You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lens.apache.org by ra...@apache.org on 2018/09/06 09:26:26 UTC
lens git commit: LENS-1532 and LENS-1529 : Adding files missed in
previous commit.
Repository: lens
Updated Branches:
refs/heads/master 1c3dff25b -> 0eba44abd
LENS-1532 and LENS-1529 : Adding files missed in previous commit.
Project: http://git-wip-us.apache.org/repos/asf/lens/repo
Commit: http://git-wip-us.apache.org/repos/asf/lens/commit/0eba44ab
Tree: http://git-wip-us.apache.org/repos/asf/lens/tree/0eba44ab
Diff: http://git-wip-us.apache.org/repos/asf/lens/diff/0eba44ab
Branch: refs/heads/master
Commit: 0eba44abdca9d1840777ce70b26187608286bc0a
Parents: 1c3dff2
Author: Rajitha R <ra...@apache.org>
Authored: Thu Sep 6 14:56:02 2018 +0530
Committer: Rajitha.R <ra...@IM0318-L0.corp.inmobi.com>
Committed: Thu Sep 6 14:56:02 2018 +0530
----------------------------------------------------------------------
.../apache/lens/cube/parse/MockAuthorizer.java | 57 +++++++++++++++++
.../parse/TestQueryAuthorizationResolver.java | 66 ++++++++++++++++++++
2 files changed, 123 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lens/blob/0eba44ab/lens-cube/src/test/java/org/apache/lens/cube/parse/MockAuthorizer.java
----------------------------------------------------------------------
diff --git a/lens-cube/src/test/java/org/apache/lens/cube/parse/MockAuthorizer.java b/lens-cube/src/test/java/org/apache/lens/cube/parse/MockAuthorizer.java
new file mode 100644
index 0000000..d410083
--- /dev/null
+++ b/lens-cube/src/test/java/org/apache/lens/cube/parse/MockAuthorizer.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.lens.cube.parse;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.lens.server.api.authorization.ActionType;
+import org.apache.lens.server.api.authorization.Authorizer;
+import org.apache.lens.server.api.authorization.LensPrivilegeObject;
+
+import lombok.Getter;
+
+public class MockAuthorizer implements Authorizer {
+
+ @Getter
+ Set<String> authorizedUserGroups;
+ MockAuthorizer(){
+ init();
+ }
+
+ public void init(){
+ this.authorizedUserGroups = new HashSet<>();
+ this.authorizedUserGroups.add("lens-auth-test1");
+ }
+ @Override
+ public boolean authorize(LensPrivilegeObject lensPrivilegeObject, ActionType accessType, String user,
+ Set<String> userGroups) {
+ //check query authorization
+ if (lensPrivilegeObject.getTable().equals("basecube") && accessType.equals(ActionType.SELECT)) {
+ userGroups.retainAll(getAuthorizedUserGroups());
+ return !userGroups.isEmpty();
+ }
+ // check metastore schema authorization
+ if (lensPrivilegeObject.getTable().equals("TestCubeMetastoreClient") && accessType.equals(ActionType.UPDATE)) {
+ userGroups.retainAll(getAuthorizedUserGroups());
+ return !userGroups.isEmpty();
+ }
+ return false;
+ }
+}
http://git-wip-us.apache.org/repos/asf/lens/blob/0eba44ab/lens-cube/src/test/java/org/apache/lens/cube/parse/TestQueryAuthorizationResolver.java
----------------------------------------------------------------------
diff --git a/lens-cube/src/test/java/org/apache/lens/cube/parse/TestQueryAuthorizationResolver.java b/lens-cube/src/test/java/org/apache/lens/cube/parse/TestQueryAuthorizationResolver.java
new file mode 100644
index 0000000..13b345f
--- /dev/null
+++ b/lens-cube/src/test/java/org/apache/lens/cube/parse/TestQueryAuthorizationResolver.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.lens.cube.parse;
+
+import static org.apache.lens.cube.metadata.DateFactory.TWO_DAYS_RANGE;
+
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.fail;
+
+import org.apache.lens.cube.metadata.MetastoreConstants;
+import org.apache.lens.server.api.LensConfConstants;
+import org.apache.lens.server.api.error.LensException;
+import org.apache.lens.server.api.query.save.exception.PrivilegeException;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hive.ql.session.SessionState;
+
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+public class TestQueryAuthorizationResolver extends TestQueryRewrite {
+ private Configuration conf = new Configuration();
+
+ @BeforeClass
+ public void beforeClassTestQueryAuthorizationResolver() {
+ conf.setBoolean(LensConfConstants.ENABLE_QUERY_AUTHORIZATION_CHECK, true);
+ conf.setBoolean(LensConfConstants.USER_GROUPS_BASED_AUTHORIZATION, true);
+ conf.set(MetastoreConstants.AUTHORIZER_CLASS, "org.apache.lens.cube.parse.MockAuthorizer");
+ }
+
+ @Test
+ public void testRestrictedColumnsFromQuery() throws LensException {
+
+ SessionState.getSessionConf().set(LensConfConstants.SESSION_USER_GROUPS, "lens-auth-test2");
+ String testQuery = "select dim11 from basecube where " + TWO_DAYS_RANGE;
+
+ try {
+ rewrite(testQuery, conf);
+ fail("Privilege exception supposed to be thrown for selecting restricted columns in basecube, "
+ + "however not seeing expected behaviour");
+ } catch (PrivilegeException actualException) {
+ PrivilegeException expectedException =
+ new PrivilegeException("COLUMN", "basecube", "SELECT");
+ assertEquals(expectedException, actualException);
+ }
+ SessionState.getSessionConf().set(LensConfConstants.SESSION_USER_GROUPS, "lens-auth-test1");
+ rewrite(testQuery, conf);
+ }
+
+}