Clone
Roberta Marton <roberta.marton@hp.com>
committed
on 06 Mar 15
Enable authorization by default for regress, plus
Patch 1:

Added TEST138 to catman1 - skipped files
Fixed wording in the traf_authenticatio… Show more
Enable authorization by default for regress, plus

Patch 1:

Added TEST138 to catman1 - skipped files

Fixed wording in the traf_authentication_setup script from reviewer comments.

Original delivery:

change 1 - Enable authorization during development regression tests

change 2 – Added support for create schema IF NOT EXISTS and drop schema IF EXISTS

change 3 - Changed traf_authentication_setup script to support a new installation option

change 1 - Enable authorization during development regression tests

Authorization will be enabled during regressions runs

Since regressions run mostly as DB__ROOT, there should be few visible differences.

Developers may see GRANT statements displayed as part of SHOWDDL requests.

This can be controlled by a new CQD:SHOWDDL_DISPLAY_PRIVILEGE_GRANTS

 SHOWDDL_DISPLAY_PRIVILEGE_GRANTS

    ON - display GRANTS if authorization is enabled

    OFF - do not display GRANTS

    SYSTEM

      if running with SQLMX_REGRESS set, do not display grants

      otherwise, display grants

  regress/tools/init_sb_regr_sql -- execute initialize authorization

  regress/tools/runregr_catman1.ksh -- turn on TEST138

  regress/catman1 -- various test and expected files to set the new SHOWDDL CQD

"Initialize authorization, drop;" can be performed to disable authorization

files:

  sql/regress/catman1/EXPECTED135

  sql/regress/catman1/EXPECTED137

  sql/regress/catman1/EXPECTED138

  sql/regress/catman1/TEST133

  sql/regress/catman1/TEST135

  sql/regress/catman1/TEST136

  sql/regress/catman1/TEST137

  sql/regress/catman1/TEST138

  sql/regress/catman1/TEST139

  sql/regress/tools/init_sb_regr.sql

  sql/regress/tools/runregr_catman1.ksh

  sql/sqlcomp/CmpDescribe.cpp

  sql/sqlcomp/CmpSeabaseDDLauth.cpp

  sql/sqlcomp/DefaultConstants.h

  sql/sqlcomp/nadefaults.cpp

change 2: Added support for create schema IF NOT EXISTS and drop schema IF EXISTS

Added support for new schema syntax.  Change update stats for HIVE tables to use this syntax

files:

  sql/parser/StmtDDLCreate.cpp

  sql/parser/StmtDDLCreateSchema.h

  sql/parser/StmtDDLDrop.cpp

  sql/parser/StmtDDLDropSchema.h

  sql/parser/sqlparser.y

  sql/sqlcomp/CmpSeabaseDDL.h

  sql/sqlcomp/CmpSeabaseDDLcommon.cpp

  sql/sqlcomp/CmpSeabaseDDLschema.cpp

  sql/ustat/hs_globals.cpp

change 3:  Changed traf_authentication_setup script

This file was changed to support a new option "--setup" that only enables authentication

This will be used by the installation script when the customer chooses not to

initialize trafodion.

 sqf/sql/scripts/traf_authentication_setup

traf_authentication_setup --help

This script enables or disables security features for Trafodion

Usage: traf_authentication_setup [options]

Options:

   --file <loc>  Optional location of the OpenLDAP configuration file

   --help        Prints this message

   --off         Disables authentication and authorization

   --on          Enables authentication and authorization

   --setup       Enables authentication

   --status      Returns status of authentication enablement

Change-Id: Ia9a66364a6d74955a0833088874e0aaca044eae3

Show less

default + 9 more