[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[
https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13909304#comment-13909304
]
Thejas M Nair commented on HIVE-6203:
-
[~navis] I have uploaded a patch to HIVE-5954 that updates get_privilege_set to
indirect privileges through roles. Can you please review that one ? We won't
need an additional thrift API with that patch.
Privileges of role granted indrectily to user is not applied
Key: HIVE-6203
URL: https://issues.apache.org/jira/browse/HIVE-6203
Project: Hive
Issue Type: Bug
Components: Authorization
Reporter: Navis
Assignee: Navis
Attachments: HIVE-6203.1.patch.txt, HIVE-6203.2.patch.txt,
HIVE-6203.3.patch.txt, HIVE-6203.4.patch.txt
For example,
{noformat}
create role r1;
create role r2;
grant select on table eq to role r1;
grant role r1 to role r2;
grant role r2 to user admin;
select * from eq limit 5;
{noformat}
admin - r2 - r1 - SEL on table eq
but user admin fails to access table eq
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[
https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13903069#comment-13903069
]
Hive QA commented on HIVE-6203:
---
{color:red}Overall{color}: -1 no tests executed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12629297/HIVE-6203.3.patch.txt
Test results:
http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1355/testReport
Console output:
http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1355/console
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Tests exited with: NonZeroExitCodeException
Command 'bash /data/hive-ptest/working/scratch/source-prep.sh' failed with exit
status 1 and output '+ [[ -n '' ]]
+ export 'ANT_OPTS=-Xmx1g -XX:MaxPermSize=256m '
+ ANT_OPTS='-Xmx1g -XX:MaxPermSize=256m '
+ export 'M2_OPTS=-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost
-Dhttp.proxyPort=3128'
+ M2_OPTS='-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost
-Dhttp.proxyPort=3128'
+ cd /data/hive-ptest/working/
+ tee /data/hive-ptest/logs/PreCommit-HIVE-Build-1355/source-prep.txt
+ [[ false == \t\r\u\e ]]
+ mkdir -p maven ivy
+ [[ svn = \s\v\n ]]
+ [[ -n '' ]]
+ [[ -d apache-svn-trunk-source ]]
+ [[ ! -d apache-svn-trunk-source/.svn ]]
+ [[ ! -d apache-svn-trunk-source ]]
+ cd apache-svn-trunk-source
+ svn revert -R .
++ egrep -v '^X|^Performing status on external'
++ awk '{print $2}'
++ svn status --no-ignore
+ rm -rf target datanucleus.log ant/target shims/target shims/0.20/target
shims/0.20S/target shims/0.23/target shims/aggregator/target
shims/common/target shims/common-secure/target packaging/target
hbase-handler/target testutils/target jdbc/target metastore/target
itests/target itests/hcatalog-unit/target itests/test-serde/target
itests/qtest/target itests/hive-unit/target itests/custom-serde/target
itests/util/target hcatalog/target hcatalog/storage-handlers/hbase/target
hcatalog/server-extensions/target hcatalog/core/target
hcatalog/webhcat/svr/target hcatalog/webhcat/java-client/target
hcatalog/hcatalog-pig-adapter/target hwi/target common/target common/src/gen
service/target contrib/target serde/target beeline/target odbc/target
cli/target ql/dependency-reduced-pom.xml ql/target
+ svn update
Aql/src/test/queries/clientpositive/vector_coalesce.q
Aql/src/test/results/clientpositive/vector_coalesce.q.out
Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/BytesColumnVector.java
Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/DecimalColumnVector.java
Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/LongColumnVector.java
Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/VectorizationContext.java
Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/DoubleColumnVector.java
A
ql/src/java/org/apache/hadoop/hive/ql/exec/vector/expressions/VectorCoalesce.java
Uql/src/java/org/apache/hadoop/hive/ql/exec/vector/ColumnVector.java
Uql/src/java/org/apache/hadoop/hive/ql/optimizer/physical/Vectorizer.java
Fetching external item into 'hcatalog/src/test/e2e/harness'
Updated external to revision 1568905.
Updated to revision 1568905.
