[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[ https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13909304#comment-13909304 ] Thejas M Nair commented on HIVE-6203: - [~navis] I have uploaded a patch to HIVE-5954 that updates get_privilege_set to indirect privileges through roles. Can you please review that one ? We won't need an additional thrift API with that patch. Privileges of role granted indrectily to user is not applied Key: HIVE-6203 URL: https://issues.apache.org/jira/browse/HIVE-6203 Project: Hive Issue Type: Bug Components: Authorization Reporter: Navis Assignee: Navis Attachments: HIVE-6203.1.patch.txt, HIVE-6203.2.patch.txt, HIVE-6203.3.patch.txt, HIVE-6203.4.patch.txt For example, {noformat} create role r1; create role r2; grant select on table eq to role r1; grant role r1 to role r2; grant role r2 to user admin; select * from eq limit 5; {noformat} admin - r2 - r1 - SEL on table eq but user admin fails to access table eq -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[ https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13903069#comment-13903069 ] Hive QA commented on HIVE-6203: --- {color:red}Overall{color}: -1 no tests executed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12629297/HIVE-6203.3.patch.txt Test results: http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1355/testReport Console output: http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1355/console Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Tests exited with: NonZeroExitCodeException Command 'bash /data/hive-ptest/working/scratch/source-prep.sh' failed with exit status 1 and output '+ [[ -n '' ]] + export 'ANT_OPTS=-Xmx1g -XX:MaxPermSize=256m ' + ANT_OPTS='-Xmx1g -XX:MaxPermSize=256m ' + export 'M2_OPTS=-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128' + M2_OPTS='-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128' + cd /data/hive-ptest/working/ + tee /data/hive-ptest/logs/PreCommit-HIVE-Build-1355/source-prep.txt + [[ false == \t\r\u\e ]] + mkdir -p maven ivy + [[ svn = \s\v\n ]] + [[ -n '' ]] + [[ -d apache-svn-trunk-source ]] + [[ ! -d apache-svn-trunk-source/.svn ]] + [[ ! -d apache-svn-trunk-source ]] + cd apache-svn-trunk-source + svn revert -R . ++ egrep -v '^X|^Performing status on external' ++ awk '{print $2}' ++ svn status --no-ignore + rm -rf target datanucleus.log ant/target shims/target shims/0.20/target shims/0.20S/target shims/0.23/target shims/aggregator/target shims/common/target shims/common-secure/target packaging/target hbase-handler/target testutils/target jdbc/target metastore/target itests/target itests/hcatalog-unit/target itests/test-serde/target itests/qtest/target itests/hive-unit/target itests/custom-serde/target itests/util/target hcatalog/target hcatalog/storage-handlers/hbase/target hcatalog/server-extensions/target hcatalog/core/target hcatalog/webhcat/svr/target hcatalog/webhcat/java-client/target hcatalog/hcatalog-pig-adapter/target hwi/target common/target common/src/gen service/target contrib/target serde/target beeline/target odbc/target cli/target ql/dependency-reduced-pom.xml ql/target + svn update Aql/src/test/queries/clientpositive/vector_coalesce.q Aql/src/test/results/clientpositive/vector_coalesce.q.out Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/BytesColumnVector.java Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/DecimalColumnVector.java Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/LongColumnVector.java Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/VectorizationContext.java Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/DoubleColumnVector.java A ql/src/java/org/apache/hadoop/hive/ql/exec/vector/expressions/VectorCoalesce.java Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/ColumnVector.java Uql/src/java/org/apache/hadoop/hive/ql/optimizer/physical/Vectorizer.java Fetching external item into 'hcatalog/src/test/e2e/harness' Updated external to revision 1568905. Updated to revision 1568905. + patchCommandPath=/data/hive-ptest/working/scratch/smart-apply-patch.sh + patchFilePath=/data/hive-ptest/working/scratch/build.patch + [[ -f /data/hive-ptest/working/scratch/build.patch ]] + chmod +x /data/hive-ptest/working/scratch/smart-apply-patch.sh + /data/hive-ptest/working/scratch/smart-apply-patch.sh /data/hive-ptest/working/scratch/build.patch The patch does not appear to apply with p0, p1, or p2 + exit 1 ' {noformat} This message is automatically generated. ATTACHMENT ID: 12629297 Privileges of role granted indrectily