You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sh...@apache.org on 2013/09/21 01:38:52 UTC
[3/9] SENTRY-16: Move sentry-tests to sentry-tests-hive package
(Gregory Chanan via Shreepadma Venugopalan)
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
deleted file mode 100644
index 69bfddc..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
+++ /dev/null
@@ -1,464 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e;
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.HashMap;
-import java.util.Map;
-
-import junit.framework.Assert;
-
-import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.io.Resources;
-
-/* Tests privileges at table scope within a single database.
- */
-
-public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
-
- private Context context;
- private File dataFile;
- private PolicyFile policyFile;
-
- Map <String, String >testProperties;
- private static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
-
- @Before
- public void setup() throws Exception {
- testProperties = new HashMap<String, String>();
- policyFile = PolicyFile.createAdminOnServer1("admin1");
- }
-
- @After
- public void teardown() throws Exception {
- if (context != null) {
- context.close();
- }
- }
-
- /* Admin creates database DB_1
- * Admin grants ALL to USER_GROUP of which user1 is a member.
- */
- @Test
- public void testAllPrivilege() throws Exception {
- context = createContext(testProperties);
-
- //copy data file to test dir
- File dataDir = context.getDataDir();
- File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
- to.close();
-
- policyFile
- .addRolesToGroup("user_group1", "all_db1", "load_data")
- .addRolesToGroup("user_group2", "all_db2")
- .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
- .addPermissionsToRole("all_db2", "server=server1->db=DB_2")
- .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath())
- .addGroupsToUser("user1", "user_group1")
- .addGroupsToUser("user2", "user_group2")
- .write(context.getPolicyFile());
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
- statement.execute("CREATE DATABASE DB_1");
- statement.execute("CREATE DATABASE DB_2");
- statement.close();
- connection.close();
-
- // test execution
- connection = context.createConnection("user1", "password");
- statement = context.createStatement(connection);
- // test user can create table
- statement.execute("CREATE TABLE DB_1.TAB_1(A STRING)");
- // test user can execute load
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE DB_1.TAB_1");
- statement.execute("CREATE TABLE DB_1.TAB_2(A STRING)");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE DB_1.TAB_2");
-
- // test user can switch db
- statement.execute("USE DB_1");
- //test user can create view
- statement.execute("CREATE VIEW VIEW_1(A) AS SELECT A FROM TAB_1");
-
- // test user can insert
- statement.execute("INSERT INTO TABLE TAB_1 SELECT A FROM TAB_2");
- // test user can query table
- ResultSet resultSet = statement.executeQuery("SELECT COUNT(A) FROM TAB_1");
- int count = 0;
- int countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 1000);
-
- // test user can execute alter table rename
- statement.execute("ALTER TABLE TAB_1 RENAME TO TAB_3");
-
- // test user can execute create as select
- statement.execute("CREATE TABLE TAB_4 AS SELECT * FROM TAB_2");
-
- // test user can execute alter table rename cols
- statement.execute("ALTER TABLE TAB_3 ADD COLUMNS (B INT)");
-
- // test user can drop table
- statement.execute("DROP TABLE TAB_3");
-
- //negative test case: user can't drop another user's database
- try {
- statement.execute("DROP DATABASE DB_2 CASCADE");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- //negative test case: user can't switch into another user's database
- try {
- statement.execute("USE DB_2");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- //negative test case: user can't drop own database
- try {
- statement.execute("DROP DATABASE DB_1 CASCADE");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- statement.close();
- connection.close();
-
- //test cleanup
- connection = context.createConnection("admin1", "hive");
- statement = context.createStatement(connection);
- statement.execute("DROP DATABASE DB_1 CASCADE");
- statement.execute("DROP DATABASE DB_2 CASCADE");
- statement.close();
- connection.close();
- context.close();
- }
-
- /* Admin creates database DB_1, creates table TAB_1, loads data into it
- * Admin grants ALL to USER_GROUP of which user1 is a member.
- */
- @Test
- public void testAllPrivilegeOnObjectOwnedByAdmin() throws Exception {
- context = createContext(testProperties);
-
- //copy data file to test dir
- File dataDir = context.getDataDir();
- File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
- File externalTblDir = new File(dataDir, "exttab");
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
- to.close();
-
- policyFile
- .addRolesToGroup("user_group1", "all_db1", "load_data", "exttab")
- .addRolesToGroup("user_group2", "all_db2")
- .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
- .addPermissionsToRole("all_db2", "server=server1->db=DB_2")
- .addPermissionsToRole("exttab", "server=server1->uri=file://" + dataDir.getPath())
- .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath())
- .addGroupsToUser("user1", "user_group1")
- .addGroupsToUser("user2", "user_group2")
- .write(context.getPolicyFile());
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
- statement.execute("CREATE DATABASE DB_1");
- statement.execute("CREATE DATABASE DB_2");
- statement.execute("USE DB_1");
- statement.execute("CREATE TABLE TAB_1(A STRING)");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE TAB_1");
- statement.execute("CREATE TABLE PART_TAB_1(A STRING) partitioned by (B INT) STORED AS TEXTFILE");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE PART_TAB_1 PARTITION(B=1)");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE PART_TAB_1 PARTITION(B=2)");
- statement.close();
- connection.close();
-
- // test execution
- connection = context.createConnection("user1", "password");
- statement = context.createStatement(connection);
- // test user can switch db
- statement.execute("USE DB_1");
- // test user can execute load
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE TAB_1");
- statement.execute("CREATE TABLE TAB_2(A STRING)");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE TAB_2");
-
- //test user can create view
- statement.execute("CREATE VIEW VIEW_1(A) AS SELECT A FROM TAB_1");
-
- // test user can insert
- statement.execute("INSERT INTO TABLE TAB_1 SELECT A FROM TAB_2");
- // test user can query table
- ResultSet resultSet = statement.executeQuery("SELECT COUNT(A) FROM TAB_1");
- int count = 0;
- int countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 1500);
-
- // test user can execute alter table rename