+ patchCommandPath=/data/hive-ptest/working/scratch/smart-apply-patch.sh
+ patchFilePath=/data/hive-ptest/working/scratch/build.patch
+ [[ -f /data/hive-ptest/working/scratch/build.patch ]]
+ chmod +x /data/hive-ptest/working/scratch/smart-apply-patch.sh
+ /data/hive-ptest/working/scratch/smart-apply-patch.sh
/data/hive-ptest/working/scratch/build.patch
The patch does not appear to apply with p0, p1, or p2
+ exit 1
'
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12629297
Privileges of role granted indrectily to user is not applied
Key: HIVE-6203
URL: https://issues.apache.org/jira/browse/HIVE-6203
Project: Hive
Issue Type: Bug
Components: Authorization
Reporter: Navis
Assignee: Navis
Attachments: HIVE-6203.1.patch.txt, HIVE-6203.2.patch.txt,
HIVE-6203.3.patch.txt
For example,
{noformat}
create role r1;
create role r2;
grant select on table eq to role r1;
grant role r1 to role r2;
grant role r2 to user admin;
select * from eq limit 5;
{noformat}
admin - r2 - r1 - SEL on table eq
but user admin fails to access table eq
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[
https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13903485#comment-13903485
]
Hive QA commented on HIVE-6203:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12629343/HIVE-6203.4.patch.txt
{color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 5128 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestNegativeMinimrCliDriver.testNegativeCliDriver_mapreduce_stack_trace_hadoop20
{noformat}
Test results:
http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1364/testReport
Console output:
http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1364/console
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 1 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12629343
Privileges of role granted indrectily to user is not applied
Key: HIVE-6203
URL: https://issues.apache.org/jira/browse/HIVE-6203
Project: Hive
Issue Type: Bug
Components: Authorization
Reporter: Navis
Assignee: Navis
Attachments: HIVE-6203.1.patch.txt, HIVE-6203.2.patch.txt,
HIVE-6203.3.patch.txt, HIVE-6203.4.patch.txt
For example,
{noformat}
create role r1;
create role r2;
grant select on table eq to role r1;
grant role r1 to role r2;
grant role r2 to user admin;
select * from eq limit 5;
{noformat}
admin - r2 - r1 - SEL on table eq
but user admin fails to access table eq
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[
https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13903607#comment-13903607
]
Thejas M Nair commented on HIVE-6203:
-
[~navis] Please let me know if you would like me to create a patch to fix
existing get_privilege_set function instead of adding new thrift api. I will be
able to create one by tomorrow. That should require less code changes.
Privileges of role granted indrectily to user is not applied
Key: HIVE-6203
URL: https://issues.apache.org/jira/browse/HIVE-6203
Project: Hive
Issue Type: Bug
Components: Authorization
Reporter: Navis
Assignee: Navis
Attachments: HIVE-6203.1.patch.txt, HIVE-6203.2.patch.txt,
HIVE-6203.3.patch.txt, HIVE-6203.4.patch.txt
For example,
{noformat}
create role r1;
create role r2;
grant select on table eq to role r1;
grant role r1 to role r2;
grant role r2 to user admin;
select * from eq limit 5;
{noformat}
admin - r2 - r1 - SEL on table eq
but user admin fails to access table eq
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[
https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13902071#comment-13902071
]
Hive QA commented on HIVE-6203:
---
{color:red}Overall{color}: -1 no tests executed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12628956/HIVE-6203.2.patch.txt
Test results:
http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1330/testReport
Console output:
http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1330/console
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Tests exited with: NonZeroExitCodeException
Command 'bash /data/hive-ptest/working/scratch/source-prep.sh' failed with exit
status 1 and output '+ [[ -n '' ]]
+ export 'ANT_OPTS=-Xmx1g -XX:MaxPermSize=256m '
+ ANT_OPTS='-Xmx1g -XX:MaxPermSize=256m '
+ export 'M2_OPTS=-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost
-Dhttp.proxyPort=3128'
+ M2_OPTS='-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost
-Dhttp.proxyPort=3128'
+ cd /data/hive-ptest/working/
+ tee /data/hive-ptest/logs/PreCommit-HIVE-Build-1330/source-prep.txt
+ [[ false == \t\r\u\e ]]
+ mkdir -p maven ivy
+ [[ svn = \s\v\n ]]
+ [[ -n '' ]]
+ [[ -d apache-svn-trunk-source ]]
+ [[ ! -d apache-svn-trunk-source/.svn ]]
+ [[ ! -d apache-svn-trunk-source ]]
+ cd apache-svn-trunk-source
+ svn revert -R .
