Repository: incubator-sentry Updated Branches: refs/heads/master f7f40b944 -> 630be6b5f
SENTRY-454: Hive metadata changes syncup with Sentry store should not run in error cases ( Prasad Mujumdar via Sravya Tirukkovalur) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/630be6b5 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/630be6b5 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/630be6b5 Branch: refs/heads/master Commit: 630be6b5fbf5e441a72af3008b2a31266cf5ccac Parents: f7f40b9 Author: Sravya Tirukkovalur <[email protected]> Authored: Fri Sep 19 16:13:01 2014 -0700 Committer: Sravya Tirukkovalur <[email protected]> Committed: Fri Sep 19 16:13:01 2014 -0700 ---------------------------------------------------------------------- .../SentryMetastorePostEventListener.java | 22 +++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/630be6b5/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java index 0500483..38bf8b2 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java @@ -32,7 +32,6 @@ import org.apache.hadoop.hive.metastore.events.DropDatabaseEvent; import org.apache.hadoop.hive.metastore.events.DropTableEvent; import org.apache.hadoop.security.UserGroupInformation; import org.apache.sentry.SentryUserException; -import org.apache.sentry.binding.hive.HiveAuthzBindingHook; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars; import org.apache.sentry.core.common.Authorizable; @@ -62,6 +61,10 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener { if (!syncWithPolicyStore(AuthzConfVars.AUTHZ_SYNC_CREATE_WITH_POLICY_STORE)) { return; } + // don't sync privileges if the operation has failed + if (!tableEvent.getStatus()) { + return; + } dropSentryTablePrivilege(tableEvent.getTable().getDbName(), tableEvent.getTable().getTableName()); } @@ -72,6 +75,10 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener { if (!syncWithPolicyStore(AuthzConfVars.AUTHZ_SYNC_DROP_WITH_POLICY_STORE)) { return; } + // don't sync privileges if the operation has failed + if (!tableEvent.getStatus()) { + return; + } dropSentryTablePrivilege(tableEvent.getTable().getDbName(), tableEvent.getTable().getTableName()); } @@ -84,6 +91,10 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener { if (!syncWithPolicyStore(AuthzConfVars.AUTHZ_SYNC_CREATE_WITH_POLICY_STORE)) { return; } + // don't sync privileges if the operation has failed + if (!dbEvent.getStatus()) { + return; + } dropSentryDbPrivileges(dbEvent.getDatabase().getName()); } @@ -97,6 +108,10 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener { if (!syncWithPolicyStore(AuthzConfVars.AUTHZ_SYNC_DROP_WITH_POLICY_STORE)) { return; } + // don't sync privileges if the operation has failed + if (!dbEvent.getStatus()) { + return; + } dropSentryDbPrivileges(dbEvent.getDatabase().getName()); } @@ -109,6 +124,11 @@ public class SentryMetastorePostEventListener extends MetaStoreEventListener { if (!syncWithPolicyStore(AuthzConfVars.AUTHZ_SYNC_ALTER_WITH_POLICY_STORE)) { return; } + // don't sync privileges if the operation has failed + if (!tableEvent.getStatus()) { + return; + } + if (tableEvent.getOldTable() != null) { oldTableName = tableEvent.getOldTable().getTableName(); }