- statement.execute("ALTER TABLE TAB_1 RENAME TO TAB_3");
-
- // test user can drop table
- statement.execute("DROP TABLE TAB_3");
-
- //negative test case: user can't drop db
- try {
- statement.execute("DROP DATABASE DB_1 CASCADE");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- //negative test case: user can't create external tables
- assertTrue("Unable to create directory for external table test" , externalTblDir.mkdir());
- statement.execute("CREATE EXTERNAL TABLE EXT_TAB_1(A STRING) STORED AS TEXTFILE LOCATION 'file:"+
- externalTblDir.getAbsolutePath() + "'");
-
- //negative test case: user can't execute alter table set location
- try {
- statement.execute("ALTER TABLE TAB_2 SET LOCATION 'hdfs://nn1.example.com/hive/warehouse'");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- statement.close();
- connection.close();
-
- connection = context.createConnection("user2", "password");
- statement = context.createStatement(connection);
- try {
- statement.execute("CREATE EXTERNAL TABLE EXT_TAB_1(A STRING) STORED AS TEXTFILE LOCATION 'file:"+
- externalTblDir.getAbsolutePath() + "'");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- statement.close();
- connection.close();
-
- //test cleanup
- connection = context.createConnection("admin1", "hive");
- statement = context.createStatement(connection);
- statement.execute("DROP DATABASE DB_1 CASCADE");
- statement.execute("DROP DATABASE DB_2 CASCADE");
- statement.close();
- connection.close();
- context.close();
- }
-
- /**
- * Test privileges for 'use <db>'
- * Admin should be able to run use <db> with server level access
- * User with db level access should be able to run use <db>
- * User with table level access should be able to run use <db>
- * User with no access to that db objects, should NOT be able run use <db>
- * @throws Exception
- */
- @Test
- public void testUseDbPrivilege() throws Exception {
- context = createContext(testProperties);
-
- policyFile
- .addRolesToGroup("user_group1", "all_db1")
- .addRolesToGroup("user_group2", "select_db2")
- .addRolesToGroup("user_group3", "all_db3")
- .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
- .addPermissionsToRole("select_db2", "server=server1->db=DB_2->table=tab_2->action=select")
- .addPermissionsToRole("all_db3", "server=server1->db=DB_3")
- .addGroupsToUser("user1", "user_group1")
- .addGroupsToUser("user2", "user_group2")
- .addGroupsToUser("user3", "user_group3")
- .write(context.getPolicyFile());
-
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("CREATE DATABASE DB_1");
- statement.execute("use DB_1");
- statement.execute("CREATE TABLE TAB_1(A STRING)");
- statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
- statement.execute("CREATE DATABASE DB_2");
- statement.execute("use DB_1");
- statement.execute("CREATE TABLE TAB_2(A STRING)");
- context.close();
-
- // user1 should be able to connect db_1
- connection = context.createConnection("user1", "hive");
- statement = context.createStatement(connection);
- statement.execute("use DB_1");
- context.close();
-
- // user2 should not be able to connect db_1
- connection = context.createConnection("user2", "hive");
- statement = context.createStatement(connection);
- try {
- statement.execute("use DB_1");
- assertFalse("user2 shouldn't be able switch to db_1", true);
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
- statement.execute("use DB_2");
- context.close();
-
- // user3 who is not listed in policy file should not be able to connect db_2
- connection = context.createConnection("user3", "hive");
- statement = context.createStatement(connection);
- try {
- statement.execute("use DB_2");
- assertFalse("user3 shouldn't be able switch to db_2", true);
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
- context.close();
- }
-
- /**
- * Test access to default DB with out of box authz config
- * All users should be able to switch to default, including the users that don't have any
- * privilege on default db objects via policy file
- * @throws Exception
- */
- @Test
- public void testDefaultDbPrivilege() throws Exception {
- context = createContext(testProperties);
-
- policyFile
- .addRolesToGroup("user_group1", "all_db1")
- .addRolesToGroup("user_group2", "select_db2")
- .addRolesToGroup("user_group3", "all_default")
- .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
- .addPermissionsToRole("select_db2", "server=server1->db=DB_2->table=tab_2->action=select")
- .addPermissionsToRole("all_default", "server=server1->db=default")
- .addGroupsToUser("user1", "user_group1")
- .addGroupsToUser("user2", "user_group2")
- .addGroupsToUser("user3", "user_group3")
- .write(context.getPolicyFile());
-
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
- statement.execute("use default");
- context.close();
-
- connection = context.createConnection("user1", "hive");
- statement = context.createStatement(connection);
- statement.execute("use default");
- context.close();
-
- connection = context.createConnection("user2", "hive");
- statement = context.createStatement(connection);
- statement.execute("use default");
- context.close();
-
- connection = context.createConnection("user3", "hive");
- statement = context.createStatement(connection);
- statement.execute("use default");
- context.close();
- }
-
- /**
- * Test access to default DB with explicit privilege requirement
- * Admin should be able to run use default with server level access
- * User with db level access should be able to run use default
- * User with table level access should be able to run use default
- * User with no access to default db objects, should NOT be able run use default
- * @throws Exception
- */
- @Test
- public void testDefaultDbRestrictivePrivilege() throws Exception {
- testProperties.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "true");
- context = createContext(testProperties);
-
- policyFile
- .addRolesToGroup("user_group1", "all_default")
- .addRolesToGroup("user_group2", "select_default")
- .addRolesToGroup("user_group3", "all_db1")
- .addPermissionsToRole("all_default", "server=server1->db=default")
- .addPermissionsToRole("select_default", "server=server1->db=default->table=tab_2->action=select")
- .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
- .addGroupsToUser("user1", "user_group1")
- .addGroupsToUser("user2", "user_group2")
- .addGroupsToUser("user3", "user_group3")
- .write(context.getPolicyFile());
-
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
- statement.execute("use default");
- context.close();
-
- connection = context.createConnection("user1", "hive");
- statement = context.createStatement(connection);
- statement.execute("use default");
- context.close();
-
- connection = context.createConnection("user2", "hive");
- statement = context.createStatement(connection);
- statement.execute("use default");
- context.close();
-
