You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2014/01/31 23:47:19 UTC
svn commit: r1563321 - in /hive/trunk/ql/src:
java/org/apache/hadoop/hive/ql/parse/
java/org/apache/hadoop/hive/ql/security/authorization/
java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/
test/org/apache/hadoop/hive/ql/parse/authori...
Author: thejas
Date: Fri Jan 31 22:47:18 2014
New Revision: 1563321
URL: http://svn.apache.org/r1563321
Log:
HIVE-6112 : SQL std auth - support new privileges INSERT, DELETE (Thejas Nair, reviewed by Ashutosh Chauhan)
Added:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/ListSizeMatcher.java
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV2.java
hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q
hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q
hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out
hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out
Modified:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g?rev=1563321&r1=1563320&r2=1563321&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g Fri Jan 31 22:47:18 2014
@@ -267,8 +267,10 @@ TOK_GRANT_WITH_ADMIN_OPTION;
TOK_PRIV_ALL;
TOK_PRIV_ALTER_METADATA;
TOK_PRIV_ALTER_DATA;
+TOK_PRIV_DELETE;
TOK_PRIV_DROP;
TOK_PRIV_INDEX;
+TOK_PRIV_INSERT;
TOK_PRIV_LOCK;
TOK_PRIV_SELECT;
TOK_PRIV_SHOW_DATABASE;
@@ -1432,6 +1434,8 @@ privilegeType
| KW_LOCK -> ^(TOK_PRIV_LOCK)
| KW_SELECT -> ^(TOK_PRIV_SELECT)
| KW_SHOW_DATABASE -> ^(TOK_PRIV_SHOW_DATABASE)
+ | KW_INSERT -> ^(TOK_PRIV_INSERT)
+ | KW_DELETE -> ^(TOK_PRIV_DELETE)
;
principalSpecification
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java?rev=1563321&r1=1563320&r2=1563321&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java Fri Jan 31 22:47:18 2014
@@ -19,82 +19,17 @@
package org.apache.hadoop.hive.ql.security.authorization;
import java.util.EnumSet;
-import org.apache.hadoop.hive.ql.parse.HiveParser;
/**
* Privilege defines a privilege in Hive. Each privilege has a name and scope associated with it.
* This class contains all of the predefined privileges in Hive.
*/
public class Privilege {
-
- public enum PrivilegeType {
- ALL,
- ALTER_DATA,
- ALTER_METADATA,
- CREATE,
- DROP,
- INDEX,
- LOCK,
- SELECT,
- SHOW_DATABASE,
- UNKNOWN
- }
-
-
- public static PrivilegeType getPrivTypeByToken(int token) {
- switch (token) {
- case HiveParser.TOK_PRIV_ALL:
- return PrivilegeType.ALL;
- case HiveParser.TOK_PRIV_ALTER_DATA:
- return PrivilegeType.ALTER_DATA;
- case HiveParser.TOK_PRIV_ALTER_METADATA:
- return PrivilegeType.ALTER_METADATA;
- case HiveParser.TOK_PRIV_CREATE:
- return PrivilegeType.CREATE;
- case HiveParser.TOK_PRIV_DROP:
- return PrivilegeType.DROP;
- case HiveParser.TOK_PRIV_INDEX:
- return PrivilegeType.INDEX;
- case HiveParser.TOK_PRIV_LOCK:
- return PrivilegeType.LOCK;
- case HiveParser.TOK_PRIV_SELECT:
- return PrivilegeType.SELECT;
- case HiveParser.TOK_PRIV_SHOW_DATABASE:
- return PrivilegeType.SHOW_DATABASE;
- default:
- return PrivilegeType.UNKNOWN;
- }
- }
-
- public static PrivilegeType getPrivTypeByName(String privilegeName) {
- String canonicalizedName = privilegeName.toLowerCase();
- if (canonicalizedName.equals("all")) {
- return PrivilegeType.ALL;
- } else if (canonicalizedName.equals("update")) {
- return PrivilegeType.ALTER_DATA;
- } else if (canonicalizedName.equals("alter")) {
- return PrivilegeType.ALTER_METADATA;
- } else if (canonicalizedName.equals("create")) {
- return PrivilegeType.CREATE;
