You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2017/08/31 22:43:15 UTC
ranger git commit: RANGER-1631: added unit test for UDF creation with
* database name
Repository: ranger
Updated Branches:
refs/heads/master a71dab7fd -> 95615f8eb
RANGER-1631: added unit test for UDF creation with * database name
Signed-off-by: rmani <rm...@hortonworks.com>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/95615f8e
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/95615f8e
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/95615f8e
Branch: refs/heads/master
Commit: 95615f8eb7c6acd7c92c75527e8255d59143f68e
Parents: a71dab7
Author: Endre Zoltan Kovacs <ek...@hortonworks.com>
Authored: Wed Aug 23 12:38:41 2017 +0200
Committer: rmani <rm...@hortonworks.com>
Committed: Thu Aug 31 15:37:40 2017 -0700
----------------------------------------------------------------------
.../services/hive/HIVERangerAuthorizerTest.java | 30 ++++
.../src/test/resources/hive-policies.json | 174 ++++++++++++++++++-
2 files changed, 203 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/95615f8e/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
index 2c9e955..17eb1e7 100644
--- a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
+++ b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
@@ -49,6 +49,7 @@ import org.junit.Test;
* d) "dave" can do a select on the table "words" but only if the "count" column is >= 80
* e) "jane" can do a select on the table "words", but only get a "hash" of the word, and not the word itself.
* f) "da_test_user" is delegate admin for rangerauthz database.
+ * g) "tom" has all permissions on database "test1" and has all permissions on all databases with regard to UDF
*
* In addition we have some TAG based policies created in Atlas and synced into Ranger:
*
@@ -330,6 +331,35 @@ public class HIVERangerAuthorizerTest {
}
@Test
+ public void testHiveUdfCreateOnWildcardDatabase() throws Exception {
+ String url = "jdbc:hive2://localhost:" + port;
+ // "tom" has:
+ // ranger permissions to create/read/update/drop the database
+ // ranger permissions to create/read/update/drop UDFs on test1 database
+ try ( Connection connection = DriverManager.getConnection(url, "tom", "tom");
+ Statement statement = connection.createStatement()) {
+ statement.execute("DROP DATABASE IF EXISTS test1");
+ statement.execute("CREATE DATABASE test1");
+ statement.execute("USE test1");
+ statement.execute("CREATE TEMPORARY FUNCTION tmp AS \"org.apache.hadoop.hive.ql.udf.UDFPI\"");
+ statement.execute("CREATE FUNCTION tmp AS \"org.apache.hadoop.hive.ql.udf.UDFPI\"");
+ ResultSet resultSet = statement.executeQuery("SHOW FUNCTIONS LIKE '*tmp'");
+ int rowCounter = 0;
+ while (resultSet.next()) {
+ String value = resultSet.getString(1);
+ if (value.contains("tmp")) {
+ ++rowCounter;
+ }
+ }
+ Assert.assertEquals(2, rowCounter);
+ // clean up
+ statement.execute("DROP FUNCTION IF EXISTS tmp");
+ statement.execute("DROP FUNCTION IF EXISTS test1.tmp");
+ statement.execute("DROP DATABASE IF EXISTS test1");
+ }
+ }
+
+ @Test
public void testHiveCreateDropDatabase() throws Exception {
String url = "jdbc:hive2://localhost:" + port;
http://git-wip-us.apache.org/repos/asf/ranger/blob/95615f8e/hive-agent/src/test/resources/hive-policies.json
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/resources/hive-policies.json b/hive-agent/src/test/resources/hive-policies.json
index 41a4e20..3613206 100644
--- a/hive-agent/src/test/resources/hive-policies.json
+++ b/hive-agent/src/test/resources/hive-policies.json
@@ -544,7 +544,179 @@
"id": 9,
"isEnabled": true,
"version": 2
- }
+ },
+ {
+ "service": "cl1_hive",
+ "name": "Tom - database: ALL, udf: ALL, permissions: ALL",
+ "policyType": 0,
+ "isAuditEnabled": true,
+ "resources": {
+ "database": {
+ "values": [
+ "*"
+ ],
+ "isExcludes": false,
+ "isRecursive": false
+ },
+ "udf": {
+ "values": [
+ "*"
+ ],
+ "isExcludes": false,
+ "isRecursive": false
+ }
+ },
+ "policyItems": [
+ {
+ "accesses": [
+ {
+ "type": "select",
+ "isAllowed": true
+ },
+ {
+ "type": "update",
+ "isAllowed": true
+ },
+ {
+ "type": "create",
+ "isAllowed": true
+ },
+ {
+ "type": "drop",
+ "isAllowed": true
+ },
+ {
+ "type": "alter",
+ "isAllowed": true
+ },
+ {
+ "type": "index",
+ "isAllowed": true
+ },
+ {
+ "type": "lock",
+ "isAllowed": true
+ },
+ {
+ "type": "all",
+ "isAllowed": true
+ },
+ {
+ "type": "read",
+ "isAllowed": true
+ },
+ {
+ "type": "write",
+ "isAllowed": true
+ }
+ ],
+ "users": [
+ "tom"
+ ],
+ "groups": [],
+ "conditions": [],
+ "delegateAdmin": false
+ }
+ ],
+ "denyPolicyItems": [],
+ "allowExceptions": [],
+ "denyExceptions": [],
+ "dataMaskPolicyItems": [],
+ "rowFilterPolicyItems": [],
+ "id": 9,
+ "isEnabled": true,
+ "version": 1
+ },
+{
+ "service": "cl1_hive",
+ "name": "Tom - database: ALL, permissions: ALL",
+ "policyType": 0,
+ "description": "",
+ "isAuditEnabled": true,
+ "resources": {
+ "database": {
+ "values": [
+ "test1"
+ ],
+ "isExcludes": false,
+ "isRecursive": false
+ },
+ "column": {
+ "values": [
+ "*"
+ ],
+ "isExcludes": false,
+ "isRecursive": false
+ },
+ "table": {
+ "values": [
+ "*"
+ ],
+ "isExcludes": false,
+ "isRecursive": false
+ }
+ },
+ "policyItems": [
+ {
+ "accesses": [
+ {
+ "type": "select",
+ "isAllowed": true
+ },
+ {
+ "type": "update",
+ "isAllowed": true
+ },
+ {
+ "type": "create",
+ "isAllowed": true
+ },
+ {
+ "type": "drop",
+ "isAllowed": true
+ },
+ {
+ "type": "alter",
+ "isAllowed": true
+ },
+ {
+ "type": "index",
+ "isAllowed": true
+ },
+ {
+ "type": "lock",
+ "isAllowed": true
+ },
+ {
+ "type": "all",
+ "isAllowed": true
+ },
+ {
+ "type": "read",
+ "isAllowed": true
+ },
+ {
+ "type": "write",
+ "isAllowed": true
+ }
+ ],
+ "users": [
+ "tom"
+ ],
+ "groups": [],
+ "conditions": [],
+ "delegateAdmin": false
+ }
+ ],
+ "denyPolicyItems": [],
+ "allowExceptions": [],
+ "denyExceptions": [],
+ "dataMaskPolicyItems": [],
+ "rowFilterPolicyItems": [],
+ "id": 15,
+ "isEnabled": true,
+ "version": 2
+ }
],
"serviceDef": {
"name": "hive",