Reverted 'conf/hive-default.xml.template'
Reverted
'itests/hive-unit/src/test/java/org/apache/hadoop/hive/jdbc/TestJdbcDriver.java'
Reverted
'itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java'
Reverted 'common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java'
Reverted 'common/src/test/org/apache/hadoop/hive/conf/TestHiveLogging.java'
Reverted
'common/src/test/org/apache/hadoop/hive/conf/TestHiveConfRestrictList.java'
Reverted 'common/src/java/org/apache/hadoop/hive/conf/HiveConf.java'
Reverted 'common/pom.xml'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/plan/DDLWork.java'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/parse/VariableSubstitution.java'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g'
Reverted
'ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/metadata/HiveUtils.java'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/exec/Utilities.java'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java'
Reverted 'ql/src/java/org/apache/hadoop/hive/ql/io/orc/OrcFile.java'
++ egrep -v '^X|^Performing status on external'
++ awk '{print $2}'
++ svn status --no-ignore
+ rm -rf target datanucleus.log ant/target shims/target shims/0.20/target
shims/0.20S/target shims/0.23/target shims/aggregator/target
shims/common/target shims/common-secure/target packaging/target
hbase-handler/target testutils/target jdbc/target metastore/target
itests/target itests/hcatalog-unit/target itests/test-serde/target
itests/qtest/target itests/hive-unit/target itests/custom-serde/target
itests/util/target hcatalog/target hcatalog/storage-handlers/hbase/target
hcatalog/server-extensions/target hcatalog/core/target
hcatalog/webhcat/svr/target hcatalog/webhcat/java-client/target
hcatalog/hcatalog-pig-adapter/target hwi/target common/target common/src/gen
common/src/java/org/apache/hadoop/hive/ant
common/src/java/org/apache/hadoop/hive/conf/Validator.java
common/src/java/org/apache/hive/common/util/SystemVariables.java contrib/target
service/target serde/target beeline/target odbc/target cli/target
ql/dependency-reduced-pom.xml ql/target
ql/src/test/results/clientpositive/show_conf.q.out
ql/src/test/queries/clientpositive/show_conf.q
ql/src/java/org/apache/hadoop/hive/ql/plan/ShowConfDesc.java
+ svn update
Upom.xml
Aql/src/test/queries/clientnegative/authorization_disallow_transform.q
Aql/src/test/results/clientnegative/authorization_disallow_transform.q.out
A
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/DisallowTransformHook.java
Uql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
Fetching external item into 'hcatalog/src/test/e2e/harness'
Updated external to revision 1568539.
Updated to revision 1568539.
+ patchCommandPath=/data/hive-ptest/working/scratch/smart-apply-patch.sh
+ patchFilePath=/data/hive-ptest/working/scratch/build.patch
+ [[ -f /data/hive-ptest/working/scratch/build.patch ]]
+ chmod +x /data/hive-ptest/working/scratch/smart-apply-patch.sh
+ /data/hive-ptest/working/scratch/smart-apply-patch.sh
/data/hive-ptest/working/scratch/build.patch
The patch does not appear to apply with p0,
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[
https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13900193#comment-13900193
]
Hive QA commented on HIVE-6203:
---
{color:red}Overall{color}: -1 no tests executed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12628456/HIVE-6203.1.patch.txt
Test results:
http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1305/testReport
Console output:
http://bigtop01.cloudera.org:8080/job/PreCommit-HIVE-Build/1305/console
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Tests exited with: NonZeroExitCodeException
Command 'bash /data/hive-ptest/working/scratch/source-prep.sh' failed with exit
status 1 and output '+ [[ -n '' ]]
+ export 'ANT_OPTS=-Xmx1g -XX:MaxPermSize=256m '
+ ANT_OPTS='-Xmx1g -XX:MaxPermSize=256m '
+ export 'M2_OPTS=-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost
-Dhttp.proxyPort=3128'
+ M2_OPTS='-Xmx1g -XX:MaxPermSize=256m -Dhttp.proxyHost=localhost
-Dhttp.proxyPort=3128'
+ cd /data/hive-ptest/working/
+ tee /data/hive-ptest/logs/PreCommit-HIVE-Build-1305/source-prep.txt
+ [[ false == \t\r\u\e ]]
+ mkdir -p maven ivy
+ [[ svn = \s\v\n ]]
+ [[ -n '' ]]
+ [[ -d apache-svn-trunk-source ]]
+ [[ ! -d apache-svn-trunk-source/.svn ]]
+ [[ ! -d apache-svn-trunk-source ]]
+ cd apache-svn-trunk-source
+ svn revert -R .
