You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sh...@apache.org on 2013/09/21 01:38:54 UTC
[5/9] SENTRY-16: Move sentry-tests to sentry-tests-hive package
(Gregory Chanan via Shreepadma Venugopalan)
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
new file mode 100644
index 0000000..f6d1791
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
@@ -0,0 +1,212 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.tests.e2e.hive.hiveserver;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.ServerSocket;
+import java.net.URL;
+import java.util.Map;
+
+import com.google.common.annotations.VisibleForTesting;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.hdfs.DistributedFileSystem;
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
+import org.fest.reflect.core.Reflection;
+import org.junit.Assert;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.io.Resources;
+
+public class HiveServerFactory {
+ private static final Logger LOGGER = LoggerFactory
+ .getLogger(HiveServerFactory.class);
+ private static final String HIVE_DRIVER_NAME = "org.apache.hive.jdbc.HiveDriver";
+ private static final String DERBY_DRIVER_NAME = "org.apache.derby.jdbc.EmbeddedDriver";
+ public static final String HIVESERVER2_TYPE = "sentry.e2etest.hiveServer2Type";
+ public static final String KEEP_BASEDIR = "sentry.e2etest.keepBaseDir";
+ public static final String METASTORE_CONNECTION_URL = HiveConf.ConfVars.METASTORECONNECTURLKEY.varname;
+ public static final String WAREHOUSE_DIR = HiveConf.ConfVars.METASTOREWAREHOUSE.varname;
+ public static final String AUTHZ_PROVIDER = HiveAuthzConf.AuthzConfVars.AUTHZ_PROVIDER.getVar();
+ public static final String AUTHZ_PROVIDER_RESOURCE = HiveAuthzConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar();
+ public static final String AUTHZ_PROVIDER_FILENAME = "test-authz-provider.ini";
+ public static final String AUTHZ_SERVER_NAME = HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar();
+ public static final String ACCESS_TESTING_MODE = HiveAuthzConf.AuthzConfVars.ACCESS_TESTING_MODE.getVar();
+ public static final String HS2_PORT = ConfVars.HIVE_SERVER2_THRIFT_PORT.toString();
+ public static final String SUPPORT_CONCURRENCY = HiveConf.ConfVars.HIVE_SUPPORT_CONCURRENCY.varname;
+ public static final String HADOOPBIN = ConfVars.HADOOPBIN.toString();
+ public static final String DEFAULT_AUTHZ_SERVER_NAME = "server1";
+ public static final String HIVESERVER2_IMPERSONATION = "hive.server2.enable.doAs";
+
+
+ static {
+ try {
+ Assert.assertNotNull(DERBY_DRIVER_NAME + " is null", Class.forName(DERBY_DRIVER_NAME));
+ Assert.assertNotNull(HIVE_DRIVER_NAME + " is null", Class.forName(HIVE_DRIVER_NAME));
+ } catch (ClassNotFoundException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static HiveServer create(Map<String, String> properties,
+ File baseDir, File confDir, File logDir, File policyFile,
+ FileSystem fileSystem)
+ throws Exception {
+ String type = properties.get(HIVESERVER2_TYPE);
+ if(type == null) {
+ type = System.getProperty(HIVESERVER2_TYPE);
+ }
+ if(type == null) {
+ type = HiveServer2Type.InternalHiveServer2.name();
+ }
+ return create(HiveServer2Type.valueOf(type.trim()), properties,
+ baseDir, confDir, logDir, policyFile, fileSystem);
+ }
+
+ private static HiveServer create(HiveServer2Type type,
+ Map<String, String> properties, File baseDir, File confDir,
+ File logDir, File policyFile, FileSystem fileSystem) throws Exception {
+ if(!properties.containsKey(WAREHOUSE_DIR)) {
+ LOGGER.error("fileSystem " + fileSystem.getClass().getSimpleName());
+ if (fileSystem instanceof DistributedFileSystem) {
+ @SuppressWarnings("static-access")
+ String dfsUri = fileSystem.getDefaultUri(fileSystem.getConf()).toString();
+ LOGGER.error("dfsUri " + dfsUri);
+ properties.put(WAREHOUSE_DIR, dfsUri + "/data");
+ } else {
+ properties.put(WAREHOUSE_DIR, new File(baseDir, "warehouse").getPath());
+ }
+ }
+ if(!properties.containsKey(METASTORE_CONNECTION_URL)) {
+ properties.put(METASTORE_CONNECTION_URL,
+ String.format("jdbc:derby:;databaseName=%s;create=true",
+ new File(baseDir, "metastore").getPath()));
+ }
+ if(policyFile.exists()) {
+ LOGGER.info("Policy file " + policyFile + " exists");
+ } else {
+ LOGGER.info("Creating policy file " + policyFile);
+ FileOutputStream to = new FileOutputStream(policyFile);
+ Resources.copy(Resources.getResource(AUTHZ_PROVIDER_FILENAME), to);
+ to.close();
+ }
+ if(!properties.containsKey(ACCESS_TESTING_MODE)) {
+ properties.put(ACCESS_TESTING_MODE, "true");
+ }
+ if(!properties.containsKey(AUTHZ_PROVIDER_RESOURCE)) {
+ properties.put(AUTHZ_PROVIDER_RESOURCE, policyFile.getPath());
+ }
+ if(!properties.containsKey(AUTHZ_PROVIDER)) {
+ properties.put(AUTHZ_PROVIDER, LocalGroupResourceAuthorizationProvider.class.getName());
+ }
+ if(!properties.containsKey(AUTHZ_SERVER_NAME)) {
+ properties.put(AUTHZ_SERVER_NAME, DEFAULT_AUTHZ_SERVER_NAME);
+ }
+ if(!properties.containsKey(HS2_PORT)) {
+ properties.put(HS2_PORT, String.valueOf(findPort()));
+ }
+ if(!properties.containsKey(SUPPORT_CONCURRENCY)) {
+ properties.put(SUPPORT_CONCURRENCY, "false");
+ }
+ if(!properties.containsKey(HADOOPBIN)) {
+ properties.put(HADOOPBIN, "./target/hadoop/bin/hadoop");
+ }
+ String hadoopBinPath = properties.get(HADOOPBIN);
+ Assert.assertNotNull(hadoopBinPath, "Hadoop Bin");
+ File hadoopBin = new File(hadoopBinPath);
+ if(!hadoopBin.isFile()) {
+ Assert.fail("Path to hadoop bin " + hadoopBin.getPath() + "is invalid. "
+ + "Perhaps you missed the download-hadoop profile.");
+ }
+ /*
+ * This hack, setting the hiveSiteURL field removes a previous hack involving
+ * setting of system properties for each property. Although both are hacks,
+ * I prefer this hack because once the system properties are set they can
+ * affect later tests unless those tests clear them. This hack allows for
+ * a clean switch to a new set of defaults when a new HiveConf object is created.