to user is not applied Key: HIVE-6203 URL: https://issues.apache.org/jira/browse/HIVE-6203 Project: Hive Issue Type: Bug Components: Authorization Reporter: Navis Assignee: Navis Attachments: HIVE-6203.1.patch.txt, HIVE-6203.2.patch.txt, HIVE-6203.3.patch.txt For example, {noformat} create role r1; create role r2; grant select on table eq to role r1; grant role r1 to role r2; grant role r2 to user admin; select * from eq limit 5; {noformat} admin - r2 - r1 - SEL on table eq but user admin fails to access table eq -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[ https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13903485#comment-13903485 ] Hive QA commented on HIVE-6203: --- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12629343/HIVE-6203.4.patch.txt {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 5128 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestNegativeMinimrCliDriver.testNegativeCliDriver_mapreduce_stack_trace_hadoop20 {noformat} Test results: http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1364/testReport Console output: http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1364/console Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12629343 Privileges of role granted indrectily to user is not applied Key: HIVE-6203 URL: https://issues.apache.org/jira/browse/HIVE-6203 Project: Hive Issue Type: Bug Components: Authorization Reporter: Navis Assignee: Navis Attachments: HIVE-6203.1.patch.txt, HIVE-6203.2.patch.txt, HIVE-6203.3.patch.txt, HIVE-6203.4.patch.txt For example, {noformat} create role r1; create role r2; grant select on table eq to role r1; grant role r1 to role r2; grant role r2 to user admin; select * from eq limit 5; {noformat} admin - r2 - r1 - SEL on table eq but user admin fails to access table eq -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[ https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13903607#comment-13903607 ] Thejas M Nair commented on HIVE-6203: - [~navis] Please let me know if you would like me to create a patch to fix existing get_privilege_set function instead of adding new thrift api. I will be able to create one by tomorrow. That should require less code changes. Privileges of role granted indrectily to user is not applied Key: HIVE-6203 URL: https://issues.apache.org/jira/browse/HIVE-6203 Project: Hive Issue Type: Bug Components: Authorization Reporter: Navis Assignee: Navis Attachments: HIVE-6203.1.patch.txt, HIVE-6203.2.patch.txt, HIVE-6203.3.patch.txt, HIVE-6203.4.patch.txt For example, {noformat} create role r1; create role r2; grant select on table eq to role r1; grant role r1 to role r2; grant role r2 to user admin; select * from eq limit 5; {noformat} admin - r2 - r1 - SEL on table eq but user admin fails to access table eq -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[ https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13902071#comment-13902071 ] Hive QA commented on HIVE-6203: --- {color:red}Overall{color}: -1 no tests executed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12628956/HIVE-6203.2.patch.txt Test results: http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1330/testReport Console output: http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1330/console Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Tests exited with: NonZeroExitCodeException Command 'bash /data/hive-ptest/working/scratch/source-prep.sh' failed with exit status 1 and output '+ [[ -n '' ]] + export 'ANT_OPTS=-Xmx1g -XX:MaxPermSize=256m ' + ANT_OPTS='-Xmx1g -XX:MaxPermSize=256m ' + export 'M2_OPTS=-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128' + M2_OPTS='-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128' + cd /data/hive-ptest/working/ + tee /data/hive-ptest/logs/PreCommit-HIVE-Build-1330/source-prep.txt + [[ false == \t\r\u\e ]] + mkdir -p maven ivy + [[ svn = \s\v\n ]] + [[ -n '' ]] + [[ -d apache-svn-trunk-source ]] + [[ ! -d apache-svn-trunk-source/.svn ]] + [[ ! -d apache-svn-trunk-source ]] + cd apache-svn-trunk-source + svn revert -R . Reverted 'conf/hive-default.xml.template' Reverted 'itests/hive-unit/src/test/java/org/apache/hadoop/hive/jdbc/TestJdbcDriver.java' Reverted 'itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java' Reverted 'common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java' Reverted 'common/src/test/org/apache/hadoop/hive/conf/TestHiveLogging.java' Reverted 'common/src/test/org/apache/hadoop/hive/conf/TestHiveConfRestrictList.java' Reverted 