You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2019/05/31 16:04:43 UTC
[impala] 02/05: IMPALA-8604: Improve authorization test coverage
for update/upsert/delete statements
This is an automated email from the ASF dual-hosted git repository.
tarmstrong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
commit 89cf6aed65c0556d9b96b8f1d47762131e167a6a
Author: Fredy Wijaya <fw...@cloudera.com>
AuthorDate: Thu May 30 15:19:18 2019 -0500
IMPALA-8604: Improve authorization test coverage for update/upsert/delete statements
This patch improves the test authorization test coverage by adding test
cases for update, upsert, and delete statements at the database and
tabel level.
Testing:
- Ran authorization FE tests
Change-Id: Ic4095476945ff413fc59ec99dc3b9dfd71d95e96
Reviewed-on: http://gerrit.cloudera.org:8080/13480
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
.../authorization/AuthorizationStmtTest.java | 52 ++++++++++++++++++++--
1 file changed, 48 insertions(+), 4 deletions(-)
diff --git a/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java b/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java
index cc1ce76..ec957e1 100644
--- a/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java
+++ b/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java
@@ -2432,9 +2432,18 @@ public class AuthorizationStmtTest extends AuthorizationTestBase {
authorize("explain update functional_kudu.alltypes set int_col = 1")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
.ok(onServer(TPrivilegeLevel.OWNER))
+ .ok(onDatabase("functional_kudu", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional_kudu", TPrivilegeLevel.OWNER))
+ .ok(onTable("functional_kudu", "alltypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional_kudu", "alltypes", TPrivilegeLevel.OWNER))
.error(accessError("functional_kudu.alltypes"))
.error(accessError("functional_kudu.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)))
+ .error(accessError("functional_kudu.alltypes"), onDatabase("functional",
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)))
+ .error(accessError("functional_kudu.alltypes"), onTable(
+ "functional", "alltypes", allExcept(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)));
}
// Database does not exist.
@@ -2466,9 +2475,18 @@ public class AuthorizationStmtTest extends AuthorizationTestBase {
"values(1, 'a')")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
.ok(onServer(TPrivilegeLevel.OWNER))
+ .ok(onDatabase("functional_kudu", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional_kudu", TPrivilegeLevel.OWNER))
+ .ok(onTable("functional_kudu", "testtbl", TPrivilegeLevel.ALL))
+ .ok(onTable("functional_kudu", "testtbl", TPrivilegeLevel.OWNER))
.error(accessError("functional_kudu.testtbl"))
.error(accessError("functional_kudu.testtbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)))
+ .error(accessError("functional_kudu.testtbl"), onDatabase("functional",
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)))
+ .error(accessError("functional_kudu.testtbl"), onTable(
+ "functional", "testtbl", allExcept(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)));
}
// Upsert select.
@@ -2476,9 +2494,26 @@ public class AuthorizationStmtTest extends AuthorizationTestBase {
"select int_col from functional.alltypes")
.ok(onServer(TPrivilegeLevel.ALL))
.ok(onServer(TPrivilegeLevel.OWNER))
+ .ok(onDatabase("functional_kudu", TPrivilegeLevel.ALL),
+ onDatabase("functional", TPrivilegeLevel.SELECT))
+ .ok(onTable("functional_kudu", "testtbl", TPrivilegeLevel.ALL),
+ onTable("functional", "alltypes", TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypes"))
.error(accessError("functional_kudu.testtbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)))
+ .error(accessError("functional_kudu.testtbl"),
+ onDatabase("functional_kudu", allExcept(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)),
+ onDatabase("functional", TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT))
+ .error(selectError("functional.alltypes"),
+ onTable("functional_kudu", "testtbl", TPrivilegeLevel.ALL),
+ onTable("functional", "alltypes", allExcept(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
+ .error(accessError("functional_kudu.testtbl"),
+ onTable("functional_kudu", "testtbl", allExcept(TPrivilegeLevel.ALL,
+ TPrivilegeLevel.OWNER)),
+ onTable("functional", "alltypes", TPrivilegeLevel.SELECT));
// Database does not exist.
authorize("upsert into table nodb.testtbl(id, name) values(1, 'a')")
@@ -2503,9 +2538,18 @@ public class AuthorizationStmtTest extends AuthorizationTestBase {
authorize("explain delete from functional_kudu.alltypes")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
.ok(onServer(TPrivilegeLevel.OWNER))
+ .ok(onDatabase("functional_kudu", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional_kudu", TPrivilegeLevel.OWNER))
+ .ok(onTable("functional_kudu", "alltypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional_kudu", "alltypes", TPrivilegeLevel.OWNER))
.error(accessError("functional_kudu.alltypes"))
.error(accessError("functional_kudu.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)))
+ .error(accessError("functional_kudu.alltypes"), onDatabase("functional",
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)))
+ .error(accessError("functional_kudu.alltypes"), onTable(
+ "functional", "alltypes", allExcept(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)));
}
// Database does not exist.