+ */
+ Reflection.staticField("hiveSiteURL")
+ .ofType(URL.class)
+ .in(HiveConf.class)
+ .set(null);
+ HiveConf hiveConf = new HiveConf();
+ HiveAuthzConf authzConf = new HiveAuthzConf(Resources.getResource("sentry-site.xml"));
+ for(Map.Entry<String, String> entry : properties.entrySet()) {
+ LOGGER.info(entry.getKey() + " => " + entry.getValue());
+ hiveConf.set(entry.getKey(), entry.getValue());
+ authzConf.set(entry.getKey(), entry.getValue());
+ }
+ File hiveSite = new File(confDir, "hive-site.xml");
+ File accessSite = new File(confDir, HiveAuthzConf.AUTHZ_SITE_FILE);
+ OutputStream out = new FileOutputStream(accessSite);
+ authzConf.writeXml(out);
+ out.close();
+ // points hive-site.xml at access-site.xml
+ hiveConf.set(HiveAuthzConf.HIVE_ACCESS_CONF_URL, accessSite.toURI().toURL().toExternalForm());
+ if(!properties.containsKey(HiveConf.ConfVars.HIVE_SERVER2_SESSION_HOOK.varname)) {
+ hiveConf.set(HiveConf.ConfVars.HIVE_SERVER2_SESSION_HOOK.varname,
+ "org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook");
+ }
+ hiveConf.set(HIVESERVER2_IMPERSONATION, "false");
+ out = new FileOutputStream(hiveSite);
+ hiveConf.writeXml(out);
+ out.close();
+
+ Reflection.staticField("hiveSiteURL")
+ .ofType(URL.class)
+ .in(HiveConf.class)
+ .set(hiveSite.toURI().toURL());
+
+ switch (type) {
+ case EmbeddedHiveServer2:
+ LOGGER.info("Creating EmbeddedHiveServer");
+ return new EmbeddedHiveServer();
+ case InternalHiveServer2:
+ LOGGER.info("Creating InternalHiveServer");
+ return new InternalHiveServer(hiveConf);
+ case ExternalHiveServer2:
+ LOGGER.info("Creating ExternalHiveServer");
+ return new ExternalHiveServer(hiveConf, confDir, logDir);
+ case UnmanagedHiveServer2:
+ LOGGER.info("Creating UnmanagedHiveServer");
+ return new UnmanagedHiveServer();
+ default:
+ throw new UnsupportedOperationException(type.name());
+ }
+ }
+ private static int findPort() throws IOException {
+ ServerSocket socket = new ServerSocket(0);
+ int port = socket.getLocalPort();
+ socket.close();
+ return port;
+ }
+
+ @VisibleForTesting
+ public static enum HiveServer2Type {
+ EmbeddedHiveServer2, // Embedded HS2, directly executed by JDBC, without thrift
+ InternalHiveServer2, // Start a thrift HS2 in the same process
+ ExternalHiveServer2, // start a remote thrift HS2
+ UnmanagedHiveServer2 // Use a remote thrift HS2 already running
+ ;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/InternalHiveServer.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/InternalHiveServer.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/InternalHiveServer.java
new file mode 100644
index 0000000..3a257bf
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/InternalHiveServer.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.tests.e2e.hive.hiveserver;
+
+import java.io.IOException;
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.metastore.HiveMetaStore;
+import org.apache.hive.service.server.HiveServer2;
+import org.fest.reflect.core.Reflection;
+
+public class InternalHiveServer extends AbstractHiveServer {
+
+ private final HiveServer2 hiveServer2;
+ private final HiveConf conf;
+
+ public InternalHiveServer(HiveConf conf) throws IOException {
+ super(conf, getHostname(conf), getPort(conf));
+ // Fix for ACCESS-148. Resets a static field
+ // so the default database is created even
+ // though is has been created before in this JVM
+ Reflection.staticField("createDefaultDB")
+ .ofType(boolean.class)
+ .in(HiveMetaStore.HMSHandler.class)
+ .set(false);
+ hiveServer2 = new HiveServer2();
+ this.conf = conf;
+ }
+
+ @Override
+ public synchronized void start() throws Exception {
+ hiveServer2.init(conf);
+ hiveServer2.start();
+ waitForStartup(this);
+ }
+
+ @Override
+ public synchronized void shutdown() {
+ hiveServer2.stop();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/UnmanagedHiveServer.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/UnmanagedHiveServer.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/UnmanagedHiveServer.java
new file mode 100644
index 0000000..5a49c4c
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/UnmanagedHiveServer.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.tests.e2e.hive.hiveserver;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Preconditions;
+import org.apache.hadoop.hive.conf.HiveConf;
+
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.util.Properties;
+
+public class UnmanagedHiveServer implements HiveServer {
+ private static final Logger LOGGER = LoggerFactory.getLogger(UnmanagedHiveServer.class);
+ public static String hostname;
+ public static int port;
+ public static final String hs2Host = System.getProperty("hs2Host");
+ public static final int hs2Port = Integer.parseInt(System.getProperty("hivePort", "10000"));
+ public static final String auth = System.getProperty("auth", "kerberos");
+ public static final String hivePrincipal = System.getProperty("hivePrincipal");
+ public static final String kerbRealm = System.getProperty("kerberosRealm");
+ private HiveConf hiveConf;
+
+ public UnmanagedHiveServer() {
+ Preconditions.checkNotNull(hs2Host);
+ if(auth.equalsIgnoreCase("kerberos")){
+ Preconditions.checkNotNull(kerbRealm);
+ Preconditions.checkNotNull(hivePrincipal);
+ }
+ this.hostname = hs2Host;
+ this.port = hs2Port;
+ hiveConf = new HiveConf();
+ }
+
+ @Override
+ public void start() throws Exception {
+ //For Unmanaged HiveServer, service need not be started within the test
+ }
+
+ @Override
+ public void shutdown() throws Exception {
+ //For Unmanaged HiveServer, service need not be stopped within the test
+ }
+
+ @Override
+ public String getURL() {
+ return "jdbc:hive2://" + hostname + ":" + port + "/default;";
+ }
+
+ @Override
+ public String getProperty(String key) {
+ return hiveConf.get(key);
+ }
+
+ @Override
+ public Connection createConnection(String user, String password) throws Exception{
+ String url = getURL();
+ Properties oProps = new Properties();
+
+ if(auth.equalsIgnoreCase("kerberos")){
+ String commandFormat = "kinit -kt /cdep/keytabs/%s.keytab %s@" + kerbRealm;
+ String command = String.format(commandFormat, user, user, user);
+ Process proc = Runtime.getRuntime().exec(command);
+ String status = (proc.waitFor()==0)?"passed":"failed";
+ LOGGER.info(command + ": " + status);
+
+ command = "kinit -R";
+ proc = Runtime.getRuntime().exec(command);
+ status = (proc.waitFor()==0)?"passed":"failed";
+ LOGGER.info(command + ": " + status);
+
+ url += "principal=" + hivePrincipal;
+ }else{
+ oProps.setProperty("user",user);
+ oProps.setProperty("password",password);
+ }
+ LOGGER.info("url: " + url);
+ return DriverManager.getConnection(url, oProps);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/sentry-tests-hive/src/test/resources/emp.dat
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/resources/emp.dat b/sentry-tests/sentry-tests-hive/src/test/resources/emp.dat
new file mode 100644
index 0000000..5922b20
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/resources/emp.dat
@@ -0,0 +1,12 @@
+16|john
+17|robert
+18|andrew
+19|katty
+21|tom
+22|tim
+23|james
+24|paul
+27|edward
+29|alan
+31|kerry
+34|terri
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/sentry-tests-hive/src/test/resources/hive-site.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/resources/hive-site.xml b/sentry-tests/sentry-tests-hive/src/test/resources/hive-site.xml
new file mode 100644
index 0000000..237c408
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/resources/hive-site.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<configuration>
+<property>
+ <name>hive.metastore.warehouse.dir</name>
+ <value>invalid</value>
+</property>
+
+<property>
+ <name>mapreduce.framework.name</name>
