You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sp...@apache.org on 2018/06/27 16:47:29 UTC
[02/17] sentry git commit: SENTRY-2282: Remove hive-authzv2 binding
and tests modules completely (Sergio Pena, reviewed by Na Li)
http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java
deleted file mode 100644
index f1e6d75..0000000
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java
+++ /dev/null
@@ -1,218 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e.metastore;
-
-import java.io.IOException;
-import java.security.PrivilegedExceptionAction;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.hadoop.hive.cli.CliSessionState;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
-import org.apache.hadoop.hive.metastore.api.Database;
-import org.apache.hadoop.hive.metastore.api.FieldSchema;
-import org.apache.hadoop.hive.metastore.api.Order;
-import org.apache.hadoop.hive.metastore.api.Partition;
-import org.apache.hadoop.hive.metastore.api.SerDeInfo;
-import org.apache.hadoop.hive.metastore.api.StorageDescriptor;
-import org.apache.hadoop.hive.metastore.api.Table;
-import org.apache.hadoop.hive.ql.Driver;
-import org.apache.hadoop.hive.ql.processors.CommandProcessorResponse;
-import org.apache.hadoop.hive.ql.session.SessionState;
-import org.apache.hadoop.hive.serde.serdeConstants;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.pig.PigServer;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration;
-import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory.HiveServer2Type;
-import org.junit.BeforeClass;
-
-public abstract class AbstractMetastoreTestWithStaticConfiguration extends
- AbstractTestWithStaticConfiguration {
-
- @BeforeClass
- public static void setupTestStaticConfiguration() throws Exception {
- useSentryService = true;
- clearDbPerTest = false;
- testServerType = HiveServer2Type.InternalMetastore.name();
- AbstractTestWithStaticConfiguration.setupTestStaticConfiguration();
- }
-
- protected static void writePolicyFile(PolicyFile policyFile) throws Exception {
- policyFile.write(context.getPolicyFile());
- }
-
- public static PolicyFile setAdminOnServer1(String adminGroup)
- throws Exception {
- return SentryPolicyProviderForDb.setAdminOnServer1(adminGroup,
- getSentryClient());
- }
- /**
- * create a metastore table using the given attributes
- * @param client
- * @param dbName
- * @param tabName
- * @param cols
- * @return
- * @throws Exception
- */
- public Table createMetastoreTable(HiveMetaStoreClient client, String dbName,
- String tabName, List<FieldSchema> cols) throws Exception {
-
- Table tbl = makeMetastoreTableObject(client, dbName, tabName, cols);
- client.createTable(tbl);
- return tbl;
- }
-
- public Table createMetastoreTableWithLocation(HiveMetaStoreClient client,
- String dbName, String tabName, List<FieldSchema> cols, String location)
- throws Exception {
- Table tbl = makeMetastoreTableObject(client, dbName, tabName, cols);
- tbl.getSd().setLocation(location);
- client.createTable(tbl);
- return tbl;
-
- }
-
- public Table createMetastoreTableWithPartition(HiveMetaStoreClient client,
- String dbName, String tabName, List<FieldSchema> cols,
- List<FieldSchema> partionVals) throws Exception {
- Table tbl = makeMetastoreTableObject(client, dbName, tabName, cols);
- tbl.setPartitionKeys(partionVals);
- client.createTable(tbl);
- return client.getTable(dbName, tabName);
- }
-
- public void addPartition(HiveMetaStoreClient client, String dbName,
- String tblName, List<String> ptnVals, Table tbl) throws Exception {
- Partition part = makeMetastorePartitionObject(dbName, tblName, ptnVals, tbl);
- client.add_partition(part);
- }
-
- public void addPartitionWithLocation(HiveMetaStoreClient client,
- String dbName, String tblName, List<String> ptnVals, Table tbl,
- String location) throws Exception {
- Partition part = makeMetastorePartitionObject(dbName, tblName, ptnVals,
- tbl, location);
- client.add_partition(part);
- }
-
- public Table makeMetastoreTableObject(HiveMetaStoreClient client,
- String dbName, String tabName, List<FieldSchema> cols) throws Exception {
- Table tbl = new Table();
- tbl.setDbName(dbName);
- tbl.setTableName(tabName);
- StorageDescriptor sd = new StorageDescriptor();
- tbl.setSd(sd);
- tbl.setParameters(new HashMap<String, String>());
- sd.setCols(cols);
- sd.setCompressed(false);
- sd.setParameters(new HashMap<String, String>());
- sd.setSerdeInfo(new SerDeInfo());
- sd.getSerdeInfo().setName(tbl.getTableName());
- sd.getSerdeInfo().setParameters(new HashMap<String, String>());
- sd.getSerdeInfo().getParameters()
- .put(serdeConstants.SERIALIZATION_FORMAT, "1");
- sd.setSortCols(new ArrayList<Order>());
- return tbl;
- }
-
- public Partition makeMetastorePartitionObject(String dbName, String tblName,