'common/src/java/org/apache/hadoop/hive/conf/HiveConf.java' Reverted 'common/pom.xml' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/plan/DDLWork.java' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/parse/VariableSubstitution.java' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/metadata/HiveUtils.java' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/exec/Utilities.java' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java' Reverted 'ql/src/java/org/apache/hadoop/hive/ql/io/orc/OrcFile.java' ++ egrep -v '^X|^Performing status on external' ++ awk '{print $2}' ++ svn status --no-ignore + rm -rf target datanucleus.log ant/target shims/target shims/0.20/target shims/0.20S/target shims/0.23/target shims/aggregator/target shims/common/target shims/common-secure/target packaging/target hbase-handler/target testutils/target jdbc/target metastore/target itests/target itests/hcatalog-unit/target itests/test-serde/target itests/qtest/target itests/hive-unit/target itests/custom-serde/target itests/util/target hcatalog/target hcatalog/storage-handlers/hbase/target hcatalog/server-extensions/target hcatalog/core/target hcatalog/webhcat/svr/target hcatalog/webhcat/java-client/target hcatalog/hcatalog-pig-adapter/target hwi/target common/target common/src/gen common/src/java/org/apache/hadoop/hive/ant common/src/java/org/apache/hadoop/hive/conf/Validator.java common/src/java/org/apache/hive/common/util/SystemVariables.java contrib/target service/target serde/target beeline/target odbc/target cli/target ql/dependency-reduced-pom.xml ql/target ql/src/test/results/clientpositive/show_conf.q.out ql/src/test/queries/clientpositive/show_conf.q ql/src/java/org/apache/hadoop/hive/ql/plan/ShowConfDesc.java + svn update Upom.xml Aql/src/test/queries/clientnegative/authorization_disallow_transform.q Aql/src/test/results/clientnegative/authorization_disallow_transform.q.out A ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/DisallowTransformHook.java Uql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java Fetching external item into 'hcatalog/src/test/e2e/harness' Updated external to revision 1568539. Updated to revision 1568539. + patchCommandPath=/data/hive-ptest/working/scratch/smart-apply-patch.sh + patchFilePath=/data/hive-ptest/working/scratch/build.patch + [[ -f /data/hive-ptest/working/scratch/build.patch ]] + chmod +x /data/hive-ptest/working/scratch/smart-apply-patch.sh + /data/hive-ptest/working/scratch/smart-apply-patch.sh /data/hive-ptest/working/scratch/build.patch The patch does not appear to apply with p0,
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[ https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13900193#comment-13900193 ] Hive QA commented on HIVE-6203: --- {color:red}Overall{color}: -1 no tests executed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12628456/HIVE-6203.1.patch.txt Test results: http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1305/testReport Console output: http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1305/console Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Tests exited with: NonZeroExitCodeException Command 'bash /data/hive-ptest/working/scratch/source-prep.sh' failed with exit status 1 and output '+ [[ -n '' ]] + export 'ANT_OPTS=-Xmx1g -XX:MaxPermSize=256m ' + ANT_OPTS='-Xmx1g -XX:MaxPermSize=256m ' + export 'M2_OPTS=-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128' + M2_OPTS='-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128' + cd /data/hive-ptest/working/ + tee /data/hive-ptest/logs/PreCommit-HIVE-Build-1305/source-prep.txt + [[ false == \t\r\u\e ]] + mkdir -p maven ivy + [[ svn = \s\v\n ]] + [[ -n '' ]] + [[ -d apache-svn-trunk-source ]] + [[ ! -d apache-svn-trunk-source/.svn ]] + [[ ! -d apache-svn-trunk-source ]] + cd apache-svn-trunk-source + svn revert -R . Reverted 'hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseSerDe.java' Reverted 'hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java' Reverted 'hbase-handler/src/java/org/apache/hadoop/hive/hbase/LazyHBaseRow.java' Reverted 'hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseCompositeKey.java' Reverted 'hbase-handler/pom.xml' Reverted 'itests/util/pom.xml' Reverted 'serde/src/java/org/apache/hadoop/hive/serde2/lazy/LazyObjectBase.java' Reverted 'serde/src/java/org/apache/hadoop/hive/serde2/lazy/LazyObject.java' Reverted 'serde/src/java/org/apache/hadoop/hive/serde2/lazy/objectinspector/LazySimpleStructObjectInspector.java' Reverted 'serde/src/java/org/apache/hadoop/hive/serde2/lazy/LazyStruct.java' Reverted 