Reverted 'hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseSerDe.java'
Reverted
'hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java'
Reverted 'hbase-handler/src/java/org/apache/hadoop/hive/hbase/LazyHBaseRow.java'
Reverted
'hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseCompositeKey.java'
Reverted 'hbase-handler/pom.xml'
Reverted 'itests/util/pom.xml'
Reverted 'serde/src/java/org/apache/hadoop/hive/serde2/lazy/LazyObjectBase.java'
Reverted 'serde/src/java/org/apache/hadoop/hive/serde2/lazy/LazyObject.java'
Reverted
'serde/src/java/org/apache/hadoop/hive/serde2/lazy/objectinspector/LazySimpleStructObjectInspector.java'
Reverted 'serde/src/java/org/apache/hadoop/hive/serde2/lazy/LazyStruct.java'
Reverted
'serde/src/java/org/apache/hadoop/hive/serde2/columnar/ColumnarStructBase.java'
Reverted
'serde/src/java/org/apache/hadoop/hive/serde2/lazybinary/LazyBinaryObject.java'
Reverted
'serde/src/java/org/apache/hadoop/hive/serde2/lazybinary/LazyBinaryStruct.java'
++ egrep -v '^X|^Performing status on external'
++ svn status --no-ignore
++ awk '{print $2}'
+ rm -rf target datanucleus.log ant/target shims/target shims/0.20/target
shims/0.20S/target shims/0.23/target shims/aggregator/target
shims/common/target shims/common-secure/target packaging/target
hbase-handler/target
hbase-handler/src/test/results/positive/hbase_custom_key.q.out
hbase-handler/src/test/org/apache/hadoop/hive/hbase/TestHBaseKeyFactory.java
hbase-handler/src/test/queries/positive/hbase_custom_key.q
hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseLazyObjectFactory.java
hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseKeyFactory.java
testutils/target jdbc/target metastore/target itests/target
itests/hcatalog-unit/target itests/test-serde/target itests/qtest/target
itests/hive-unit/target itests/custom-serde/target itests/util/target
hcatalog/target hcatalog/storage-handlers/hbase/target
hcatalog/server-extensions/target hcatalog/core/target
hcatalog/webhcat/svr/target hcatalog/webhcat/java-client/target
hcatalog/hcatalog-pig-adapter/target hwi/target common/target common/src/gen
contrib/target service/target serde/target
serde/src/java/org/apache/hadoop/hive/serde2/StructObjectBaseInspector.java
serde/src/java/org/apache/hadoop/hive/serde2/StructObject.java beeline/target
odbc/target cli/target ql/dependency-reduced-pom.xml ql/target
+ svn update
Fetching external item into 'hcatalog/src/test/e2e/harness'
External at revision 1567876.
At revision 1567876.
+ patchCommandPath=/data/hive-ptest/working/scratch/smart-apply-patch.sh
+ patchFilePath=/data/hive-ptest/working/scratch/build.patch
+ [[ -f /data/hive-ptest/working/scratch/build.patch ]]
+ chmod +x /data/hive-ptest/working/scratch/smart-apply-patch.sh
+ /data/hive-ptest/working/scratch/smart-apply-patch.sh
/data/hive-ptest/working/scratch/build.patch
The patch does not appear to apply with p0, p1, or p2
+ exit 1
'
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12628456
Privileges of role granted indrectily to user is not applied
Key: HIVE-6203
URL: https://issues.apache.org/jira/browse/HIVE-6203
Project: Hive
Issue Type: Bug
Components: Authorization
Reporter: Navis
Assignee: Navis
Attachments: HIVE-6203.1.patch.txt
For example,
{noformat}
create role r1;
create role r2;
grant select
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[
https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13901140#comment-13901140
]
Navis commented on HIVE-6203:
-
Yes, it's for minimizing the code difference. If test passes, I can rewrite it
as you suggested.
Privileges of role granted indrectily to user is not applied
Key: HIVE-6203
URL: https://issues.apache.org/jira/browse/HIVE-6203
Project: Hive
Issue Type: Bug
Components: Authorization
Reporter: Navis
Assignee: Navis
Attachments: HIVE-6203.1.patch.txt, HIVE-6203.2.patch.txt
For example,
{noformat}
create role r1;
create role r2;
grant select on table eq to role r1;
grant role r1 to role r2;
grant role r2 to user admin;
select * from eq limit 5;
{noformat}
admin - r2 - r1 - SEL on table eq
but user admin fails to access table eq
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HIVE-6203) Privileges of role granted indrectily to user is not applied
[
https://issues.apache.org/jira/browse/HIVE-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13899989#comment-13899989
]
Thejas M Nair commented on HIVE-6203:
-
There is already get_privilege_set that returns privileges for the roles as
well. The right behavior for it is to return the privileges through the
indirect roles as well. I think it is better to re-use that instead of adding
another thrift api.
It should be straightforward to change that to finally call a version of
list_roles that also looks at indirect roles.
Privileges of role granted indrectily to user is not applied
Key: HIVE-6203
URL: https://issues.apache.org/jira/browse/HIVE-6203
Project: Hive
Issue Type: Bug
Components: Authorization
Reporter: Navis
Assignee: Navis
Attachments: HIVE-6203.1.patch.txt
For example,
{noformat}
create role r1;
create role r2;
grant select on table eq to role r1;
grant role r1 to role r2;
grant role r2 to user admin;
select * from eq limit 5;
{noformat}
admin - r2 - r1 - SEL on table eq
but user admin fails to access table eq
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