- connection = context.createConnection("user3", "hive");
- statement = context.createStatement(connection);
- try {
- // user3 doesn't have any implicit permission for default
- statement.execute("use default");
- assertFalse("user3 shouldn't be able switch to default", true);
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
- context.close();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
deleted file mode 100644
index 25746c1..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
-printf_test_3 * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e;
-
-import static org.junit.Assert.assertFalse;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.sql.Connection;
-import java.sql.SQLException;
-import java.sql.Statement;
-
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.io.Resources;
-
-public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS {
- private Context context;
- private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
- private File dataDir;
- private File dataFile;
- private PolicyFile policyFile;
-
- @Before
- public void setup() throws Exception {
- context = createContext();
- dataDir = context.getDataDir();
- dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
- to.close();
- policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
-
- }
-
- @After
- public void tearDown() throws Exception {
- if (context != null) {
- context.close();
- }
- }
-
- /**
- * admin should be able to create/drop temp functions
- * user with db level access should be able to create/drop temp functions
- * user with table level access should be able to create/drop temp functions
- * user with no privilege should NOT be able to create/drop temp functions
- */
- @Test
- public void testFuncPrivileges1() throws Exception {
- String dbName1 = "db_1";
- String tableName1 = "tb_1";
-
- policyFile
- .addRolesToGroup("group1", "db1_all", "UDF_JAR")
- .addRolesToGroup("group2", "db1_tab1", "UDF_JAR")
- .addRolesToGroup("group3", "db1_tab1")
- .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1)
- .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1)
- .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2")
- .addGroupsToUser("user1", "group1")
- .addGroupsToUser("user2", "group2")
- .addGroupsToUser("user3", "group3")
- .write(context.getPolicyFile());
-
- Connection connection = context.createConnection("admin1", "foo");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
- statement.execute("CREATE DATABASE " + dbName1);
- statement.execute("USE " + dbName1);
- statement.execute("DROP TABLE IF EXISTS " + dbName1 + "." + tableName1);
- statement.execute("create table " + dbName1 + "." + tableName1
- + " (under_col int comment 'the under column', value string)");
- statement.execute("LOAD DATA INPATH '" + dataFile.getPath() + "' INTO TABLE "
- + dbName1 + "." + tableName1);
- statement.execute("DROP TEMPORARY FUNCTION IF EXISTS printf_test");
- statement.execute("DROP TEMPORARY FUNCTION IF EXISTS printf_test_2");
- context.close();
-
- // user1 should be able create/drop temp functions
- connection = context.createConnection("user1", "foo");
- statement = context.createStatement(connection);
- statement.execute("USE " + dbName1);
- statement.execute(
- "CREATE TEMPORARY FUNCTION printf_test AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFPrintf'");
- statement.execute("DROP TEMPORARY FUNCTION printf_test");
- context.close();
-
- // user2 has select privilege on one of the tables in db2, should be able create/drop temp functions
- connection = context.createConnection("user2", "foo");
- statement = context.createStatement(connection);
- statement.execute("USE " + dbName1);
- statement.execute(
- "CREATE TEMPORARY FUNCTION printf_test_2 AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFPrintf'");
- statement.execute("DROP TEMPORARY FUNCTION printf_test");
- context.close();
-
- // user3 shouldn't be able to create/drop temp functions since it doesn't have permission for jar
- connection = context.createConnection("user3", "foo");
- statement = context.createStatement(connection);
- try {
- statement.execute("USE " + dbName1);
- statement.execute(
- "CREATE TEMPORARY FUNCTION printf_test_bad AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFPrintf'");
- assertFalse("CREATE TEMPORARY FUNCTION should fail for user3", true);
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
- context.close();
-
- // user4 (not part of any group ) shouldn't be able to create/drop temp functions
- connection = context.createConnection("user4", "foo");
- statement = context.createStatement(connection);
- try {
- statement.execute("USE default");
- statement.execute(
- "CREATE TEMPORARY FUNCTION printf_test_bad AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFPrintf'");
- assertFalse("CREATE TEMPORARY FUNCTION should fail for user4", true);
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
- context.close();
-
- }
-
- @Test
- public void testUdfWhiteList () throws Exception {
- String dbName1 = "db1";
- String tableName1 = "tab1";
-
- policyFile
- .addRolesToGroup("group1", "db1_all", "UDF_JAR")
- .addRolesToGroup("group2", "db1_tab1", "UDF_JAR")
- .addRolesToGroup("group3", "db1_tab1")
- .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1)
- .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1)
- .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2")
- .addGroupsToUser("user1", "group1")
- .write(context.getPolicyFile());
-
- Connection connection = context.createConnection("admin1", "password");
- Statement statement = connection.createStatement();
- statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
- statement.execute("CREATE DATABASE " + dbName1);
- statement.execute("USE " + dbName1);
- statement.execute("create table " + tableName1
- + " (under_col int comment 'the under column', value string)");
- statement.execute("LOAD DATA INPATH '" + dataFile.getPath() + "' INTO TABLE "
- + dbName1 + "." + tableName1);
- statement.execute("SELECT rand(), concat(value, '_foo') FROM " + tableName1);
-
- context.assertAuthzException(statement,
- "SELECT reflect('java.net.URLDecoder', 'decode', 'http://www.apache.org', 'utf-8'), value FROM " + tableName1);
- context.assertAuthzException(statement,
- "SELECT java_method('java.net.URLDecoder', 'decode', 'http://www.apache.org', 'utf-8'), value FROM " + tableName1);
- statement.close();
- connection.close();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
deleted file mode 100644
index ed4509e..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
+++ /dev/null
@@ -1,678 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e;
-
-import static org.junit.Assert.*;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-
-import junit.framework.Assert;
-
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.io.Resources;
-
-/* Tests privileges at table scope within a single database.