- } else if (canonicalizedName.equals("drop")) {
- return PrivilegeType.DROP;
- } else if (canonicalizedName.equals("index")) {
- return PrivilegeType.INDEX;
- } else if (canonicalizedName.equals("lock")) {
- return PrivilegeType.LOCK;
- } else if (canonicalizedName.equals("select")) {
- return PrivilegeType.SELECT;
- } else if (canonicalizedName.equals("show_database")) {
- return PrivilegeType.SHOW_DATABASE;
- }
-
- return PrivilegeType.UNKNOWN;
- }
private PrivilegeType priv;
-
+
private EnumSet<PrivilegeScope> supportedScopeSet;
-
+
private Privilege(PrivilegeType priv, EnumSet<PrivilegeScope> scopeSet) {
super();
this.priv = priv;
@@ -104,7 +39,7 @@ public class Privilege {
public Privilege(PrivilegeType priv) {
super();
this.priv = priv;
-
+
}
public PrivilegeType getPriv() {
@@ -114,7 +49,7 @@ public class Privilege {
public void setPriv(PrivilegeType priv) {
this.priv = priv;
}
-
+
public boolean supportColumnLevel() {
return supportedScopeSet != null
&& supportedScopeSet.contains(PrivilegeScope.COLUMN_LEVEL_SCOPE);
@@ -129,31 +64,10 @@ public class Privilege {
return supportedScopeSet != null
&& supportedScopeSet.contains(PrivilegeScope.TABLE_LEVEL_SCOPE);
}
-
+
@Override
public String toString() {
- switch (this.priv) {
- case ALL:
- return "All";
- case ALTER_DATA:
- return "Update";
- case ALTER_METADATA:
- return "Alter";
- case CREATE:
- return "Create";
- case DROP:
- return "Drop";
- case INDEX:
- return "Index";
- case LOCK:
- return "Lock";
- case SELECT:
- return "Select";
- case SHOW_DATABASE:
- return "Show_Database";
- default:
- return "Unknown";
- }
+ return this.getPriv().toString();
}
public Privilege() {
@@ -183,6 +97,12 @@ public class Privilege {
public static Privilege SELECT = new Privilege(PrivilegeType.SELECT,
PrivilegeScope.ALLSCOPE);
+ public static Privilege INSERT = new Privilege(PrivilegeType.INSERT,
+ PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
+
+ public static Privilege DELETE = new Privilege(PrivilegeType.DELETE,
+ PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
+
public static Privilege SHOW_DATABASE = new Privilege(PrivilegeType.SHOW_DATABASE,
EnumSet.of(PrivilegeScope.USER_LEVEL_SCOPE));
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java?rev=1563321&r1=1563320&r2=1563321&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java Fri Jan 31 22:47:18 2014
@@ -19,8 +19,9 @@
package org.apache.hadoop.hive.ql.security.authorization;
import java.util.HashMap;
+import java.util.Map;
-import org.apache.hadoop.hive.ql.security.authorization.Privilege.PrivilegeType;
+import org.apache.hadoop.hive.ql.session.SessionState;
/**
* PrivilegeRegistry is used to do privilege lookups. Given a privilege name, it
@@ -28,9 +29,35 @@ import org.apache.hadoop.hive.ql.securit
*/
public class PrivilegeRegistry {
- protected static HashMap<PrivilegeType, Privilege> Registry = new HashMap<PrivilegeType, Privilege>();
+ protected static Map<PrivilegeType, Privilege> Registry = null;
- static {
+ public static Privilege getPrivilege(PrivilegeType privilegeType) {
+ initializeRegistry();
+ return Registry.get(privilegeType);
+ }
+
+ private static void initializeRegistry() {
+ if(Registry != null){
+ //already initialized, nothing to do
+ return;
+ }
+ //population of registry done in separate synchronized call
+ populateRegistry();
+ }
+
+ /**
+ * Add entries to registry. This needs to be synchronized to avoid Registry being populated
+ * multiple times.