+ <value>local</value>
+</property>
+
+<property>
+ <name>javax.jdo.option.ConnectionURL</name>
+ <value>invalid</value>
+</property>
+
+<property>
+ <name>hadoop.bin.path</name>
+ <value>./target/hadoop/bin/hadoop</value>
+</property>
+
+<property>
+ <name>hive.support.concurrency</name>
+ <value>false</value>
+</property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/sentry-tests-hive/src/test/resources/kv1.dat
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/resources/kv1.dat b/sentry-tests/sentry-tests-hive/src/test/resources/kv1.dat
new file mode 100644
index 0000000..20fb0dc
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/resources/kv1.dat
@@ -0,0 +1,500 @@
+238�
+86�
+311�
+27�
+165�
+409�
+255�
+278�
+98�
+484�
+265�
+193�
+401�
+150�
+273�
+224�
+369�
+66�
+128�
+213�
+146�
+406�
+429�
+374�
+152�
+469�
+145�
+495�
+37�
+327�
+281�
+277�
+209�
+15�
+82�
+403�
+166�
+417�
+430�
+252�
+292�
+219�
+287�
+153�
+193�
+338�
+446�
+459�
+394�
+237�
+482�
+174�
+413�
+494�
+207�
+199�
+466�
+208�
+174�
+399�
+396�
+247�
+417�
+489�
+162�
+377�
+397�
+309�
+365�
+266�
+439�
+342�
+367�
+325�
+167�
+195�
+475�
+17�
+113�
+155�
+203�
+339�
+0�
+455�
+128�
+311�
+316�
+57�
+302�
+205�
+149�
+438�
+345�
+129�
+170�
+20�
+489�
+157�
+378�
+221�
+92�
+111�
+47�
+72�
+4�
+280�
+35�
+427�
+277�
+208�
+356�
+399�
+169�
+382�
+498�
+125�
+386�
+437�
+469�
+192�
+286�
+187�
+176�
+54�
+459�
+51�
+138�
+103�
+239�
+213�
+216�
+430�
+278�
+176�
+289�
+221�
+65�
+318�
+332�
+311�
+275�
+137�
+241�
+83�
+333�
+180�
+284�
+12�
+230�
+181�
+67�
+260�
+404�
+384�
+489�
+353�
+373�
+272�
+138�
+217�
+84�
+348�
+466�
+58�
+8�
+411�
+230�
+208�
+348�
+24�
+463�
+431�
+179�
+172�
+42�
+129�
+158�
+119�
+496�
+0�
+322�
+197�
+468�
+393�
+454�
+100�
+298�
+199�
+191�
+418�
+96�
+26�
+165�
+327�
+230�
+205�
+120�
+131�
+51�
+404�
+43�
+436�
+156�
+469�
+468�
+308�
+95�
+196�
+288�
+481�
+457�
+98�
+282�
+197�
+187�
+318�
+318�
+409�
+470�
+137�
+369�
+316�
+169�
+413�
+85�
+77�
+0�
+490�
+87�
+364�
+179�
+118�
+134�
+395�
+282�
+138�
+238�
+419�
+15�
+118�
+72�
+90�
+307�
+19�
+435�
+10�
+277�
+273�
+306�
+224�
+309�
+389�
+327�
+242�
+369�
+392�
+272�
+331�
+401�
+242�
+452�
+177�
+226�
+5�
+497�
+402�
+396�
+317�
+395�
+58�
+35�
+336�
+95�
+11�
+168�
+34�
+229�
+233�
+143�
+472�
+322�
+498�
+160�
+195�
+42�
+321�
+430�
+119�
+489�
+458�
+78�
+76�
+41�
+223�
+492�
+149�
+449�
+218�
+228�
+138�
+453�
+30�
+209�
+64�
+468�
+76�
+74�
+342�
+69�
+230�
+33�
+368�
+103�
+296�
+113�
+216�
+367�
+344�
+167�
+274�
+219�
+239�
+485�
+116�
+223�
+256�
+263�
+70�
+487�
+480�
+401�
+288�
+191�
+5�
+244�
+438�
+128�
+467�
+432�
+202�
+316�
+229�
+469�
+463�
+280�
+2�
+35�
+283�
+331�
+235�
+80�
+44�
+193�
+321�
+335�
+104�
+466�
+366�
+175�
+403�
+483�
+53�
+105�
+257�
+406�
+409�
+190�
+406�
+401�
+114�
+258�
+90�
+203�
+262�
+348�
+424�
+12�
+396�
+201�
+217�
+164�
+431�
+454�
+478�
+298�
+125�
+431�
+164�
+424�
+187�
+382�
+5�
+70�
+397�
+480�
+291�
+24�
+351�
+255�
+104�
+70�
+163�
+438�
+119�
+414�
+200�
+491�
+237�
+439�
+360�
+248�
+479�
+305�
+417�
+199�
+444�
+120�
+429�
+169�
+443�
+323�
+325�
+277�
+230�
+478�
+178�
+468�
+310�
+317�
+333�
+493�
+460�
+207�
+249�
+265�
+480�
+83�
+136�
+353�
+172�
+214�
+462�
+233�
+406�
+133�
+175�
+189�
+454�
+375�
+401�
+421�
+407�
+384�
+256�
+26�
+134�
+67�
+384�
+379�
+18�
+462�
+492�
+100�
+298�
+9�
+341�
+498�
+146�
+458�
+362�
+186�
+285�
+348�
+167�
+18�
+273�
+183�
+281�
+344�
+97�
+469�
+315�
+84�
+28�
+37�
+448�
+152�
+348�
+307�
+194�
+414�
+477�
+222�
+126�
+90�
+169�
+403�
+400�
+200�
+97�
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/sentry-tests-hive/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/resources/log4j.properties b/sentry-tests/sentry-tests-hive/src/test/resources/log4j.properties
new file mode 100644
index 0000000..d941816
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/resources/log4j.properties
@@ -0,0 +1,35 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# Define some default values that can be overridden by system properties.
+#
+# For testing, it may also be convenient to specify
+
+sentry.root.logger=INFO,console
+log4j.rootLogger=${sentry.root.logger}
+
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n
+
+log4j.logger.org.apache.hadoop.conf.Configuration=ERROR
+log4j.logger.org.apache.sentry=DEBUG
+
+log4j.category.DataNucleus=ERROR
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/sentry-tests-hive/src/test/resources/sentry-site.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/resources/sentry-site.xml b/sentry-tests/sentry-tests-hive/src/test/resources/sentry-site.xml
new file mode 100644
index 0000000..de0c9cf
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/resources/sentry-site.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<configuration>
+ <property>
+ <name>hive.sentry.provider</name>
+ <value>invalid</value>
+ </property>
+ <property>
+ <name>hive.sentry.provider.resource</name>
+ <value>invalid</value>
+ </property>
+ <property>
+ <name>hive.sentry.server</name>
+ <value>myHS2</value>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/sentry-tests-hive/src/test/resources/test-authz-provider.ini
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/resources/test-authz-provider.ini b/sentry-tests/sentry-tests-hive/src/test/resources/test-authz-provider.ini
new file mode 100644
index 0000000..014d827
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/resources/test-authz-provider.ini
@@ -0,0 +1,25 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[groups]
+foo = all_default
+
+[roles]
+all_default = server=server1->db=default
+
+[users]
+foo = foo
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithHiveServer.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithHiveServer.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithHiveServer.java
deleted file mode 100644
index d4060d3..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithHiveServer.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e;
-
-import java.io.File;
-import java.util.Map;
-
-import junit.framework.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.sentry.tests.e2e.hiveserver.HiveServer;
-import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
-import org.junit.After;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.io.Files;
-
-public abstract class AbstractTestWithHiveServer {
- private static final Logger LOGGER = LoggerFactory
- .getLogger(AbstractTestWithHiveServer.class);
- protected File baseDir;
- protected File logDir;
- protected File confDir;
- protected File dataDir;
- protected File policyFile;
- protected HiveServer hiveServer;
- protected FileSystem fileSystem;
-
- public Context createContext(Map<String, String> properties)
- throws Exception {
- fileSystem = FileSystem.get(new Configuration());
- baseDir = Files.createTempDir();
- LOGGER.info("BaseDir = " + baseDir);
- logDir = assertCreateDir(new File(baseDir, "log"));
- confDir = assertCreateDir(new File(baseDir, "etc"));
- dataDir = assertCreateDir(new File(baseDir, "data"));
- policyFile = new File(confDir, HiveServerFactory.AUTHZ_PROVIDER_FILENAME);
- hiveServer = HiveServerFactory.create(properties, baseDir, confDir, logDir, policyFile, fileSystem);
- hiveServer.start();
- return new Context(hiveServer, getFileSystem(),
- baseDir, confDir, dataDir, policyFile);
- }
-
- protected static File assertCreateDir(File dir) {
- if(!dir.isDirectory()) {
- Assert.assertTrue("Failed creating " + dir, dir.mkdirs());
- }
- return dir;
- }
-
- protected FileSystem getFileSystem() {
- return fileSystem;
- }
-
- @After
- public void tearDownWithHiveServer() throws Exception {
- if(hiveServer != null) {
