You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by sd...@apache.org on 2015/10/27 02:24:03 UTC

[1/3] incubator-sentry git commit: SENTRY-928: Improve TestDbSentryOnFailureHookLoading for keeping database policies consistent with Hive metadata (Dapeng Sun, reviewed by Colin Ma)

Repository: incubator-sentry
Updated Branches:
  refs/heads/hive_plugin_v2 9429a2d38 -> 4854ab41d


SENTRY-928: Improve TestDbSentryOnFailureHookLoading for keeping database policies consistent with Hive metadata (Dapeng Sun, reviewed by Colin Ma)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/a482ff97
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/a482ff97
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/a482ff97

Branch: refs/heads/hive_plugin_v2
Commit: a482ff9758cff31d0d1b4eb0970e3f77d42f93e8
Parents: 9429a2d
Author: Sun Dapeng <sd...@apache.org>
Authored: Tue Oct 27 09:10:11 2015 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Tue Oct 27 09:10:11 2015 +0800

----------------------------------------------------------------------
 .../TestDbSentryOnFailureHookLoading.java       | 23 ++++++++++----------
 1 file changed, 12 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/a482ff97/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
index b06cf59..f166a11 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
@@ -104,21 +104,21 @@ public class TestDbSentryOnFailureHookLoading extends AbstractTestWithDbProvider
         + HiveServerFactory.DEFAULT_AUTHZ_SERVER_NAME + " TO ROLE admin_role");
     statement.execute("GRANT ROLE admin_role TO GROUP " + ADMINGROUP);
 
-    statement.execute("CREATE ROLE all_db1");
-    statement.execute("GRANT ALL ON DATABASE DB_1 TO ROLE all_db1");
-    statement.execute("GRANT ROLE all_db1 TO GROUP " + USERGROUP1);
-
-    statement.execute("CREATE ROLE read_db2_tab2");
-    statement.execute("GRANT ROLE read_db2_tab2 TO GROUP " + USERGROUP1);
-
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
     statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
     statement.execute("CREATE DATABASE DB_1");
     statement.execute("CREATE DATABASE DB_2");
     statement.execute("CREATE TABLE db_2.tab1(a int )");
 
+    statement.execute("CREATE ROLE all_db1");
+    statement.execute("GRANT ALL ON DATABASE DB_1 TO ROLE all_db1");
+    statement.execute("GRANT ROLE all_db1 TO GROUP " + USERGROUP1);
+
+    statement.execute("CREATE ROLE lock_db2_tab1");
+    statement.execute("GRANT ROLE lock_db2_tab1 TO GROUP " + USERGROUP1);
+
     statement.execute("USE db_2");
-    statement.execute("GRANT SELECT ON TABLE tab2 TO ROLE read_db2_tab2");// To give user1 privilege to do USE db_2
+    statement.execute("GRANT LOCK ON TABLE tab1 TO ROLE lock_db2_tab1");// To give user1 privilege to do USE db_2
     statement.close();
     connection.close();
 
@@ -171,6 +171,7 @@ public class TestDbSentryOnFailureHookLoading extends AbstractTestWithDbProvider
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
     statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
     statement.execute("CREATE DATABASE DB_1");
+    statement.execute("CREATE TABLE DB_1.tab1(a int )");
     statement.execute("CREATE ROLE all_db1");
     statement.execute("GRANT ALL ON DATABASE DB_1 TO ROLE all_db1");
     statement.execute("GRANT ROLE all_db1 TO GROUP " + USERGROUP1);
@@ -217,12 +218,12 @@ public class TestDbSentryOnFailureHookLoading extends AbstractTestWithDbProvider
 
         //Grant privilege on table doesnt expose db and table objects
     verifyFailureHook(statement,
-        "GRANT ALL ON TABLE tab1 TO ROLE admin_role",
+        "GRANT ALL ON TABLE db_1.tab1 TO ROLE admin_role",
         HiveOperation.GRANT_PRIVILEGE, null, null, true);
 
     //Revoke privilege on table doesnt expose db and table objects
     verifyFailureHook(statement,
-        "REVOKE ALL ON TABLE server1 FROM ROLE admin_role",
+        "REVOKE ALL ON TABLE db_1.tab1 FROM ROLE admin_role",
         HiveOperation.REVOKE_PRIVILEGE, null, null, true);
 
     //Grant privilege on database doesnt expose db and table objects
@@ -249,7 +250,7 @@ public class TestDbSentryOnFailureHookLoading extends AbstractTestWithDbProvider
       statement.execute(sqlStr);
       Assert.fail("Expected SQL exception for " + sqlStr);
     } catch (SQLException e) {
-      assertTrue(DummySentryOnFailureHook.invoked);
+      assertTrue("FailureHook is not ran : " + e.getMessage(), DummySentryOnFailureHook.invoked);
     } finally {
       DummySentryOnFailureHook.invoked = false;
     }

[2/3] incubator-sentry git commit: SENTRY-930: Improve TestDbDDLAuditLog for keep consistent with Hive metadata.(Dapeng Sun, reviewed by Colin Ma)

Posted by sd...@apache.org.

