for hive. Changes ------- Missed license headers, thanks Xuefu for the catch Bugs: HIVE-7119 https://issues.apache.org/jira/browse/HIVE-7119 Repository: hive-git Description ------- This completes the permission inheritance story, by also inheriting the new concept of extended ACL's in HDFS from parent. This is a bit tricky because only Hadoop 2.4 has extended ACL's. My strategy is to use the HadoopShims, and only in Hadoop23Shims to have code dealing with extended ACL's, and then only if the flag "dfs.namenode.acls.enabled" is true. It was also tricky as the main Hive code cannot refer to the HDFS ACL classes (aclStatus and aclEntry). So made some wrapper API in the shims called 'hdfsFileStatus' that encompasses both normal file status , and Aclstatus if acl's are enabled. Diffs (updated) ----- common/src/java/org/apache/hadoop/hive/common/FileUtils.java ee61350 itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/FolderPermissionBase.java PRE-CREATION itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestExtendedAcls.java PRE-CREATION itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestFolderPermissions.java 4f566d2 ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java 3417474 shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 7aae689 shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java bcb2660 shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java 176f9ae shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java c27df64 shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java 02260ce Diff: https://reviews.apache.org/r/22016/diff/ Testing ------- For testing, refactored TestFolderPermission into a base + two tests (TestFolderPermission to test traditional permission without acl's, and TestExtendedAcl's to test acls). Thanks, Szehon Ho --===============1924863603532829056==--