+ */
+ private static synchronized void populateRegistry() {
+ //do check again in synchronized block
+ if(Registry != null){
+ //already initialized, nothing to do
+ return;
+ }
+ Registry = new HashMap<PrivilegeType, Privilege>();
+
+ //add the privileges supported in authorization mode V1
Registry.put(Privilege.ALL.getPriv(), Privilege.ALL);
Registry.put(Privilege.ALTER_DATA.getPriv(), Privilege.ALTER_DATA);
Registry.put(Privilege.ALTER_METADATA.getPriv(), Privilege.ALTER_METADATA);
@@ -41,18 +68,23 @@ public class PrivilegeRegistry {
Registry.put(Privilege.SELECT.getPriv(), Privilege.SELECT);
Registry.put(Privilege.SHOW_DATABASE.getPriv(),
Privilege.SHOW_DATABASE);
- }
-
- public static Privilege getPrivilege(PrivilegeType privilegeType) {
- return Registry.get(privilegeType);
+ if(SessionState.get().isAuthorizationModeV2()){
+ //add the privileges not supported in V1
+ //The list of privileges supported in V2 is implementation defined,
+ //so just pass everything that syntax supports.
+ Registry.put(Privilege.INSERT.getPriv(), Privilege.INSERT);
+ Registry.put(Privilege.DELETE.getPriv(), Privilege.DELETE);
+ }
}
public static Privilege getPrivilege(int privilegeToken) {
- return Registry.get(Privilege.getPrivTypeByToken(privilegeToken));
+ initializeRegistry();
+ return Registry.get(PrivilegeType.getPrivTypeByToken(privilegeToken));
}
public static Privilege getPrivilege(String privilegeName) {
- return Registry.get(Privilege.getPrivTypeByName(privilegeName));
+ initializeRegistry();
+ return Registry.get(PrivilegeType.getPrivTypeByName(privilegeName));
}
}
Added: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java (added)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,116 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hive.ql.security.authorization;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.hadoop.hive.ql.parse.HiveParser;
+
+/**
+ * Privilege type
+ */
+public enum PrivilegeType {
+
+ ALL(HiveParser.TOK_PRIV_ALL, "All"),
+ ALTER_DATA(HiveParser.TOK_PRIV_ALTER_DATA, "Update"),
+ ALTER_METADATA(HiveParser.TOK_PRIV_ALTER_METADATA, "Alter"),
+ CREATE(HiveParser.TOK_PRIV_CREATE, "Create"),
+ DROP(HiveParser.TOK_PRIV_DROP, "Drop"),
+ INDEX(HiveParser.TOK_PRIV_INDEX, "Index"),
+ LOCK(HiveParser.TOK_PRIV_LOCK, "Lock"),
+ SELECT(HiveParser.TOK_PRIV_SELECT, "Select"),
+ SHOW_DATABASE(HiveParser.TOK_PRIV_SHOW_DATABASE, "Show_Database"),
+ INSERT(HiveParser.TOK_PRIV_INSERT, "Insert"),
+ DELETE(HiveParser.TOK_PRIV_DELETE, "Delete"),
+ UNKNOWN(null, null);
+
+ private final String name;
+ private final Integer token;
+
+ PrivilegeType(Integer token, String name){
+ this.name = name;
+ this.token = token;
+ }
+
+ @Override
+ public String toString(){
+ return name == null ? "unkown" : name;
+ }
+
+ public Integer getToken() {
+ return token;
+ }
+
+ private static Map<Integer, PrivilegeType> token2Type;
+ private static Map<String, PrivilegeType> name2Type;
+
+ /**
+ * Do case lookup of PrivilegeType associated with this antlr token
+ * @param privilegeName
+ * @return corresponding PrivilegeType
+ */
+ public static PrivilegeType getPrivTypeByToken(int token) {
+ if(token2Type == null){
+ populateToken2Type();
+ }
+ PrivilegeType privType = token2Type.get(token);
+ if(privType != null){
+ return privType;
+ }
+ return PrivilegeType.UNKNOWN;
+ }
+
+ private static synchronized void populateToken2Type() {
+ if(token2Type != null){
+ return;
+ }
+ token2Type = new HashMap<Integer, PrivilegeType>();
+ for(PrivilegeType privType : PrivilegeType.values()){
+ token2Type.put(privType.getToken(), privType);
+ }
+ }
+
+ /**
+ * Do case insensitive lookup of PrivilegeType with this name
+ * @param privilegeName
+ * @return corresponding PrivilegeType
+ */
+ public static PrivilegeType getPrivTypeByName(String privilegeName) {