- List<String> ptnVals, Table tbl, String partitionLocation) {
- Partition part = makeMetastoreBasePartitionObject(dbName, tblName, ptnVals,
- tbl);
- part.getSd().setLocation(partitionLocation);
- return part;
- }
-
- public Partition makeMetastorePartitionObject(String dbName, String tblName,
- List<String> ptnVals, Table tbl) {
- Partition part = makeMetastoreBasePartitionObject(dbName, tblName, ptnVals,
- tbl);
- return part;
- }
-
- private Partition makeMetastoreBasePartitionObject(String dbName,
- String tblName, List<String> ptnVals, Table tbl) {
- Partition part4 = new Partition();
- part4.setDbName(dbName);
- part4.setTableName(tblName);
- part4.setValues(ptnVals);
- part4.setParameters(new HashMap<String, String>());
- part4.setSd(tbl.getSd().deepCopy());
- part4.getSd().setSerdeInfo(tbl.getSd().getSerdeInfo().deepCopy());
- part4.setParameters(new HashMap<String, String>());
- return part4;
- }
-
- public void createMetastoreDB(HiveMetaStoreClient client, String dbName)
- throws Exception {
- Database db = new Database();
- db.setName(dbName);
- client.createDatabase(db);
- }
-
- public void execHiveSQLwithOverlay(final String sqlStmt,
- final String userName, Map<String, String> overLay) throws Exception {
- final HiveConf hiveConf = new HiveConf();
- for (Map.Entry<String, String> entry : overLay.entrySet()) {
- hiveConf.set(entry.getKey(), entry.getValue());
- }
- UserGroupInformation clientUgi = UserGroupInformation
- .createRemoteUser(userName);
- clientUgi.doAs(new PrivilegedExceptionAction<Object>() {
- @Override
- public Void run() throws Exception {
- Driver driver = new Driver(hiveConf, userName);
- SessionState.start(new CliSessionState(hiveConf));
- CommandProcessorResponse cpr = driver.run(sqlStmt);
- if (cpr.getResponseCode() != 0) {
- throw new IOException("Failed to execute \"" + sqlStmt
- + "\". Driver returned " + cpr.getResponseCode() + " Error: "
- + cpr.getErrorMessage());
- }
- driver.close();
- SessionState.get().close();
- return null;
- }
- });
- }
-
-
- public void execHiveSQL(String sqlStmt, String userName) throws Exception {
- execHiveSQLwithOverlay(sqlStmt, userName, new HashMap<String, String>());
- }
-
- public void execPigLatin(String userName, final PigServer pigServer,
- final String pigLatin) throws Exception {
- UserGroupInformation clientUgi = UserGroupInformation
- .createRemoteUser(userName);
- clientUgi.doAs(
- new PrivilegedExceptionAction<Object>() {
- @Override
- public Void run() throws Exception {
- pigServer.registerQuery(pigLatin);
- return null;
- }
- });
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java
deleted file mode 100644
index 0d1af81..0000000
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e.metastore;
-
-import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.core.common.utils.SentryConstants.PRIVILEGE_PREFIX;
-import static org.apache.sentry.core.common.utils.SentryConstants.ROLE_SPLITTER;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Collection;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.core.model.db.DBModelAction;
-import org.apache.sentry.core.model.db.DBModelAuthorizable;
-import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
-import org.apache.sentry.core.model.db.DBModelAuthorizables;
-import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.api.service.thrift.TSentryRole;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.tests.e2e.hive.StaticUserGroup;
-import org.apache.tools.ant.util.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Sets;
-
-public class SentryPolicyProviderForDb extends PolicyFile {
- private static final Logger LOG = LoggerFactory.getLogger(SentryPolicyProviderForDb.class);
- protected static final Set<String> ADMIN_GROUP_SET = Sets
- .newHashSet(StaticUserGroup.ADMINGROUP);
- private SentryPolicyServiceClient sentryClient;
-
- protected SentryPolicyServiceClient getSentryClient() {
- return sentryClient;
- }
-
- public SentryPolicyProviderForDb(SentryPolicyServiceClient sentryClient) {
- this.sentryClient = sentryClient;
- }
-
- public static SentryPolicyProviderForDb setAdminOnServer1(String admin,
- SentryPolicyServiceClient sentryClient)
- throws Exception {
- SentryPolicyProviderForDb policyFile = new SentryPolicyProviderForDb(
- sentryClient);
- policyFile.addRolesToGroup(admin, "admin_role").addPermissionsToRole(
- "admin_role", "server=server1");
- return policyFile;
- }
-
- public void write(File file) throws Exception {
- super.write(file);
- if (!usingSentryService()) {
- return;
- }
-
- // remove existing metadata
- for (TSentryRole tRole : sentryClient.listAllRoles(StaticUserGroup.ADMIN1)) {
- sentryClient.dropRole(StaticUserGroup.ADMIN1, tRole.getRoleName());
- }
-