- */
-
-public class TestPrivilegesAtTableScope extends AbstractTestWithStaticLocalFS {
-
- private Context context;
- private PolicyFile policyFile;
-
- private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
- private final String MULTI_TYPE_DATA_FILE_NAME = "emp.dat";
-
- @Before
- public void setup() throws Exception {
- context = createContext();
- policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
- }
-
- @After
- public void teardown() throws Exception {
- if (context != null) {
- context.close();
- }
- }
-
- /*
- * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, loads data into
- * TAB_1, TAB_2 Admin grants SELECT on TAB_1, TAB_2, INSERT on TAB_1 to
- * USER_GROUP of which user1 is a member.
- */
- @Test
- public void testInsertAndSelect() throws Exception {
- File dataDir = context.getDataDir();
- // copy data file to test dir
- File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
- to.close();
-
- policyFile
- .addRolesToGroup("user_group", "select_tab1", "insert_tab1", "select_tab2")
- .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
- .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
- .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("CREATE DATABASE DB_1");
- statement.execute("USE DB_1");
- statement.execute("CREATE TABLE TAB_1(A STRING)");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_1");
- statement.execute("CREATE TABLE TAB_2(A STRING)");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_2");
- statement.close();
- connection.close();
-
- // test execution
- connection = context.createConnection("user1", "password");
- statement = context.createStatement(connection);
- statement.execute("USE DB_1");
- // test user can insert
- statement.execute("INSERT INTO TABLE TAB_1 SELECT A FROM TAB_2");
- // test user can query table
- ResultSet resultSet = statement.executeQuery("SELECT COUNT(A) FROM TAB_1");
- int count = 0;
- int countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
-
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 1000);
-
- // negative test: test user can't drop
- try {
- statement.execute("DROP TABLE TAB_1");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
- statement.close();
- connection.close();
-
- // connect as admin and drop tab_1
- connection = context.createConnection("admin1", "hive");
- statement = context.createStatement(connection);
- statement.execute("USE DB_1");
- statement.execute("DROP TABLE TAB_1");
- statement.close();
- connection.close();
-
- // negative test: connect as user1 and try to recreate tab_1
- connection = context.createConnection("user1", "password");
- statement = context.createStatement(connection);
- statement.execute("USE DB_1");
- try {
- statement.execute("CREATE TABLE TAB_1(A STRING)");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- statement.close();
- connection.close();
-
- // test cleanup
- connection = context.createConnection("admin1", "hive");
- statement = context.createStatement(connection);
- statement.execute("DROP DATABASE DB_1 CASCADE");
- statement.close();
- connection.close();
-
- }
-
- /*
- * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, loads data into
- * TAB_1, TAB_2. Admin grants INSERT on TAB_1, SELECT on TAB_2 to USER_GROUP
- * of which user1 is a member.
- */
- @Test
- public void testInsert() throws Exception {
- File dataDir = context.getDataDir();
- // copy data file to test dir
- File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
- to.close();
-
- policyFile
- .addRolesToGroup("user_group", "insert_tab1", "select_tab2")
- .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
- .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("CREATE DATABASE DB_1");
- statement.execute("USE DB_1");
- statement.execute("CREATE TABLE TAB_1(A STRING)");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_1");
- statement.execute("CREATE VIEW VIEW_1(A) AS SELECT A FROM TAB_1");
- statement.execute("CREATE TABLE TAB_2(A STRING)");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_2");
- statement.close();
- connection.close();
-
- // test execution
- connection = context.createConnection("user1", "password");
- statement = context.createStatement(connection);
- statement.execute("USE DB_1");
- // test user can execute insert on table
- statement.executeQuery("INSERT INTO TABLE TAB_1 SELECT A FROM TAB_2");
-
- // negative test: user can't query table
- try {
- statement.executeQuery("SELECT COUNT(A) FROM TAB_1");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- // negative test: test user can't query view
- try {
- statement.executeQuery("SELECT COUNT(A) FROM VIEW_1");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- // negative test case: show tables shouldn't list VIEW_1
- ResultSet resultSet = statement.executeQuery("SHOW TABLES");
- while (resultSet.next()) {
- String tableName = resultSet.getString(1);
- assertNotNull("table name is null in result set", tableName);
- assertFalse("Found VIEW_1 in the result set",
- "VIEW_1".equalsIgnoreCase(tableName));
- }
-
- // negative test: test user can't create a new view
- try {
- statement.executeQuery("CREATE VIEW VIEW_2(A) AS SELECT A FROM TAB_1");
- Assert.fail("Expected SQL Exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
- statement.close();
- connection.close();
-
- // test cleanup
- connection = context.createConnection("admin1", "hive");
- statement = context.createStatement(connection);
- statement.execute("DROP DATABASE DB_1 CASCADE");
- statement.close();
- connection.close();
- }
-
- /*
- * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, loads data into
- * TAB_1, TAB_2. Admin grants SELECT on TAB_1, TAB_2 to USER_GROUP of which
- * user1 is a member.
