[jira] [Commented] (HIVE-21833) Ranger Authorization in Hive based on object ownership

Hive QA (JIRA) Mon, 10 Jun 2019 17:30:36 -0700


    [ 
https://issues.apache.org/jira/browse/HIVE-21833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16860429#comment-16860429
 ]


Hive QA commented on HIVE-21833:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12971394/HIVE-21833.4.patch

{color:red}ERROR:{color} -1 due to build exiting with an error

Test results: 
https://builds.apache.org/job/PreCommit-HIVE-Build/17514/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/17514/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-17514/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Tests exited with: NonZeroExitCodeException
Command 'bash /data/hiveptest/working/scratch/source-prep.sh' failed with exit 
status 1 and output '+ date '+%Y-%m-%d %T.%3N'
2019-06-11 00:23:14.512
+ [[ -n /usr/lib/jvm/java-8-openjdk-amd64 ]]
+ export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
+ JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
+ export 
PATH=/usr/lib/jvm/java-8-openjdk-amd64/bin/:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+ 
PATH=/usr/lib/jvm/java-8-openjdk-amd64/bin/:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+ export 'ANT_OPTS=-Xmx1g -XX:MaxPermSize=256m '
+ ANT_OPTS='-Xmx1g -XX:MaxPermSize=256m '
+ export 'MAVEN_OPTS=-Xmx1g '
+ MAVEN_OPTS='-Xmx1g '
+ cd /data/hiveptest/working/
+ tee /data/hiveptest/logs/PreCommit-HIVE-Build-17514/source-prep.txt
+ [[ false == \t\r\u\e ]]
+ mkdir -p maven ivy
+ [[ git = \s\v\n ]]
+ [[ git = \g\i\t ]]
+ [[ -z master ]]
+ [[ -d apache-github-source-source ]]
+ [[ ! -d apache-github-source-source/.git ]]
+ [[ ! -d apache-github-source-source ]]
+ date '+%Y-%m-%d %T.%3N'
2019-06-11 00:23:14.516
+ cd apache-github-source-source
+ git fetch origin
+ git reset --hard HEAD
HEAD is now at 9c00ee0 HIVE-21844 : HMS schema Upgrade Script is failing with 
NPE. (Mahesh Kumar Behera reviewed by  Sankar Hariappan)
+ git clean -f -d
Removing standalone-metastore/metastore-server/src/gen/
+ git checkout master
Already on 'master'
Your branch is up-to-date with 'origin/master'.
+ git reset --hard origin/master
HEAD is now at 9c00ee0 HIVE-21844 : HMS schema Upgrade Script is failing with 
NPE. (Mahesh Kumar Behera reviewed by  Sankar Hariappan)
+ git merge --ff-only origin/master
Already up-to-date.
+ date '+%Y-%m-%d %T.%3N'
2019-06-11 00:23:15.784
+ rm -rf ../yetus_PreCommit-HIVE-Build-17514
+ mkdir ../yetus_PreCommit-HIVE-Build-17514
+ git gc
+ cp -R . ../yetus_PreCommit-HIVE-Build-17514
+ mkdir /data/hiveptest/logs/PreCommit-HIVE-Build-17514/yetus
+ patchCommandPath=/data/hiveptest/working/scratch/smart-apply-patch.sh
+ patchFilePath=/data/hiveptest/working/scratch/build.patch
+ [[ -f /data/hiveptest/working/scratch/build.patch ]]
+ chmod +x /data/hiveptest/working/scratch/smart-apply-patch.sh
+ /data/hiveptest/working/scratch/smart-apply-patch.sh 
/data/hiveptest/working/scratch/build.patch
fatal: git apply: bad git-diff - inconsistent old filename on line 830
error: 
ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java:
 does not exist in index
error: 
ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHivePrivilegeObjectOwnerNameAndType.java:
 does not exist in index
error: src/java/org/apache/hadoop/hive/ql/Driver.java: does not exist in index
error: 
src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java:
 does not exist in index
error: src/java/org/apache/hadoop/hive/ql/Driver.java: does not exist in index
error: 
src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java:
 does not exist in index
error: 
src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java:
 does not exist in index
error: 
metastore-server/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java:
 does not exist in index
error: 
hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java:
 does not exist in index
error: 
src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java:
 does not exist in index
error: 
hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java:
 does not exist in index
error: 
src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java:
 does not exist in index
error: 
src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHivePrivilegeObjectOwnerNameAndType.java:
 does not exist in index
The patch does not appear to apply with p0, p1, or p2
+ result=1
+ '[' 1 -ne 0 ']'
+ rm -rf yetus_PreCommit-HIVE-Build-17514
+ exit 1
'
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12971394 - PreCommit-HIVE-Build

> Ranger Authorization in Hive based on object ownership
> ------------------------------------------------------
>
>                 Key: HIVE-21833
>                 URL: https://issues.apache.org/jira/browse/HIVE-21833
>             Project: Hive
>          Issue Type: New Feature
>          Components: HiveServer2
>            Reporter: Sam An
>            Assignee: Sam An
>            Priority: Major
>         Attachments: HIVE-21833.1.patch, HIVE-21833.2.patch, 
> HIVE-21833.3.patch, HIVE-21833.4.patch
>
>
> Background: Currently Hive Authorizer for Ranger does not provide owner 
> information for Hive objects as part of AuthZ calls. This has resulted in 
> gaps with respect to Sentry AuthZ and customers/partners cannot leverage 
> privileges for owners in their authorization model.
>  
> User Story: As an enterprise security admin, I need to be able to set 
> privileges based on Hive object ownership for setting up access controls in 
> Ranger so that I can provide appropriate protections and permissions for my 
> enterprise users.
>  
> Acceptance criteria:
> 1) Owner information is available in Hive -Ranger AuthZ calls 
> 2) Ranger admin users can use owner information to set policies based on 
> object ownership in Ranger UI and APIs
> 3) OWNER Macro based policies continue to work for Hive objects



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (HIVE-21833) Ranger Authorization in Hive based on object ownership

Reply via email to