+ if(name2Type == null){
+ populateName2Type();
+ }
+ String canonicalizedName = privilegeName.toLowerCase();
+ PrivilegeType privType = name2Type.get(canonicalizedName);
+ if(privType != null){
+ return privType;
+ }
+ return PrivilegeType.UNKNOWN;
+ }
+
+ private static synchronized void populateName2Type() {
+ if(name2Type != null){
+ return;
+ }
+ name2Type = new HashMap<String, PrivilegeType>();
+ for(PrivilegeType privType : PrivilegeType.values()){
+ name2Type.put(privType.toString().toLowerCase(), privType);
+ }
+ }
+}
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java?rev=1563321&r1=1563320&r2=1563321&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java Fri Jan 31 22:47:18 2014
@@ -18,7 +18,11 @@
package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;
import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
import java.util.List;
+import java.util.Locale;
+import java.util.Set;
import org.apache.hadoop.classification.InterfaceAudience.Private;
import org.apache.hadoop.hive.conf.HiveConf;
@@ -48,6 +52,9 @@ import org.apache.hadoop.hive.ql.securit
public class SQLStdHiveAccessController implements HiveAccessController {
private HiveMetastoreClientFactory metastoreClientFactory;
+ private static final String [] SUPPORTED_PRIVS = {"INSERT", "UPDATE", "DELETE", "SELECT", "ALL"};
+ private static final Set<String> SUPPORTED_PRIVS_SET
+ = new HashSet<String>(Arrays.asList(SUPPORTED_PRIVS));
SQLStdHiveAccessController(HiveMetastoreClientFactory metastoreClientFactory,
@@ -91,6 +98,10 @@ public class SQLStdHiveAccessController
throw new HiveAuthorizationPluginException("Privileges on columns not supported currently"
+ " in sql standard authorization mode");
}
+ if(!SUPPORTED_PRIVS_SET.contains(privilege.getName().toUpperCase(Locale.US))){
+ throw new HiveAuthorizationPluginException("Privilege: " + privilege.getName() +
+ " is not supported in sql standard authorization mode");
+ }
PrivilegeGrantInfo grantInfo = getThriftPrivilegeGrantInfo(privilege, grantorPrincipal, grantOption);
for(HivePrincipal principal : hivePrincipals){
HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj, principal.getName(),
Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import java.io.Serializable;
+import java.util.List;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.Context;
+import org.apache.hadoop.hive.ql.exec.Task;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.parse.ASTNode;
+import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer;
+import org.apache.hadoop.hive.ql.parse.ParseDriver;
+import org.apache.hadoop.hive.ql.parse.ParseUtils;
+import org.apache.hadoop.hive.ql.plan.DDLWork;
+import org.apache.hadoop.hive.ql.session.SessionState;
+
+/**
+ * Util function for authorization tests
+ */
+public class AuthorizationTestUtil {
+
+ /**
+ * Create DDLWork from given ast
+ * @param ast
+ * @param conf
+ * @param db
+ * @return
+ * @throws Exception
+ */
+ public static DDLWork analyze(ASTNode ast, HiveConf conf, Hive db) throws Exception {
+ DDLSemanticAnalyzer analyzer = new DDLSemanticAnalyzer(conf, db);
+ SessionState.start(conf);
+ analyzer.analyze(ast, new Context(conf));
+ List<Task<? extends Serializable>> rootTasks = analyzer.getRootTasks();
+ return (DDLWork) inList(rootTasks).ofSize(1).get(0).getWork();
+ }
+
+ /**
+ * Create DDLWork from given command string
+ * @param command
+ * @param conf
+ * @param db
+ * @return
+ * @throws Exception
+ */
+ public static DDLWork analyze(String command, HiveConf conf, Hive db) throws Exception {
+ return analyze(parse(command), conf, db);
+ }
+
+ private static ASTNode parse(String command) throws Exception {
+ return ParseUtils.findRootNonNullToken((new ParseDriver()).parse(command));
+ }
+
+ /**
+ * Helper class that lets you check the size and return the list in one line.