- */
- @Test
- public void testSelect() throws Exception {
- // copy data file to test dir
- File dataDir = context.getDataDir();
- File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
- to.close();
-
- policyFile
- .addRolesToGroup("user_group", "select_tab1", "select_tab2")
- .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
- .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
- .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
-
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("CREATE DATABASE DB_1");
- statement.execute("USE DB_1");
- statement.execute("CREATE TABLE TAB_1(A STRING)");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_1");
- statement.execute("CREATE VIEW VIEW_1(A) AS SELECT A FROM TAB_1");
- statement.execute("CREATE TABLE TAB_2(A STRING)");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_2");
- statement.close();
- connection.close();
-
- // test execution
- connection = context.createConnection("user1", "password");
- statement = context.createStatement(connection);
- statement.execute("USE DB_1");
- // test user can execute query on table
- ResultSet resultSet = statement.executeQuery("SELECT COUNT(A) FROM TAB_1");
- int count = 0;
- int countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 500);
-
- // negative test: test insert into table
- try {
- statement.executeQuery("INSERT INTO TABLE TAB_1 SELECT A FROM TAB_2");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- // negative test: test user can't query view
- try {
- statement.executeQuery("SELECT COUNT(A) FROM VIEW_1");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- // negative test: test user can't create a new view
- try {
- statement.executeQuery("CREATE VIEW VIEW_2(A) AS SELECT A FROM TAB_1");
- Assert.fail("Expected SQL Exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
- statement.close();
- connection.close();
-
- // test cleanup
- connection = context.createConnection("admin1", "hive");
- statement = context.createStatement(connection);
- statement.execute("DROP DATABASE DB_1 CASCADE");
- statement.close();
- connection.close();
- }
-
- /*
- * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, VIEW_1 on TAB_1
- * loads data into TAB_1, TAB_2. Admin grants SELECT on TAB_1,TAB_2 to
- * USER_GROUP of which user1 is a member.
- */
- @Test
- public void testTableViewJoin() throws Exception {
- // copy data file to test dir
- File dataDir = context.getDataDir();
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
-
- policyFile
- .addRolesToGroup("user_group", "select_tab1", "select_tab2")
- .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
- .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
-
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("CREATE DATABASE DB_1");
- statement.execute("USE DB_1");
- statement.execute("CREATE TABLE TAB_1(B INT, A STRING) "
- + " row format delimited fields terminated by '|' stored as textfile");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_1");
- statement.execute("CREATE VIEW VIEW_1 AS SELECT A, B FROM TAB_1");
- statement.execute("CREATE TABLE TAB_2(B INT, A STRING) "
- + " row format delimited fields terminated by '|' stored as textfile");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_2");
- statement.close();
- connection.close();
-
- // test execution
- connection = context.createConnection("user1", "password");
- statement = context.createStatement(connection);
- statement.execute("USE DB_1");
- // test user can execute query TAB_1 JOIN TAB_2
- ResultSet resultSet = statement
- .executeQuery("SELECT COUNT(*) FROM TAB_1 T1 JOIN TAB_2 T2 ON (T1.B = T2.B)");
- int count = 0;
- int countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 12);
-
- // negative test: test user can't execute query VIEW_1 JOIN TAB_2
- try {
- statement
- .executeQuery("SELECT COUNT(*) FROM VIEW_1 V1 JOIN TAB_2 T2 ON (V1.B = T2.B)");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- statement.close();
- connection.close();
-
- // test cleanup
- connection = context.createConnection("admin1", "hive");
- statement = context.createStatement(connection);
- statement.execute("DROP DATABASE DB_1 CASCADE");
- statement.close();
- connection.close();
- }
-
- /*
- * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, VIEW_1 on TAB_1
- * loads data into TAB_1, TAB_2. Admin grants SELECT on TAB_2 to USER_GROUP of
- * which user1 is a member.
- */
- @Test
- public void testTableViewJoin2() throws Exception {
-
- File dataDir = context.getDataDir();
- // copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
-
- policyFile
- .addRolesToGroup("user_group", "select_tab2")
- .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
- .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
-
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("CREATE DATABASE DB_1");
- statement.execute("USE DB_1");
- statement.execute("CREATE TABLE TAB_1(B INT, A STRING) "
- + " row format delimited fields terminated by '|' stored as textfile");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_1");
- statement.execute("CREATE VIEW VIEW_1 AS SELECT A, B FROM TAB_1");
- statement.execute("CREATE TABLE TAB_2(B INT, A STRING) "
- + " row format delimited fields terminated by '|' stored as textfile");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_2");
- statement.close();
- connection.close();
-
- // test execution
- connection = context.createConnection("user1", "password");
- statement = context.createStatement(connection);
- statement.execute("USE DB_1");
- // test user can execute query on TAB_2
- ResultSet resultSet = statement.executeQuery("SELECT COUNT(*) FROM TAB_2");
- int count = 0;
- int countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 12);
-
- // negative test: test user can't execute query VIEW_1 JOIN TAB_2
- try {
- statement
- .executeQuery("SELECT COUNT(*) FROM VIEW_1 JOIN TAB_2 ON (VIEW_1.B = TAB_2.B)");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- // negative test: test user can't execute query TAB_1 JOIN TAB_2
- try {
- statement
- .executeQuery("SELECT COUNT(*) FROM TAB_1 JOIN TAB_2 ON (TAB_1.B = TAB_2.B)");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- statement.close();
- connection.close();
-
- // test cleanup
- connection = context.createConnection("admin1", "hive");
- statement = context.createStatement(connection);
- statement.execute("DROP DATABASE DB_1 CASCADE");
- statement.close();
- connection.close();
- }
-
- /*
- * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, VIEW_1 on TAB_1
- * loads data into TAB_1, TAB_2. Admin grants SELECT on TAB_2, VIEW_1 to
- * USER_GROUP of which user1 is a member.
