This is an automated email from the ASF dual-hosted git repository. daijy pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push: new 85eeadb HIVE-21829: HiveMetaStore authorization issue with AlterTable and DropTable events (Ramesh Mani, reviewed by Daniel Dai) 85eeadb is described below commit 85eeadb49c2be2209206150bc959bd693ad7ed94 Author: Daniel Dai <dai...@gmail.com> AuthorDate: Tue Jun 4 11:01:21 2019 -0700 HIVE-21829: HiveMetaStore authorization issue with AlterTable and DropTable events (Ramesh Mani, reviewed by Daniel Dai) --- .../plugin/metastore/HiveMetaStoreAuthorizer.java | 4 ++-- .../metastore/TestHiveMetaStoreAuthorizer.java | 26 +++++++++++++++++++--- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java index 50c7fc6..434d1c9 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java @@ -145,13 +145,13 @@ public class HiveMetaStoreAuthorizer extends MetaStorePreEventListener { } break; case ALTER_TABLE: - authzEvent = new CreateTableEvent(preEventContext); + authzEvent = new AlterTableEvent(preEventContext); if (isViewOperation(preEventContext) && (!isSuperUser(getCurrentUser(authzEvent)))) { throw new MetaException(getErrorMessage("ALTER_VIEW", getCurrentUser(authzEvent))); } break; case DROP_TABLE: - authzEvent = new CreateTableEvent(preEventContext); + authzEvent = new DropTableEvent(preEventContext); if (isViewOperation(preEventContext) && (!isSuperUser(getCurrentUser(authzEvent)))) { throw new MetaException(getErrorMessage("DROP_VIEW", getCurrentUser(authzEvent))); } diff --git a/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java b/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java index 9bbc70e..b9c0dcc 100644 --- a/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java +++ b/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java @@ -235,7 +235,27 @@ public class TestHiveMetaStoreAuthorizer { } @Test - public void testJ_DropTable_authorizedUser() throws Exception { + public void testJ_AlterTable_AuthorizedUser() throws Exception { + UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser)); + try { + Table table = new TableBuilder() + .setTableName(tblName) + .addCol("name", ColumnType.STRING_TYPE_NAME) + .setOwner(authorizedUser) + .build(conf); + hmsHandler.create_table(table); + + Table alteredTable = new TableBuilder() + .addCol("dep", ColumnType.STRING_TYPE_NAME) + .build(conf); + hmsHandler.alter_table("default",tblName,alteredTable); + } catch (Exception e) { + // No Exception for create table for authorized user + } + } + + @Test + public void testK_DropTable_authorizedUser() throws Exception { UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser)); try { hmsHandler.drop_table(dbName,tblName,true); @@ -245,7 +265,7 @@ public class TestHiveMetaStoreAuthorizer { } @Test - public void testK_DropDatabase_authorizedUser() throws Exception { + public void testL_DropDatabase_authorizedUser() throws Exception { UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser)); try { hmsHandler.drop_database(dbName,true,true); @@ -255,7 +275,7 @@ public class TestHiveMetaStoreAuthorizer { } @Test - public void testL_DropCatalog_SuperUser() throws Exception { + public void testM_DropCatalog_SuperUser() throws Exception { UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(superUser)); try { hmsHandler.drop_catalog(new DropCatalogRequest(catalogName));