- // create roles and add privileges
- for (Entry<String, Collection<String>> roleEntry : getRolesToPermissions()
- .asMap().entrySet()) {
- sentryClient.createRole(StaticUserGroup.ADMIN1, roleEntry.getKey());
- for (String privilege : roleEntry.getValue()) {
- addPrivilege(roleEntry.getKey(), privilege);
- }
- }
-
- // grant roles to groups
- for (Entry<String, Collection<String>> groupEntry : getGroupsToRoles().asMap()
- .entrySet()) {
- for (String roleNames : groupEntry.getValue()) {
- for (String roleName : roleNames.split(",")) {
- try {
- sentryClient
- .grantRoleToGroup(StaticUserGroup.ADMIN1, groupEntry.getKey(), roleName);
- } catch (SentryUserException e) {
- LOG.warn("Error granting role " + roleName + " to group "
- + groupEntry.getKey());
- }
- }
- }
- }
- }
-
- private void addPrivilege(String roleName, String privileges)
- throws Exception {
- String serverName = null, dbName = null, tableName = null, columnName = null, uriPath = null;
- String action = AccessConstants.ALL;
- for (String privilege : ROLE_SPLITTER.split(privileges)) {
- for (String section : AUTHORIZABLE_SPLITTER.split(privilege)) {
- // action is not an authorizeable
- if (!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
- DBModelAuthorizable dbAuthorizable = DBModelAuthorizables
- .from(section);
- if (dbAuthorizable == null) {
- throw new IOException("Unknow Auth type " + section);
- }
-
- if (AuthorizableType.Server.equals(dbAuthorizable.getAuthzType())) {
- serverName = dbAuthorizable.getName();
- } else if (AuthorizableType.Db.equals(dbAuthorizable.getAuthzType())) {
- dbName = dbAuthorizable.getName();
- } else if (AuthorizableType.Table.equals(dbAuthorizable
- .getAuthzType())) {
- tableName = dbAuthorizable.getName();
- } else if (AuthorizableType.URI.equals(dbAuthorizable.getAuthzType())) {
- uriPath = dbAuthorizable.getName();
- } else if (AuthorizableType.Column.equals(dbAuthorizable.getAuthzType())) {
- columnName = dbAuthorizable.getName();
- } else {
- throw new IOException("Unsupported auth type "
- + dbAuthorizable.getName() + " : "
- + dbAuthorizable.getTypeName());
- }
- } else {
- action = DBModelAction
- .valueOf(
- StringUtils.removePrefix(section, PRIVILEGE_PREFIX)
- .toUpperCase()).toString();
- }
- }
-
- if (columnName != null) {
- sentryClient.grantColumnPrivilege(StaticUserGroup.ADMIN1, roleName, serverName, dbName,
- tableName, columnName, action);
- } else if (tableName != null) {
- sentryClient.grantTablePrivilege(StaticUserGroup.ADMIN1, roleName, serverName, dbName,
- tableName, action);
- } else if (dbName != null) {
- sentryClient.grantDatabasePrivilege(StaticUserGroup.ADMIN1, roleName, serverName,
- dbName, action);
- } else if (uriPath != null) {
- sentryClient.grantURIPrivilege(StaticUserGroup.ADMIN1, roleName, serverName, uriPath);
- } else if (serverName != null) {
- sentryClient.grantServerPrivilege(StaticUserGroup.ADMIN1, roleName, serverName, action);
- }
- }
-
- }
-
- private boolean usingSentryService() {
- return sentryClient != null;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java
deleted file mode 100644
index 815c38e..0000000
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java
+++ /dev/null
@@ -1,1106 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e.metastore;
-
-import static org.hamcrest.Matchers.equalTo;
-import static org.hamcrest.core.IsNull.notNullValue;
-import static org.junit.Assert.assertThat;
-import static org.junit.Assert.fail;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-
-import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
-import org.apache.hadoop.hive.metastore.api.FieldSchema;
-import org.apache.hadoop.hive.metastore.api.MetaException;
-import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
-import org.apache.hadoop.hive.metastore.api.Table;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.tests.e2e.hive.StaticUserGroup;
-import org.apache.thrift.TException;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.Lists;
-
-public class TestAuthorizingObjectStore extends
- AbstractMetastoreTestWithStaticConfiguration {
- private PolicyFile policyFile;
- private static final String dbName1 = "db_1";
- private static final String dbName2 = "db_2";
- private static final String tabName1 = "tab1";
- private static final String tabName2 = "tab2";
- private static final String tabName3 = "tab3";
- private static final String tabName4 = "tab4";
- private static final String all_role = "all_role";
- private static final String db1_t1_role = "db1_t1_role";
- private static final String partitionVal = "part1";
- private static final String colName1 = "col1";
- // this user is configured for sentry.metastore.service.users,
- // for this test, the value is set when creating the HiveServer.
