diff --git itests/hive-unit/src/test/java/org/apache/hadoop/hive/jdbc/TestJdbcDriver.java itests/hive-unit/src/test/java/org/apache/hadoop/hive/jdbc/TestJdbcDriver.java index 1ebedde..7a0cd0e 100644 --- itests/hive-unit/src/test/java/org/apache/hadoop/hive/jdbc/TestJdbcDriver.java +++ itests/hive-unit/src/test/java/org/apache/hadoop/hive/jdbc/TestJdbcDriver.java @@ -644,7 +644,7 @@ public void testMetaDataGetTables() throws SQLException { tests.put("", new Object[]{}); for (String checkPattern: tests.keySet()) { - ResultSet rs = (ResultSet)con.getMetaData().getTables("default", null, checkPattern, null); + ResultSet rs = con.getMetaData().getTables("default", null, checkPattern, null); int cnt = 0; while (rs.next()) { String resultTableName = rs.getString("TABLE_NAME"); @@ -663,7 +663,7 @@ public void testMetaDataGetTables() throws SQLException { } // only ask for the views. - ResultSet rs = (ResultSet)con.getMetaData().getTables("default", null, null + ResultSet rs = con.getMetaData().getTables("default", null, null , new String[]{"VIEW"}); int cnt=0; while (rs.next()) { @@ -674,7 +674,7 @@ public void testMetaDataGetTables() throws SQLException { } public void testMetaDataGetCatalogs() throws SQLException { - ResultSet rs = (ResultSet)con.getMetaData().getCatalogs(); + ResultSet rs = con.getMetaData().getCatalogs(); int cnt = 0; while (rs.next()) { String catalogname = rs.getString("TABLE_CAT"); @@ -694,7 +694,7 @@ public void testMetaDataGetCatalogs() throws SQLException { } public void testMetaDataGetSchemas() throws SQLException { - ResultSet rs = (ResultSet)con.getMetaData().getSchemas(); + ResultSet rs = con.getMetaData().getSchemas(); int cnt = 0; while (rs.next()) { cnt++; @@ -704,7 +704,7 @@ public void testMetaDataGetSchemas() throws SQLException { } public void testMetaDataGetTableTypes() throws SQLException { - ResultSet rs = (ResultSet)con.getMetaData().getTableTypes(); + ResultSet rs = con.getMetaData().getTableTypes(); Set tabletypes = new HashSet(); tabletypes.add("TABLE"); tabletypes.add("EXTERNAL TABLE"); @@ -772,7 +772,7 @@ public void testMetaDataGetColumns() throws SQLException { * Validate the Metadata for the result set of a metadata getColumns call. */ public void testMetaDataGetColumnsMetaData() throws SQLException { - ResultSet rs = (ResultSet)con.getMetaData().getColumns(null, null + ResultSet rs = con.getMetaData().getColumns(null, null , "testhivejdbcdriver\\_table", null); ResultSetMetaData rsmd = rs.getMetaData(); @@ -791,6 +791,7 @@ public void testConversionsBaseResultSet() throws SQLException { , Arrays.asList("long") , Arrays.asList(1234, "1234", "abc")) { private int cnt=1; + @Override public boolean next() throws SQLException { if (cnt roles = new ArrayList(); for (int i = rolesStartPos; i < ast.getChildCount(); i++) { - roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText())); + roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText()).toLowerCase()); } String roleOwnerName = SessionState.getUserFromAuthenticator(); diff --git ql/src/java/org/apache/hadoop/hive/ql/plan/GrantRevokeRoleDDL.java ql/src/java/org/apache/hadoop/hive/ql/plan/GrantRevokeRoleDDL.java index d8488a7..65db04e 100644 --- ql/src/java/org/apache/hadoop/hive/ql/plan/GrantRevokeRoleDDL.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/GrantRevokeRoleDDL.java @@ -24,19 +24,19 @@ @Explain(displayName="grant or revoke roles") public class GrantRevokeRoleDDL { - + private boolean grant; - + private List principalDesc; - + private List roles; - + private String grantor; - + private PrincipalType grantorType; - + private boolean grantOption; - + public GrantRevokeRoleDDL() { } @@ -110,6 +110,6 @@ public boolean isGrantOption() { public void setGrantOption(boolean grantOption) { this.grantOption = grantOption; - } + } } diff --git ql/src/java/org/apache/hadoop/hive/ql/plan/PrincipalDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/PrincipalDesc.java index 7dc0ded..818a8e3 100644 --- ql/src/java/org/apache/hadoop/hive/ql/plan/PrincipalDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/PrincipalDesc.java @@ -26,9 +26,9 @@ public class PrincipalDesc implements Serializable, Cloneable { private static final long serialVersionUID = 1L; - + private String name; - + private PrincipalType type; public PrincipalDesc(String name, PrincipalType type) { diff --git ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java index b4da3d1..cc12e1c 100644 --- ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java @@ -102,7 +102,7 @@ public RoleDDLDesc(String roleName, RoleOperation operation) { public RoleDDLDesc(String principalName, PrincipalType principalType, RoleOperation operation, String roleOwnerName) { - this.name = principalName; + this.name = principalName == null ? null : principalName.toLowerCase(); this.principalType = principalType; this.operation = operation; this.roleOwnerName = roleOwnerName; @@ -114,7 +114,7 @@ public String getName() { } public void setName(String roleName) { - this.name = roleName; + this.name = roleName.toLowerCase(); } @Explain(displayName = "role operation") diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java index 22a2ec8..57658db 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java @@ -252,8 +252,8 @@ public void createRole(String roleName, HivePrincipal adminGrantor) String grantorName = adminGrantor == null ? null : adminGrantor.getName(); metastoreClientFactory.getHiveMetastoreClient().create_role( new Role(roleName, 0, grantorName)); - } catch (Exception e) { - throw new HiveAuthzPluginException("Error create role", e); + } catch (TException e) { + throw new HiveAuthzPluginException("Error create role : " + e.getMessage(), e); } } diff --git ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q new file mode 100644 index 0000000..d6db786 --- /dev/null +++ ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q @@ -0,0 +1,17 @@ +set hive.users.in.admin.role=hive_admin_user; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set user.name=hive_admin_user; +set role ADMIN; + +create role testrole; +show roles; +drop role TESTROLE; +show roles; +create role TESTROLE; +show roles; +grant role testROLE to user hive_admin_user; +set role testrolE; +set role adMin; +show roles; +create role TESTRoLE; diff --git ql/src/test/results/clientnegative/authorization_caseinsensitivity.q.out ql/src/test/results/clientnegative/authorization_caseinsensitivity.q.out new file mode 100644 index 0000000..9cd36b6 --- /dev/null +++ ql/src/test/results/clientnegative/authorization_caseinsensitivity.q.out @@ -0,0 +1,62 @@ +PREHOOK: query: set role ADMIN +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role ADMIN +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: create role testrole +PREHOOK: type: CREATEROLE +POSTHOOK: query: create role testrole +POSTHOOK: type: CREATEROLE +PREHOOK: query: show roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show roles +POSTHOOK: type: SHOW_ROLES +admin +public +testrole + +PREHOOK: query: drop role TESTROLE +PREHOOK: type: DROPROLE +POSTHOOK: query: drop role TESTROLE +POSTHOOK: type: DROPROLE +PREHOOK: query: show roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show roles +POSTHOOK: type: SHOW_ROLES +admin +public + +PREHOOK: query: create role TESTROLE +PREHOOK: type: CREATEROLE +POSTHOOK: query: create role TESTROLE +POSTHOOK: type: CREATEROLE +PREHOOK: query: show roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show roles +POSTHOOK: type: SHOW_ROLES +admin +public +testrole + +PREHOOK: query: grant role testROLE to user hive_admin_user +PREHOOK: type: GRANT_ROLE +POSTHOOK: query: grant role testROLE to user hive_admin_user +POSTHOOK: type: GRANT_ROLE +PREHOOK: query: set role testrolE +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role testrolE +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: set role adMin +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role adMin +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: show roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show roles +POSTHOOK: type: SHOW_ROLES +admin +public +testrole + +PREHOOK: query: create role TESTRoLE +PREHOOK: type: CREATEROLE +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. InvalidObjectException(message:Role testrole already exists.) diff --git ql/src/test/results/clientnegative/authorization_drop_db_cascade.q.out ql/src/test/results/clientnegative/authorization_drop_db_cascade.q.out index eda2146..74ab4c8 100644 --- ql/src/test/results/clientnegative/authorization_drop_db_cascade.q.out +++ ql/src/test/results/clientnegative/authorization_drop_db_cascade.q.out @@ -48,6 +48,6 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=dba2.tab2] : [OBJECT OWNERSHIP] diff --git ql/src/test/results/clientnegative/authorization_drop_db_empty.q.out ql/src/test/results/clientnegative/authorization_drop_db_empty.q.out index 27a6822..bd7447f 100644 --- ql/src/test/results/clientnegative/authorization_drop_db_empty.q.out +++ ql/src/test/results/clientnegative/authorization_drop_db_empty.q.out @@ -18,7 +18,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public PREHOOK: query: drop database dba1 PREHOOK: type: DROPDATABASE @@ -34,7 +34,7 @@ PREHOOK: type: SHOW_ROLES POSTHOOK: query: -- check if dropping db as another user fails show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public PREHOOK: query: create database dba2 PREHOOK: type: CREATEDATABASE @@ -44,6 +44,6 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=DATABASE, name=dba2] : [OBJECT OWNERSHIP] diff --git ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out index c03876d..05b4119 100644 --- ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out +++ ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out @@ -6,7 +6,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -ADMIN +admin PREHOOK: query: create role r1 PREHOOK: type: CREATEROLE @@ -20,7 +20,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public PREHOOK: query: drop role r1 PREHOOK: type: DROPROLE diff --git ql/src/test/results/clientnegative/authorization_fail_7.q.out ql/src/test/results/clientnegative/authorization_fail_7.q.out index ffff69d..e9b7c35 100644 --- ql/src/test/results/clientnegative/authorization_fail_7.q.out +++ ql/src/test/results/clientnegative/authorization_fail_7.q.out @@ -27,8 +27,8 @@ PREHOOK: query: show role grant user hive_test_user PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC false -1 hive_test_role_fail false -1 hive_test_user +public false -1 PREHOOK: query: show grant role hive_test_role_fail on table authorization_fail PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role hive_test_role_fail on table authorization_fail diff --git ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out index 7f983ba..a62b7b3 100644 --- ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out +++ ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out @@ -39,7 +39,7 @@ POSTHOOK: query: -- switch to user2 -- by default all roles should be in current roles, and grant to new user should work show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public role2 PREHOOK: query: grant all on table tpriv_current_role to user user3 diff --git ql/src/test/results/clientnegative/authorization_public_create.q.out ql/src/test/results/clientnegative/authorization_public_create.q.out index bccdc53..0318a8b 100644 --- ql/src/test/results/clientnegative/authorization_public_create.q.out +++ ql/src/test/results/clientnegative/authorization_public_create.q.out @@ -1,4 +1,4 @@ PREHOOK: query: create role PUBLIC PREHOOK: type: CREATEROLE -Error in role operation create_role on role name PUBLIC, error message MetaException(message:PUBLIC role implictly exists. It can't be created.) +Error in role operation create_role on role name public, error message MetaException(message:public role implictly exists. It can't be created.) FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask diff --git ql/src/test/results/clientnegative/authorization_public_drop.q.out ql/src/test/results/clientnegative/authorization_public_drop.q.out index 14f6b3a..912589d 100644 --- ql/src/test/results/clientnegative/authorization_public_drop.q.out +++ ql/src/test/results/clientnegative/authorization_public_drop.q.out @@ -1,4 +1,4 @@ PREHOOK: query: drop role PUBLIC PREHOOK: type: DROPROLE -Error in role operation drop_role on role name PUBLIC, error message MetaException(message:PUBLIC/ADMIN role can't be dropped.) +Error in role operation drop_role on role name public, error message MetaException(message:public/admin role can't be dropped.) FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask diff --git ql/src/test/results/clientnegative/authorization_role_grant.q.out ql/src/test/results/clientnegative/authorization_role_grant.q.out index 0f88444..0e5e724 100644 --- ql/src/test/results/clientnegative/authorization_role_grant.q.out +++ ql/src/test/results/clientnegative/authorization_role_grant.q.out @@ -32,7 +32,7 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC false -1 +public false -1 role_noadmin false -1 hive_admin_user src_role_wadmin true -1 hive_admin_user PREHOOK: query: set role role_noadmin diff --git ql/src/test/results/clientnegative/authorization_rolehierarchy_privs.q.out ql/src/test/results/clientnegative/authorization_rolehierarchy_privs.q.out index 7268370..9f99d6f 100644 --- ql/src/test/results/clientnegative/authorization_rolehierarchy_privs.q.out +++ ql/src/test/results/clientnegative/authorization_rolehierarchy_privs.q.out @@ -2,7 +2,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public PREHOOK: query: set role ADMIN PREHOOK: type: SHOW_ROLES @@ -59,7 +59,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public role1 role2 role3 @@ -76,7 +76,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public PREHOOK: query: grant select on t1 to role role2 PREHOOK: type: GRANT_PRIVILEGE @@ -88,7 +88,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public role1 role2 role3 @@ -109,7 +109,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -ADMIN +admin PREHOOK: query: revoke select on table t1 from role