- */
- @Test
- public void testTableViewJoin3() throws Exception {
- File dataDir = context.getDataDir();
- // copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
-
- policyFile
- .addRolesToGroup("user_group", "select_tab2", "select_view1")
- .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select")
- .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
-
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("CREATE DATABASE DB_1");
- statement.execute("USE DB_1");
- statement.execute("CREATE TABLE TAB_1(B INT, A STRING) "
- + " row format delimited fields terminated by '|' stored as textfile");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_1");
- statement.execute("CREATE VIEW VIEW_1 AS SELECT A, B FROM TAB_1");
- statement.execute("CREATE TABLE TAB_2(B INT, A STRING) "
- + " row format delimited fields terminated by '|' stored as textfile");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_2");
- statement.close();
- connection.close();
-
- // test execution
- connection = context.createConnection("user1", "password");
- statement = context.createStatement(connection);
- statement.execute("USE DB_1");
- // test user can execute query on TAB_2
- ResultSet resultSet = statement.executeQuery("SELECT COUNT(*) FROM TAB_2");
- int count = 0;
- int countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 12);
-
- // test user can execute query VIEW_1 JOIN TAB_2
- resultSet = statement
- .executeQuery("SELECT COUNT(*) FROM VIEW_1 V1 JOIN TAB_2 T2 ON (V1.B = T2.B)");
- count = 0;
- countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 12);
-
- // test user can execute query on VIEW_1
- resultSet = statement.executeQuery("SELECT COUNT(*) FROM VIEW_1");
- count = 0;
- countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 12);
-
- // negative test: test user can't execute query TAB_1 JOIN TAB_2
- try {
- statement
- .executeQuery("SELECT COUNT(*) FROM TAB_1 T1 JOIN TAB_2 T2 ON (T1.B = T2.B)");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- statement.close();
- connection.close();
-
- // test cleanup
- connection = context.createConnection("admin1", "hive");
- statement = context.createStatement(connection);
- statement.execute("DROP DATABASE DB_1 CASCADE");
- statement.close();
- connection.close();
- }
-
- /*
- * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, VIEW_1 on TAB_1
- * loads data into TAB_1, TAB_2. Admin grants SELECT on TAB_1, VIEW_1 to
- * USER_GROUP of which user1 is a member.
- */
- @Test
- public void testTableViewJoin4() throws Exception {
- File dataDir = context.getDataDir();
- // copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
-
- policyFile
- .addRolesToGroup("user_group", "select_tab1", "select_view1")
- .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select")
- .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("admin1", "hive");
- Statement statement = context.createStatement(connection);
-
- statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
- statement.execute("CREATE DATABASE DB_1");
- statement.execute("USE DB_1");
- statement.execute("CREATE TABLE TAB_1(B INT, A STRING) "
- + " row format delimited fields terminated by '|' stored as textfile");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_1");
- statement.execute("CREATE VIEW VIEW_1 AS SELECT A, B FROM TAB_1");
- statement.execute("CREATE TABLE TAB_2(B INT, A STRING) "
- + " row format delimited fields terminated by '|' stored as textfile");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath()
- + "' INTO TABLE TAB_2");
- statement.close();
- connection.close();
-
- // test execution
- connection = context.createConnection("user1", "password");
- statement = context.createStatement(connection);
- statement.execute("USE DB_1");
-
- // test user can execute query VIEW_1 JOIN TAB_1
- ResultSet resultSet = statement
- .executeQuery("SELECT COUNT(*) FROM VIEW_1 JOIN TAB_1 ON (VIEW_1.B = TAB_1.B)");
- int count = 0;
- int countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 12);
-
- // negative test: test user can't execute query TAB_1 JOIN TAB_2
- try {
- statement
- .executeQuery("SELECT COUNT(*) FROM TAB_1 JOIN TAB_2 ON (TAB_1.B = TAB_2.B)");
- Assert.fail("Expected SQL exception");
- } catch (SQLException e) {
- context.verifyAuthzException(e);
- }
-
- statement.close();
- connection.close();
-
- // test cleanup
- connection = context.createConnection("admin1", "hive");
- statement = context.createStatement(connection);
- statement.execute("DROP DATABASE DB_1 CASCADE");
- statement.close();
- connection.close();
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/aef404c6/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java
deleted file mode 100644
index b9f71a9..0000000
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java
+++ /dev/null
@@ -1,401 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.io.Resources;
-
-/**
- * Metadata tests for show tables and show databases. * Unlike rest of the
- * access privilege validation which is handled in semantic hooks, these
- * statements are validaed via a runtime fetch hook
- */
-public class TestRuntimeMetadataRetrieval
- extends
- AbstractTestWithStaticLocalFS {
- private Context context;
- private PolicyFile policyFile;
- private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
- private File dataDir;
- private File dataFile;
-
- @Before
- public void setup() throws Exception {
- context = createContext();
- dataDir = context.getDataDir();
- dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
- to.close();
- policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
- }
-
- @After
- public void tearDown() throws Exception {
- if (context != null) {
- context.close();
- }
- }
-
- /**
- * Steps: 1. admin create db_1 and db_1.tb_1
- * 2. admin should see all tables
- * 3. user1 should only see the tables it has any level of privilege
- */
- @Test
- public void testShowTables1() throws Exception {