- hiveServer.shutdown();
- hiveServer = null;
- }
- if(baseDir != null) {
- if(System.getProperty(HiveServerFactory.KEEP_BASEDIR) == null) {
- FileUtils.deleteQuietly(baseDir);
- }
- baseDir = null;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticConfiguration.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticConfiguration.java
deleted file mode 100644
index 40232c8..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticConfiguration.java
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e;
-
-import java.io.File;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.Statement;
-import java.util.Map;
-
-import junit.framework.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.sentry.tests.e2e.hiveserver.HiveServer;
-import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Maps;
-import com.google.common.io.Files;
-
-public abstract class AbstractTestWithStaticConfiguration {
- private static final Logger LOGGER = LoggerFactory
- .getLogger(AbstractTestWithStaticConfiguration.class);
- protected static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
- protected static final String ADMIN1 = "admin1";
- protected static final String ALL_DB1 = "server=server1->db=db_1",
- ALL_DB2 = "server=server1->db=db_2",
- SELECT_DB1_TBL1 = "server=server1->db=db_1->table=tb_1->action=select",
- SELECT_DB1_TBL2 = "server=server1->db=db_1->table=tb_2->action=select",
- SELECT_DB1_NONTABLE = "server=server1->db=db_1->table=this table does not exist->action=select",
- INSERT_DB1_TBL1 = "server=server1->db=db_1->table=tb_1->action=insert",
- INSERT_DB1_TBL2 = "server=server1->db=db_1->table=tb_2->action=insert",
- SELECT_DB2_TBL2 = "server=server1->db=db_2->table=tb_2->action=select",
- INSERT_DB2_TBL1 = "server=server1->db=db_2->table=tb_1->action=insert",
- SELECT_DB1_VIEW1 = "server=server1->db=db_1->table=view_1->action=select",
- USER1 = "user1",
- USER2 = "user2",
- GROUP1 = "group1",
- GROUP1_ROLE = "group1_role",
- DB1 = "db_1",
- DB2 = "db_2",
- DB3 = "db_3",
- TBL1 = "tb_1",
- TBL2 = "tb_2",
- TBL3 = "tb_3",
- VIEW1 = "view_1",
- VIEW2 = "view_2",
- VIEW3 = "view_3",
- INDEX1 = "index_1",
- INDEX2 = "index_2";
-
-
- protected static File baseDir;
- protected static File logDir;
- protected static File confDir;
- protected static File dataDir;
- protected static File policyFile;
- protected static HiveServer hiveServer;
- protected static FileSystem fileSystem;
- protected static Map<String, String> properties;
- protected Context context;
-
- public Context createContext() throws Exception {
- return new Context(hiveServer, fileSystem,
- baseDir, confDir, dataDir, policyFile);
- }
- protected void dropDb(String user, String...dbs) throws Exception {
- Connection connection = context.createConnection(user, "password");
- Statement statement = connection.createStatement();
- for(String db : dbs) {
- statement.execute("DROP DATABASE IF EXISTS " + db + " CASCADE");
- }
- statement.close();
- connection.close();
- }
- protected void createDb(String user, String...dbs) throws Exception {
- Connection connection = context.createConnection(user, "password");
- Statement statement = connection.createStatement();
- for(String db : dbs) {
- statement.execute("CREATE DATABASE " + db);
- }
- statement.close();
- connection.close();
- }
- protected void createTable(String user, String db, File dataFile, String...tables)
- throws Exception {
- Connection connection = context.createConnection(user, "password");
- Statement statement = connection.createStatement();
- statement.execute("USE " + db);
- for(String table : tables) {
- statement.execute("DROP TABLE IF EXISTS " + table);
- statement.execute("create table " + table
- + " (under_col int comment 'the under column', value string)");
- statement.execute("load data local inpath '" + dataFile.getPath()
- + "' into table " + table);
- ResultSet res = statement.executeQuery("select * from " + table);
- Assert.assertTrue("Table should have data after load", res.next());
- res.close();
- }
- statement.close();
- connection.close();
- }
-
- protected static File assertCreateDir(File dir) {
- if(!dir.isDirectory()) {
- Assert.assertTrue("Failed creating " + dir, dir.mkdirs());
- }
- return dir;
- }
-
- protected FileSystem getFileSystem() {
- return fileSystem;
- }
- @BeforeClass
- public static void setupTestStaticConfiguration()
- throws Exception {
- properties = Maps.newHashMap();
- baseDir = Files.createTempDir();
- LOGGER.info("BaseDir = " + baseDir);
- logDir = assertCreateDir(new File(baseDir, "log"));
- confDir = assertCreateDir(new File(baseDir, "etc"));
- dataDir = assertCreateDir(new File(baseDir, "data"));
- policyFile = new File(confDir, HiveServerFactory.AUTHZ_PROVIDER_FILENAME);
- }
-
- @AfterClass
- public static void tearDownTestStaticConfiguration() throws Exception {
- if(hiveServer != null) {
- hiveServer.shutdown();
- hiveServer = null;
- }
- if(baseDir != null) {
- if(System.getProperty(HiveServerFactory.KEEP_BASEDIR) == null) {
- FileUtils.deleteQuietly(baseDir);
- }
- baseDir = null;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticDFS.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticDFS.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticDFS.java
deleted file mode 100644
index ab30fa5..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticDFS.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e;
-
-import java.io.File;
-import java.io.IOException;
-
-import junit.framework.Assert;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hdfs.MiniDFSCluster;
-import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-
-public abstract class AbstractTestWithStaticDFS extends AbstractTestWithStaticConfiguration {
-
- protected static MiniDFSCluster dfsCluster;
- protected static Path dfsBaseDir;
-
- @Before
- public void setupTestWithDFS() throws IOException {
- Assert.assertTrue(dfsBaseDir.toString(), fileSystem.delete(dfsBaseDir, true));
- Assert.assertTrue(dfsBaseDir.toString(), fileSystem.mkdirs(dfsBaseDir));
- }
-
- protected static Path assertCreateDfsDir(Path dir) throws IOException {
- if(!fileSystem.isDirectory(dir)) {
- Assert.assertTrue("Failed creating " + dir, fileSystem.mkdirs(dir));
- }
- return dir;
- }
- @BeforeClass
- public static void setupTestWithStaticDFS()
- throws Exception {
- Configuration conf = new Configuration();
- File dfsDir = assertCreateDir(new File(baseDir, "dfs"));
- conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
- dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
- fileSystem = dfsCluster.getFileSystem();
- dfsBaseDir = assertCreateDfsDir(new Path(new Path(fileSystem.getUri()), "/base"));
- hiveServer = HiveServerFactory.create(properties, baseDir, confDir, logDir, policyFile, fileSystem);
- hiveServer.start();
- }
-
- @AfterClass
- public static void tearDownTestWithStaticDFS() throws Exception {
- if(dfsCluster != null) {
- dfsCluster.shutdown();
- dfsCluster = null;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticLocalFS.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticLocalFS.java
deleted file mode 100644
index c29c16c..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticLocalFS.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
-import org.junit.BeforeClass;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public abstract class AbstractTestWithStaticLocalFS extends AbstractTestWithStaticConfiguration {
- @SuppressWarnings("unused")
- private static final Logger LOGGER = LoggerFactory
- .getLogger(AbstractTestWithStaticLocalFS.class);
- @BeforeClass
- public static void setupTestWithStaticHiveServer()
- throws Exception {
- fileSystem = FileSystem.get(new Configuration());
