You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ja...@apache.org on 2014/06/10 05:00:32 UTC

git commit: SENTRY-269: Add a test case for Denied Alter table, should fire SentryOnFailureHook

Repository: incubator-sentry
Updated Branches:
  refs/heads/master 8e7657a7e -> c57c53179


SENTRY-269: Add a test case for Denied Alter table, should fire SentryOnFailureHook

(Sravya Tirukkovalur via Jarek Jarcec Cecho)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/c57c5317
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/c57c5317
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/c57c5317

Branch: refs/heads/master
Commit: c57c531798501a4bec4507b9d0ec93d43d4c1c1a
Parents: 8e7657a
Author: Jarek Jarcec Cecho <ja...@apache.org>
Authored: Mon Jun 9 19:59:43 2014 -0700
Committer: Jarek Jarcec Cecho <ja...@apache.org>
Committed: Mon Jun 9 19:59:43 2014 -0700

----------------------------------------------------------------------
 .../TestDbSentryOnFailureHookLoading.java       | 22 +++++++++-----------
 1 file changed, 10 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/c57c5317/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
index 0d3b820..7ffe534 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
@@ -41,17 +41,13 @@ import org.junit.Test;
 
 public class TestDbSentryOnFailureHookLoading extends AbstractTestWithDbProvider {
 
-  private PolicyFile policyFile;
-
   Map<String, String > testProperties;
-  private static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
 
   @Before
   public void setup() throws Exception {
     testProperties = new HashMap<String, String>();
     testProperties.put(HiveAuthzConf.AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(),
         DummySentryOnFailureHook.class.getName());
-    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
     createContext(testProperties);
     DummySentryOnFailureHook.invoked = false;
 
@@ -84,11 +80,17 @@ public class TestDbSentryOnFailureHookLoading extends AbstractTestWithDbProvider
     statement.execute("GRANT ALL ON DATABASE DB_1 TO ROLE all_db1");
     statement.execute("GRANT ROLE all_db1 TO GROUP " + USERGROUP1);
 
+    statement.execute("CREATE ROLE read_db2_tab2");
+    statement.execute("GRANT ROLE read_db2_tab2 TO GROUP " + USERGROUP1);
+
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
     statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
     statement.execute("CREATE DATABASE DB_1");
     statement.execute("CREATE DATABASE DB_2");
     statement.execute("CREATE TABLE db_2.tab1(a int )");
+
+    statement.execute("USE db_2");
+    statement.execute("GRANT SELECT ON TABLE tab2 TO ROLE read_db2_tab2");// To give user1 privilege to do USE db_2
     statement.close();
     connection.close();
 
@@ -106,9 +108,10 @@ public class TestDbSentryOnFailureHookLoading extends AbstractTestWithDbProvider
     verifyFailureHook(statement, "select * from db_2.tab1", HiveOperation.QUERY,
         null, null, false);
 
-    //Denied alter table is not invoking failurehook: SENTRY-269
-    //verifyFailureHook(statement, "ALTER TABLE db_2.tab1 CHANGE id id1 INT", HiveOperation.ALTERTABLE_RENAMECOL,
-    //    "db_2", "tab1", false);
+    //Denied alter table invokes failure hook
+    statement.execute("USE DB_2");
+    verifyFailureHook(statement, "ALTER TABLE tab1 CHANGE id id1 INT", HiveOperation.ALTERTABLE_RENAMECOL,
+        "db_2", null, false);
 
     statement.close();
     connection.close();
@@ -130,11 +133,6 @@ public class TestDbSentryOnFailureHookLoading extends AbstractTestWithDbProvider
   @Test
   public void testOnFailureHookForAuthDDL() throws Exception {
 
-    policyFile.addRolesToGroup(USERGROUP1, "all_db1")
-        .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
-        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
-        .write(context.getPolicyFile());
-
     // setup db objects needed by the test
     Connection connection = context.createConnection(ADMIN1);
     Statement statement = context.createStatement(connection);