diff --git a/hbase-handler/src/test/results/negative/cascade_dbdrop_hadoop20.q.out b/hbase-handler/src/test/results/negative/cascade_dbdrop_hadoop20.q.out index c5bfd6a..d4e2917 100644 --- a/hbase-handler/src/test/results/negative/cascade_dbdrop_hadoop20.q.out +++ b/hbase-handler/src/test/results/negative/cascade_dbdrop_hadoop20.q.out @@ -41,9 +41,11 @@ PREHOOK: query: DROP DATABASE IF EXISTS hbaseDB CASCADE PREHOOK: type: DROPDATABASE PREHOOK: Input: database:hbasedb PREHOOK: Output: database:hbasedb +PREHOOK: Output: hbasedb@hbase_table_0 POSTHOOK: query: DROP DATABASE IF EXISTS hbaseDB CASCADE POSTHOOK: type: DROPDATABASE POSTHOOK: Input: database:hbasedb POSTHOOK: Output: database:hbasedb +POSTHOOK: Output: hbasedb@hbase_table_0 Command failed with exit code = -1 Query returned non-zero code: -1, cause: null diff --git a/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/TestHiveMetaStore.java b/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/TestHiveMetaStore.java index 7fbb67e..47e94ea 100644 --- a/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/TestHiveMetaStore.java +++ b/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/TestHiveMetaStore.java @@ -49,6 +49,7 @@ import org.apache.hadoop.hive.metastore.api.DoubleColumnStatsData; import org.apache.hadoop.hive.metastore.api.FieldSchema; import org.apache.hadoop.hive.metastore.api.Function; +import org.apache.hadoop.hive.metastore.api.FunctionType; import org.apache.hadoop.hive.metastore.api.InvalidObjectException; import org.apache.hadoop.hive.metastore.api.InvalidOperationException; import org.apache.hadoop.hive.metastore.api.MetaException; @@ -65,7 +66,6 @@ import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.api.Type; import org.apache.hadoop.hive.metastore.api.UnknownDBException; -import org.apache.hadoop.hive.metastore.api.FunctionType; import org.apache.hadoop.hive.ql.exec.Utilities; import org.apache.hadoop.hive.ql.session.SessionState; import org.apache.hadoop.hive.serde.serdeConstants; @@ -2777,12 +2777,52 @@ private void createMultiPartitionTableSchema(String dbName, String tblName, createPartitions(dbName, tbl, values); } - @Test - public void testDBOwner() throws NoSuchObjectException, MetaException, TException { - Database db = client.getDatabase(MetaStoreUtils.DEFAULT_DATABASE_NAME); - assertEquals(db.getOwnerName(), HiveMetaStore.PUBLIC); - assertEquals(db.getOwnerType(), PrincipalType.ROLE); - } + @Test + public void testDBOwner() throws NoSuchObjectException, MetaException, TException { + Database db = client.getDatabase(MetaStoreUtils.DEFAULT_DATABASE_NAME); + assertEquals(db.getOwnerName(), HiveMetaStore.PUBLIC); + assertEquals(db.getOwnerType(), PrincipalType.ROLE); + } + + /** + * Test changing owner and owner type of a database + * @throws NoSuchObjectException + * @throws MetaException + * @throws TException + */ + @Test + public void testDBOwnerChange() throws NoSuchObjectException, MetaException, TException { + final String dbName = "alterDbOwner"; + final String user1 = "user1"; + final String user2 = "user2"; + final String role1 = "role1"; + + silentDropDatabase(dbName); + Database db = new Database(); + db.setName(dbName); + db.setOwnerName(user1); + db.setOwnerType(PrincipalType.USER); + + client.createDatabase(db); + checkDbOwnerType(dbName, user1, PrincipalType.USER); + + db.setOwnerName(user2); + client.alterDatabase(dbName, db); + checkDbOwnerType(dbName, user2, PrincipalType.USER); + + db.setOwnerName(role1); + db.setOwnerType(PrincipalType.ROLE); + client.alterDatabase(dbName, db); + checkDbOwnerType(dbName, role1, PrincipalType.ROLE); + + } + + private void checkDbOwnerType(String dbName, String ownerName, PrincipalType ownerType) + throws NoSuchObjectException, MetaException, TException { + Database db = client.getDatabase(dbName); + assertEquals("Owner name", ownerName, db.getOwnerName()); + assertEquals("Owner type", ownerType, db.getOwnerType()); + } private void createFunction(String dbName, String funcName, String className, String ownerName, PrincipalType ownerType, int createTime, diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java b/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java index d60cb1b..4c0c244 100644 --- a/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java +++ b/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java @@ -514,7 +514,7 @@ public Database getDatabase(String name) throws NoSuchObjectException { /** * Alter the database object in metastore. Currently only the parameters - * of the database can be changed. + * of the database or the owner can be changed. * @param dbName the database name * @param db the Hive Database object * @throws MetaException @@ -528,8 +528,11 @@ public boolean alterDatabase(String dbName, Database db) boolean committed = false; try { mdb = getMDatabase(dbName); - // currently only allow changing database parameters mdb.setParameters(db.getParameters()); + mdb.setOwnerName(db.getOwnerName()); + if (db.getOwnerType() != null) { + mdb.setOwnerType(db.getOwnerType().name()); + } openTransaction(); pm.makePersistent(mdb); committed = commitTransaction(); diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java index 