Review Request 22016: HIVE-7119 Extended ACL's should be inherited if warehouse perm inheritance enabled

Thu, 29 May 2014 01:15:07 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22016/
-----------------------------------------------------------

Review request for hive.


Bugs: HIVE-7119
    https://issues.apache.org/jira/browse/HIVE-7119


Repository: hive-git


Description
-------

This completes the permission inheritance story, by also inheriting the new 
concept of extended ACL's in HDFS from parent.

This is a bit tricky because only Hadoop 2.4 has extended ACL's.  My strategy 
is to use the HadoopShims, and only in Hadoop23Shims to have code dealing with 
extended ACL's, and then only if the flag "dfs.namenode.acls.enabled" is true.

It was also tricky as the main Hive code cannot refer to the HDFS ACL classes 
(aclStatus and aclEntry).  So made some wrapper API in the shims called 
'hdfsFileStatus' that encompasses both normal file status , and Aclstatus if 
acl's are enabled.


Diffs
-----

  common/src/java/org/apache/hadoop/hive/common/FileUtils.java ee61350 
  
itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/FolderPermissionBase.java
 PRE-CREATION 
  
itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestExtendedAcls.java
 PRE-CREATION 
  
itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestFolderPermissions.java
 4f566d2 
  ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java 3417474 
  ql/src/java/org/apache/hadoop/hive/ql/processors/DeleteResourceProcessor.java 
83fadeb 
  shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
7aae689 
  shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
e6493eb 
  shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java 
176f9ae 
  
shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java
 c27df64 
  shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java 
02260ce 

Diff: https://reviews.apache.org/r/22016/diff/


Testing
-------

For testing, refactored TestFolderPermission into a base + two tests 
(TestFolderPermission to test traditional permission without acl's, and 
TestExtendedAcl's to test acls).


Thanks,

Szehon Ho

Reply via email to