sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s..@apache.org
Subject [1/2] sentry git commit: SENTRY-1272: Enable ALTERVIEW_RENAME and ALTERVIEW_AS operation in hive binding (Ke Jia via Dapeng Sun)
Date Wed, 01 Jun 2016 02:25:12 GMT
Repository: sentry
Updated Branches:
  refs/heads/master ee15429a5 -> 8f453adfc


SENTRY-1272: Enable ALTERVIEW_RENAME and ALTERVIEW_AS operation in hive binding (Ke Jia via
Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/bc292909
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/bc292909
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/bc292909

Branch: refs/heads/master
Commit: bc2929096a607dbea90be3e82a833a969f7aa432
Parents: ee15429
Author: Sun Dapeng <sdp@apache.org>
Authored: Wed Jun 1 10:11:43 2016 +0800
Committer: Sun Dapeng <sdp@apache.org>
Committed: Wed Jun 1 10:11:43 2016 +0800

----------------------------------------------------------------------
 .../binding/hive/HiveAuthzBindingHook.java      |  1 +
 .../hive/authz/HiveAuthzPrivilegesMap.java      |  3 +
 .../tests/e2e/hive/TestOperationsPart1.java     | 80 ++++++++++++++++++++
 3 files changed, 84 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/bc292909/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
index ac8265f..a13ab79 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
@@ -142,6 +142,7 @@ public class HiveAuthzBindingHook extends HiveAuthzBindingHookBase {
       case HiveParser.TOK_ALTERVIEW_DROPPARTS:
       case HiveParser.TOK_ALTERVIEW_PROPERTIES:
       case HiveParser.TOK_ALTERVIEW_RENAME:
+      case HiveParser.TOK_ALTERVIEW:
       case HiveParser.TOK_CREATEINDEX:
       case HiveParser.TOK_DROPINDEX:
       case HiveParser.TOK_LOCKTABLE:

http://git-wip-us.apache.org/repos/asf/sentry/blob/bc292909/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index bc158ff..8e597a5 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -234,6 +234,9 @@ public class HiveAuthzPrivilegesMap {
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERPARTITION_MERGEFILES, alterTablePrivilege);
 
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERVIEW_PROPERTIES, alterTablePrivilege);
+    hiveAuthzStmtPrivMap.put(HiveOperation.ALTERVIEW_AS, createViewPrivilege);
+    hiveAuthzStmtPrivMap.put(HiveOperation.ALTERVIEW_RENAME, alterTableRenamePrivilege);
+
 
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_DROPPARTS, dropPartitionPrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ADDPARTS, addPartitionPrivilege);

http://git-wip-us.apache.org/repos/asf/sentry/blob/bc292909/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
index 0522ba0..e9bdaeb 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java
@@ -66,6 +66,8 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration
{
     privileges.put("drop_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=drop");
     privileges.put("insert_db2_tb2", "server=server1->db=" + DB2 + "->table=tb2->action=insert");
     privileges.put("select_db1_view1", "server=server1->db=" + DB1 + "->table=view1->action=select");
+    privileges.put("alter_db1_view1", "server=server1->db=" + DB1 + "->table=view1->action=alter");
+    privileges.put("select_db1_tb2", "server=server1->db=" + DB1 + "->table=tb2->action=select");
 
   }
 
@@ -462,6 +464,84 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration
{
     connection.close();
   }
 
+  @Test
+  public void testAlterRenameView() throws Exception {
+    adminCreate(DB1, tableName, true);
+
+    Connection connection;
+    Statement statement;
+    //Setup
+    connection = context.createConnection(ADMIN1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+    statement.execute("CREATE VIEW view1 AS SELECT * FROM tb1");
+
+    policyFile
+        .addPermissionsToRole("alter_db1_view1", privileges.get("alter_db1_view1"))
+        .addPermissionsToRole("create_db1", privileges.get("create_db1"))
+        .addRolesToGroup(USERGROUP1, "create_db1", "alter_db1_view1")
+        .addPermissionsToRole("select_db1_view1", privileges.get("select_db1_view1"))
+        .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1"))
+        .addRolesToGroup(USERGROUP2, "select_db1_tb1", "create_db1", "select_db1_view1");
+    writePolicyFile(policyFile);
+
+    //positive test cases
+    connection = context.createConnection(USER1_1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+    statement.execute("ALTER VIEW view1 RENAME TO view2");
+    statement.close();
+    connection.close();
+
+    //negative test cases
+    connection = context.createConnection(USER2_1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+    statement.execute("CREATE VIEW view1 AS SELECT * FROM tb1");
+    context.assertSentrySemanticException(statement, "ALTER VIEW view1 RENAME TO view2",
+        semanticException);
+    statement.close();
+    connection.close();
+  }
+
+  @Test
+  public void testAlterViewAs() throws Exception {
+    adminCreate(DB1, tableName, true);
+
+    Connection connection;
+    Statement statement;
+    //Setup
+    connection = context.createConnection(ADMIN1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+    statement.execute("CREATE TABLE tb2 (foo int)");
+    statement.execute("CREATE VIEW view1 AS SELECT * FROM tb1");
+
+    policyFile
+        .addPermissionsToRole("select_db1_tb2", privileges.get("select_db1_tb2")).addPermissionsToRole("alter_db1_view1",
privileges.get("alter_db1_view1"))
+        .addPermissionsToRole("create_db1", privileges.get("create_db1"))
+        .addRolesToGroup(USERGROUP1, "select_db1_tb2", "alter_db1_view1", "create_db1")
+        .addPermissionsToRole("select_db1_view1", privileges.get("select_db1_view1"))
+        .addRolesToGroup(USERGROUP2, "create_db1", "select_db1_view1");
+    writePolicyFile(policyFile);
+
+    //positive test cases
+    connection = context.createConnection(USER1_1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+    statement.execute("ALTER VIEW view1 AS SELECT * FROM tb2");
+    statement.close();
+    connection.close();
+
+    //negative test cases
+    connection = context.createConnection(USER2_1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+    context.assertSentrySemanticException(statement, "ALTER VIEW view1 AS SELECT * FROM tb2",
+        semanticException);
+    statement.close();
+    connection.close();
+  }
   /* Test all operations that require alter on table
   1. HiveOperation.ALTERTABLE_PROPERTIES
   2. HiveOperation.ALTERTABLE_SERDEPROPERTIES


Mime
View raw message