- hiveServer = HiveServerFactory.create(properties, baseDir, confDir, logDir, policyFile, fileSystem);
- hiveServer.start();
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/Context.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/Context.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/Context.java
deleted file mode 100644
index 45ec493..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/Context.java
+++ /dev/null
@@ -1,210 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e;
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.net.URI;
-import java.sql.Connection;
-import java.sql.DriverManager;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.Set;
-
-import junit.framework.Assert;
-
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.sentry.tests.e2e.hiveserver.HiveServer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Charsets;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public class Context {
-
- private static final Logger LOGGER = LoggerFactory
- .getLogger(Context.class);
-
- public static final String AUTHZ_EXCEPTION_SQL_STATE = "42000";
- public static final String AUTHZ_EXEC_HOOK_EXCEPTION_SQL_STATE = "08S01";
- public static final String AUTHZ_EXCEPTION_ERROR_MSG = "No valid privileges";
-
- private final HiveServer hiveServer;
- private final FileSystem fileSystem;
- private final File baseDir;
- private final File dataDir;
-
- private final File policyFile;
- private final Set<Connection> connections;
- private final Set<Statement> statements;
-
-
- public Context(HiveServer hiveServer, FileSystem fileSystem,
- File baseDir, File confDir, File dataDir, File policyFile) throws Exception {
- this.hiveServer = hiveServer;
- this.fileSystem = fileSystem;
- this.baseDir = baseDir;
- this.dataDir = dataDir;
- this.policyFile = policyFile;
- connections = Sets.newHashSet();
- statements = Sets.newHashSet();
- }
-
- public Connection createConnection(String username, String password) throws Exception {
- Connection connection = hiveServer.createConnection(username, password);
- connections.add(connection);
- assertNotNull("Connection is null", connection);
- assertFalse("Connection should not be closed", connection.isClosed());
- Statement statement = connection.createStatement();
- statement.close();
- return connection;
- }
-
- public Statement createStatement(Connection connection)
- throws Exception {
- Statement statement = connection.createStatement();
- assertNotNull("Statement is null", statement);
- statements.add(statement);
- return statement;
- }
- /**
- * Deprecated} use append()
- */
- public void writePolicyFile(String buf) throws IOException {
- FileOutputStream out = new FileOutputStream(policyFile);
- out.write(buf.getBytes(Charsets.UTF_8));
- out.close();
- }
- /**
- * Deprecated} use append()
- */
- @Deprecated
- public void appendToPolicyFileWithNewLine(String line) throws IOException {
- append(line);
- }
- public void append(String...lines) throws IOException {
- StringBuffer buffer = new StringBuffer();
- for(String line : lines) {
- buffer.append(line).append("\n");
- }
- Files.append(buffer, policyFile, Charsets.UTF_8);
- }
-
- public boolean deletePolicyFile() throws IOException {
- return policyFile.delete();
- }
- /**
- * Deprecated} use append()
- */
- public void makeNewPolicy(String policyLines[]) throws FileNotFoundException {
- PrintWriter policyWriter = new PrintWriter (policyFile.toString());
- for (String line : policyLines) {
- policyWriter.println(line);
- }
- policyWriter.close();
- assertFalse(policyWriter.checkError());
- }
-
- public void close() {
- for(Statement statement : statements) {
- try {
- statement.close();
- } catch (SQLException exception) {
- LOGGER.warn("Error closing " + statement, exception);
- }
- }
- statements.clear();
-
- for(Connection connection : connections) {
- try {
- connection.close();
- } catch (SQLException exception) {
- LOGGER.warn("Error closing " + connection, exception);
- }
- }
- connections.clear();
- }
-
- public void assertAuthzException(Statement statement, String query)
- throws SQLException {
- try {
- statement.execute(query);
- Assert.fail("Expected SQLException for '" + query + "'");
- } catch (SQLException e) {
- verifyAuthzException(e);
- }
- }
-
- public void assertAuthzExecHookException(Statement statement, String query)
- throws SQLException {
- try {
- statement.execute(query);
- Assert.fail("Expected SQLException for '" + query + "'");
- } catch (SQLException e) {
- verifyAuthzExecHookException(e);
- }
- }
-
-
- // verify that the sqlexception is due to authorization failure
- public void verifyAuthzException(SQLException sqlException) throws SQLException{
- verifyAuthzExceptionForState(sqlException, AUTHZ_EXCEPTION_SQL_STATE);
- }
-
- // verify that the sqlexception is due to authorization failure due to exec hooks
- public void verifyAuthzExecHookException(SQLException sqlException) throws SQLException{
- verifyAuthzExceptionForState(sqlException, AUTHZ_EXEC_HOOK_EXCEPTION_SQL_STATE);
- }
-
- // verify that the sqlexception is due to authorization failure
- private void verifyAuthzExceptionForState(SQLException sqlException,
- String expectedSqlState) throws SQLException {
- if (!expectedSqlState.equals(sqlException.getSQLState())) {
- throw sqlException;
- }
- }
-
- public File getBaseDir() {
- return baseDir;
- }
-
- public File getDataDir() {
- return dataDir;
- }
-
- public File getPolicyFile() {
- return policyFile;
- }
-
- @SuppressWarnings("static-access")
- public URI getDFSUri() throws IOException {
- return fileSystem.getDefaultUri(fileSystem.getConf());
- }
-
- public String getProperty(String propName) {
- return hiveServer.getProperty(propName);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/DummySentryOnFailureHook.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/DummySentryOnFailureHook.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/DummySentryOnFailureHook.java
deleted file mode 100644
index 87d1b01..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/DummySentryOnFailureHook.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e;
-
-import org.apache.sentry.binding.hive.SentryOnFailureHook;
-import org.apache.sentry.binding.hive.SentryOnFailureHookContext;
-
-public class DummySentryOnFailureHook implements SentryOnFailureHook {
-
- static boolean invoked = false;
-
- @Override
- public void run(SentryOnFailureHookContext failureHookContext)
- throws Exception {
- invoked = true;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/PolicyFileEditor.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/PolicyFileEditor.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/PolicyFileEditor.java
deleted file mode 100644
index 69bf2ad..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/PolicyFileEditor.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e;
-
-
-
-
-import java.io.File;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-
-import com.google.common.base.Charsets;
-import com.google.common.base.Joiner;
-import com.google.common.collect.Lists;
-import com.google.common.io.Files;
-
-/**
- * Deprecated} use Context.append()
- */
-public class PolicyFileEditor {
-
- private static final String NL = System.getProperty("line.separator", "\n");
-
- private File policy;
-
- public PolicyFileEditor (File policy) throws IOException {
- policy.delete();
- policy.createNewFile();
- this.policy = policy;
- }
-
- public void clearOldPolicy() throws IOException {
- policy.delete();
- policy.createNewFile();
- }
-
- public void addPolicy(String line, String cat) throws IOException {
- List<String> result = new ArrayList<String>();
- boolean exist = false;
- for(String s : Files.readLines(policy, Charsets.UTF_8)) {
- result.add(s);
- if (s.equals("[" + cat + "]")) {