- String dbName1 = "db_1";
- // tables visible to user1 (not access to tb_4
- String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"};
- List<String> tableNamesValidation = new ArrayList<String>();
-
- policyFile
- .addRolesToGroup("user_group", "tab1_priv,tab2_priv,tab3_priv")
- .addPermissionsToRole("tab1_priv", "server=server1->db=" + dbName1 + "->table="
- + tableNames[0] + "->action=select")
- .addPermissionsToRole("tab2_priv", "server=server1->db=" + dbName1 + "->table="
- + tableNames[1] + "->action=insert")
- .addPermissionsToRole("tab3_priv", "server=server1->db=" + dbName1 + "->table="
- + tableNames[2] + "->action=select")
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- String user1TableNames[] = {"tb_1", "tb_2", "tb_3"};
-
- Connection connection = context.createConnection("admin1", "foo");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
- statement.execute("CREATE DATABASE " + dbName1);
- statement.execute("USE " + dbName1);
- createTabs(statement, dbName1, tableNames);
- // Admin should see all tables
- ResultSet rs = statement.executeQuery("SHOW TABLES");
- tableNamesValidation.addAll(Arrays.asList(tableNames));
-
- validateTables(rs, dbName1, tableNamesValidation);
- statement.close();
- context.close();
-
- connection = context.createConnection("user1", "foo");
- statement = context.createStatement(connection);
- statement.execute("USE " + dbName1);
- // User1 should see tables with any level of access
- rs = statement.executeQuery("SHOW TABLES");
- tableNamesValidation.addAll(Arrays.asList(user1TableNames));
- validateTables(rs, dbName1, tableNamesValidation);
- statement.close();
- context.close();
- }
-
- /**
- * Steps: 1. admin create db_1 and tables
- * 2. admin should see all tables
- * 3. user1 should only see the all tables with db level privilege
- */
- @Test
- public void testShowTables2() throws Exception {
- String dbName1 = "db_1";
- // tables visible to user1 (not access to tb_4
- String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"};
- List<String> tableNamesValidation = new ArrayList<String>();
-
- policyFile
- .addRolesToGroup("user_group", "db_priv")
- .addPermissionsToRole("db_priv", "server=server1->db=" + dbName1)
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- String user1TableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"};
-
- Connection connection = context.createConnection("admin1", "foo");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
- statement.execute("CREATE DATABASE " + dbName1);
- statement.execute("USE " + dbName1);
- createTabs(statement, dbName1, tableNames);
- // Admin should see all tables
- ResultSet rs = statement.executeQuery("SHOW TABLES");
- tableNamesValidation.addAll(Arrays.asList(tableNames));
- validateTables(rs, dbName1, tableNamesValidation);
- statement.close();
- context.close();
-
- connection = context.createConnection("user1", "foo");
- statement = context.createStatement(connection);
- statement.execute("USE " + dbName1);
- // User1 should see tables with any level of access
- rs = statement.executeQuery("SHOW TABLES");
- tableNamesValidation.addAll(Arrays.asList(user1TableNames));
- validateTables(rs, dbName1, tableNamesValidation);
- statement.close();
- context.close();
- }
-
- /**
- * Steps: 1. admin create db_1 and db_1.tb_1
- * 2. admin should see all tables
- * 3. user1 should only see the tables he/she has any level of privilege
- */
- @Test
- public void testShowTables3() throws Exception {
- String dbName1 = "db_1";
- // tables visible to user1 (not access to tb_4
- String tableNames[] = {"tb_1", "tb_2", "tb_3", "newtab_3"};
- List<String> tableNamesValidation = new ArrayList<String>();
-
- policyFile
- .addRolesToGroup("user_group", "tab_priv")
- .addPermissionsToRole("tab_priv", "server=server1->db=" + dbName1 + "->table="
- + tableNames[3] + "->action=insert")
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- String adminTableNames[] = {"tb_3", "newtab_3", "tb_2", "tb_1"};
- String user1TableNames[] = {"newtab_3"};
-
- Connection connection = context.createConnection("admin1", "foo");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
- statement.execute("CREATE DATABASE " + dbName1);
- statement.execute("USE " + dbName1);
- createTabs(statement, dbName1, tableNames);
- // Admin should see all tables
- ResultSet rs = statement.executeQuery("SHOW TABLES");
- tableNamesValidation.addAll(Arrays.asList(adminTableNames));
- validateTables(rs, dbName1, tableNamesValidation);
- statement.close();
- context.close();
-
- connection = context.createConnection("user1", "foo");
- statement = context.createStatement(connection);
- statement.execute("USE " + dbName1);
- // User1 should see tables with any level of access
- rs = statement.executeQuery("SHOW TABLES");
- tableNamesValidation.addAll(Arrays.asList(user1TableNames));
- validateTables(rs, dbName1, tableNamesValidation);
- statement.close();
- context.close();
- }
-
- /**
- * Steps: 1. admin create db_1 and db_1.tb_1
- * 2. admin should see all tables
- * 3. user1 should only see the tables with db level privilege
- */
- @Test
- public void testShowTables4() throws Exception {
- String dbName1 = "db_1";
- String tableNames[] = {"tb_1", "tb_2", "tb_3", "newtab_3"};
- List<String> tableNamesValidation = new ArrayList<String>();
-
- policyFile
- .addRolesToGroup("user_group", "tab_priv")
- .addPermissionsToRole("tab_priv", "server=server1->db=" + dbName1)
- .addGroupsToUser("user1", "user_group")
- .write(context.getPolicyFile());
-
- String adminTableNames[] = {"tb_3", "newtab_3", "tb_1", "tb_2"};
- String user1TableNames[] = {"tb_3", "newtab_3", "tb_1", "tb_2"};
-
- Connection connection = context.createConnection("admin1", "foo");
- Statement statement = context.createStatement(connection);
- statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
- statement.execute("CREATE DATABASE " + dbName1);
- statement.execute("USE " + dbName1);
