You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2017/08/31 22:43:15 UTC
ranger git commit: RANGER-1631: added unit test for UDF creation with * database name

Repository: ranger
Updated Branches:
  refs/heads/master a71dab7fd -> 95615f8eb


RANGER-1631: added unit test for UDF creation with * database name

Signed-off-by: rmani <rm...@hortonworks.com>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/95615f8e
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/95615f8e
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/95615f8e

Branch: refs/heads/master
Commit: 95615f8eb7c6acd7c92c75527e8255d59143f68e
Parents: a71dab7
Author: Endre Zoltan Kovacs <ek...@hortonworks.com>
Authored: Wed Aug 23 12:38:41 2017 +0200
Committer: rmani <rm...@hortonworks.com>
Committed: Thu Aug 31 15:37:40 2017 -0700

----------------------------------------------------------------------
 .../services/hive/HIVERangerAuthorizerTest.java |  30 ++++
 .../src/test/resources/hive-policies.json       | 174 ++++++++++++++++++-
 2 files changed, 203 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/95615f8e/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
index 2c9e955..17eb1e7 100644
--- a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
+++ b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
@@ -49,6 +49,7 @@ import org.junit.Test;
  * d) "dave" can do a select on the table "words" but only if the "count" column is >= 80
  * e) "jane" can do a select on the table "words", but only get a "hash" of the word, and not the word itself.
  * f) "da_test_user" is delegate admin for rangerauthz database.
+ * g) "tom" has all permissions on database "test1" and has all permissions on all databases with regard to UDF
  *
  * In addition we have some TAG based policies created in Atlas and synced into Ranger:
  *
@@ -330,6 +331,35 @@ public class HIVERangerAuthorizerTest {
     }
 
     @Test
+    public void testHiveUdfCreateOnWildcardDatabase() throws Exception {
+		String url = "jdbc:hive2://localhost:" + port;
+		// "tom" has:
+		// ranger permissions to create/read/update/drop the database
+		// ranger permissions to create/read/update/drop UDFs on test1 database
+		try (	Connection connection = DriverManager.getConnection(url, "tom", "tom");
+				Statement statement = connection.createStatement()) {
+			statement.execute("DROP DATABASE IF EXISTS test1");
+			statement.execute("CREATE DATABASE test1");
+			statement.execute("USE test1");
+			statement.execute("CREATE TEMPORARY FUNCTION tmp AS \"org.apache.hadoop.hive.ql.udf.UDFPI\"");
+			statement.execute("CREATE FUNCTION tmp AS \"org.apache.hadoop.hive.ql.udf.UDFPI\"");
+			ResultSet resultSet = statement.executeQuery("SHOW FUNCTIONS LIKE '*tmp'");
+			int rowCounter = 0;
+			while (resultSet.next()) {
+				String value = resultSet.getString(1);
+				if (value.contains("tmp")) {
+				  ++rowCounter;
+				}
+			}
+			Assert.assertEquals(2, rowCounter);
+			// clean up
+			statement.execute("DROP FUNCTION IF EXISTS tmp");
+			statement.execute("DROP FUNCTION IF EXISTS test1.tmp");
+			statement.execute("DROP DATABASE IF EXISTS test1");
+		}
+	}
+
+    @Test
     public void testHiveCreateDropDatabase() throws Exception {
 
         String url = "jdbc:hive2://localhost:" + port;

http://git-wip-us.apache.org/repos/asf/ranger/blob/95615f8e/hive-agent/src/test/resources/hive-policies.json
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/resources/hive-policies.json b/hive-agent/src/test/resources/hive-policies.json
index 41a4e20..3613206 100644
--- a/hive-agent/src/test/resources/hive-policies.json
+++ b/hive-agent/src/test/resources/hive-policies.json
@@ -544,7 +544,179 @@
       "id": 9,
       "isEnabled": true,
       "version": 2
-    }
+    },
+    {
+      "service": "cl1_hive",
+      "name": "Tom - database: ALL, udf: ALL, permissions: ALL",
+      "policyType": 0,
+      "isAuditEnabled": true,
+      "resources": {
+        "database": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        },
+        "udf": {
+          "values": [
+            "*"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
+        {
+			"accesses": [
+				{
+					"type": "select",
+					"isAllowed": true
+				},
+				{
+					"type": "update",
+					"isAllowed": true
+				},
+				{
+					"type": "create",
+					"isAllowed": true
+				},
+				{
+					"type": "drop",
+					"isAllowed": true
+				},
+				{
+					"type": "alter",
+					"isAllowed": true
+				},
+				{
+					"type": "index",
+					"isAllowed": true
+				},
+				{
+					"type": "lock",
+					"isAllowed": true
+				},
+				{
+					"type": "all",
+					"isAllowed": true
+				},
+				{
+					"type": "read",
+					"isAllowed": true
+				},
+				{
+					"type": "write",
+					"isAllowed": true
+				}
+			],
+			"users": [
+				"tom"
+			],
+			"groups": [],
+			"conditions": [],
+			"delegateAdmin": false
+		}
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "id": 9,
+      "isEnabled": true,
+      "version": 1
+    },
+{
+	"service": "cl1_hive",
+	"name": "Tom - database: ALL, permissions: ALL",
+	"policyType": 0,
+	"description": "",
+	"isAuditEnabled": true,
+	"resources": {
+		"database": {
+			"values": [
+				"test1"
+			],
+			"isExcludes": false,
+			"isRecursive": false
+		},
+		"column": {
+			"values": [
+				"*"
+			],
+			"isExcludes": false,
+			"isRecursive": false
+		},
+		"table": {
+			"values": [
+				"*"
+			],
+			"isExcludes": false,
+			"isRecursive": false
+		}
+	},
+	"policyItems": [
+		{
+			"accesses": [
+				{
+					"type": "select",
+					"isAllowed": true
+				},
+				{
+					"type": "update",
+					"isAllowed": true
+				},
+				{
+					"type": "create",
+					"isAllowed": true
+				},
+				{
+					"type": "drop",
+					"isAllowed": true
+				},
+				{
+					"type": "alter",
+					"isAllowed": true
+				},
+				{
+					"type": "index",
+					"isAllowed": true
+				},
+				{
+					"type": "lock",
+					"isAllowed": true
+				},
+				{
+					"type": "all",
+					"isAllowed": true
+				},
+				{
+					"type": "read",
+					"isAllowed": true
+				},
+				{
+					"type": "write",
+					"isAllowed": true
+				}
+			],
+			"users": [
+				"tom"
+			],
+			"groups": [],
+			"conditions": [],
+			"delegateAdmin": false
+		}
+	],
+	"denyPolicyItems": [],
+	"allowExceptions": [],
+	"denyExceptions": [],
+	"dataMaskPolicyItems": [],
+	"rowFilterPolicyItems": [],
+	"id": 15,
+	"isEnabled": true,
+	"version": 2
+	}
   ],
   "serviceDef": {
     "name": "hive",