- private static final String userWithoutAccess = "accessAllMetaUser";
-
- @BeforeClass
- public static void setupTestStaticConfiguration () throws Exception {
- AbstractMetastoreTestWithStaticConfiguration.setupTestStaticConfiguration();
- }
-
- @Override
- @Before
- public void setup() throws Exception {
- policyFile = setAdminOnServer1(ADMINGROUP);
- // add user ACCESSAllMETAUSER for the test case testPrivilegesForUserNameCaseSensitive
- policyFile.addGroupsToUser(userWithoutAccess.toUpperCase(), "tempGroup").setUserGroupMapping(
- StaticUserGroup.getStaticMapping());
- writePolicyFile(policyFile);
- super.setup();
-
- HiveMetaStoreClient client = null;
- for (int i=0; i < 10; i++) {
- try {
- client = context.getMetaStoreClient(ADMIN1);
- break;
- } catch (Throwable e) {
- // ignore
- }
- Thread.sleep(6000);
- }
- client.dropDatabase(dbName1, true, true, true);
- client.dropDatabase(dbName2, true, true, true);
- createMetastoreDB(client, dbName1);
- createMetastoreDB(client, dbName2);
-
- Table tbl1 = createMetastoreTableWithPartition(client, dbName1, tabName1,
- Lists.newArrayList(new FieldSchema("col1", "int", "")),
- Lists.newArrayList(new FieldSchema("part_col1", "string", "")));
- addPartition(client, dbName1, tabName1, Lists.newArrayList(partitionVal), tbl1);
-
- Table tbl2 = createMetastoreTableWithPartition(client, dbName1, tabName2,
- Lists.newArrayList(new FieldSchema("col1", "int", "")),
- Lists.newArrayList(new FieldSchema("part_col1", "string", "")));
- addPartition(client, dbName1, tabName2, Lists.newArrayList(partitionVal), tbl2);
-
- Table tbl3 = createMetastoreTableWithPartition(client, dbName2, tabName3,
- Lists.newArrayList(new FieldSchema("col1", "int", "")),
- Lists.newArrayList(new FieldSchema("part_col1", "string", "")));
- addPartition(client, dbName2, tabName3, Lists.newArrayList(partitionVal), tbl3);
-
- Table tbl4 = createMetastoreTableWithPartition(client, dbName2, tabName4,
- Lists.newArrayList(new FieldSchema("col1", "int", "")),
- Lists.newArrayList(new FieldSchema("part_col1", "string", "")));
- addPartition(client, dbName2, tabName4, Lists.newArrayList(partitionVal), tbl4);
-
- client.close();
-
- policyFile
- .addRolesToGroup(USERGROUP1, all_role)
- .addRolesToGroup(USERGROUP2, db1_t1_role)
- .addPermissionsToRole(all_role, "server=server1->db=" + dbName1)
- .addPermissionsToRole(all_role, "server=server1->db=" + dbName2)
- .addPermissionsToRole(all_role,
- "server=server1->db=" + dbName1 + "->table=" + tabName1 + "->action=SELECT")
- .addPermissionsToRole(all_role,
- "server=server1->db=" + dbName1 + "->table=" + tabName2 + "->action=SELECT")
- .addPermissionsToRole(all_role,
- "server=server1->db=" + dbName2 + "->table=" + tabName3 + "->action=SELECT")
- .addPermissionsToRole(all_role,
- "server=server1->db=" + dbName2 + "->table=" + tabName4 + "->action=SELECT")
- .addPermissionsToRole(db1_t1_role,
- "server=server1->db=" + dbName1 + "->table=" + tabName1 + "->action=SELECT")
- .setUserGroupMapping(StaticUserGroup.getStaticMapping());
- writePolicyFile(policyFile);
- }
-
- /**
- * The configuration "sentry.metastore.service.users" is for user who has all
- * access to metadata, and the value should be case-sensitive.
- *
- * @throws Exception
- */
- @Test
- public void testPrivilegesForUserNameCaseSensitive() throws Exception {
- // The value of "sentry.metastore.service.users" is "accessAllMetaUser", and
- // the value is case-sensitive.
- // The input name is "ACCESSALLMEATAUSER", and the client should has no
- // access to metadata.
- HiveMetaStoreClient client = context.getMetaStoreClient(userWithoutAccess.toUpperCase());
- try {
- client.getDatabase(dbName1);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- }
-
- /**
- * User accessAllMetaUser is configured as the value of
- * "sentry.metastore.service.users" and has all access to databases and
- * tables.
- *
- * @throws Exception
- */
- @Test
- public void testPrivilegesForUserWithoutAccess() throws Exception {
- HiveMetaStoreClient client = context.getMetaStoreClient(userWithoutAccess);
- assertThat(client.getDatabase(dbName1), notNullValue());
- assertThat(client.getDatabase(dbName2), notNullValue());
- // including the "default" db
- assertThat(client.getAllDatabases().size(), equalTo(3));
- // including the "default" db
- assertThat(client.getDatabases("*").size(), equalTo(3));
- assertThat(client.getTable(dbName1, tabName1), notNullValue());
- assertThat(client.getTable(dbName1, tabName2), notNullValue());
- assertThat(client.getTable(dbName2, tabName3), notNullValue());
- assertThat(client.getTable(dbName2, tabName4), notNullValue());
- assertThat(client.listPartitions(dbName1, tabName1, (short) 1).size(), equalTo(1));
- assertThat(client.listPartitions(dbName1, tabName2, (short) 1).size(), equalTo(1));
- assertThat(client.listPartitions(dbName2, tabName3, (short) 1).size(), equalTo(1));
- assertThat(client.listPartitions(dbName2, tabName4, (short) 1).size(), equalTo(1));
-
- assertThat(
- client.listPartitions(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
- assertThat(
- client.listPartitions(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
- assertThat(
- client.listPartitions(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
- assertThat(
- client.listPartitions(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
-
- assertThat(
- client.getPartition(dbName1, tabName1, new ArrayList<String>(Arrays.asList(partitionVal))),
- notNullValue());
- assertThat(
- client.getPartition(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal))),
- notNullValue());
- assertThat(
- client.getPartition(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal))),
- notNullValue());
- assertThat(
- client.getPartition(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal))),
- notNullValue());
- assertThat(client.getTables(dbName1, "tab*").size(), equalTo(2));
- assertThat(client.getTables(dbName2, "tab*").size(), equalTo(2));
- assertThat(
- client.getTableObjectsByName(dbName1,
- new ArrayList<String>(Arrays.asList(tabName1, tabName2))).size(), equalTo(2));
- assertThat(
- client.getTableObjectsByName(dbName2,
- new ArrayList<String>(Arrays.asList(tabName3, tabName4))).size(), equalTo(2));
- assertThat(client.getAllTables(dbName1).size(), equalTo(2));
- assertThat(client.getAllTables(dbName2).size(), equalTo(2));
- assertThat(client.listPartitionNames(dbName1, tabName1, (short) 2).size(), equalTo(1));
- assertThat(client.listPartitionNames(dbName1, tabName2, (short) 2).size(), equalTo(1));
- assertThat(client.listPartitionNames(dbName2, tabName3, (short) 2).size(), equalTo(1));