- result.add(line);
- exist = true;
- }
- }
- if (!exist) {
- result.add("[" + cat + "]");
- result.add(line);
- }
- Files.write(Joiner.on(NL).join(result), policy, Charsets.UTF_8);
- }
- public void removePolicy(String line) throws IOException {
- List<String> result = Lists.newArrayList();
- for(String s : Files.readLines(policy, Charsets.UTF_8)) {
- if (!s.equals(line)) {
- result.add(s);
- }
- }
- Files.write(Joiner.on(NL).join(result), policy, Charsets.UTF_8);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
deleted file mode 100644
index c822863..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
+++ /dev/null
@@ -1,691 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.ResultSetMetaData;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.ArrayList;
-import java.util.List;
-
-import junit.framework.Assert;
-
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.io.Resources;
-
-/* Tests privileges at table scope with cross database access */
-
-public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
- private File dataFile;
- private PolicyFile policyFile;
- private String loadData;
-
- @Before
- public void setup() throws Exception {
- context = createContext();
- File dataDir = context.getDataDir();
- // copy data file to test dir
- dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
- to.close();
- policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
- loadData = "server=server1->uri=file://" + dataFile.getPath();
-
- }
-
- @After
- public void tearDown() throws Exception {
- if (context != null) {
- context.close();
- }
- }
-
- /*
- * Admin creates DB_1, DB2, tables (tab_1 ) and (tab_2, tab_3) in DB_1 and
- * DB_2 respectively. User user1 has select on DB_1.tab_1, insert on
- * DB2.tab_2 User user2 has select on DB2.tab_3 Test show database and show
- * tables for both user1 and user2
- */
- @Test
- public void testShowDatabasesAndShowTables() throws Exception {
- // edit policy file
- policyFile
- .addRolesToGroup("group1", "select_tab1", "insert_tab2")
- .addRolesToGroup("group2", "select_tab3")
- .addPermissionsToRole("select_tab1", "server=server1->db=db1->table=tab1->action=select")
- .addPermissionsToRole("select_tab3", "server=server1->db=db2->table=tab3->action=select")
- .addPermissionsToRole("insert_tab2", "server=server1->db=db2->table=tab2->action=insert")
- .addGroupsToUser("user1", "group1")
- .addGroupsToUser("user2", "group2");
- policyFile.write(context.getPolicyFile());
-
- // admin create two databases
- Connection connection = context.createConnection(ADMIN1, "foo");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
- statement.execute("DROP DATABASE IF EXISTS DB1 CASCADE");
- statement.execute("DROP DATABASE IF EXISTS DB2 CASCADE");
-
- statement.execute("CREATE DATABASE DB1");
- statement.execute("CREATE DATABASE DB2");
- statement.execute("USE DB1");
- statement.execute("CREATE TABLE TAB1(id int)");
- statement.executeQuery("SHOW TABLES");
- statement.execute("USE DB2");
- statement.execute("CREATE TABLE TAB2(id int)");
- statement.execute("CREATE TABLE TAB3(id int)");
-
- // test show databases
- // show databases shouldn't filter any of the dbs from the resultset
- Connection conn = context.createConnection("user1", "");
- Statement stmt = context.createStatement(conn);
- ResultSet res = stmt.executeQuery("SHOW DATABASES");
- List<String> result = new ArrayList<String>();
- result.add("db1");
- result.add("db2");
- result.add("default");
-
- while (res.next()) {
- String dbName = res.getString(1);
- assertTrue(dbName, result.remove(dbName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- // test show tables
- stmt.execute("USE DB1");
- res = stmt.executeQuery("SHOW TABLES");
- result.clear();
- result.add("tab1");
-
- while (res.next()) {
- String tableName = res.getString(1);
- assertTrue(tableName, result.remove(tableName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- stmt.execute("USE DB2");
- res = stmt.executeQuery("SHOW TABLES");
- result.clear();
- result.add("tab2");
-
- while (res.next()) {
- String tableName = res.getString(1);
- assertTrue(tableName, result.remove(tableName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- stmt.close();
- conn.close();
-
- // test show databases and show tables for user2
- conn = context.createConnection("user2", "");
- stmt = context.createStatement(conn);
- res = stmt.executeQuery("SHOW DATABASES");
- result.clear();
- result.add("db2");
- result.add("default");
-
- while (res.next()) {
- String dbName = res.getString(1);
- assertTrue(dbName, result.remove(dbName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- // test show tables
- stmt.execute("USE DB2");
- res = stmt.executeQuery("SHOW TABLES");
- result.clear();
- result.add("tab3");
-
- while (res.next()) {
- String tableName = res.getString(1);
- assertTrue(tableName, result.remove(tableName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- try {
- stmt.execute("USE DB1");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
- context.close();
- }
-
- /*
- * Admin creates DB_1, DB2, tables (tab_1 ) and (tab_2, tab_3) in DB_1 and
- * DB_2 respectively. User user1 has select on DB_1.tab_1, insert on
- * DB2.tab_2 User user2 has select on DB2.tab_3 Test show database and show
- * tables for both user1 and user2
- */
- @Test
- public void testJDBCGetSchemasAndGetTables() throws Exception {
- // edit policy file
- policyFile.addRolesToGroup("group1", "select_tab1", "insert_tab2")
- .addRolesToGroup("group2", "select_tab3")
- .addPermissionsToRole("select_tab1", "server=server1->db=db1->table=tab1->action=select")
- .addPermissionsToRole("select_tab3", "server=server1->db=db2->table=tab3->action=select")
- .addPermissionsToRole("insert_tab2", "server=server1->db=db2->table=tab2->action=insert")
- .addGroupsToUser("user1", "group1")
- .addGroupsToUser("user2", "group2");
- policyFile.write(context.getPolicyFile());
-
- // admin create two databases
- Connection connection = context.createConnection(ADMIN1, "foo");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
- statement.execute("DROP DATABASE IF EXISTS DB1 CASCADE");
- statement.execute("DROP DATABASE IF EXISTS DB2 CASCADE");
-
- statement.execute("CREATE DATABASE DB1");
- statement.execute("CREATE DATABASE DB2");
- statement.execute("USE DB1");
- statement.execute("CREATE TABLE TAB1(id int)");
- statement.executeQuery("SHOW TABLES");
- statement.execute("USE DB2");
- statement.execute("CREATE TABLE TAB2(id int)");
- statement.execute("CREATE TABLE TAB3(id int)");
-
- // test show databases
- // show databases shouldn't filter any of the dbs from the resultset
- Connection conn = context.createConnection("user1", "");
- List<String> result = new ArrayList<String>();
-
- // test direct JDBC metadata API
- ResultSet res = conn.getMetaData().getSchemas();
- ResultSetMetaData resMeta = res.getMetaData();
- assertEquals(2, resMeta.getColumnCount());
- assertEquals("TABLE_SCHEM", resMeta.getColumnName(1));
- assertEquals("TABLE_CATALOG", resMeta.getColumnName(2));
-
- result.add("db1");
- result.add("db2");
- result.add("default");
-
- while (res.next()) {
- String dbName = res.getString(1);
- assertTrue(dbName, result.remove(dbName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- // test direct JDBC metadata API
- res = conn.getMetaData().getTables(null, "DB1", "tab%", null);
- result.add("tab1");
-
- while (res.next()) {
- String tableName = res.getString(3);
- assertTrue(tableName, result.remove(tableName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- // test direct JDBC metadata API
- res = conn.getMetaData().getTables(null, "DB2", "tab%", null);
- result.add("tab2");
-
- while (res.next()) {
- String tableName = res.getString(3);