role2 PREHOOK: type: REVOKE_PRIVILEGE @@ -133,7 +133,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public role1 role2 role3 @@ -151,7 +151,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public PREHOOK: query: set role ADMIN PREHOOK: type: SHOW_ROLES @@ -169,7 +169,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public role1 role2 role3 @@ -187,7 +187,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public PREHOOK: query: set role ADMIN PREHOOK: type: SHOW_ROLES @@ -201,7 +201,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public role1 role2 role4 diff --git ql/src/test/results/clientnegative/authorize_grant_public.q.out ql/src/test/results/clientnegative/authorize_grant_public.q.out index dae4331..ef4a1b1 100644 --- ql/src/test/results/clientnegative/authorize_grant_public.q.out +++ ql/src/test/results/clientnegative/authorize_grant_public.q.out @@ -1,3 +1,3 @@ PREHOOK: query: grant role PUBLIC to user hive_test_user PREHOOK: type: GRANT_ROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:No user can be added to PUBLIC. Since all users implictly belong to PUBLIC role.) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:No user can be added to public. Since all users implictly belong to public role.) diff --git ql/src/test/results/clientnegative/authorize_revoke_public.q.out ql/src/test/results/clientnegative/authorize_revoke_public.q.out index cff88ca..618fedd 100644 --- ql/src/test/results/clientnegative/authorize_revoke_public.q.out +++ ql/src/test/results/clientnegative/authorize_revoke_public.q.out @@ -1,3 +1,3 @@ PREHOOK: query: revoke role PUBLIC from user hive_test_user PREHOOK: type: REVOKE_ROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:PUBLIC role can't be revoked.) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:public role can't be revoked.) diff --git ql/src/test/results/clientpositive/authorization_1.q.out ql/src/test/results/clientpositive/authorization_1.q.out index 1c52151..0ff4b04 100644 --- ql/src/test/results/clientpositive/authorization_1.q.out +++ ql/src/test/results/clientpositive/authorization_1.q.out @@ -267,7 +267,7 @@ PREHOOK: query: show role grant user hive_test_user PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC false -1 +public false -1 src_role false -1 hive_test_user PREHOOK: query: --column grant to role diff --git ql/src/test/results/clientpositive/authorization_1_sql_std.q.out ql/src/test/results/clientpositive/authorization_1_sql_std.q.out index 3e39801..718ff31 100644 --- ql/src/test/results/clientpositive/authorization_1_sql_std.q.out +++ ql/src/test/results/clientpositive/authorization_1_sql_std.q.out @@ -48,7 +48,7 @@ PREHOOK: query: show role grant user user_sauth PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user_sauth POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC false -1 +public false -1 src_role false -1 hive_admin_user PREHOOK: query: --table grant to role diff --git ql/src/test/results/clientpositive/authorization_5.q.out ql/src/test/results/clientpositive/authorization_5.q.out index 3353adf..6f75dd1 100644 --- ql/src/test/results/clientpositive/authorization_5.q.out +++ ql/src/test/results/clientpositive/authorization_5.q.out @@ -38,8 +38,8 @@ PREHOOK: query: SHOW ROLE GRANT USER hive_test_user PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: SHOW ROLE GRANT USER hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC false -1 db_test_role false -1 hive_test_user +public false -1 PREHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_test_role PREHOOK: type: GRANT_PRIVILEGE POSTHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_test_role diff --git ql/src/test/results/clientpositive/authorization_9.q.out ql/src/test/results/clientpositive/authorization_9.q.out index 3ec988c..226ce28 100644 --- ql/src/test/results/clientpositive/authorization_9.q.out +++ ql/src/test/results/clientpositive/authorization_9.q.out @@ -63,7 +63,7 @@ PREHOOK: query: show grant on all PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant on all POSTHOOK: type: SHOW_GRANT - ADMIN ROLE All true -1 ADMIN + admin ROLE All true -1 admin default hive_test_user USER Select false -1 hive_test_user default hive_test_user2 USER Select false -1 hive_test_user default dummy hive_test_user USER Select false -1 hive_test_user diff --git ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out index df0d5c4..d4f9555 100644 --- ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out +++ ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out @@ -13,7 +13,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public PREHOOK: query: set role ADMIN PREHOOK: type: SHOW_ROLES @@ -23,7 +23,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -ADMIN +admin PREHOOK: query: select * from t1 PREHOOK: type: QUERY diff --git ql/src/test/results/clientpositive/authorization_role_grant1.q.out ql/src/test/results/clientpositive/authorization_role_grant1.q.out index 305dd9d..3c846eb 100644 --- ql/src/test/results/clientpositive/authorization_role_grant1.q.out +++ ql/src/test/results/clientpositive/authorization_role_grant1.q.out @@ -18,14 +18,14 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC false -1 +public false -1 src_role2 false -1 hive_admin_user PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles POSTHOOK: type: SHOW_ROLES -ADMIN -PUBLIC +admin +public src_role2 PREHOOK: query: -- revoke role without role keyword @@ -38,13 +38,13 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC false -1 +public false -1 PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles POSTHOOK: type: SHOW_ROLES -ADMIN -PUBLIC +admin +public src_role2 PREHOOK: query: ---------------------------------------- @@ -67,7 +67,7 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC false -1 +public false -1 src_role_wadmin true -1 hive_admin_user PREHOOK: query: -- revoke role without role keyword revoke src_role_wadmin from user user2 @@ -79,15 +79,15 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC false -1 +public false -1 PREHOOK: query: -- drop roles show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: -- drop roles show roles POSTHOOK: type: SHOW_ROLES -ADMIN -PUBLIC +admin +public src_role2 src_role_wadmin @@ -99,8 +99,8 @@ PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles POSTHOOK: type: SHOW_ROLES -ADMIN -PUBLIC +admin +public src_role_wadmin PREHOOK: query: drop role src_role_wadmin @@ -111,6 +111,6 @@ PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles POSTHOOK: type: SHOW_ROLES -ADMIN -PUBLIC +admin +public diff --git ql/src/test/results/clientpositive/authorization_role_grant2.q.out ql/src/test/results/clientpositive/authorization_role_grant2.q.out index f294311..1e8f88a 100644 --- ql/src/test/results/clientpositive/authorization_role_grant2.q.out +++ ql/src/test/results/clientpositive/authorization_role_grant2.q.out @@ -23,7 +23,7 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT role grant_option grant_time grantor -PUBLIC false -1 +public false -1 src_role_wadmin true -1 hive_admin_user PREHOOK: query: show principals src_role_wadmin PREHOOK: type: SHOW_ROLE_PRINCIPALS @@ -44,7 +44,7 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user3 POSTHOOK: type: SHOW_ROLE_GRANT role grant_option grant_time grantor -PUBLIC false -1 +public false -1 src_role_wadmin false -1 user2 PREHOOK: query: set role ADMIN PREHOOK: type: SHOW_ROLES @@ -70,7 +70,7 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user3 POSTHOOK: type: SHOW_ROLE_GRANT role grant_option grant_time grantor -PUBLIC false -1 +public false -1 PREHOOK: query: set role ADMIN PREHOOK: type: SHOW_ROLES POSTHOOK: query: set role ADMIN diff --git ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out index d5fbc48..8449813 100644 --- ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out +++ ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out @@ -6,7 +6,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -ADMIN +admin PREHOOK: query: create role r1 PREHOOK: type: CREATEROLE @@ -34,7 +34,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public PREHOOK: query: set role ALL PREHOOK: type: SHOW_ROLES @@ -44,7 +44,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public r1 PREHOOK: query: set role ADMIN diff --git ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out index b431c35..50c0247 100644 --- ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out +++ ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out @@ -155,7 +155,7 @@ PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES -PUBLIC +public PREHOOK: query: set role ADMIN PREHOOK: type: SHOW_ROLES @@ -173,14 +173,14 @@ PREHOOK: query: show role grant user user4 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user4 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC false -1 +public false -1 role_v false -1 hive_admin_user PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles POSTHOOK: type: SHOW_ROLES -ADMIN -PUBLIC +admin +public role_v PREHOOK: query: grant all on table vt2 to role role_v diff --git ql/src/test/results/clientpositive/show_roles.q.out ql/src/test/results/clientpositive/show_roles.q.out index 5591bbb..f90bba0 100644 --- ql/src/test/results/clientpositive/show_roles.q.out +++ ql/src/test/results/clientpositive/show_roles.q.out @@ -10,7 +10,7 @@ PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles POSTHOOK: type: SHOW_ROLES -ADMIN -PUBLIC +admin +public role1 role2