diff --git itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/AbstractTestAuthorizationApiAuthorizer.java itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/AbstractTestAuthorizationApiAuthorizer.java index 439cf56370..1f1a9c4d83 100644 --- itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/AbstractTestAuthorizationApiAuthorizer.java +++ itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/AbstractTestAuthorizationApiAuthorizer.java @@ -35,6 +35,7 @@ import org.apache.hadoop.hive.metastore.utils.MetaStoreUtils; import org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly; import org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener; +import org.apache.thrift.TException; import org.junit.Test; /** @@ -92,15 +93,27 @@ private void testFunction(FunctionInvoker mscFunctionInvoker) throws Exception { // authorization checks passed. String exStackString = ExceptionUtils.getStackTrace(e); assertTrue("Verifying this exception came after authorization check", - exStackString.contains("org.apache.hadoop.hive.metastore.ObjectStore")); + exStackString.contains("org.apache.hadoop.hive.metastore.ObjectStore")); // If its not an exception caused by auth check, ignore it } assertFalse("Authz Exception should have been thrown in remote mode", isRemoteMetastoreMode); System.err.println("No auth exception thrown"); } catch (MetaException e) { System.err.println("Caught exception"); - caughtEx = true; - assertTrue(e.getMessage().contains(MetaStoreAuthzAPIAuthorizerEmbedOnly.errMsg)); + String exStackString = ExceptionUtils.getStackTrace(e); + // Check if MetaException has one of InvalidObjectException or NoSuchObjectExcetion or any exception thrown from ObjectStore , which means that the + // authorization checks passed. + if(exStackString.contains("org.apache.hadoop.hive.metastore.api.NoSuchObjectException") || + exStackString.contains("org.apache.hadoop.hive.metastore.api.InvalidObjectException")) { + assertFalse("No Authz exception thrown in embedded mode", isRemoteMetastoreMode); + } else { + caughtEx = true; + assertTrue(e.getMessage().contains(MetaStoreAuthzAPIAuthorizerEmbedOnly.errMsg)); + } + } catch (TException e) { + String exStackString = ExceptionUtils.getStackTrace(e); + assertTrue("Verifying this exception came after authorization check", + exStackString.contains("org.apache.hadoop.hive.metastore.ObjectStore")); } if (!isRemoteMetastoreMode) { assertFalse("No exception should be thrown in embedded mode", caughtEx); diff --git standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index 1c422ca281..62e2921272 100644 --- standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -5797,8 +5797,11 @@ public boolean grant_role(final String roleName, ret = ms.grantRole(role, principalName, principalType, grantor, grantorType, grantOption); } catch (MetaException e) { throw e; + } catch (InvalidObjectException | NoSuchObjectException e) { + ret = false; + MetaStoreUtils.logAndThrowMetaException(e); } catch (Exception e) { - throw new RuntimeException(e); + throw new TException(e); } return ret; } @@ -5846,8 +5849,11 @@ public boolean create_role(final Role role) throws TException { ret = getMS().addRole(role.getRoleName(), role.getOwnerName()); } catch (MetaException e) { throw e; + } catch (InvalidObjectException | NoSuchObjectException e) { + ret = false; + MetaStoreUtils.logAndThrowMetaException(e); } catch (Exception e) { - throw new RuntimeException(e); + throw new TException(e); } return ret; } @@ -5864,8 +5870,11 @@ public boolean drop_role(final String roleName) throws TException { ret = getMS().removeRole(roleName); } catch (MetaException e) { throw e; + } catch (NoSuchObjectException e) { + ret = false; + MetaStoreUtils.logAndThrowMetaException(e); } catch (Exception e) { - throw new RuntimeException(e); + throw new TException(e); } return ret; } @@ -5894,8 +5903,11 @@ public boolean grant_privileges(final PrivilegeBag privileges) throws TException ret = getMS().grantPrivileges(privileges); } catch (MetaException e) { throw e; + } catch (InvalidObjectException | NoSuchObjectException e) { + ret = false; + MetaStoreUtils.logAndThrowMetaException(e); } catch (Exception e) { - throw new RuntimeException(e); + throw new TException(e); } return ret; } @@ -5920,8 +5932,11 @@ private boolean revoke_role(final String roleName, final String userName, ret = ms.revokeRole(mRole, userName, principalType, grantOption); } catch (MetaException e) { throw e; + } catch (NoSuchObjectException e) { + ret = false; + MetaStoreUtils.logAndThrowMetaException(e); } catch (Exception e) { - throw new RuntimeException(e); + throw new TException(e); } return ret; } @@ -5995,8 +6010,11 @@ public boolean revoke_privileges(final PrivilegeBag privileges, boolean grantOpt ret = getMS().revokePrivileges(privileges, grantOption); } catch (MetaException e) { throw e; + } catch (InvalidObjectException | NoSuchObjectException e) { + ret = false; + MetaStoreUtils.logAndThrowMetaException(e); } catch (Exception e) { - throw new RuntimeException(e); + throw new TException(e); } return ret; }