You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by co...@apache.org on 2016/09/15 11:58:44 UTC
incubator-ranger git commit: Adding some HIVE data masking tests

Repository: incubator-ranger
Updated Branches:
  refs/heads/master ed3f214b2 -> bb420d5c2


Adding some HIVE data masking tests


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/bb420d5c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/bb420d5c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/bb420d5c

Branch: refs/heads/master
Commit: bb420d5c2493e4aa159f3be7b2cbc213bc3c30b3
Parents: ed3f214
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Sep 15 12:58:29 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Sep 15 12:58:29 2016 +0100

----------------------------------------------------------------------
 .../services/hive/HIVERangerAuthorizerTest.java | 20 ++++++
 .../src/test/resources/hive-policies.json       | 65 ++++++++++++++++++--
 2 files changed, 81 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb420d5c/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
index 6de1f43..1caf1cb 100644
--- a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
+++ b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
@@ -47,6 +47,7 @@ import org.junit.Test;
  * b) A group called "IT" can do a select only on the "count" column in "words"
  * c) "bob" can create any database
  * d) "dave" can do a select on the table "words" but only if the "count" column is >= 80
+ * e) "jane" can do a select on the table "words", but only get a "hash" of the word, and not the word itself. 
  * 
  */
 public class HIVERangerAuthorizerTest {
@@ -560,4 +561,23 @@ public class HIVERangerAuthorizerTest {
         connection.close();
     }
     
+    @Test
+    public void testHiveDataMasking() throws Exception {
+        
+        String url = "jdbc:hive2://localhost:" + port + "/rangerauthz";
+        Connection connection = DriverManager.getConnection(url, "jane", "jane");
+        Statement statement = connection.createStatement();
+
+        // "jane" can only set a hash of the word, and not the word itself
+        ResultSet resultSet = statement.executeQuery("SELECT * FROM words where count == '100'");
+        if (resultSet.next()) {
+        	Assert.assertEquals("127469a6b4253ebb77adccc0dd48461e", resultSet.getString(1));
+        	Assert.assertEquals(100, resultSet.getInt(2));
+        } else {
+        	Assert.fail("No ResultSet found");
+        }
+        
+        statement.close();
+        connection.close();
+    }
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb420d5c/hive-agent/src/test/resources/hive-policies.json
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/resources/hive-policies.json b/hive-agent/src/test/resources/hive-policies.json
index e307b06..924c746 100644
--- a/hive-agent/src/test/resources/hive-policies.json
+++ b/hive-agent/src/test/resources/hive-policies.json
@@ -1,8 +1,8 @@
 {
   "serviceName": "HIVETest",
   "serviceId": 2,
-  "policyVersion": 9,
-  "policyUpdateTime": "20160914-14:51:46.000-+0100",
+  "policyVersion": 11,
+  "policyUpdateTime": "20160915-12:47:25.000-+0100",
   "policies": [
     {
       "service": "HIVETest",
@@ -228,7 +228,8 @@
             }
           ],
           "users": [
-            "dave"
+            "dave",
+            "jane"
           ],
           "groups": [],
           "conditions": [],
@@ -242,7 +243,7 @@
       "rowFilterPolicyItems": [],
       "id": 10,
       "isEnabled": true,
-      "version": 2
+      "version": 3
     },
     {
       "service": "HIVETest",
@@ -400,6 +401,62 @@
       "id": 13,
       "isEnabled": true,
       "version": 1
+    },
+    {
+      "service": "HIVETest",
+      "name": "JaneWordMask",
+      "policyType": 1,
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "rangerauthz"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "column": {
+          "values": [
+            "word"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "table": {
+          "values": [
+            "words"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [
+        {
+          "dataMaskInfo": {
+            "dataMaskType": "MASK_HASH"
+          },
+          "accesses": [
+            {
+              "type": "select",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "jane"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": false
+        }
+      ],
+      "rowFilterPolicyItems": [],
+      "id": 14,
+      "isEnabled": true,
+      "version": 1
     }
   ],
   "serviceDef": {