4310ab8..34e8dac 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java @@ -1009,21 +1009,36 @@ private int alterDatabase(AlterDatabaseDesc alterDbDesc) throws HiveException { String dbName = alterDbDesc.getDatabaseName(); Database database = db.getDatabase(dbName); - Map newParams = alterDbDesc.getDatabaseProperties(); - - if (database != null) { - Map params = database.getParameters(); - // if both old and new params are not null, merge them - if (params != null && newParams != null) { - params.putAll(newParams); - database.setParameters(params); - } else { // if one of them is null, replace the old params with the new one - database.setParameters(newParams); - } - db.alterDatabase(database.getName(), database); - } else { + if (database == null) { throw new HiveException(ErrorMsg.DATABASE_NOT_EXISTS, dbName); } + + switch (alterDbDesc.getAlterType()) { + case ALTER_PROPERTY: + Map newParams = alterDbDesc.getDatabaseProperties(); + if (database != null) { + Map params = database.getParameters(); + // if both old and new params are not null, merge them + if (params != null && newParams != null) { + params.putAll(newParams); + database.setParameters(params); + } else { // if one of them is null, replace the old params with the new + // one + database.setParameters(newParams); + } + } + break; + + case ALTER_OWNER: + database.setOwnerName(alterDbDesc.getOwnerPrincipal().getName()); + database.setOwnerType(alterDbDesc.getOwnerPrincipal().getType()); + break; + + default: + throw new AssertionError("Unsupported alter database type! : " + alterDbDesc.getAlterType()); + } + + db.alterDatabase(database.getName(), database); return 0; } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java index 2484576..a3af5f3 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java @@ -75,6 +75,7 @@ import org.apache.hadoop.hive.ql.metadata.HiveUtils; import org.apache.hadoop.hive.ql.metadata.Partition; import org.apache.hadoop.hive.ql.metadata.Table; +import org.apache.hadoop.hive.ql.parse.authorization.AuthorizationParseUtils; import org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory; import org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl; import org.apache.hadoop.hive.ql.plan.AddPartitionDesc; @@ -107,6 +108,7 @@ import org.apache.hadoop.hive.ql.plan.MoveWork; import org.apache.hadoop.hive.ql.plan.MsckDesc; import org.apache.hadoop.hive.ql.plan.PlanUtils; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; import org.apache.hadoop.hive.ql.plan.RenamePartitionDesc; import org.apache.hadoop.hive.ql.plan.RoleDDLDesc; import org.apache.hadoop.hive.ql.plan.ShowColumnsDesc; @@ -423,7 +425,10 @@ public void analyzeInternal(ASTNode ast) throws SemanticException { analyzeSwitchDatabase(ast); break; case HiveParser.TOK_ALTERDATABASE_PROPERTIES: - analyzeAlterDatabase(ast); + analyzeAlterDatabaseProperties(ast); + break; + case HiveParser.TOK_ALTERDATABASE_OWNER: + analyzeAlterDatabaseOwner(ast); break; case HiveParser.TOK_CREATEROLE: analyzeCreateRole(ast); @@ -559,7 +564,7 @@ private void analyzeShowRoles(ASTNode ast) { setFetchTask(createFetchTask(RoleDDLDesc.getRoleNameSchema())); } - private void analyzeAlterDatabase(ASTNode ast) throws SemanticException { + private void analyzeAlterDatabaseProperties(ASTNode ast) throws SemanticException { String dbName = unescapeIdentifier(ast.getChild(0).getText()); Map dbProps = null; @@ -574,13 +579,32 @@ private void analyzeAlterDatabase(ASTNode ast) throws SemanticException { throw new SemanticException("Unrecognized token in CREATE DATABASE statement"); } } + AlterDatabaseDesc alterDesc = new AlterDatabaseDesc(dbName, dbProps); + addAlterDbDesc(alterDesc); + } + + private void addAlterDbDesc(AlterDatabaseDesc alterDesc) throws SemanticException { + Database database = getDatabase(alterDesc.getDatabaseName()); + outputs.add(new WriteEntity(database)); + rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), alterDesc), conf)); + } + + private void analyzeAlterDatabaseOwner(ASTNode ast) throws SemanticException { + String dbName = getUnescapedName((ASTNode) ast.getChild(0)); + PrincipalDesc principalDesc = AuthorizationParseUtils.getPrincipalDesc((ASTNode) ast + .getChild(1)); - // currently alter database command can only change properties - AlterDatabaseDesc alterDesc = new AlterDatabaseDesc(dbName, null, null, false); - alterDesc.setDatabaseProperties(dbProps); - rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), alterDesc), - conf)); + // The syntax should not allow these fields to be null, but lets verify + String nullCmdMsg = "can't be null in alter database set owner command"; + if(principalDesc.getName() == null){ + throw new SemanticException("Owner name " + nullCmdMsg); + } + if(principalDesc.getType() == null){ + throw new SemanticException("Owner type " + nullCmdMsg); + } + AlterDatabaseDesc alterDesc = new AlterDatabaseDesc(dbName, principalDesc); + addAlterDbDesc(alterDesc); } private void analyzeExchangePartition(ASTNode ast) throws SemanticException { @@ -702,6 +726,24 @@ private void analyzeDropDatabase(ASTNode ast) throws SemanticException { return; } + // if cascade=true, then we need to authorize the drop table action as well + if (ifCascade) { + // add