- assertTrue(tableName, result.remove(tableName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- res = conn.getMetaData().getTables(null, "DB%", "tab%", null);
- result.add("tab2");
- result.add("tab1");
-
- while (res.next()) {
- String tableName = res.getString(3);
- assertTrue(tableName, result.remove(tableName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- //test show columns
- res = conn.getMetaData().getColumns(null, "DB%", "tab%","i%" );
- result.add("id");
- result.add("id");
-
- while (res.next()) {
- String columnName = res.getString(4);
- assertTrue(columnName, result.remove(columnName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- conn.close();
-
- // test show databases and show tables for user2
- conn = context.createConnection("user2", "");
-
- // test direct JDBC metadata API
- res = conn.getMetaData().getSchemas();
- resMeta = res.getMetaData();
- assertEquals(2, resMeta.getColumnCount());
- assertEquals("TABLE_SCHEM", resMeta.getColumnName(1));
- assertEquals("TABLE_CATALOG", resMeta.getColumnName(2));
-
- result.add("db2");
- result.add("default");
-
- while (res.next()) {
- String dbName = res.getString(1);
- assertTrue(dbName, result.remove(dbName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- // test JDBC direct API
- res = conn.getMetaData().getTables(null, "DB%", "tab%", null);
- result.add("tab3");
-
- while (res.next()) {
- String tableName = res.getString(3);
- assertTrue(tableName, result.remove(tableName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- //test show columns
- res = conn.getMetaData().getColumns(null, "DB%", "tab%","i%" );
- result.add("id");
-
- while (res.next()) {
- String columnName = res.getString(4);
- assertTrue(columnName, result.remove(columnName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- //test show columns
- res = conn.getMetaData().getColumns(null, "DB1", "tab%","i%" );
-
- while (res.next()) {
- String columnName = res.getString(4);
- assertTrue(columnName, result.remove(columnName));
- }
- assertTrue(result.toString(), result.isEmpty());
- res.close();
-
- context.close();
- }
-
- /**
- * 2.8 admin user create two database, DB_1, DB_2 admin grant all to USER1,
- * USER2 on DB_1, admin grant all to user1's group, user2's group on DB_2
- * positive test case: user1, user2 has ALL privilege on both DB_1 and DB_2
- * negative test case: user1, user2 don't have ALL privilege on SERVER
- */
- @Test
- public void testDbPrivileges() throws Exception {
- // edit policy file
- policyFile.addRolesToGroup("user_group", "db1_all,db2_all, load_data")
- .addPermissionsToRole("db1_all", "server=server1->db=" + DB1)
- .addPermissionsToRole("db2_all", "server=server1->db=" + DB2)
- .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
- .addGroupsToUser("user1", "user_group")
- .addGroupsToUser("user2", "user_group");
- policyFile.write(context.getPolicyFile());
-
- dropDb(ADMIN1, DB1, DB2);
- createDb(ADMIN1, DB1, DB2);
- for (String user : new String[]{USER1, USER2}) {
- for (String dbName : new String[]{DB1, DB2}) {
- Connection userConn = context.createConnection(user, "foo");
- String tabName = user + "_tab1";
- Statement userStmt = context.createStatement(userConn);
- // Positive case: test user1 and user2 has permissions to access
- // db1 and
- // db2
- userStmt
- .execute("create table " + dbName + "." + tabName + " (id int)");
- userStmt.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE " + dbName + "." + tabName);
- userStmt.execute("select * from " + dbName + "." + tabName);
- context.close();
- }
- }
- }
-
- /**
- * Test Case 2.11 admin user create a new database DB_1 and grant ALL to
- * himself on DB_1 should work
- */
- @Test
- public void testAdminDbPrivileges() throws Exception {
- policyFile.write(context.getPolicyFile());
- dropDb(ADMIN1, DB1);
- createDb(ADMIN1, DB1);
- Connection adminCon = context.createConnection(ADMIN1, "password");
- Statement adminStmt = context.createStatement(adminCon);
- String tabName = DB1 + "." + "admin_tab1";
- adminStmt.execute("create table " + tabName + "(c1 string)");
- adminStmt.execute("load data local inpath '" + dataFile.getPath() + "' into table "
- + tabName);
- assertTrue(adminStmt.executeQuery("select * from " + tabName).next());
- adminStmt.close();
- adminCon.close();
- }
-
- /**
- * Test Case 2.14 admin user create a new database DB_1 create TABLE_1 in DB_1
- * admin user grant INSERT to user1's group on TABLE_1 negative test case:
- * user1 try to do following on TABLE_1 will fail: --explain --analyze
- * --describe --describe function --show columns --show table status --show
- * table properties --show create table --show partitions --show indexes
- * --select * from TABLE_1.
- */
- @Test
- public void testNegativeUserPrivileges() throws Exception {
- // edit policy file
- policyFile.addRolesToGroup("user_group", "db1_tab1_insert", "db1_tab2_all")
- .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
- .addPermissionsToRole("db1_tab1_insert", "server=server1->db=db1->table=table_1->action=insert")
- .addGroupsToUser("user3", "user_group");
- policyFile.write(context.getPolicyFile());
-
- Connection adminCon = context.createConnection(ADMIN1, "foo");
- Statement adminStmt = context.createStatement(adminCon);
- String dbName = "db1";
- adminStmt.execute("use default");
- adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE");
- adminStmt.execute("CREATE DATABASE " + dbName);
- adminStmt.execute("create table " + dbName + ".table_1 (id int)");
- adminStmt.close();
- adminCon.close();
- Connection userConn = context.createConnection("user3", "foo");
- Statement userStmt = context.createStatement(userConn);
- context.assertAuthzException(userStmt, "select * from " + dbName + ".table_1");
- userConn.close();
- userStmt.close();
- }
-
- /**
- * Test Case 2.16 admin user create a new database DB_1 create TABLE_1 and
- * TABLE_2 (same schema) in DB_1 admin user grant SELECT, INSERT to user1's
- * group on TABLE_2 negative test case: user1 try to do following on TABLE_1
- * will fail: --insert overwrite TABLE_2 select * from TABLE_1
- */
- @Test
- public void testNegativeUserDMLPrivileges() throws Exception {
- policyFile
- .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
- .addRolesToGroup("group1", "db1_tab2_all")
- .addGroupsToUser("user3", "group1");
- policyFile.write(context.getPolicyFile());
-
- dropDb(ADMIN1, DB1);
- createDb(ADMIN1, DB1);
- Connection adminCon = context.createConnection(ADMIN1, "password");
- Statement adminStmt = context.createStatement(adminCon);
- adminStmt.execute("create table " + DB1 + ".table_1 (id int)");
- adminStmt.execute("create table " + DB1 + ".table_2 (id int)");
- adminStmt.close();
- adminCon.close();
- Connection userConn = context.createConnection("user3", "foo");
- Statement userStmt = context.createStatement(userConn);
- context.assertAuthzException(userStmt, "insert overwrite table " + DB1
- + ".table_2 select * from " + DB1 + ".table_1");
- context.assertAuthzException(userStmt, "insert overwrite directory '" + dataDir.getPath()
- + "' select * from " + DB1 + ".table_1");
- userStmt.close();
- userConn.close();
- }
-
- /**
- * Test Case 2.17 Execution steps
- * a) Admin user creates a new database DB_1,
- * b) Admin user grants ALL on DB_1 to group GROUP_1
- * c) User from GROUP_1 creates table TAB_1, TAB_2 in DB_1
- * d) Admin user grants SELECT on TAB_1 to group GROUP_2
- *
- * 1) verify users from GROUP_2 have only SELECT privileges on TAB_1. They
- * shouldn't be able to perform any operation other than those listed as
- * requiring SELECT in the privilege model.
- *
- * 2) verify users from GROUP_2 can't perform queries involving join between
- * TAB_1 and TAB_2.
