You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lens.apache.org by ra...@apache.org on 2018/09/06 09:26:26 UTC

lens git commit: LENS-1532 and LENS-1529 : Adding files missed in previous commit.

Repository: lens
Updated Branches:
  refs/heads/master 1c3dff25b -> 0eba44abd


LENS-1532 and LENS-1529 : Adding files missed in previous commit.


Project: http://git-wip-us.apache.org/repos/asf/lens/repo
Commit: http://git-wip-us.apache.org/repos/asf/lens/commit/0eba44ab
Tree: http://git-wip-us.apache.org/repos/asf/lens/tree/0eba44ab
Diff: http://git-wip-us.apache.org/repos/asf/lens/diff/0eba44ab

Branch: refs/heads/master
Commit: 0eba44abdca9d1840777ce70b26187608286bc0a
Parents: 1c3dff2
Author: Rajitha R <ra...@apache.org>
Authored: Thu Sep 6 14:56:02 2018 +0530
Committer: Rajitha.R <ra...@IM0318-L0.corp.inmobi.com>
Committed: Thu Sep 6 14:56:02 2018 +0530

----------------------------------------------------------------------
 .../apache/lens/cube/parse/MockAuthorizer.java  | 57 +++++++++++++++++
 .../parse/TestQueryAuthorizationResolver.java   | 66 ++++++++++++++++++++
 2 files changed, 123 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lens/blob/0eba44ab/lens-cube/src/test/java/org/apache/lens/cube/parse/MockAuthorizer.java
----------------------------------------------------------------------
diff --git a/lens-cube/src/test/java/org/apache/lens/cube/parse/MockAuthorizer.java b/lens-cube/src/test/java/org/apache/lens/cube/parse/MockAuthorizer.java
new file mode 100644
index 0000000..d410083
--- /dev/null
+++ b/lens-cube/src/test/java/org/apache/lens/cube/parse/MockAuthorizer.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.lens.cube.parse;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.lens.server.api.authorization.ActionType;
+import org.apache.lens.server.api.authorization.Authorizer;
+import org.apache.lens.server.api.authorization.LensPrivilegeObject;
+
+import lombok.Getter;
+
+public class MockAuthorizer implements Authorizer {
+
+  @Getter
+  Set<String> authorizedUserGroups;
+  MockAuthorizer(){
+    init();
+  }
+
+  public void init(){
+    this.authorizedUserGroups = new HashSet<>();
+    this.authorizedUserGroups.add("lens-auth-test1");
+  }
+  @Override
+  public boolean authorize(LensPrivilegeObject lensPrivilegeObject, ActionType accessType, String user,
+    Set<String> userGroups) {
+    //check query authorization
+    if (lensPrivilegeObject.getTable().equals("basecube") && accessType.equals(ActionType.SELECT)) {
+      userGroups.retainAll(getAuthorizedUserGroups());
+      return !userGroups.isEmpty();
+    }
+    // check metastore schema authorization
+    if (lensPrivilegeObject.getTable().equals("TestCubeMetastoreClient") && accessType.equals(ActionType.UPDATE)) {
+      userGroups.retainAll(getAuthorizedUserGroups());
+      return !userGroups.isEmpty();
+    }
+    return false;
+  }
+}

http://git-wip-us.apache.org/repos/asf/lens/blob/0eba44ab/lens-cube/src/test/java/org/apache/lens/cube/parse/TestQueryAuthorizationResolver.java
----------------------------------------------------------------------
diff --git a/lens-cube/src/test/java/org/apache/lens/cube/parse/TestQueryAuthorizationResolver.java b/lens-cube/src/test/java/org/apache/lens/cube/parse/TestQueryAuthorizationResolver.java
new file mode 100644
index 0000000..13b345f
--- /dev/null
+++ b/lens-cube/src/test/java/org/apache/lens/cube/parse/TestQueryAuthorizationResolver.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.lens.cube.parse;
+
+import static org.apache.lens.cube.metadata.DateFactory.TWO_DAYS_RANGE;
+
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.fail;
+
+import org.apache.lens.cube.metadata.MetastoreConstants;
+import org.apache.lens.server.api.LensConfConstants;
+import org.apache.lens.server.api.error.LensException;
+import org.apache.lens.server.api.query.save.exception.PrivilegeException;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hive.ql.session.SessionState;
+
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+public class TestQueryAuthorizationResolver extends TestQueryRewrite {
+  private Configuration conf = new Configuration();
+
+  @BeforeClass
+  public void beforeClassTestQueryAuthorizationResolver() {
+    conf.setBoolean(LensConfConstants.ENABLE_QUERY_AUTHORIZATION_CHECK, true);
+    conf.setBoolean(LensConfConstants.USER_GROUPS_BASED_AUTHORIZATION, true);
+    conf.set(MetastoreConstants.AUTHORIZER_CLASS, "org.apache.lens.cube.parse.MockAuthorizer");
+  }
+
+  @Test
+  public void testRestrictedColumnsFromQuery() throws LensException {
+
+    SessionState.getSessionConf().set(LensConfConstants.SESSION_USER_GROUPS, "lens-auth-test2");
+    String testQuery = "select dim11 from basecube where " + TWO_DAYS_RANGE;
+
+    try {
+      rewrite(testQuery, conf);
+      fail("Privilege exception supposed to be thrown for selecting restricted columns in basecube, "
+         + "however not seeing expected behaviour");
+    } catch (PrivilegeException actualException) {
+      PrivilegeException expectedException =
+        new PrivilegeException("COLUMN", "basecube", "SELECT");
+      assertEquals(expectedException, actualException);
+    }
+    SessionState.getSessionConf().set(LensConfConstants.SESSION_USER_GROUPS, "lens-auth-test1");
+    rewrite(testQuery, conf);
+  }
+
+}