the tables as well to outputs + List tableNames; + // get names of all tables under this dbName + try { + tableNames = db.getAllTables(dbName); + } catch (HiveException e) { + throw new SemanticException(e); + } + // add tables to outputs + if (tableNames != null) { + for (String tableName : tableNames) { + Table table = getTable(dbName, tableName, true); + outputs.add(new WriteEntity(table)); + } + } + } inputs.add(new ReadEntity(database)); outputs.add(new WriteEntity(database)); diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g index 8356155..3b9dddc 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g @@ -287,6 +287,7 @@ KW_ROLES: 'ROLES'; KW_INNER: 'INNER'; KW_EXCHANGE: 'EXCHANGE'; KW_ADMIN: 'ADMIN'; +KW_OWNER: 'OWNER'; // Operators // NOTE: if you add a new function/operator, add it to sysFuncNames so that describe function _FUNC_ will work. diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g index 129c6c6..9ed8a7f 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g @@ -292,6 +292,7 @@ TOK_DATABASEPROPERTIES; TOK_DATABASELOCATION; TOK_DBPROPLIST; TOK_ALTERDATABASE_PROPERTIES; +TOK_ALTERDATABASE_OWNER; TOK_TABNAME; TOK_TABSRC; TOK_RESTRICT; @@ -974,6 +975,7 @@ alterDatabaseStatementSuffix @init { pushMsg("alter database statement", state); } @after { popMsg(state); } : alterDatabaseSuffixProperties + | alterDatabaseSuffixSetOwner ; alterDatabaseSuffixProperties @@ -983,6 +985,13 @@ alterDatabaseSuffixProperties -> ^(TOK_ALTERDATABASE_PROPERTIES $name dbProperties) ; +alterDatabaseSuffixSetOwner +@init { pushMsg("alter database set owner", state); } +@after { popMsg(state); } + : dbName=identifier KW_SET KW_OWNER principalName + -> ^(TOK_ALTERDATABASE_OWNER $dbName principalName) + ; + alterStatementSuffixRename @init { pushMsg("rename statement", state); } @after { popMsg(state); } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g index 6bf2a17..43d1f9b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g @@ -544,5 +544,5 @@ functionIdentifier nonReserved : - KW_TRUE | KW_FALSE | KW_LIKE | KW_EXISTS | KW_ASC | KW_DESC | KW_ORDER | KW_GROUP | KW_BY | KW_AS | KW_INSERT | KW_OVERWRITE | KW_OUTER | KW_LEFT | KW_RIGHT | KW_FULL | KW_PARTITION | KW_PARTITIONS | KW_TABLE | KW_TABLES | KW_COLUMNS | KW_INDEX | KW_INDEXES | KW_REBUILD | KW_FUNCTIONS | KW_SHOW | KW_MSCK | KW_REPAIR | KW_DIRECTORY | KW_LOCAL | KW_USING | KW_CLUSTER | KW_DISTRIBUTE | KW_SORT | KW_UNION | KW_LOAD | KW_EXPORT | KW_IMPORT | KW_DATA | KW_INPATH | KW_IS | KW_NULL | KW_CREATE | KW_EXTERNAL | KW_ALTER | KW_CHANGE | KW_FIRST | KW_AFTER | KW_DESCRIBE | KW_DROP | KW_RENAME | KW_IGNORE | KW_PROTECTION | KW_TO | KW_COMMENT | KW_BOOLEAN | KW_TINYINT | KW_SMALLINT | KW_INT | KW_BIGINT | KW_FLOAT | KW_DOUBLE | KW_DATE | KW_DATETIME | KW_TIMESTAMP | KW_DECIMAL | KW_STRING | KW_ARRAY | KW_STRUCT | KW_UNIONTYPE | KW_PARTITIONED | KW_CLUSTERED | KW_SORTED | KW_INTO | KW_BUCKETS | KW_ROW | KW_ROWS | KW_FORMAT | KW_DELIMITED | KW_FIELDS | KW_TERMINATED | KW_ESCAPED | KW_COLLECTION | KW_ITEMS | KW_KEYS | KW_KEY_TYPE | KW_LINES | KW_STORED | KW_FILEFORMAT | KW_SEQUENCEFILE | KW_TEXTFILE | KW_RCFILE | KW_ORCFILE | KW_PARQUETFILE | KW_INPUTFORMAT | KW_OUTPUTFORMAT | KW_INPUTDRIVER | KW_OUTPUTDRIVER | KW_OFFLINE | KW_ENABLE | KW_DISABLE | KW_READONLY | KW_NO_DROP | KW_LOCATION | KW_BUCKET | KW_OUT | KW_OF | KW_PERCENT | KW_ADD | KW_REPLACE | KW_RLIKE | KW_REGEXP | KW_TEMPORARY | KW_EXPLAIN | KW_FORMATTED | KW_PRETTY | KW_DEPENDENCY | KW_LOGICAL | KW_SERDE | KW_WITH | KW_DEFERRED | KW_SERDEPROPERTIES | KW_DBPROPERTIES | KW_LIMIT | KW_SET | KW_UNSET | KW_TBLPROPERTIES | KW_IDXPROPERTIES | KW_VALUE_TYPE | KW_ELEM_TYPE | KW_MAPJOIN | KW_STREAMTABLE | KW_HOLD_DDLTIME | KW_CLUSTERSTATUS | KW_UTC | KW_UTCTIMESTAMP | KW_LONG | KW_DELETE | KW_PLUS | KW_MINUS | KW_FETCH | KW_INTERSECT | KW_VIEW | KW_IN | KW_DATABASES | KW_MATERIALIZED | KW_SCHEMA | KW_SCHEMAS | KW_GRANT | KW_REVOKE | KW_SSL | KW_UNDO | KW_LOCK | KW_LOCKS | KW_UNLOCK | KW_SHARED | KW_EXCLUSIVE | KW_PROCEDURE | KW_UNSIGNED | KW_WHILE | KW_READ | KW_READS | KW_PURGE | KW_RANGE | KW_ANALYZE | KW_BEFORE | KW_BETWEEN | KW_BOTH | KW_BINARY | KW_CONTINUE | KW_CURSOR | KW_TRIGGER | KW_RECORDREADER | KW_RECORDWRITER | KW_SEMI | KW_LATERAL | KW_TOUCH | KW_ARCHIVE | KW_UNARCHIVE | KW_COMPUTE | KW_STATISTICS | KW_USE | KW_OPTION | KW_CONCATENATE | KW_SHOW_DATABASE | KW_UPDATE | KW_RESTRICT | KW_CASCADE | KW_SKEWED | KW_ROLLUP | KW_CUBE | KW_DIRECTORIES | KW_FOR | KW_GROUPING | KW_SETS | KW_TRUNCATE | KW_NOSCAN | KW_USER | KW_ROLE | KW_ROLES | KW_INNER | KW_DEFINED | KW_ADMIN | KW_JAR | KW_FILE + KW_TRUE | KW_FALSE | KW_LIKE | KW_EXISTS | KW_ASC | KW_DESC | KW_ORDER | KW_GROUP | KW_BY | KW_AS | KW_INSERT | KW_OVERWRITE | KW_OUTER | KW_LEFT | KW_RIGHT | KW_FULL | KW_PARTITION | KW_PARTITIONS | KW_TABLE | KW_TABLES | KW_COLUMNS | KW_INDEX | KW_INDEXES | KW_REBUILD | KW_FUNCTIONS | KW_SHOW | KW_MSCK | KW_REPAIR | KW_DIRECTORY | KW_LOCAL | KW_USING | KW_CLUSTER | KW_DISTRIBUTE | KW_SORT | KW_UNION | KW_LOAD | KW_EXPORT | KW_IMPORT | KW_DATA | KW_INPATH | KW_IS | KW_NULL | KW_CREATE | KW_EXTERNAL | KW_ALTER | KW_CHANGE | KW_FIRST | KW_AFTER | KW_DESCRIBE | KW_DROP | KW_RENAME | KW_IGNORE | KW_PROTECTION | KW_TO | KW_COMMENT | KW_BOOLEAN | KW_TINYINT | KW_SMALLINT | KW_INT | KW_BIGINT | KW_FLOAT | KW_DOUBLE | KW_DATE | KW_DATETIME | KW_TIMESTAMP | KW_DECIMAL | KW_STRING | KW_ARRAY | KW_STRUCT | KW_UNIONTYPE | KW_PARTITIONED | KW_CLUSTERED | KW_SORTED | KW_INTO | KW_BUCKETS | KW_ROW | KW_ROWS | KW_FORMAT | KW_DELIMITED | KW_FIELDS | KW_TERMINATED | KW_ESCAPED | KW_COLLECTION | KW_ITEMS | KW_KEYS | KW_KEY_TYPE | KW_LINES | KW_STORED | KW_FILEFORMAT | KW_SEQUENCEFILE | KW_TEXTFILE | KW_RCFILE | KW_ORCFILE | KW_PARQUETFILE | KW_INPUTFORMAT | KW_OUTPUTFORMAT | KW_INPUTDRIVER | KW_OUTPUTDRIVER | KW_OFFLINE | KW_ENABLE | KW_DISABLE | KW_READONLY | KW_NO_DROP | KW_LOCATION | KW_BUCKET | KW_OUT | KW_OF | KW_PERCENT | KW_ADD | KW_REPLACE | KW_RLIKE | KW_REGEXP | KW_TEMPORARY | KW_EXPLAIN | KW_FORMATTED | KW_PRETTY | KW_DEPENDENCY | KW_LOGICAL | KW_SERDE | KW_WITH | KW_DEFERRED | KW_SERDEPROPERTIES | KW_DBPROPERTIES | KW_LIMIT | KW_SET | KW_UNSET | KW_TBLPROPERTIES | KW_IDXPROPERTIES | KW_VALUE_TYPE | KW_ELEM_TYPE | KW_MAPJOIN | KW_STREAMTABLE | KW_HOLD_DDLTIME | KW_CLUSTERSTATUS | KW_UTC | KW_UTCTIMESTAMP | KW_LONG | KW_DELETE | KW_PLUS | KW_MINUS | KW_FETCH | KW_INTERSECT | KW_VIEW | KW_IN | KW_DATABASES | KW_MATERIALIZED | KW_SCHEMA | KW_SCHEMAS | KW_GRANT | KW_REVOKE | KW_SSL | KW_UNDO | KW_LOCK | KW_LOCKS | KW_UNLOCK | KW_SHARED | KW_EXCLUSIVE | KW_PROCEDURE | KW_UNSIGNED | KW_WHILE | KW_READ | KW_READS | KW_PURGE | KW_RANGE | KW_ANALYZE | KW_BEFORE | KW_BETWEEN | KW_BOTH | KW_BINARY | KW_CONTINUE | KW_CURSOR | KW_TRIGGER | KW_RECORDREADER | KW_RECORDWRITER | KW_SEMI | KW_LATERAL | KW_TOUCH | KW_ARCHIVE | KW_UNARCHIVE | KW_COMPUTE | KW_STATISTICS | KW_USE | KW_OPTION | KW_CONCATENATE | KW_SHOW_DATABASE | KW_UPDATE | KW_RESTRICT | KW_CASCADE | KW_SKEWED | KW_ROLLUP | KW_CUBE | KW_DIRECTORIES | KW_FOR | KW_GROUPING | KW_SETS | KW_TRUNCATE | KW_NOSCAN | KW_USER | KW_ROLE | KW_ROLES | KW_INNER | KW_DEFINED | KW_ADMIN | KW_JAR | KW_FILE | KW_OWNER ; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java index b1d3371..82d48d0 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java @@ -99,6 +99,7 @@ commandType.put(HiveParser.TOK_SHOW_SET_ROLE, HiveOperation.SHOW_ROLES); commandType.put(HiveParser.TOK_SHOW_ROLE_GRANT, HiveOperation.SHOW_ROLE_GRANT); commandType.put(HiveParser.TOK_ALTERDATABASE_PROPERTIES, HiveOperation.ALTERDATABASE); + commandType.put(HiveParser.TOK_ALTERDATABASE_OWNER, HiveOperation.ALTERDATABASE_OWNER); commandType.put(HiveParser.TOK_DESCDATABASE, HiveOperation.DESCDATABASE); commandType.put(HiveParser.TOK_ALTERTABLE_SKEWED, HiveOperation.ALTERTABLE_SKEWED); commandType.put(HiveParser.TOK_ANALYZE, HiveOperation.ANALYZE_TABLE); @@ -213,6 +214,7 @@ public static BaseSemanticAnalyzer get(HiveConf conf, ASTNode tree) case HiveParser.TOK_SHOW_ROLE_GRANT: case HiveParser.TOK_SHOW_ROLES: case HiveParser.TOK_ALTERDATABASE_PROPERTIES: + case HiveParser.TOK_ALTERDATABASE_OWNER: case HiveParser.TOK_ALTERTABLE_SKEWED: case HiveParser.TOK_TRUNCATETABLE: case HiveParser.TOK_EXCHANGEPARTITION: diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationParseUtils.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationParseUtils.java new file mode 100644 index 0000000..6cb3459 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationParseUtils.java @@ -0,0 +1,66 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hive.ql.parse.authorization; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.hadoop.hive.metastore.api.PrincipalType; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; + +/** + * Utility functions for creating objects relevant for authorization operations + * from AST + */ +public class AuthorizationParseUtils { + + public static PrincipalDesc getPrincipalDesc(ASTNode principal) { + PrincipalType type = getPrincipalType(principal); + if (type != null) { + String text = principal.getChild(0).getText(); + String principalName = BaseSemanticAnalyzer.unescapeIdentifier(text); + return new PrincipalDesc(principalName, type); + } + return null; + } + + private static PrincipalType getPrincipalType(ASTNode principal) { + switch (principal.getType()) { + case HiveParser.TOK_USER: + return PrincipalType.USER; + case HiveParser.TOK_GROUP: + return PrincipalType.GROUP; + case HiveParser.TOK_ROLE: + return PrincipalType.ROLE; + default: + return null; + } + } + + public static List analyzePrincipalListDef(ASTNode node) { + List principalList = new ArrayList(); + for (int i = 0; i < node.getChildCount(); i++) { + principalList.add(getPrincipalDesc((ASTNode) node.getChild(i))); + } + return principalList; + } + +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java index 4dbe78c..4a811eb 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java @@ -108,7 +108,7 @@ public HiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { HashSet outputs) throws SemanticException { List privilegeDesc = analyzePrivilegeListDef( (ASTNode) ast.getChild(0)); - List principalDesc = analyzePrincipalListDef( + List principalDesc = AuthorizationParseUtils.analyzePrincipalListDef( (ASTNode) ast.getChild(1)); boolean grantOption = false; PrivilegeObjectDesc privilegeObj = null; @@ -134,7 +134,7 @@ public HiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { public Task createRevokeTask(ASTNode ast, HashSet inputs, HashSet outputs) throws SemanticException { List privilegeDesc = analyzePrivilegeListDef((ASTNode) ast.getChild(0)); - List principalDesc = analyzePrincipalListDef((ASTNode) ast.getChild(1)); + List principalDesc = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) ast.getChild(1)); PrivilegeObjectDesc hiveObj = null; if (ast.getChildCount() > 2) { ASTNode astChild = (ASTNode) ast.getChild(2); @@ -159,7 +159,7 @@ public HiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { ASTNode param = null; if (ast.getChildCount() > 0) { param = (ASTNode) ast.getChild(0); - principalDesc = getPrincipalDesc(param); + principalDesc = AuthorizationParseUtils.getPrincipalDesc(param); if (principalDesc != null) { param = (ASTNode) ast.getChild(1); // shift one } @@ -196,29 +196,6 @@ public HiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { return TaskFactory.get(new DDLWork(inputs, outputs, showGrant), conf); } - private PrincipalDesc getPrincipalDesc(ASTNode principal) { - PrincipalType type = getPrincipalType(principal); - if (type != null) { - String text = principal.getChild(0).getText(); - String principalName = BaseSemanticAnalyzer.unescapeIdentifier(text); - return new PrincipalDesc(principalName, type); - } - return null; - } - - private PrincipalType getPrincipalType(ASTNode principal) { - switch (principal.getType()) { - case HiveParser.TOK_USER: - return PrincipalType.USER; - case HiveParser.TOK_GROUP: - return PrincipalType.GROUP; - case HiveParser.TOK_ROLE: - return PrincipalType.ROLE; - default: - return null; - } - } - @Override public Task createRevokeRoleTask(ASTNode ast, HashSet inputs, HashSet outputs) { @@ -226,7 +203,7 @@ private PrincipalType getPrincipalType(ASTNode principal) { } private Task analyzeGrantRevokeRole(boolean isGrant, ASTNode ast, HashSet inputs, HashSet outputs) { - List principalDesc = analyzePrincipalListDef( + List principalDesc = AuthorizationParseUtils.analyzePrincipalListDef( (ASTNode) ast.getChild(0)); //check if admin option has been specified @@ -282,31 +259,6 @@ private PrivilegeObjectDesc analyzePrivilegeObject(ASTNode ast, return subject; } - private List analyzePrincipalListDef(ASTNode node) { - List principalList = new ArrayList(); - - for (int i = 0; i < node.getChildCount(); i++) { - ASTNode child = (ASTNode) node.getChild(i); - PrincipalType type = null; - switch (child.getType()) { - case HiveParser.TOK_USER: - type = PrincipalType.USER; - break; - case HiveParser.TOK_GROUP: - type = PrincipalType.GROUP; - break; - case HiveParser.TOK_ROLE: - type = PrincipalType.ROLE; - break; - } - String principalName = BaseSemanticAnalyzer.unescapeIdentifier(child.getChild(0).getText()); - PrincipalDesc principalDesc = new PrincipalDesc(principalName, type); - principalList.add(principalDesc); - } - - return principalList; - } - private List analyzePrivilegeListDef(ASTNode node) throws SemanticException { List ret = new ArrayList(); diff --git a/ql/src/java/org/apache/hadoop/hive/ql/plan/AlterDatabaseDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/plan/AlterDatabaseDesc.java index 16bb95b..e45bc26 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/plan/AlterDatabaseDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/plan/AlterDatabaseDesc.java @@ -30,11 +30,15 @@ private static final long serialVersionUID = 1L; + // Only altering the database property and owner is currently supported + public static enum ALTER_DB_TYPES { + ALTER_PROPERTY, ALTER_OWNER + }; + + ALTER_DB_TYPES alterType; String databaseName; - String locationUri; - String comment; - boolean ifNotExists; Map dbProperties; + PrincipalDesc ownerPrincipal; /** * For serialization only. @@ -42,31 +46,20 @@ public AlterDatabaseDesc() { } - public AlterDatabaseDesc(String databaseName, String comment, - String locationUri, boolean ifNotExists) { + public AlterDatabaseDesc(String databaseName, Map dbProps) { super(); this.databaseName = databaseName; - this.comment = comment; - this.locationUri = locationUri; - this.ifNotExists = ifNotExists; - this.dbProperties = null; - } - - public AlterDatabaseDesc(String databaseName, boolean ifNotExists) { - this(databaseName, null, null, ifNotExists); - } - - - - @Explain(displayName="if not exists", displayOnlyOnTrue = true) - public boolean getIfNotExists() { - return ifNotExists; + this.dbProperties = dbProps; + this.setAlterType(ALTER_DB_TYPES.ALTER_PROPERTY); } - public void setIfNotExists(boolean ifNotExists) { - this.ifNotExists = ifNotExists; + public AlterDatabaseDesc(String databaseName, PrincipalDesc ownerPrincipal) { + this.databaseName = databaseName; + this.setOwnerPrincipal(ownerPrincipal); + this.setAlterType(ALTER_DB_TYPES.ALTER_OWNER); } + @Explain(displayName="properties") public Map getDatabaseProperties() { return dbProperties; } @@ -84,21 +77,20 @@ public void setDatabaseName(String databaseName) { this.databaseName = databaseName; } - @Explain(displayName="comment") - public String getComment() { - return comment; + @Explain(displayName="owner") + public PrincipalDesc getOwnerPrincipal() { + return ownerPrincipal; } - public void setComment(String