You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by co...@apache.org on 2016/09/15 11:58:44 UTC
incubator-ranger git commit: Adding some HIVE data masking tests
Repository: incubator-ranger
Updated Branches:
refs/heads/master ed3f214b2 -> bb420d5c2
Adding some HIVE data masking tests
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/bb420d5c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/bb420d5c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/bb420d5c
Branch: refs/heads/master
Commit: bb420d5c2493e4aa159f3be7b2cbc213bc3c30b3
Parents: ed3f214
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Sep 15 12:58:29 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Sep 15 12:58:29 2016 +0100
----------------------------------------------------------------------
.../services/hive/HIVERangerAuthorizerTest.java | 20 ++++++
.../src/test/resources/hive-policies.json | 65 ++++++++++++++++++--
2 files changed, 81 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb420d5c/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
index 6de1f43..1caf1cb 100644
--- a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
+++ b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
@@ -47,6 +47,7 @@ import org.junit.Test;
* b) A group called "IT" can do a select only on the "count" column in "words"
* c) "bob" can create any database
* d) "dave" can do a select on the table "words" but only if the "count" column is >= 80
+ * e) "jane" can do a select on the table "words", but only get a "hash" of the word, and not the word itself.
*
*/
public class HIVERangerAuthorizerTest {
@@ -560,4 +561,23 @@ public class HIVERangerAuthorizerTest {
connection.close();
}
+ @Test
+ public void testHiveDataMasking() throws Exception {
+
+ String url = "jdbc:hive2://localhost:" + port + "/rangerauthz";
+ Connection connection = DriverManager.getConnection(url, "jane", "jane");
+ Statement statement = connection.createStatement();
+
+ // "jane" can only set a hash of the word, and not the word itself
+ ResultSet resultSet = statement.executeQuery("SELECT * FROM words where count == '100'");
+ if (resultSet.next()) {
+ Assert.assertEquals("127469a6b4253ebb77adccc0dd48461e", resultSet.getString(1));
+ Assert.assertEquals(100, resultSet.getInt(2));
+ } else {
+ Assert.fail("No ResultSet found");
+ }
+
+ statement.close();
+ connection.close();
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb420d5c/hive-agent/src/test/resources/hive-policies.json
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/resources/hive-policies.json b/hive-agent/src/test/resources/hive-policies.json
index e307b06..924c746 100644
--- a/hive-agent/src/test/resources/hive-policies.json
+++ b/hive-agent/src/test/resources/hive-policies.json
@@ -1,8 +1,8 @@
{
"serviceName": "HIVETest",
"serviceId": 2,
- "policyVersion": 9,
- "policyUpdateTime": "20160914-14:51:46.000-+0100",
+ "policyVersion": 11,
+ "policyUpdateTime": "20160915-12:47:25.000-+0100",
"policies": [
{
"service": "HIVETest",
@@ -228,7 +228,8 @@
}
],
"users": [
- "dave"
+ "dave",
+ "jane"
],
"groups": [],
"conditions": [],
@@ -242,7 +243,7 @@
"rowFilterPolicyItems": [],
"id": 10,
"isEnabled": true,
- "version": 2
+ "version": 3
},
{
"service": "HIVETest",
@@ -400,6 +401,62 @@
"id": 13,
"isEnabled": true,
"version": 1
+ },
+ {
+ "service": "HIVETest",
+ "name": "JaneWordMask",
+ "policyType": 1,
+ "isAuditEnabled": true,
+ "resources": {
+ "database": {
+ "values": [
+ "rangerauthz"
+ ],
+ "isExcludes": false,
+ "isRecursive": false
+ },
+ "column": {
+ "values": [
+ "word"
+ ],
+ "isExcludes": false,
+ "isRecursive": false
+ },
+ "table": {
+ "values": [
+ "words"
+ ],
+ "isExcludes": false,
+ "isRecursive": false
+ }
+ },
+ "policyItems": [],
+ "denyPolicyItems": [],
+ "allowExceptions": [],
+ "denyExceptions": [],
+ "dataMaskPolicyItems": [
+ {
+ "dataMaskInfo": {
+ "dataMaskType": "MASK_HASH"
+ },
+ "accesses": [
+ {
+ "type": "select",
+ "isAllowed": true
+ }
+ ],
+ "users": [
+ "jane"
+ ],
+ "groups": [],
+ "conditions": [],
+ "delegateAdmin": false
+ }
+ ],
+ "rowFilterPolicyItems": [],
+ "id": 14,
+ "isEnabled": true,
+ "version": 1
}
],
"serviceDef": {