SENTRY-930: Improve TestDbDDLAuditLog for keep consistent with Hive metadata.(Dapeng Sun, reviewed by Colin Ma)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/b30711e8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/b30711e8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/b30711e8

Branch: refs/heads/hive_plugin_v2
Commit: b30711e89c730d0f69d95a8290cc851410b58bba
Parents: a482ff9
Author: Sun Dapeng <sd...@apache.org>
Authored: Tue Oct 27 09:13:38 2015 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Tue Oct 27 09:13:38 2015 +0800

----------------------------------------------------------------------
 .../org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java | 3 +++
 1 file changed, 3 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b30711e8/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java
index 8613034..3afd6b2 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java
@@ -84,6 +84,9 @@ public class TestDbDDLAuditLog extends AbstractTestWithStaticConfiguration {
     fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
     assertAuditLog(fieldValueMap);
 
+    statement.execute("create database " + dbName);
+    statement.execute("use " + dbName);
+    statement.execute("CREATE TABLE " + tableName + " (c1 string)");
     statement.execute("GRANT ALL ON DATABASE " + dbName + " TO ROLE " + roleName);
     fieldValueMap.clear();
     fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE);

[3/3] incubator-sentry git commit: SENTRY-931: Improve TestDatabaseProvider for keep consistent with Hive metadata.(Dapeng Sun, reviewed by Colin Ma)

Posted by sd...@apache.org.

SENTRY-931: Improve TestDatabaseProvider for keep consistent with Hive metadata.(Dapeng Sun, reviewed by Colin Ma)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/4854ab41
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/4854ab41
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/4854ab41

Branch: refs/heads/hive_plugin_v2
Commit: 4854ab41d3c5fb5c802693c3be0bc7bd02063ac6
Parents: b30711e
Author: Sun Dapeng <sd...@apache.org>
Authored: Tue Oct 27 09:15:04 2015 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Tue Oct 27 09:15:04 2015 +0800

----------------------------------------------------------------------
 .../sentry/tests/e2e/dbprovider/TestDatabaseProvider.java     | 7 +++++++
 1 file changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/4854ab41/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
index dc008a2..98de57d 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
@@ -1225,6 +1225,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
     Connection connection = context.createConnection(ADMIN1);
     Statement statement = context.createStatement(connection);
 
+    statement.execute("CREATE TABLE IF NOT EXISTS tab1(c1 string)");
     //Drop a role which does not exist
     context.assertSentryException(statement, "DROP ROLE role1",
         SentryNoSuchObjectException.class.getSimpleName());
@@ -1474,6 +1475,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
     ResultSet resultSet = statement.executeQuery("SHOW GRANT ROLE role1");
     assertResultSize(resultSet, 0);
     statement.execute("CREATE ROLE role2");
+    statement.execute("CREATE TABLE IF NOT EXISTS t1(c1 string, c2 int)");
     statement.execute("GRANT SELECT ON TABLE t1 TO ROLE role1");
     statement.execute("GRANT ROLE role1 to GROUP " + USERGROUP1);
 
@@ -1532,6 +1534,10 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
     Connection connection = context.createConnection(ADMIN1);
     Statement statement = context.createStatement(connection);
     statement.execute("CREATE ROLE role1");
+    statement.execute("CREATE TABLE IF NOT EXISTS t1(c1 string, c2 int)");
+    statement.execute("CREATE TABLE IF NOT EXISTS t2(c1 string, c2 int)");
+    statement.execute("CREATE TABLE IF NOT EXISTS t3(c1 string, c2 int)");
+    statement.execute("CREATE TABLE IF NOT EXISTS t4(c1 string, c2 int)");
     statement.execute("GRANT SELECT (c1) ON TABLE t1 TO ROLE role1");
     statement.execute("GRANT SELECT (c2) ON TABLE t2 TO ROLE role1");
     statement.execute("GRANT SELECT (c1,c2) ON TABLE t3 TO ROLE role1");
@@ -1667,6 +1673,7 @@ public class TestDatabaseProvider extends AbstractTestWithStaticConfiguration {
     Connection connection = context.createConnection(ADMIN1);
     Statement statement = context.createStatement(connection);
     statement.execute("CREATE ROLE role1");
+    statement.execute("CREATE TABLE IF NOT EXISTS t1(c1 string)");
     statement.execute("GRANT SELECT ON TABLE t1 TO ROLE role1");
 
     //On table - positive