- assertThat(client.listPartitionNames(dbName2, tabName4, (short) 2).size(), equalTo(1));
- assertThat(
- client.listPartitionNames(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
- assertThat(
- client.listPartitionNames(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
- assertThat(
- client.listPartitionNames(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
- assertThat(
- client.listPartitionNames(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
- assertThat(
- client.getPartitionsByNames(dbName1, tabName1, new ArrayList<String>(Arrays.asList("")))
- .size(), equalTo(0));
- assertThat(
- client.getPartitionsByNames(dbName1, tabName2, new ArrayList<String>(Arrays.asList("")))
- .size(), equalTo(0));
- assertThat(
- client.getPartitionsByNames(dbName2, tabName3, new ArrayList<String>(Arrays.asList("")))
- .size(), equalTo(0));
- assertThat(
- client.getPartitionsByNames(dbName2, tabName4, new ArrayList<String>(Arrays.asList("")))
- .size(), equalTo(0));
- try {
- client.getIndex(dbName1, tabName1, "empty");
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is successful.
- }
- try {
- client.getIndex(dbName1, tabName2, "empty");
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is successful.
- }
- try {
- client.getIndex(dbName2, tabName3, "empty");
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is successful.
- }
- try {
- client.getIndex(dbName2, tabName3, "empty");
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is successful.
- }
-
- assertThat(client.listIndexes(dbName1, tabName1, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexes(dbName1, tabName2, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexes(dbName2, tabName3, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexes(dbName2, tabName4, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexNames(dbName1, tabName1, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexNames(dbName1, tabName2, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexNames(dbName2, tabName3, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexNames(dbName2, tabName4, (short) 1).size(), equalTo(0));
- assertThat(client.getPartitionWithAuthInfo(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup"))), notNullValue());
- assertThat(client.getPartitionWithAuthInfo(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup"))), notNullValue());
- assertThat(client.getPartitionWithAuthInfo(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup"))), notNullValue());
- assertThat(client.getPartitionWithAuthInfo(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup"))), notNullValue());
- assertThat(
- client.getTableColumnStatistics(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
- assertThat(
- client.getTableColumnStatistics(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
- assertThat(
- client.getTableColumnStatistics(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
- assertThat(
- client.getTableColumnStatistics(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
- client.close();
- }
-
- /**
- * The group of USER1_1 is USERGROUP1, and has all access to databases and
- * tables.
- *
- * @throws Exception
- */
- @Test
- public void testPrivilegesForFullAccess() throws Exception {
- HiveMetaStoreClient client = context.getMetaStoreClient(USER1_1);
- assertThat(client.getDatabase(dbName1), notNullValue());
- assertThat(client.getDatabase(dbName2), notNullValue());
- // including the "default" db
- assertThat(client.getAllDatabases().size(), equalTo(3));
- // including the "default" db
- assertThat(client.getDatabases("*").size(), equalTo(3));
- assertThat(client.getTable(dbName1, tabName1), notNullValue());
- assertThat(client.getTable(dbName1, tabName2), notNullValue());
- assertThat(client.getTable(dbName2, tabName3), notNullValue());
- assertThat(client.getTable(dbName2, tabName4), notNullValue());
- assertThat(client.listPartitions(dbName1, tabName1, (short) 1).size(), equalTo(1));
- assertThat(client.listPartitions(dbName1, tabName2, (short) 1).size(), equalTo(1));
- assertThat(client.listPartitions(dbName2, tabName3, (short) 1).size(), equalTo(1));
- assertThat(client.listPartitions(dbName2, tabName4, (short) 1).size(), equalTo(1));
-
- assertThat(
- client.listPartitions(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
- assertThat(
- client.listPartitions(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
- assertThat(
- client.listPartitions(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
- assertThat(
- client.listPartitions(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
-
- assertThat(
- client.getPartition(dbName1, tabName1, new ArrayList<String>(Arrays.asList(partitionVal))),
- notNullValue());
- assertThat(
- client.getPartition(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal))),
- notNullValue());
- assertThat(
- client.getPartition(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal))),
- notNullValue());
- assertThat(
- client.getPartition(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal))),
- notNullValue());
- assertThat(client.getTables(dbName1, "tab*").size(), equalTo(2));
- assertThat(client.getTables(dbName2, "tab*").size(), equalTo(2));
- assertThat(
- client.getTableObjectsByName(dbName1,
- new ArrayList<String>(Arrays.asList(tabName1, tabName2))).size(), equalTo(2));
- assertThat(
- client.getTableObjectsByName(dbName2,
- new ArrayList<String>(Arrays.asList(tabName3, tabName4))).size(), equalTo(2));
- assertThat(client.getAllTables(dbName1).size(), equalTo(2));
- assertThat(client.getAllTables(dbName2).size(), equalTo(2));
- assertThat(client.listPartitionNames(dbName1, tabName1, (short) 2).size(), equalTo(1));
- assertThat(client.listPartitionNames(dbName1, tabName2, (short) 2).size(), equalTo(1));
- assertThat(client.listPartitionNames(dbName2, tabName3, (short) 2).size(), equalTo(1));
- assertThat(client.listPartitionNames(dbName2, tabName4, (short) 2).size(), equalTo(1));
- assertThat(
- client.listPartitionNames(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
- assertThat(
- client.listPartitionNames(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
- assertThat(
- client.listPartitionNames(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
- assertThat(
- client.listPartitionNames(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
- assertThat(
- client.getPartitionsByNames(dbName1, tabName1, new ArrayList<String>(Arrays.asList("")))
- .size(), equalTo(0));
- assertThat(
- client.getPartitionsByNames(dbName1, tabName2, new ArrayList<String>(Arrays.asList("")))