comment) { - this.comment = comment; + public void setOwnerPrincipal(PrincipalDesc ownerPrincipal) { + this.ownerPrincipal = ownerPrincipal; } - @Explain(displayName="locationUri") - public String getLocationUri() { - return locationUri; + public ALTER_DB_TYPES getAlterType() { + return alterType; } - public void setLocationUri(String locationUri) { - this.locationUri = locationUri; + public void setAlterType(ALTER_DB_TYPES alterType) { + this.alterType = alterType; } } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java index e661f00..89c71ea 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java @@ -101,6 +101,7 @@ QUERY("QUERY", new Privilege[]{Privilege.SELECT}, new Privilege[]{Privilege.ALTER_DATA, Privilege.CREATE}), ALTERINDEX_PROPS("ALTERINDEX_PROPS",null, null), ALTERDATABASE("ALTERDATABASE", null, null), + ALTERDATABASE_OWNER("ALTERDATABASE_OWNER", null, null), DESCDATABASE("DESCDATABASE", null, null), ALTERTABLE_MERGEFILES("ALTER_TABLE_MERGE", new Privilege[] { Privilege.SELECT }, new Privilege[] { Privilege.ALTER_DATA }), ALTERPARTITION_MERGEFILES("ALTER_PARTITION_MERGE", new Privilege[] { Privilege.SELECT }, new Privilege[] { Privilege.ALTER_DATA }), diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java index f1671ba..15465b1 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java @@ -103,6 +103,7 @@ QUERY, ALTERINDEX_PROPS, ALTERDATABASE, + ALTERDATABASE_OWNER, DESCDATABASE, ALTERTABLE_MERGEFILES, ALTERPARTITION_MERGEFILES, @@ -110,4 +111,5 @@ ALTERTBLPART_SKEWED_LOCATION, ALTERVIEW_RENAME, + } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java index c43bcea..81f256d 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java @@ -71,7 +71,7 @@ op2Priv.put(HiveOperationType.CREATEDATABASE, new InOutPrivs(ADMIN_PRIV_AR, OWNER_INS_SEL_DEL_NOGRANT_AR)); - op2Priv.put(HiveOperationType.DROPDATABASE, new InOutPrivs(OWNER_PRIV_AR, null)); + op2Priv.put(HiveOperationType.DROPDATABASE, new InOutPrivs(null, OWNER_PRIV_AR)); // this should be database usage privilege once it is supported op2Priv.put(HiveOperationType.SWITCHDATABASE, new InOutPrivs(null, null)); @@ -181,7 +181,8 @@ op2Priv.put(HiveOperationType.CREATETABLE, new InOutPrivs(OWNER_INS_SEL_DEL_NOGRANT_AR, OWNER_PRIV_AR)); - op2Priv.put(HiveOperationType.ALTERDATABASE, new InOutPrivs(OWNER_PRIV_AR, null)); + op2Priv.put(HiveOperationType.ALTERDATABASE, new InOutPrivs(null, ADMIN_PRIV_AR)); + op2Priv.put(HiveOperationType.ALTERDATABASE_OWNER, new InOutPrivs(null, ADMIN_PRIV_AR)); op2Priv.put(HiveOperationType.DESCDATABASE, new InOutPrivs(null, null)); // The following actions are authorized through SQLStdHiveAccessController, diff --git a/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q b/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q new file mode 100644 index 0000000..24e26ce --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q @@ -0,0 +1,11 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; +set user.name=user1; + +-- check if alter table owner fails +-- for now, alter db owner is allowed only for admin + +create database dbao; +alter database dbao set owner user user2; + diff --git a/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q b/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q new file mode 100644 index 0000000..b12125f --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q @@ -0,0 +1,8 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; +set user.name=user1; + +-- check if alter table owner fails +alter database default set owner user user1; + diff --git a/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q b/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q new file mode 100644 index 0000000..ff7b572 --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q @@ -0,0 +1,22 @@ +set hive.users.in.admin.role=hive_admin_user; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; +set user.name=user1; + +-- ensure that drop database cascade works +create database dba1; +create table dba1.tab1(i int); +drop database dba1 cascade; + +-- check if drop database fails if the db has a table for which user does not have permission +create database dba2; +create table dba2.tab2(i int); + +set user.name=hive_admin_user; +set role ADMIN; +alter database dba2 set owner user user2; + +set user.name=user2; +show current roles; +drop database dba2 cascade ; diff --git a/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q b/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q new file mode 100644 index 0000000..e16b973 --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q @@ -0,0 +1,27 @@ +set hive.users.in.admin.role=hive_admin_user; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; +set user.name=user1; + +-- check if changing owner and dropping as other user works +create database dba1; + +set user.name=hive_admin_user; +set role ADMIN; +alter database dba1 set owner user user2; + +set user.name=user2; +show current roles; +drop database dba1; + + +set user.name=user1; +-- check if dropping db as another user fails +show current roles; +create database dba2; + +set user.name=user2; +show current roles; + +drop database dba2; diff --git a/ql/src/test/queries/clientpositive/alter_db_owner.q