sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s..@apache.org
Subject sentry git commit: SENTRY-1351: Enable alter table operation without outputs in V2 (Ke Jia via Dapeng Sun)
Date Thu, 14 Jul 2016 01:52:36 GMT
Repository: sentry
Updated Branches:
  refs/heads/master 8256776bc -> a381e5bcd


SENTRY-1351: Enable alter table operation without outputs in V2 (Ke Jia via Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a381e5bc
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a381e5bc
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a381e5bc

Branch: refs/heads/master
Commit: a381e5bcd94ceefc58d3b6e48d232618119fb927
Parents: 8256776
Author: Sun Dapeng <sdp@apache.org>
Authored: Thu Jul 14 09:47:55 2016 +0800
Committer: Sun Dapeng <sdp@apache.org>
Committed: Thu Jul 14 09:47:55 2016 +0800

----------------------------------------------------------------------
 .../hive/v2/HiveAuthzPrivilegesMapV2.java       |  9 +++
 .../sentry/tests/e2e/hive/TestOperations.java   | 76 ++++++++++++++++++++
 2 files changed, 85 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/a381e5bc/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
index 93bdf4b..f8f11ef 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
@@ -100,6 +100,12 @@ public class HiveAuthzPrivilegesMapV2 {
         setOperationType(HiveOperationType.DDL).
         build();
 
+    HiveAuthzPrivileges alterPartPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
+        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALTER)).
+        setOperationScope(HiveOperationScope.TABLE).
+        setOperationType(HiveOperationType.INFO).
+        build();
+
     /* Currently Hive treats select/insert/analyze as Query
      * select = select on table
      * insert = insert on table /all on uri
@@ -219,6 +225,9 @@ public class HiveAuthzPrivilegesMapV2 {
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_RENAMECOL, alterTablePrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ADDCOLS, alterTablePrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_REPLACECOLS, alterTablePrivilege);
+    hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_PARTCOLTYPE, alterPartPrivilege);
+    hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_BUCKETNUM, alterPartPrivilege);
+    hiveAuthzStmtPrivMap.put(HiveOperation.ALTERPARTITION_BUCKETNUM, alterPartPrivilege);
 
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_RENAMEPART, alterTablePrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.ALTERTABLE_ARCHIVE, alterTablePrivilege);

http://git-wip-us.apache.org/repos/asf/sentry/blob/a381e5bc/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
index b8d80f1..5bda2e7 100644
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
@@ -483,6 +483,82 @@ public class TestOperations extends AbstractTestWithStaticConfiguration
{
     connection.close();
   }
 
+  @Test
+  public void testAlterTableBucket() throws Exception {
+    adminCreate(DB1, tableName, true);
+
+    Connection connection;
+    Statement statement;
+
+    connection = context.createConnection(ADMIN1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+    statement.execute("ALTER TABLE tb1 CLUSTERED BY (a) SORTED BY (a) INTO 1 BUCKETS");
+    statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '1') ");
+
+    policyFile.addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
+        .addRolesToGroup(USERGROUP1, "alter_db1_tb1")
+        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
+        .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
+    writePolicyFile(policyFile);
+
+    //positive test cases
+    connection = context.createConnection(USER1_1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+    statement.execute("ALTER TABLE tb1 INTO 6 BUCKETS");
+    statement.execute("ALTER TABLE tb1 PARTITION (b = '1') INTO 6 BUCKETS");
+
+    statement.close();
+    connection.close();
+
+    //negative test cases
+    connection = context.createConnection(USER2_1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+    context.assertSentrySemanticException(statement, "ALTER TABLE tb1 INTO 6 BUCKETS",
+        semanticException);
+    context.assertSentrySemanticException(statement, "ALTER TABLE tb1 PARTITION (b = '1')
INTO 6 BUCKETS", semanticException);
+
+    statement.close();
+    connection.close();
+  }
+
+  @Test
+  public void AlterTablePartColType() throws Exception {
+    adminCreate(DB1, tableName, true);
+
+    Connection connection;
+    Statement statement;
+
+    policyFile
+        .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
+        .addRolesToGroup(USERGROUP1, "alter_db1_tb1")
+        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
+        .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
+    writePolicyFile(policyFile);
+
+    //Positive cases
+    connection = context.createConnection(USER1_1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+    statement.execute("ALTER TABLE tb1 PARTITION COLUMN (b string)");
+
+    statement.close();
+    connection.close();
+
+    //Negative test cases
+    connection = context.createConnection(USER2_1);
+    statement = context.createStatement(connection);
+    statement.execute("Use " + DB1);
+
+    assertSemanticException(statement, "ALTER TABLE tb1 PARTITION COLUMN (b string)");
+
+    statement.close();
+    connection.close();
+
+  }
+
   /* Test all operations that require alter on table
   1. HiveOperation.ALTERTABLE_PROPERTIES
   2. HiveOperation.ALTERTABLE_SERDEPROPERTIES


Mime
View raw message