- .size(), equalTo(0));
- assertThat(
- client.getPartitionsByNames(dbName2, tabName3, new ArrayList<String>(Arrays.asList("")))
- .size(), equalTo(0));
- assertThat(
- client.getPartitionsByNames(dbName2, tabName4, new ArrayList<String>(Arrays.asList("")))
- .size(), equalTo(0));
- try {
- client.getIndex(dbName1, tabName1, "empty");
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is successful.
- }
- try {
- client.getIndex(dbName1, tabName2, "empty");
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is successful.
- }
- try {
- client.getIndex(dbName2, tabName3, "empty");
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is successful.
- }
- try {
- client.getIndex(dbName2, tabName3, "empty");
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is successful.
- }
-
- assertThat(client.listIndexes(dbName1, tabName1, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexes(dbName1, tabName2, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexes(dbName2, tabName3, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexes(dbName2, tabName4, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexNames(dbName1, tabName1, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexNames(dbName1, tabName2, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexNames(dbName2, tabName3, (short) 1).size(), equalTo(0));
- assertThat(client.listIndexNames(dbName2, tabName4, (short) 1).size(), equalTo(0));
- assertThat(client.getPartitionWithAuthInfo(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup"))), notNullValue());
- assertThat(client.getPartitionWithAuthInfo(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup"))), notNullValue());
- assertThat(client.getPartitionWithAuthInfo(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup"))), notNullValue());
- assertThat(client.getPartitionWithAuthInfo(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup"))), notNullValue());
- assertThat(
- client.getTableColumnStatistics(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
- assertThat(
- client.getTableColumnStatistics(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
- assertThat(
- client.getTableColumnStatistics(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
- assertThat(
- client.getTableColumnStatistics(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
- client.close();
- }
-
- /**
- * The group of USER2_1 is USERGROUP2, and has the access to db1 and t1.
- *
- * @throws Exception
- */
- @Test
- public void testPrivilegesForPartialAccess() throws Exception {
- HiveMetaStoreClient client = context.getMetaStoreClient(USER2_1);
- assertThat(client.getDatabase(dbName1), notNullValue());
- try {
- client.getDatabase(dbName2);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- // including the "default" db
- assertThat(client.getAllDatabases().size(), equalTo(2));
- // including the "default" db
- assertThat(client.getDatabases("*").size(), equalTo(2));
- assertThat(client.getTable(dbName1, tabName1), notNullValue());
- try {
- client.getTable(dbName1, tabName2);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getTable(dbName2, tabName3);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getTable(dbName2, tabName4);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(client.listPartitions(dbName1, tabName1, (short) 1).size(), equalTo(1));
- try {
- client.listPartitions(dbName1, tabName2, (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitions(dbName2, tabName3, (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitions(dbName2, tabName4, (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(
- client.listPartitions(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
- try {
- client.listPartitions(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal)),
- (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitions(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal)),
- (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitions(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal)),
- (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(
- client.getPartition(dbName1, tabName1, new ArrayList<String>(Arrays.asList(partitionVal))),
- notNullValue());
- try {
- client.getPartition(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal)));
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartition(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal)));
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartition(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal)));
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(client.getTables(dbName1, "tab*").size(), equalTo(1));
- assertThat(client.getTables(dbName2, "tab*").size(), equalTo(0));
- assertThat(
- client.getTableObjectsByName(dbName1,
- new ArrayList<String>(Arrays.asList(tabName1, tabName2))).size(), equalTo(1));
- assertThat(
- client.getTableObjectsByName(dbName2,
- new ArrayList<String>(Arrays.asList(tabName3, tabName4))).size(), equalTo(0));
- assertThat(client.getAllTables(dbName1).size(), equalTo(1));
- assertThat(client.getAllTables(dbName2).size(), equalTo(0));
-
- assertThat(client.listPartitionNames(dbName1, tabName1, (short) 2).size(), equalTo(1));
- try {
- client.listPartitionNames(dbName1, tabName2, (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException te) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitionNames(dbName2, tabName3, (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException te) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitionNames(dbName2, tabName4, (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException te) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(
- client.listPartitionNames(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
- try {
- client.listPartitionNames(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitionNames(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitionNames(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(
- client.getPartitionsByNames(dbName1, tabName1, new ArrayList<String>(Arrays.asList("")))
- .size(), equalTo(0));
- try {
- client.getPartitionsByNames(dbName1, tabName2, new ArrayList<String>(Arrays.asList("")));
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartitionsByNames(dbName2, tabName3, new ArrayList<String>(Arrays.asList("")));
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartitionsByNames(dbName2, tabName4, new ArrayList<String>(Arrays.asList("")));
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.getIndex(dbName1, tabName1, "empty");
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is successful.