+ *
+ * @param <E>
+ */
+ public static class ListSizeMatcher<E> {
+ private final List<E> list;
+ private ListSizeMatcher(List<E> list) {
+ this.list = list;
+ }
+ private List<E> ofSize(int size) {
+ Assert.assertEquals(list.toString(), size, list.size());
+ return list;
+ }
+ }
+
+ public static <E> ListSizeMatcher<E> inList(List<E> list) {
+ return new ListSizeMatcher<E>(list);
+ }
+
+}
+
Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/ListSizeMatcher.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/ListSizeMatcher.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/ListSizeMatcher.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/ListSizeMatcher.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import java.util.List;
+
+import junit.framework.Assert;
+
+public class ListSizeMatcher<E> {
+ private final List<E> list;
+ private ListSizeMatcher(List<E> list) {
+ this.list = list;
+ }
+
+ public List<E> ofSize(int size) {
+ Assert.assertEquals(list.toString(), size, list.size());
+ return list;
+ }
+
+
+ public static <E> ListSizeMatcher<E> inList(List<E> list) {
+ return new ListSizeMatcher<E>(list);
+ }
+}
+
Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.metastore.api.PrincipalType;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.plan.DDLWork;
+import org.apache.hadoop.hive.ql.plan.GrantDesc;
+import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType;
+
+public class PrivilegesTestBase {
+ protected static final String DB = "default";
+ protected static final String TABLE = "table1";
+ protected static final String USER = "user1";
+
+ public static void grantUserTable(String privStr, PrivilegeType privType, HiveConf conf, Hive db)
+ throws Exception {
+ DDLWork work = AuthorizationTestUtil.analyze("GRANT " + privStr + " ON TABLE " + TABLE + " TO USER " + USER, conf, db);
+ GrantDesc grantDesc = work.getGrantDesc();
+ Assert.assertNotNull("Grant should not be null", grantDesc);
+
+ //check privileges
+ for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
+ Assert.assertEquals(privType, privilege.getPrivilege().getPriv());
+ }
+
+ //check other parts
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
+ Assert.assertEquals(PrincipalType.USER, principal.getType());
+ Assert.assertEquals(USER, principal.getName());
+ }
+ Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
+ Assert.assertEquals(TABLE, grantDesc.getPrivilegeSubjectDesc().getObject());
+ }
+
+}
Modified: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java?rev=1563321&r1=1563320&r2=1563321&view=diff
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java (original)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java Fri Jan 31 22:47:18 2014
@@ -17,23 +17,18 @@
*/
package org.apache.hadoop.hive.ql.parse.authorization;
-import java.io.Serializable;
import java.util.HashMap;
-import java.util.List;
import junit.framework.Assert;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.ql.Context;
-import org.apache.hadoop.hive.ql.exec.Task;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.metadata.Partition;
import org.apache.hadoop.hive.ql.metadata.Table;
-import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.ParseDriver;
-import org.apache.hadoop.hive.ql.parse.ParseUtils;
import org.apache.hadoop.hive.ql.plan.DDLWork;
import org.apache.hadoop.hive.ql.plan.GrantDesc;
import org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL;
@@ -91,7 +86,7 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testCreateRole() throws Exception {
- DDLWork work = analyze(parse("CREATE ROLE " + ROLE));
+ DDLWork work = analyze("CREATE ROLE " + ROLE);
RoleDDLDesc roleDesc = work.getRoleDDLDesc();
Assert.assertNotNull("Role should not be null", roleDesc);
Assert.assertEquals(RoleOperation.CREATE_ROLE, roleDesc.getOperation());
@@ -103,7 +98,7 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testDropRole() throws Exception {
- DDLWork work = analyze(parse("DROp ROLE " + ROLE));
+ DDLWork work = analyze("DROp ROLE " + ROLE);
RoleDDLDesc roleDesc = work.getRoleDDLDesc();
Assert.assertNotNull("Role should not be null", roleDesc);
Assert.assertEquals(RoleOperation.DROP_ROLE, roleDesc.getOperation());
@@ -115,14 +110,14 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testGrantUserTable() throws Exception {
- DDLWork work = analyze(parse("GRANT " + SELECT + " ON TABLE " + TABLE + " TO USER " + USER));
+ DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO USER " + USER);
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
- for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.USER, principal.getType());
Assert.assertEquals(USER, principal.getName());
}
- for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+ for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -133,14 +128,14 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testGrantRoleTable() throws Exception {
- DDLWork work = analyze(parse("GRANT " + SELECT + " ON TABLE " + TABLE + " TO ROLE " + ROLE));
+ DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO ROLE " + ROLE);
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