- createTabs(statement, dbName1, tableNames);
- // Admin should be able to see all tables
- ResultSet rs = statement.executeQuery("SHOW TABLES");
- tableNamesValidation.addAll(Arrays.asList(adminTableNames));
- validateTables(rs, dbName1, tableNamesValidation);
- statement.close();
- context.close();
-
- connection = context.createConnection("user1", "foo");
- statement = context.createStatement(connection);
- statement.execute("USE " + dbName1);
- // User1 should see tables with any level of access
- rs = statement.executeQuery("SHOW TABLES");
- tableNamesValidation.addAll(Arrays.asList(user1TableNames));
- validateTables(rs, dbName1, tableNamesValidation);
- statement.close();
- context.close();
- }
-
- /**
- * Steps: 1. admin creates tables in default db
- * 2. user1 shouldn't see any table when he/she doesn't have any privilege on default
- */
- @Test
- public void testShowTables5() throws Exception {
- String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"};
-
- policyFile
- .addRolesToGroup("user_group", "db_priv")
- .write(context.getPolicyFile());
- Connection connection = context.createConnection("admin1", "foo");
- Statement statement = context.createStatement(connection);
- createTabs(statement, "default", tableNames);
- context.close();
-
- connection = context.createConnection("user1", "foo");
- statement = context.createStatement(connection);
- // User1 should see tables with any level of access
- ResultSet rs = statement.executeQuery("SHOW TABLES");
- // user1 doesn't have access to any tables in default db
- Assert.assertFalse(rs.next());
- statement.close();
- context.close();
- }
-
- /**
- * Steps: 1. admin create few dbs
- * 2. admin can do show databases
- * 3. users with db level permissions should only those dbs on 'show database'
- */
- @Test
- public void testShowDatabases1() throws Exception {
- List<String> dbNamesValidation = new ArrayList<String>();
- String[] dbNames = {"db_1", "db_2", "db_3"};
- String[] user1DbNames = {"db_1"};
-
- policyFile
- .addRolesToGroup("group1", "db1_all")
- .addPermissionsToRole("db1_all", "server=server1->db=db_1")
- .addGroupsToUser("user1", "group1")
- .write(context.getPolicyFile());
-
- Connection connection = context.createConnection("admin1", "foo");
- Statement statement = context.createStatement(connection);
- // create all dbs
- createDBs(statement, dbNames);
- ResultSet rs = statement.executeQuery("SHOW DATABASES");
- dbNamesValidation.addAll(Arrays.asList(dbNames));
- dbNamesValidation.add("default");
- // admin should see all dbs
- validateDBs(rs, dbNamesValidation);
- rs.close();
- context.close();
-
- connection = context.createConnection("user1", "foo");
- statement = context.createStatement(connection);
- rs = statement.executeQuery("SHOW DATABASES");
- dbNamesValidation.addAll(Arrays.asList(user1DbNames));
- dbNamesValidation.add("default");
- // user should see only dbs with access
- validateDBs(rs, dbNamesValidation);
- rs.close();
- context.close();
- }
-
- /**
- * Steps: 1. admin create few dbs
- * 2. admin can do show databases
- * 3. users with table level permissions should should only those parent dbs on 'show
- * database'
- */
- @Test
- public void testShowDatabases2() throws Exception {
- String[] dbNames = {"db_1", "db_2", "db_3"};
- List<String> dbNamesValidation = new ArrayList<String>();
- String[] user1DbNames = {"db_1", "db_2"};
-
- policyFile
- .addRolesToGroup("group1", "db1_tab,db2_tab")
- .addPermissionsToRole("db1_tab", "server=server1->db=db_1->table=tb_1->action=select")
- .addPermissionsToRole("db2_tab", "server=server1->db=db_2->table=tb_1->action=insert")
- .addGroupsToUser("user1", "group1")
- .write(context.getPolicyFile());
-
- // verify by SQL
- // 1, 2
- Connection connection = context.createConnection("admin1", "foo");
- Statement statement = context.createStatement(connection);
- createDBs(statement, dbNames); // create all dbs
- ResultSet rs = statement.executeQuery("SHOW DATABASES");
- dbNamesValidation.addAll(Arrays.asList(dbNames));
- dbNamesValidation.add("default");
- validateDBs(rs, dbNamesValidation); // admin should see all dbs
- rs.close();
- context.close();
-
- connection = context.createConnection("user1", "foo");
- statement = context.createStatement(connection);
- rs = statement.executeQuery("SHOW DATABASES");
- dbNamesValidation.addAll(Arrays.asList(user1DbNames));
- dbNamesValidation.add("default");
- // user should see only dbs with access
- validateDBs(rs, dbNamesValidation);
- rs.close();
- context.close();
- }
-
- // create given dbs
- private void createDBs(Statement statement, String dbNames[])
- throws SQLException {
- for (String dbName : dbNames) {
- statement.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE");
- statement.execute("CREATE DATABASE " + dbName);
- }
- }
-
- // compare the table resultset with given array of table names
- private void validateDBs(ResultSet rs, List<String> dbNames)
- throws SQLException {
- while (rs.next()) {
- String dbName = rs.getString(1);
- Assert.assertTrue(dbName, dbNames.remove(dbName.toLowerCase()));
- }
- Assert.assertTrue(dbNames.toString(), dbNames.isEmpty());
- rs.close();
- }
-
- // Create the give tables
- private void createTabs(Statement statement, String dbName,
- String tableNames[]) throws SQLException {
- for (String tabName : tableNames) {
- statement.execute("DROP TABLE IF EXISTS " + dbName + "." + tabName);
- statement.execute("create table " + dbName + "." + tabName
- + " (under_col int comment 'the under column', value string)");
- }
- }
-
- // compare the table resultset with given array of table names
- private void validateTables(ResultSet rs, String dbName,
- List<String> tableNames) throws SQLException {
- while (rs.next()) {
- String tableName = rs.getString(1);
- Assert.assertTrue(tableName, tableNames.remove(tableName.toLowerCase()));
- }
- Assert.assertTrue(tableNames.toString(), tableNames.isEmpty());
- rs.close();
- }
-}