- }
- try {
- client.getIndex(dbName1, tabName2, "empty");
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getIndex(dbName2, tabName3, "empty");
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getIndex(dbName2, tabName3, "empty");
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(client.listIndexes(dbName1, tabName1, (short) 1).size(), equalTo(0));
- try {
- client.listIndexes(dbName1, tabName2, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listIndexes(dbName2, tabName3, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listIndexes(dbName2, tabName4, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(client.listIndexNames(dbName1, tabName1, (short) 1).size(), equalTo(0));
- try {
- client.listIndexNames(dbName1, tabName2, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listIndexNames(dbName2, tabName3, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listIndexNames(dbName2, tabName4, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(client.getPartitionWithAuthInfo(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup"))), notNullValue());
- try {
- client.getPartitionWithAuthInfo(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup")));
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartitionWithAuthInfo(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup")));
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartitionWithAuthInfo(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup")));
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(
- client.getTableColumnStatistics(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
- try {
- client.getTableColumnStatistics(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(colName1)));
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getTableColumnStatistics(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(colName1)));
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getTableColumnStatistics(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(colName1)));
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- client.close();
- }
-
- /**
- * The group of USER3_1 is USERGROUP3, and has no access to database and
- * table.
- *
- * @throws Exception
- */
- @Test
- public void testPrivilegesForNoAccess() throws Exception {
- HiveMetaStoreClient client = context.getMetaStoreClient(USER3_1);
- try {
- client.getDatabase(dbName1);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getDatabase(dbName2);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- // including the "default" db
- assertThat(client.getAllDatabases().size(), equalTo(1));
- // including the "default" db
- assertThat(client.getDatabases("*").size(), equalTo(1));
- try {
- client.getTable(dbName1, tabName1);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getTable(dbName1, tabName2);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getTable(dbName2, tabName3);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getTable(dbName2, tabName4);
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.listPartitions(dbName1, tabName1, (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitions(dbName1, tabName2, (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitions(dbName2, tabName3, (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitions(dbName2, tabName4, (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.listPartitions(dbName1, tabName1, new ArrayList<String>(Arrays.asList(partitionVal)),
- (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitions(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal)),
- (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitions(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal)),
- (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitions(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal)),
- (short) 1);
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.getPartition(dbName1, tabName1, new ArrayList<String>(Arrays.asList(partitionVal)));
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartition(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal)));
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartition(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal)));
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartition(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal)));
- fail("NoSuchObjectException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- assertThat(client.getTables(dbName1, "tab*").size(), equalTo(0));
- assertThat(client.getTables(dbName2, "tab*").size(), equalTo(0));
- assertThat(
- client.getTableObjectsByName(dbName1,
- new ArrayList<String>(Arrays.asList(tabName1, tabName2))).size(), equalTo(0));
- assertThat(
- client.getTableObjectsByName(dbName2,
- new ArrayList<String>(Arrays.asList(tabName3, tabName4))).size(), equalTo(0));
- assertThat(client.getAllTables(dbName1).size(), equalTo(0));
- assertThat(client.getAllTables(dbName2).size(), equalTo(0));
-
- try {
- client.listPartitionNames(dbName1, tabName1, (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitionNames(dbName1, tabName2, (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitionNames(dbName2, tabName3, (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitionNames(dbName2, tabName4, (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.listPartitionNames(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitionNames(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitionNames(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listPartitionNames(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.getPartitionsByNames(dbName1, tabName1, new ArrayList<String>(Arrays.asList("")));
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartitionsByNames(dbName1, tabName2, new ArrayList<String>(Arrays.asList("")));
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartitionsByNames(dbName2, tabName3, new ArrayList<String>(Arrays.asList("")));
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartitionsByNames(dbName2, tabName4, new ArrayList<String>(Arrays.asList("")));
- fail("MetaException should have been thrown");
- } catch (TException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.getIndex(dbName1, tabName1, "empty");
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getIndex(dbName1, tabName2, "empty");
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getIndex(dbName2, tabName3, "empty");
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getIndex(dbName2, tabName3, "empty");
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.listIndexes(dbName1, tabName1, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listIndexes(dbName1, tabName2, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listIndexes(dbName2, tabName3, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listIndexes(dbName2, tabName4, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.listIndexNames(dbName1, tabName1, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listIndexNames(dbName1, tabName2, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listIndexNames(dbName2, tabName3, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.listIndexNames(dbName2, tabName4, (short) 1);
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.getPartitionWithAuthInfo(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup")));
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartitionWithAuthInfo(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup")));
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartitionWithAuthInfo(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup")));
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getPartitionWithAuthInfo(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
- Arrays.asList("tempgroup")));
- fail("MetaException should have been thrown");
- } catch (NoSuchObjectException noe) {
- // ignore, just make sure the authorization is failed.