- *
- * 3) verify users from GROUP_1 can't perform operations requiring ALL @
- * SERVER scope. Refer to list
- */
- @Test
- public void testNegUserPrivilegesAll() throws Exception {
-
- policyFile
- .addRolesToGroup("user_group1", "db1_all")
- .addRolesToGroup("user_group2", "db1_tab1_select")
- .addPermissionsToRole("db1_all", "server=server1->db=db1")
- .addPermissionsToRole("db1_tab1_select", "server=server1->db=db1->table=table_1->action=select")
- .addGroupsToUser("user1", "user_group1")
- .addGroupsToUser("user2", "user_group2");
- policyFile.write(context.getPolicyFile());
-
- // create dbs
- Connection adminCon = context.createConnection(ADMIN1, "foo");
- Statement adminStmt = context.createStatement(adminCon);
- String dbName = "db1";
- adminStmt.execute("use default");
- adminStmt.execute("create table table_def (name string)");
- adminStmt
- .execute("load data local inpath '" + dataFile.getPath() + "' into table table_def");
-
- adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE");
- adminStmt.execute("CREATE DATABASE " + dbName);
- adminStmt.execute("use " + dbName);
-
- adminStmt.execute("create table table_1 (name string)");
- adminStmt
- .execute("load data local inpath '" + dataFile.getPath() + "' into table table_1");
- adminStmt.execute("create table table_2 (name string)");
- adminStmt
- .execute("load data local inpath '" + dataFile.getPath() + "' into table table_2");
- adminStmt.execute("create view v1 AS select * from table_1");
- adminStmt
- .execute("create table table_part_1 (name string) PARTITIONED BY (year INT)");
- adminStmt.execute("ALTER TABLE table_part_1 ADD PARTITION (year = 2012)");
-
- adminStmt.close();
- adminCon.close();
-
- Connection userConn = context.createConnection("user2", "foo");
- Statement userStmt = context.createStatement(userConn);
-
- context.assertAuthzException(userStmt, "drop database " + dbName);
-
- // Hive currently doesn't support cross db index DDL
-
- context.assertAuthzException(userStmt, "CREATE TEMPORARY FUNCTION strip AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFPrintf'");
- context.assertAuthzException(userStmt, "create table " + dbName
- + ".c_tab_2 as select * from " + dbName + ".table_2");
- context.assertAuthzException(userStmt, "select * from " + dbName + ".table_2");
- context.assertAuthzException(userStmt, "ALTER DATABASE " + dbName
- + " SET DBPROPERTIES ('foo' = 'bar')");
- context.assertAuthzException(userStmt, "drop table " + dbName + ".table_1");
- context.assertAuthzException(userStmt, "DROP VIEW IF EXISTS " + dbName + ".v1");
- context.assertAuthzException(userStmt, "create table " + dbName + ".table_5 (name string)");
- context.assertAuthzException(userStmt, "ALTER TABLE " + dbName + ".table_1 RENAME TO "
- + dbName + ".table_99");
- context.assertAuthzException(userStmt, "insert overwrite table " + dbName
- + ".table_2 select * from " + dbName + ".table_1");
- context.assertAuthzException(userStmt, "insert overwrite table " + dbName
- + ".table_2 select * from " + "table_def");
- context.assertAuthzException(userStmt, "ALTER TABLE " + dbName
- + ".table_part_1 ADD IF NOT EXISTS PARTITION (year = 2012)");
- context.assertAuthzException(userStmt, "ALTER TABLE " + dbName
- + ".table_part_1 PARTITION (year = 2012) SET LOCATION '/etc'");
- userStmt.close();
- userConn.close();
- }
-
- /**
- * Steps: 1. admin user create databases, DB_1 and DB_2, no table or other
- * object in database
- * 2. admin grant all to user1's group on DB_1 and DB_2
- * positive test case:
- * a)user1 has the privilege to create table, load data,
- * drop table, create view, insert more data on both databases
- * b) user1 can switch between DB_1 and DB_2 without exception
- * negative test case:
- * c) user1 cannot drop database
- */
- @Test
- public void testSandboxOpt9() throws Exception {
- policyFile
- .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData)
- .addRolesToGroup(GROUP1, GROUP1_ROLE)
- .addGroupsToUser(USER1, GROUP1);
- policyFile.write(context.getPolicyFile());
-
- dropDb(ADMIN1, DB1, DB2);
- createDb(ADMIN1, DB1, DB2);
-
- Connection connection = context.createConnection(USER1, "password");
- Statement statement = context.createStatement(connection);
-
- // a
- statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + TBL1);
- statement.execute("create table " + DB1 + "." + TBL1
- + " (under_col int comment 'the under column', value string)");
- statement.execute("load data local inpath '" + dataFile.getPath()
- + "' into table " + DB1 + "." + TBL1);
- statement.execute("DROP VIEW IF EXISTS " + DB1 + "." + VIEW1);
- statement.execute("CREATE VIEW " + DB1 + "." + VIEW1
- + " (value) AS SELECT value from " + DB1 + "." + TBL1
- + " LIMIT 10");
- statement.execute("DROP TABLE IF EXISTS " + DB2 + "." + TBL1);
- statement.execute("CREATE TABLE " + DB2 + "." + TBL1
- + " AS SELECT value from " + DB1 + "." + TBL1
- + " LIMIT 10");
-
- // b
- statement.execute("DROP TABLE IF EXISTS " + DB2 + "." + TBL2);
- statement.execute("create table " + DB2 + "." + TBL2
- + " (under_col int comment 'the under column', value string)");
- statement.execute("load data local inpath '" + dataFile.getPath()
- + "' into table " + DB2 + "." + TBL2);
- statement.execute("DROP TABLE IF EXISTS " + DB2 + "." + TBL3);
- statement.execute("create table " + DB2 + "." + TBL3
- + " (under_col int comment 'the under column', value string)");
- statement.execute("load data local inpath '" + dataFile.getPath()
- + "' into table " + DB2 + "." + TBL3);
-
- // c
- context.assertAuthzException(statement, "DROP DATABASE IF EXISTS " + DB1);
- context.assertAuthzException(statement, "DROP DATABASE IF EXISTS " + DB2);
-
- policyFile.removePermissionsFromRole(GROUP1_ROLE, ALL_DB2);
- policyFile.write(context.getPolicyFile());
-
- // create db1.view1 as select from db2.tbl2
- statement.execute("DROP VIEW IF EXISTS " + DB1 + "." + VIEW2);
- context.assertAuthzException(statement, "CREATE VIEW " + DB1 + "." + VIEW2 +
- " (value) AS SELECT value from " + DB2 + "." + TBL2 + " LIMIT 10");
- // create db1.tbl2 as select from db2.tbl2
- statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + TBL2);
- context.assertAuthzException(statement, "CREATE TABLE " + DB1 + "." + TBL2 +
- " AS SELECT value from " + DB2 + "." + TBL2 + " LIMIT 10");
-
-
-
- statement.close();
- connection.close();
- }
-
- /**
- * Steps: 1. admin user create databases, DB_1 and DB_2, no table or other
- * object in database positive test case:
- * d) user1 has the privilege to create view on tables in DB_1 negative test case:
- * e) user1 cannot create view in DB_1 that select from tables in DB_2
- * with no select privilege 2.
- * positive test case:
- * f) user1 has the privilege to create view to select from DB_1.tb_1
- * and DB_2.tb_2 negative test case:
- * g) user1 cannot create view to select from DB_1.tb_1 and DB_2.tb_3
- */
- @Test
- public void testCrossDbViewOperations() throws Exception {
- // edit policy file
- policyFile
- .addRolesToGroup("group1", "all_db1", "load_data", "select_tb2")
- .addPermissionsToRole("all_db1", "server=server1->db=db_1")
- .addPermissionsToRole("all_db2", "server=server1->db=db_2")
- .addPermissionsToRole("select_tb2", "server=server1->db=db_2->table=tb_1->action=select")
- .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
- .addGroupsToUser("user1", "group1");
- policyFile.write(context.getPolicyFile());
-
- // admin create two databases
- dropDb(ADMIN1, DB1, DB2);
- createDb(ADMIN1, DB1, DB2);
- Connection connection = context.createConnection(ADMIN1, "password");
- Statement statement = context.createStatement(connection);
- statement
- .execute("CREATE TABLE " + DB1 + "." + TBL1 + "(id int)");
- statement
- .execute("CREATE TABLE " + DB2 + "." + TBL1 + "(id int)");
- statement
- .execute("CREATE TABLE " + DB2 + "." + TBL2 + "(id int)");
- context.close();
-
- connection = context.createConnection("user1", "foo");
- statement = context.createStatement(connection);
-
- // d
- statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + TBL1);
- statement.execute("create table " + DB1 + "." + TBL1
- + " (under_col int comment 'the under column', value string)");
-
- // e
- statement.execute("DROP VIEW IF EXISTS " + DB1 + "." + VIEW1);
- context.assertAuthzException(statement, "CREATE VIEW " + DB1 + "." + VIEW1
- + " (value) AS SELECT value from " + DB2 + "." + TBL2
- + " LIMIT 10");
- // f
- statement.execute("DROP VIEW IF EXISTS " + DB1 + "." + VIEW2);
- statement.execute("CREATE VIEW " + DB1 + "." + VIEW2
- + " (value) AS SELECT value from " + DB1 + "." + TBL1
- + " LIMIT 10");
-
- // g
- statement.execute("DROP VIEW IF EXISTS " + DB1 + "." + VIEW3);
- context.assertAuthzException(statement, "CREATE VIEW " + DB1 + "." + VIEW3
- + " (value) AS SELECT value from " + DB2 + "." + TBL2
- + " LIMIT 10");
- }
-}