'serde/src/java/org/apache/hadoop/hive/serde2/columnar/ColumnarStructBase.java' Reverted 'serde/src/java/org/apache/hadoop/hive/serde2/lazybinary/LazyBinaryObject.java' Reverted 'serde/src/java/org/apache/hadoop/hive/serde2/lazybinary/LazyBinaryStruct.java' ++ egrep -v '^X|^Performing status on external' ++ svn status --no-ignore ++ awk '{print $2}' + rm -rf target datanucleus.log ant/target shims/target shims/0.20/target shims/0.20S/target shims/0.23/target shims/aggregator/target shims/common/target shims/common-secure/target packaging/target hbase-handler/target hbase-handler/src/test/results/positive/hbase_custom_key.q.out hbase-handler/src/test/org/apache/hadoop/hive/hbase/TestHBaseKeyFactory.java hbase-handler/src/test/queries/positive/hbase_custom_key.q hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseLazyObjectFactory.java hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseKeyFactory.java testutils/target jdbc/target metastore/target itests/target itests/hcatalog-unit/target itests/test-serde/target itests/qtest/target itests/hive-unit/target itests/custom-serde/target itests/util/target hcatalog/target hcatalog/storage-handlers/hbase/target hcatalog/server-extensions/target hcatalog/core/target hcatalog/webhcat/svr/target hcatalog/webhcat/java-client/target hcatalog/hcatalog-pig-adapter/target hwi/target common/target common/src/gen contrib/target service/target serde/target serde/src/java/org/apache/hadoop/hive/serde2/StructObjectBaseInspector.java serde/src/java/org/apache/hadoop/hive/serde2/StructObject.java beeline/target odbc/target cli/target ql/dependency-reduced-pom.xml ql/target + svn update Fetching external item into 'hcatalog/src/test/e2e/harness' External at revision 1567876. At revision 1567876. + patchCommandPath=/data/hive-ptest/working/scratch/smart-apply-patch.sh + patchFilePath=/data/hive-ptest/working/scratch/build.patch + [[ -f /data/hive-ptest/working/scratch/build.patch ]] + chmod +x /data/hive-ptest/working/scratch/smart-apply-patch.sh + /data/hive-ptest/working/scratch/smart-apply-patch.sh /data/hive-ptest/working/scratch/build.patch The patch does not appear to apply with p0, p1, or p2 + exit 1 ' {noformat} This message is automatically generated. ATTACHMENT ID: 12628456 Privileges of role granted indrectily to user is not applied Key: HIVE-6203 URL: https://issues.apache.org/jira/browse/HIVE-6203 Project: Hive Issue Type: Bug Components: Authorization Reporter: Navis Assignee: Navis Attachments: HIVE-6203.1.patch.txt For example, {noformat} create role r1; create role r2; grant select
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[ https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13901140#comment-13901140 ] Navis commented on HIVE-6203: - Yes, it's for minimizing the code difference. If test passes, I can rewrite it as you suggested. Privileges of role granted indrectily to user is not applied Key: HIVE-6203 URL: https://issues.apache.org/jira/browse/HIVE-6203 Project: Hive Issue Type: Bug Components: Authorization Reporter: Navis Assignee: Navis Attachments: HIVE-6203.1.patch.txt, HIVE-6203.2.patch.txt For example, {noformat} create role r1; create role r2; grant select on table eq to role r1; grant role r1 to role r2; grant role r2 to user admin; select * from eq limit 5; {noformat} admin - r2 - r1 - SEL on table eq but user admin fails to access table eq -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[ https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13899989#comment-13899989 ] Thejas M Nair commented on HIVE-6203: - There is already get_privilege_set that returns privileges for the roles as well. The right behavior for it is to return the privileges through the indirect roles as well. I think it is better to re-use that instead of adding another thrift api. It should be straightforward to change that to finally call a version of list_roles that also looks at indirect roles. Privileges of role granted indrectily to user is not applied Key: HIVE-6203 URL: https://issues.apache.org/jira/browse/HIVE-6203 Project: Hive Issue Type: Bug Components: Authorization Reporter: Navis Assignee: Navis Attachments: HIVE-6203.1.patch.txt For example, {noformat} create role r1; create role r2; grant select on table eq to role r1; grant role r1 to role r2; grant role r2 to user admin; select * from eq limit 5; {noformat} admin - r2 - r1 - SEL on table eq but user admin fails to access table eq -- This message was sent by Atlassian JIRA (v6.1.5#6160)