- }
-
- try {
- client.getTableColumnStatistics(dbName1, tabName1,
- new ArrayList<String>(Arrays.asList(colName1)));
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getTableColumnStatistics(dbName1, tabName2,
- new ArrayList<String>(Arrays.asList(colName1)));
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getTableColumnStatistics(dbName2, tabName3,
- new ArrayList<String>(Arrays.asList(colName1)));
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- try {
- client.getTableColumnStatistics(dbName2, tabName4,
- new ArrayList<String>(Arrays.asList(colName1)));
- fail("MetaException should have been thrown");
- } catch (MetaException noe) {
- // ignore, just make sure the authorization is failed.
- }
- client.close();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java
deleted file mode 100644
index f406fd7..0000000
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e.metastore;
-
-import static org.junit.Assert.assertEquals;
-
-import java.io.File;
-import java.io.FileOutputStream;
-
-import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
-import org.apache.hive.hcatalog.pig.HCatStorer;
-import org.apache.pig.ExecType;
-import org.apache.pig.PigServer;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.tests.e2e.hive.StaticUserGroup;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Ignore;
-import org.junit.Test;
-
-import com.google.common.io.Resources;
-
-public class TestMetaStoreWithPigHCat extends
- AbstractMetastoreTestWithStaticConfiguration {
- private PolicyFile policyFile;
- private File dataFile;
- private static final String dbName = "db_1";
- private static final String tabName1 = "tab1";
- private static final String tabName2 = "tab2";
- private static final String db_all_role = "all_db1";
-
- @BeforeClass
- public static void beforeClass() {
- System.setProperty("hadoopversion", "23");
- }
-
- @Before
- public void setup() throws Exception {
- dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
- to.close();
-
- policyFile = setAdminOnServer1(ADMINGROUP);
- policyFile
- .addRolesToGroup(USERGROUP1, db_all_role)
- .addRolesToGroup(USERGROUP2, "read_db_role")
- .addPermissionsToRole(db_all_role, "server=server1->db=" + dbName)
- .addPermissionsToRole("read_db_role",
- "server=server1->db=" + dbName + "->table=" + tabName2 + "->action=SELECT")
- .setUserGroupMapping(StaticUserGroup.getStaticMapping());
- writePolicyFile(policyFile);
-
- HiveMetaStoreClient client = context.getMetaStoreClient(ADMIN1);
- client.dropDatabase(dbName, true, true, true);
- createMetastoreDB(client, dbName);
- client.close();
- }
-
- /**
- * Verify add partition via Pig+HCatStore
- *
- * *** Disabled due to HCat inputformat compatibility issue in Hive 1.1.0
- */
- @Ignore
- @Test
- public void testPartionLoad() throws Exception {
- execHiveSQL("CREATE TABLE " + dbName + "." + tabName1
- + " (id int) PARTITIONED BY (part_col STRING)", ADMIN1);
- execHiveSQL("CREATE TABLE " + dbName + "." + tabName2
- + " (id int) PARTITIONED BY (part_col STRING)", ADMIN1);
-
- // user with ALL on DB should be able to add partion using Pig/HCatStore
- PigServer pigServer = context.getPigServer(USER1_1, ExecType.LOCAL);
- execPigLatin(USER1_1, pigServer, "A = load '" + dataFile.getPath()
- + "' as (id:int);");
- execPigLatin(USER1_1, pigServer, "store A into '" + dbName + "." + tabName1
- + "' using " + HCatStorer.class.getName() + " ('part_col=part1');");
- HiveMetaStoreClient client = context.getMetaStoreClient(ADMIN1);
- assertEquals(1, client.listPartitionNames(dbName, tabName1, (short) 10)
- .size());
-
- // user without select on DB should NOT be able to add partition with Pig/HCatStore
- pigServer = context.getPigServer(USER2_1, ExecType.LOCAL);
- execPigLatin(USER2_1, pigServer, "A = load '" + dataFile.getPath()
- + "' as (id:int);");
- // This action won't be successful because of no permission, but there is no exception will
- // be thrown in this thread. The detail exception can be found in
- // sentry-tests/sentry-tests-hive/target/surefire-reports/org.apache.sentry.tests.e2e.metastore.TestMetaStoreWithPigHCat-output.txt.
- execPigLatin(USER2_1, pigServer, "store A into '" + dbName + "." + tabName2 + "' using "
- + HCatStorer.class.getName() + " ('part_col=part2');");
- // The previous action is failed, and there will be no data.
- assertEquals(0, client.listPartitionNames(dbName, tabName2, (short) 10).size());
- client.close();
- }
-
-}