- for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
- for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+ for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -151,14 +146,14 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testGrantGroupTable() throws Exception {
- DDLWork work = analyze(parse("GRANT " + SELECT + " ON TABLE " + TABLE + " TO GROUP " + GROUP));
+ DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO GROUP " + GROUP);
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
- for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
- for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+ for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -169,14 +164,14 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testRevokeUserTable() throws Exception {
- DDLWork work = analyze(parse("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM USER " + USER));
+ DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM USER " + USER);
RevokeDesc grantDesc = work.getRevokeDesc();
Assert.assertNotNull("Revoke should not be null", grantDesc);
- for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.USER, principal.getType());
Assert.assertEquals(USER, principal.getName());
}
- for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+ for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -187,14 +182,14 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testRevokeRoleTable() throws Exception {
- DDLWork work = analyze(parse("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM ROLE " + ROLE));
+ DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM ROLE " + ROLE);
RevokeDesc grantDesc = work.getRevokeDesc();
Assert.assertNotNull("Revoke should not be null", grantDesc);
- for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
- for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+ for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -205,14 +200,14 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testRevokeGroupTable() throws Exception {
- DDLWork work = analyze(parse("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM GROUP " + GROUP));
+ DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM GROUP " + GROUP);
RevokeDesc grantDesc = work.getRevokeDesc();
Assert.assertNotNull("Revoke should not be null", grantDesc);
- for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
- for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+ for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -223,17 +218,17 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testGrantRoleUser() throws Exception {
- DDLWork work = analyze(parse("GRANT ROLE " + ROLE + " TO USER " + USER));
+ DDLWork work = analyze("GRANT ROLE " + ROLE + " TO USER " + USER);
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertTrue("Expected grant ", grantDesc.getGrant());
Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
- for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+ for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
- for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
Assert.assertEquals(PrincipalType.USER, principal.getType());
Assert.assertEquals(USER, principal.getName());
}
@@ -243,17 +238,17 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testGrantRoleRole() throws Exception {
- DDLWork work = analyze(parse("GRANT ROLE " + ROLE + " TO ROLE " + ROLE));
+ DDLWork work = analyze("GRANT ROLE " + ROLE + " TO ROLE " + ROLE);
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertTrue("Expected grant ", grantDesc.getGrant());
Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
- for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+ for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
- for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
@@ -263,17 +258,17 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testGrantRoleGroup() throws Exception {
- DDLWork work = analyze(parse("GRANT ROLE " + ROLE + " TO GROUP " + GROUP));
+ DDLWork work = analyze("GRANT ROLE " + ROLE + " TO GROUP " + GROUP);
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertTrue("Expected grant ", grantDesc.getGrant());
Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
- for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+ for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
- for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
@@ -283,17 +278,17 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testRevokeRoleUser() throws Exception {
- DDLWork work = analyze(parse("REVOKE ROLE " + ROLE + " FROM USER " + USER));
+ DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM USER " + USER);
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
- for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+ for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
- for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
Assert.assertEquals(PrincipalType.USER, principal.getType());
Assert.assertEquals(USER, principal.getName());
}
@@ -303,17 +298,17 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testRevokeRoleRole() throws Exception {
- DDLWork work = analyze(parse("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE));
+ DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE);
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
- for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+ for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
- for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
@@ -323,17 +318,17 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testRevokeRoleGroup() throws Exception {
- DDLWork work = analyze(parse("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP));
+ DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP);
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
- for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+ for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
- for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+ for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
@@ -343,7 +338,7 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testShowRoleGrantUser() throws Exception {
- DDLWork work = analyze(parse("SHOW ROLE GRANT USER " + USER));
+ DDLWork work = analyze("SHOW ROLE GRANT USER " + USER);
RoleDDLDesc roleDesc = work.getRoleDDLDesc();
Assert.assertNotNull("Role should not be null", roleDesc);
Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation());
@@ -355,7 +350,7 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testShowRoleGrantRole() throws Exception {
- DDLWork work = analyze(parse("SHOW ROLE GRANT ROLE " + ROLE));
+ DDLWork work = analyze("SHOW ROLE GRANT ROLE " + ROLE);
RoleDDLDesc roleDesc = work.getRoleDDLDesc();
Assert.assertNotNull("Role should not be null", roleDesc);
Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation());
@@ -367,7 +362,7 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testShowRoleGrantGroup() throws Exception {
- DDLWork work = analyze(parse("SHOW ROLE GRANT GROUP " + GROUP));
+ DDLWork work = analyze("SHOW ROLE GRANT GROUP " + GROUP);
RoleDDLDesc roleDesc = work.getRoleDDLDesc();
Assert.assertNotNull("Role should not be null", roleDesc);
Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation());
@@ -379,7 +374,7 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testShowGrantUserOnTable() throws Exception {
- DDLWork work = analyze(parse("SHOW GRANT USER " + USER + " ON TABLE " + TABLE));
+ DDLWork work = analyze("SHOW GRANT USER " + USER + " ON TABLE " + TABLE);
ShowGrantDesc grantDesc = work.getShowGrantDesc();
Assert.assertNotNull("Show grant should not be null", grantDesc);
Assert.assertEquals(PrincipalType.USER, grantDesc.getPrincipalDesc().getType());
@@ -393,7 +388,7 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testShowGrantRoleOnTable() throws Exception {
- DDLWork work = analyze(parse("SHOW GRANT ROLE " + ROLE + " ON TABLE " + TABLE));
+ DDLWork work = analyze("SHOW GRANT ROLE " + ROLE + " ON TABLE " + TABLE);
ShowGrantDesc grantDesc = work.getShowGrantDesc();
Assert.assertNotNull("Show grant should not be null", grantDesc);
Assert.assertEquals(PrincipalType.ROLE, grantDesc.getPrincipalDesc().getType());
@@ -407,7 +402,7 @@ public class TestHiveAuthorizationTaskFa
*/
@Test
public void testShowGrantGroupOnTable() throws Exception {
- DDLWork work = analyze(parse("SHOW GRANT GROUP " + GROUP + " ON TABLE " + TABLE));
+ DDLWork work = analyze("SHOW GRANT GROUP " + GROUP + " ON TABLE " + TABLE);
ShowGrantDesc grantDesc = work.getShowGrantDesc();
Assert.assertNotNull("Show grant should not be null", grantDesc);
Assert.assertEquals(PrincipalType.GROUP, grantDesc.getPrincipalDesc().getType());
@@ -416,26 +411,10 @@ public class TestHiveAuthorizationTaskFa
Assert.assertEquals(TABLE, grantDesc.getHiveObj().getObject());
Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable());
}
- private ASTNode parse(String command) throws Exception {
- return ParseUtils.findRootNonNullToken(parseDriver.parse(command));
- }
- private DDLWork analyze(ASTNode ast) throws Exception {
- analyzer.analyze(ast, context);
- List<Task<? extends Serializable>> rootTasks = analyzer.getRootTasks();
- return (DDLWork) inList(rootTasks).ofSize(1).get(0).getWork();
- }
- private static class ListSizeMatcher<E> {
- private final List<E> list;
- private ListSizeMatcher(List<E> list) {
- this.list = list;
- }
- private List<E> ofSize(int size) {
- Assert.assertEquals(list.toString(), size, list.size());
- return list;
- }
- }
- private static <E> ListSizeMatcher<E> inList(List<E> list) {
- return new ListSizeMatcher<E>(list);
+ private DDLWork analyze(String command) throws Exception {
+ return AuthorizationTestUtil.analyze(command, conf, db);
}
+
+
}
Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import java.util.HashMap;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.metadata.Partition;
+import org.apache.hadoop.hive.ql.metadata.Table;
+import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType;
+import org.apache.hadoop.hive.ql.session.SessionState;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class TestPrivilegesV1 extends PrivilegesTestBase{
+
+ private HiveConf conf;
+ private Hive db;
+ private Table table;
+ private Partition partition;
+
+ @Before
