You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ka...@apache.org on 2018/06/25 14:35:19 UTC
sentry git commit: SENTRY-2235: Add hive tests to verify column
privileges for views. (Kalyan Kumar Kalvagadda reviewed by Sergio Pena)
Repository: sentry
Updated Branches:
refs/heads/master 3278c714c -> 748420809
SENTRY-2235: Add hive tests to verify column privileges for views. (Kalyan Kumar Kalvagadda reviewed by Sergio Pena)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/74842080
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/74842080
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/74842080
Branch: refs/heads/master
Commit: 74842080936b93a8ef9b874774fd841764adc42c
Parents: 3278c71
Author: Kalyan Kumar Kalvagadda <kk...@cloudera.com>
Authored: Mon Jun 25 09:32:24 2018 -0500
Committer: Kalyan Kumar Kalvagadda <kk...@cloudera.com>
Committed: Mon Jun 25 09:32:24 2018 -0500
----------------------------------------------------------------------
.../tests/e2e/dbprovider/TestDbComplexView.java | 68 ++++++++++++++++++++
1 file changed, 68 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/74842080/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java
index 35f41c6..bb7ccfe 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java
@@ -199,6 +199,54 @@ public class TestDbComplexView extends AbstractTestWithStaticConfiguration {
}
}
+ private void grantAndValidateColumnPrivilege(String testView, String column, String testRole, String testGroup,
+ String user, boolean revoke) throws Exception {
+ createTestRole(ADMIN1, testRole);
+ List<String> sqls = new ArrayList<String>();
+
+ // grant privilege
+ sqls.add("USE " + TEST_VIEW_DB);
+ sqls.add("GRANT SELECT(" + column + ")" + " ON TABLE " + testView + " TO ROLE " + testRole);
+ sqls.add("GRANT ROLE " + testRole + " TO GROUP " + testGroup);
+ execBatch(ADMIN1, sqls);
+
+ // show grant should pass and could list view
+ assertTrue("can not find select privilege from " + testRole,
+ execValidate(ADMIN1, "SHOW GRANT ROLE " + testRole + " ON TABLE " + testView,
+ TEST_VIEW_DB, "privilege", "select"));
+ assertTrue("can not find " + testView,
+ execValidate(user, "SHOW TABLES", TEST_VIEW_DB, "tab_name", testView));
+
+ // select from view should pass
+ sqls.clear();
+ sqls.add("USE " + TEST_VIEW_DB);
+ sqls.add("SELECT "+ column +" FROM " + testView);
+ execBatch(user, sqls);
+
+ if (revoke) {
+ // revoke privilege
+ sqls.clear();
+ sqls.add("USE " + TEST_VIEW_DB);
+ sqls.add("REVOKE SELECT(" + column + ")" + " ON TABLE " + testView + " FROM ROLE " + testRole);
+ execBatch(ADMIN1, sqls);
+
+ // shouldn't be able to show grant
+ assertFalse("should not find select from " + testRole,
+ execValidate(ADMIN1, "SHOW GRANT ROLE " + testRole + " ON TABLE " + testView,
+ TEST_VIEW_DB, "privilege", "select"));
+
+ // select from view should fail
+ sqls.clear();
+ sqls.add("USE " + TEST_VIEW_DB);
+ sqls.add("SELECT * FROM " + testView);
+ try {
+ execBatch(user, sqls);
+ } catch (SQLException ex) {
+ LOGGER.info("Expected SQLException here", ex);
+ }
+ }
+ }
+
private void grantAndValidatePrivilege(String testView, String testRole,
String testGroup, String user) throws Exception {
grantAndValidatePrivilege(testView, testRole, testGroup, user, true);
@@ -237,6 +285,26 @@ public class TestDbComplexView extends AbstractTestWithStaticConfiguration {
}
/**
+ * Create view1 and view2 from view1
+ * Grant and validate select privileges to both views
+ * @throws Exception
+ */
+ @Test
+ public void testColumnPrivilegeOnView() throws Exception {
+ List<String> sqls = new ArrayList<String>();
+ // create a simple view
+ sqls.add("USE " + TEST_VIEW_DB);
+ sqls.add("CREATE VIEW " + TEST_VIEW +
+ "(userid,link) AS SELECT userid,link from " + TEST_VIEW_TB);
+
+ execBatch(ADMIN1, sqls);
+
+ // validate privileges
+ grantAndValidateColumnPrivilege(TEST_VIEW, "userid", TEST_VIEW_ROLE, USERGROUP1, USER1_1, true);
+ }
+
+
+ /**
* Create a view by join two tables
* Grant and verify select privilege
* @throws Exception