b/ql/src/test/queries/clientpositive/alter_db_owner.q new file mode 100644 index 0000000..b224f33 --- /dev/null +++ b/ql/src/test/queries/clientpositive/alter_db_owner.q @@ -0,0 +1,9 @@ + +create database db_alter_onr; +describe database db_alter_onr; + +alter database db_alter_onr set owner user user1; +describe database db_alter_onr; + +alter database db_alter_onr set owner role role1; +describe database db_alter_onr; diff --git a/ql/src/test/results/clientnegative/authorization_alter_db_owner.q.out b/ql/src/test/results/clientnegative/authorization_alter_db_owner.q.out new file mode 100644 index 0000000..550cbcc --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_alter_db_owner.q.out @@ -0,0 +1,9 @@ +#### A masked pattern was here #### + +create database dbao +PREHOOK: type: CREATEDATABASE +#### A masked pattern was here #### + +create database dbao +POSTHOOK: type: CREATEDATABASE +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=DATABASE, name=dbao] : [ADMIN PRIVILEGE] diff --git a/ql/src/test/results/clientnegative/authorization_alter_db_owner_default.q.out b/ql/src/test/results/clientnegative/authorization_alter_db_owner_default.q.out new file mode 100644 index 0000000..4df868e --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_alter_db_owner_default.q.out @@ -0,0 +1 @@ +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=DATABASE, name=default] : [ADMIN PRIVILEGE] diff --git a/ql/src/test/results/clientnegative/authorization_drop_db_cascade.q.out b/ql/src/test/results/clientnegative/authorization_drop_db_cascade.q.out new file mode 100644 index 0000000..eda2146 --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_drop_db_cascade.q.out @@ -0,0 +1,53 @@ +PREHOOK: query: -- ensure that drop database cascade works +create database dba1 +PREHOOK: type: CREATEDATABASE +POSTHOOK: query: -- ensure that drop database cascade works +create database dba1 +POSTHOOK: type: CREATEDATABASE +PREHOOK: query: create table dba1.tab1(i int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:dba1 +POSTHOOK: query: create table dba1.tab1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:dba1 +POSTHOOK: Output: dba1@tab1 +PREHOOK: query: drop database dba1 cascade +PREHOOK: type: DROPDATABASE +PREHOOK: Input: database:dba1 +PREHOOK: Output: database:dba1 +PREHOOK: Output: dba1@tab1 +POSTHOOK: query: drop database dba1 cascade +POSTHOOK: type: DROPDATABASE +POSTHOOK: Input: database:dba1 +POSTHOOK: Output: database:dba1 +POSTHOOK: Output: dba1@tab1 +PREHOOK: query: -- check if drop database fails if the db has a table for which user does not have permission +create database dba2 +PREHOOK: type: CREATEDATABASE +POSTHOOK: query: -- check if drop database fails if the db has a table for which user does not have permission +create database dba2 +POSTHOOK: type: CREATEDATABASE +PREHOOK: query: create table dba2.tab2(i int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:dba2 +POSTHOOK: query: create table dba2.tab2(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:dba2 +POSTHOOK: Output: dba2@tab2 +PREHOOK: query: set role ADMIN +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role ADMIN +POSTHOOK: type: SHOW_ROLES +#### A masked pattern was here #### +PREHOOK: type: ALTERDATABASE_OWNER +PREHOOK: Output: database:dba2 +#### A masked pattern was here #### +POSTHOOK: type: ALTERDATABASE_OWNER +POSTHOOK: Output: database:dba2 +PREHOOK: query: show current roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show current roles +POSTHOOK: type: SHOW_ROLES +PUBLIC + +FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=dba2.tab2] : [OBJECT OWNERSHIP] diff --git a/ql/src/test/results/clientnegative/authorization_drop_db_empty.q.out b/ql/src/test/results/clientnegative/authorization_drop_db_empty.q.out new file mode 100644 index 0000000..27a6822 --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_drop_db_empty.q.out @@ -0,0 +1,49 @@ +#### A masked pattern was here #### +create database dba1 +PREHOOK: type: CREATEDATABASE +#### A masked pattern was here #### +create database dba1 +POSTHOOK: type: CREATEDATABASE +PREHOOK: query: set role ADMIN +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role ADMIN +POSTHOOK: type: SHOW_ROLES +#### A masked pattern was here #### +PREHOOK: type: ALTERDATABASE_OWNER +PREHOOK: Output: database:dba1 +#### A masked pattern was here #### +POSTHOOK: type: ALTERDATABASE_OWNER +POSTHOOK: Output: database:dba1 +PREHOOK: query: show current roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show current roles +POSTHOOK: type: SHOW_ROLES +PUBLIC + +PREHOOK: query: drop database dba1 +PREHOOK: type: DROPDATABASE +PREHOOK: Input: database:dba1 +PREHOOK: Output: database:dba1 +POSTHOOK: query: drop database dba1 +POSTHOOK: type: DROPDATABASE +POSTHOOK: Input: database:dba1 +POSTHOOK: Output: database:dba1 +PREHOOK: query: -- check if dropping db as another user fails +show current roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: -- check if dropping db as another user fails +show current roles +POSTHOOK: type: SHOW_ROLES +PUBLIC + +PREHOOK: query: create database dba2 +PREHOOK: type: CREATEDATABASE +POSTHOOK: query: create database dba2 +POSTHOOK: type: CREATEDATABASE +PREHOOK: query: show current roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show current roles +POSTHOOK: type: SHOW_ROLES +PUBLIC + +FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=DATABASE, name=dba2] : [OBJECT OWNERSHIP] diff --git a/ql/src/test/results/clientpositive/alter_db_owner.q.out b/ql/src/test/results/clientpositive/alter_db_owner.q.out new file mode 100644 index 0000000..e3982da --- /dev/null +++ b/ql/src/test/results/clientpositive/alter_db_owner.q.out @@ -0,0 +1,29 @@ +PREHOOK: query: create database db_alter_onr +PREHOOK: type: CREATEDATABASE +POSTHOOK: query: create database db_alter_onr +POSTHOOK: type: CREATEDATABASE +PREHOOK: query: describe database db_alter_onr +PREHOOK: type: DESCDATABASE +POSTHOOK: query: describe database db_alter_onr +POSTHOOK: type: DESCDATABASE +#### A masked pattern was here #### +PREHOOK: type: ALTERDATABASE_OWNER +PREHOOK: Output: database:db_alter_onr +#### A masked pattern was here #### +POSTHOOK: type: ALTERDATABASE_OWNER +POSTHOOK: Output: database:db_alter_onr +PREHOOK: query: describe database db_alter_onr +PREHOOK: type: DESCDATABASE +POSTHOOK: query: describe database db_alter_onr +POSTHOOK: type: DESCDATABASE +#### A masked pattern was here #### +PREHOOK: type: ALTERDATABASE_OWNER +PREHOOK: Output: database:db_alter_onr +#### A masked pattern was here #### +POSTHOOK: type: ALTERDATABASE_OWNER +POSTHOOK: Output: database:db_alter_onr +PREHOOK: query: describe database db_alter_onr +PREHOOK: type: DESCDATABASE +POSTHOOK: query: describe database db_alter_onr +POSTHOOK: type: DESCDATABASE +#### A masked pattern was here #### diff --git a/ql/src/test/results/clientpositive/database.q.out b/ql/src/test/results/clientpositive/database.q.out index cdaa405..448f4e9 100644 --- a/ql/src/test/results/clientpositive/database.q.out +++ b/ql/src/test/results/clientpositive/database.q.out @@ -411,10 +411,14 @@ PREHOOK: query: DROP DATABASE to_drop_db2 CASCADE PREHOOK: type: DROPDATABASE PREHOOK: Input: database:to_drop_db2 PREHOOK: Output: database:to_drop_db2 +PREHOOK: Output: to_drop_db2@temp_tbl +PREHOOK: Output: to_drop_db2@temp_tbl2 POSTHOOK: query: DROP DATABASE to_drop_db2 CASCADE POSTHOOK: type: DROPDATABASE POSTHOOK: Input: database:to_drop_db2 POSTHOOK: Output: database:to_drop_db2 +POSTHOOK: Output: to_drop_db2@temp_tbl +POSTHOOK: Output: to_drop_db2@temp_tbl2 POSTHOOK: Lineage: temp_tbl2.c EXPRESSION [(temp_tbl)temp_tbl.null, ] PREHOOK: query: SHOW DATABASES PREHOOK: type: SHOWDATABASES @@ -458,10 +462,12 @@ PREHOOK: query: DROP DATABASE IF EXISTS to_drop_db3 CASCADE PREHOOK: type: DROPDATABASE PREHOOK: Input: database:to_drop_db3 PREHOOK: Output: database:to_drop_db3 +PREHOOK: Output: to_drop_db3@temp_tbl POSTHOOK: query: DROP DATABASE IF EXISTS to_drop_db3 CASCADE POSTHOOK: type: DROPDATABASE POSTHOOK: Input: database:to_drop_db3 POSTHOOK: Output: database:to_drop_db3 +POSTHOOK: Output: to_drop_db3@temp_tbl POSTHOOK: Lineage: temp_tbl2.c EXPRESSION [(temp_tbl)temp_tbl.null, ] PREHOOK: query: SHOW DATABASES PREHOOK: type: SHOWDATABASES diff --git a/ql/src/test/results/clientpositive/drop_database_removes_partition_dirs.q.out b/ql/src/test/results/clientpositive/drop_database_removes_partition_dirs.q.out index 475d3d0..e9ea92d 100644 --- a/ql/src/test/results/clientpositive/drop_database_removes_partition_dirs.q.out +++ b/ql/src/test/results/clientpositive/drop_database_removes_partition_dirs.q.out @@ -62,10 +62,12 @@ PREHOOK: query: DROP DATABASE test_database CASCADE PREHOOK: type: DROPDATABASE PREHOOK: Input: database:test_database PREHOOK: Output: database:test_database +PREHOOK: Output: test_database@test_table POSTHOOK: query: DROP DATABASE test_database CASCADE POSTHOOK: type: DROPDATABASE POSTHOOK: Input: database:test_database POSTHOOK: Output: database:test_database +POSTHOOK: Output: test_database@test_table POSTHOOK: Lineage: test_table PARTITION(part=1).key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ] POSTHOOK: Lineage: test_table PARTITION(part=1).value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ] #### A masked pattern was here #### diff --git a/ql/src/test/results/clientpositive/input46.q.out b/ql/src/test/results/clientpositive/input46.q.out index a891362..fc3a254 100644 --- a/ql/src/test/results/clientpositive/input46.q.out +++ b/ql/src/test/results/clientpositive/input46.q.out @@ -34,7 +34,15 @@ PREHOOK: query: drop database table_in_database_creation cascade PREHOOK: type: DROPDATABASE PREHOOK: Input: database:table_in_database_creation PREHOOK: Output: database:table_in_database_creation +PREHOOK: Output: table_in_database_creation@test1 +PREHOOK: Output: table_in_database_creation@test2 +PREHOOK: Output: table_in_database_creation@test3 +PREHOOK: Output: table_in_database_creation@test4 POSTHOOK: query: drop database table_in_database_creation cascade POSTHOOK: type: DROPDATABASE POSTHOOK: Input: database:table_in_database_creation POSTHOOK: Output: database:table_in_database_creation +POSTHOOK: Output: table_in_database_creation@test1 +POSTHOOK: Output: table_in_database_creation@test2 +POSTHOOK: Output: table_in_database_creation@test3 +POSTHOOK: Output: table_in_database_creation@test4