Re: Review Request 22016: HIVE-7119 Extended ACL's should be inherited if warehouse perm inheritance enabled

Sat, 31 May 2014 18:08:18 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22016/
-----------------------------------------------------------

(Updated June 1, 2014, 1:07 a.m.)


Review request for hive.


Changes
-------

Rebase the patch.


Bugs: HIVE-7119
    https://issues.apache.org/jira/browse/HIVE-7119


Repository: hive-git


Description
-------

This completes the permission inheritance story, by also inheriting the new 
concept of extended ACL's in HDFS from parent.

This is a bit tricky because only Hadoop 2.4 has extended ACL's.  My strategy 
is to use the HadoopShims, and only in Hadoop23Shims to have code dealing with 
extended ACL's, and then only if the flag "dfs.namenode.acls.enabled" is true.

It was also tricky as the main Hive code cannot refer to the HDFS ACL classes 
(aclStatus and aclEntry).  So made some wrapper API in the shims called 
'hdfsFileStatus' that encompasses both normal file status , and Aclstatus if 
acl's are enabled.


Diffs (updated)
-----

  common/src/java/org/apache/hadoop/hive/common/FileUtils.java ee61350 
  
itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/FolderPermissionBase.java
 PRE-CREATION 
  
itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestExtendedAcls.java
 PRE-CREATION 
  
itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestFolderPermissions.java
 4f566d2 
  ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java 3417474 
  shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
5c19ee5 
  shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
4a0e72d 
  shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java 
d6336e2 
  
shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java
 39dbc3b 
  shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java 
b8fdd85 

Diff: https://reviews.apache.org/r/22016/diff/


Testing
-------

For testing, refactored TestFolderPermission into a base + two tests 
(TestFolderPermission to test traditional permission without acl's, and 
TestExtendedAcl's to test acls).


Thanks,

Szehon Ho

Reply via email to