+ public void setup() throws Exception {
+ conf = new HiveConf();
+ db = Mockito.mock(Hive.class);
+ table = new Table(DB, TABLE);
+ partition = new Partition(table);
+ SessionState.start(conf);
+ Mockito.when(db.getTable(DB, TABLE, false)).thenReturn(table);
+ Mockito.when(db.getPartition(table, new HashMap<String, String>(), false))
+ .thenReturn(partition);
+ }
+
+ /**
+ * Check acceptable privileges in grant statement
+ * @return
+ * @throws Exception
+ */
+ @Test
+ public void testPrivInGrant() throws Exception{
+ grantUserTable("all", PrivilegeType.ALL);
+ grantUserTable("update", PrivilegeType.ALTER_DATA);
+ grantUserTable("alter", PrivilegeType.ALTER_METADATA);
+ grantUserTable("create", PrivilegeType.CREATE);
+ grantUserTable("drop", PrivilegeType.DROP);
+ grantUserTable("index", PrivilegeType.INDEX);
+ grantUserTable("lock", PrivilegeType.LOCK);
+ grantUserTable("select", PrivilegeType.SELECT);
+ grantUserTable("show_database", PrivilegeType.SHOW_DATABASE);
+ }
+
+ /**
+ * Check acceptable privileges in grant statement
+ * @return
+ * @throws Exception
+ */
+ @Test
+ public void testPrivInGrantNotAccepted() throws Exception{
+ grantUserTableFail("insert");
+ grantUserTableFail("delete");
+ }
+
+ private void grantUserTableFail(String privName) {
+ try{
+ grantUserTable(privName, PrivilegeType.UNKNOWN);
+ Assert.fail("Exception expected");
+ }catch(Exception e){
+
+ }
+ }
+
+ private void grantUserTable(String privName, PrivilegeType privType) throws Exception {
+ grantUserTable(privName, privType, conf, db);
+ }
+}
Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV2.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV2.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV2.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV2.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,72 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import java.util.HashMap;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.metadata.Partition;
+import org.apache.hadoop.hive.ql.metadata.Table;
+import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+import org.apache.hadoop.hive.ql.session.SessionState;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class TestPrivilegesV2 extends PrivilegesTestBase{
+
+ private HiveConf conf;
+ private Hive db;
+ private Table table;
+ private Partition partition;
+
+ @Before
+ public void setup() throws Exception {
+ conf = new HiveConf();
+ //set authorization mode to V2
+ conf.setVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER,
+ SQLStdHiveAuthorizerFactory.class.getName());
+ db = Mockito.mock(Hive.class);
+ table = new Table(DB, TABLE);
+ SessionState.start(conf);
+ Mockito.when(db.getTable(DB, TABLE, false)).thenReturn(table);
+ Mockito.when(db.getPartition(table, new HashMap<String, String>(), false))
+ .thenReturn(partition);
+ }
+
+ /**
+ * Check acceptable privileges in grant statement
+ * @return
+ * @throws Exception
+ */
+ @Test
+ public void testPrivInGrant() throws Exception{
+ grantUserTable("select", PrivilegeType.SELECT);
+ grantUserTable("insert", PrivilegeType.INSERT);
+ grantUserTable("delete", PrivilegeType.DELETE);
+ grantUserTable("update", PrivilegeType.ALTER_DATA);
+ grantUserTable("all", PrivilegeType.ALL);
+ }
+
+ private void grantUserTable(String privName, PrivilegeType privType) throws Exception {
+ grantUserTable(privName, privType, conf, db);
+ }
+
+}
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q Fri Jan 31 22:47:18 2014
@@ -0,0 +1,6 @@
+create table if not exists authorization_invalid_v1 (key int, value string);
+grant delete on table authorization_invalid_v1 to user hive_test_user;
+drop table authorization_invalid_v1;
+
+
+
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q Fri Jan 31 22:47:18 2014
@@ -0,0 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+
+create table if not exists authorization_invalid_v2 (key int, value string);
+grant index on table authorization_invalid_v2 to user hive_test_user;
+drop table authorization_invalid_v2;
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out Fri Jan 31 22:47:18 2014
@@ -0,0 +1,6 @@
+PREHOOK: query: create table if not exists authorization_invalid_v1 (key int, value string)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: create table if not exists authorization_invalid_v1 (key int, value string)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@authorization_invalid_v1
+FAILED: SemanticException undefined privilege 731
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out Fri Jan 31 22:47:18 2014
@@ -0,0 +1,9 @@
+PREHOOK: query: create table if not exists authorization_invalid_v2 (key int, value string)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: create table if not exists authorization_invalid_v2 (key int, value string)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@authorization_invalid_v2
+PREHOOK: query: grant index on table authorization_invalid_v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@authorization_invalid_v2
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Privilege: Index is not supported in sql standard authorization mode