[hive] branch master updated: HIVE-21829: HiveMetaStore authorization issue with AlterTable and DropTable events (Ramesh Mani, reviewed by Daniel Dai)

[daijy]

This is an automated email from the ASF dual-hosted git repository.

daijy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new 85eeadb  HIVE-21829: HiveMetaStore authorization issue with AlterTable 
and DropTable events (Ramesh Mani, reviewed by Daniel Dai)
85eeadb is described below

commit 85eeadb49c2be2209206150bc959bd693ad7ed94
Author: Daniel Dai <dai...@gmail.com>
AuthorDate: Tue Jun 4 11:01:21 2019 -0700

    HIVE-21829: HiveMetaStore authorization issue with AlterTable and DropTable 
events (Ramesh Mani, reviewed by Daniel Dai)
---
 .../plugin/metastore/HiveMetaStoreAuthorizer.java  |  4 ++--
 .../metastore/TestHiveMetaStoreAuthorizer.java     | 26 +++++++++++++++++++---
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git 
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java
 
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java
index 50c7fc6..434d1c9 100644
--- 
a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java
+++ 
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java
@@ -145,13 +145,13 @@ public class HiveMetaStoreAuthorizer extends 
MetaStorePreEventListener {
           }
           break;
         case ALTER_TABLE:
-          authzEvent = new CreateTableEvent(preEventContext);
+          authzEvent = new AlterTableEvent(preEventContext);
           if (isViewOperation(preEventContext) && 
(!isSuperUser(getCurrentUser(authzEvent)))) {
             throw new MetaException(getErrorMessage("ALTER_VIEW", 
getCurrentUser(authzEvent)));
           }
           break;
         case DROP_TABLE:
-          authzEvent = new CreateTableEvent(preEventContext);
+          authzEvent = new DropTableEvent(preEventContext);
           if (isViewOperation(preEventContext) && 
(!isSuperUser(getCurrentUser(authzEvent)))) {
             throw new MetaException(getErrorMessage("DROP_VIEW", 
getCurrentUser(authzEvent)));
           }
diff --git 
a/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java
 
b/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java
index 9bbc70e..b9c0dcc 100644
--- 
a/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java
+++ 
b/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java
@@ -235,7 +235,27 @@ public class TestHiveMetaStoreAuthorizer {
   }
 
   @Test
-  public void testJ_DropTable_authorizedUser() throws Exception {
+  public void testJ_AlterTable_AuthorizedUser() throws Exception {
+    
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
+    try {
+      Table table = new TableBuilder()
+              .setTableName(tblName)
+              .addCol("name", ColumnType.STRING_TYPE_NAME)
+              .setOwner(authorizedUser)
+              .build(conf);
+      hmsHandler.create_table(table);
+
+      Table alteredTable = new TableBuilder()
+              .addCol("dep", ColumnType.STRING_TYPE_NAME)
+              .build(conf);
+      hmsHandler.alter_table("default",tblName,alteredTable);
+    } catch (Exception e) {
+      // No Exception for create table for authorized user
+    }
+  }
+
+  @Test
+  public void testK_DropTable_authorizedUser() throws Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
       hmsHandler.drop_table(dbName,tblName,true);
@@ -245,7 +265,7 @@ public class TestHiveMetaStoreAuthorizer {
   }
 
   @Test
-  public void testK_DropDatabase_authorizedUser() throws Exception {
+  public void testL_DropDatabase_authorizedUser() throws Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
     try {
       hmsHandler.drop_database(dbName,true,true);
@@ -255,7 +275,7 @@ public class TestHiveMetaStoreAuthorizer {
   }
 
   @Test
-  public void testL_DropCatalog_SuperUser() throws Exception {
+  public void testM_DropCatalog_SuperUser() throws Exception {
     
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(superUser));
     try {
       hmsHandler.drop_catalog(new DropCatalogRequest(catalogName));