You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ja...@apache.org on 2014/06/10 04:47:09 UTC
git commit: SENTRY-280: Sentry-202 missing changes
Repository: incubator-sentry
Updated Branches:
refs/heads/master c04138d38 -> 834033ad4
SENTRY-280: Sentry-202 missing changes
(Sravya Tirukkovalur via Jarek Jarcec Cecho)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/834033ad
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/834033ad
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/834033ad
Branch: refs/heads/master
Commit: 834033ad4566f9d4b8aaa5f215f9242dfeae5b59
Parents: c04138d
Author: Jarek Jarcec Cecho <ja...@apache.org>
Authored: Mon Jun 9 19:46:32 2014 -0700
Committer: Jarek Jarcec Cecho <ja...@apache.org>
Committed: Mon Jun 9 19:46:32 2014 -0700
----------------------------------------------------------------------
.../thrift/TestSentryServiceIntegration.java | 17 +++++++-
.../sentry/tests/e2e/hive/TestSandboxOps.java | 46 ++++++++++----------
.../tests/e2e/hive/TestUriPermissions.java | 21 ++++++---
3 files changed, 54 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/834033ad/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index 788c1fb..d180430 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -65,7 +65,7 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
writePolicyFile();
-
+
String roleName1 = "admin_r1";
String roleName2 = "admin_r2";
@@ -288,4 +288,19 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
// Clean up
client.dropRole(requestorUserName, roleName);
}
+
+ // See SENTRY-181
+ @Test
+ public void testSameGrantTwice() throws Exception {
+ String requestorUserName = ADMIN_USER;
+ Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+ setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+ writePolicyFile();
+ String roleName = "admin_r1";
+
+ client.createRole(requestorUserName, roleName);
+ client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL");
+ client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL");
+ assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size());
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/834033ad/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java
index 10c7b82..a71856f 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java
@@ -75,7 +75,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
*/
@Test
public void testDbPrivileges() throws Exception {
- addTwoUsersWithAllDb().write(context.getPolicyFile());
+ addTwoUsersWithAllDb();
+ writePolicyFile(policyFile);
String[] dbs = new String[] { "db1", "db2" };
for (String dbName : dbs) {
dropDb(ADMIN1, dbName);
@@ -111,8 +112,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
@Test
public void testAdminDbPrivileges() throws Exception {
policyFile
- .setUserGroupMapping(StaticUserGroup.getStaticMapping())
- .write(context.getPolicyFile());
+ .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
Connection adminCon = context.createConnection(ADMIN1);
Statement adminStmt = context.createStatement(adminCon);
String dbName = "db1";
@@ -146,8 +147,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
policyFile
.addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
.addRolesToGroup(USERGROUP1, "db1_tab2_all")
- .setUserGroupMapping(StaticUserGroup.getStaticMapping())
- .write(context.getPolicyFile());
+ .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
Connection adminCon = context.createConnection(ADMIN1);
Statement adminStmt = context.createStatement(adminCon);
String dbName = "db1";
@@ -192,8 +193,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
.addRolesToGroup(USERGROUP2, "db1_tab1_select")
.addPermissionsToRole("db1_tab1_select", "server=server1->db=db1->table=table_1->action=select")
.addPermissionsToRole("db1_all", "server=server1->db=db1")
- .setUserGroupMapping(StaticUserGroup.getStaticMapping())
- .write(context.getPolicyFile());
+ .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
// create dbs
Connection adminCon = context.createConnection(ADMIN1);
Statement adminStmt = context.createStatement(adminCon);
@@ -267,8 +268,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
policyFile
.addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData)
.addRolesToGroup(USERGROUP1, GROUP1_ROLE)
- .setUserGroupMapping(StaticUserGroup.getStaticMapping())
- .write(context.getPolicyFile());
+ .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
dropDb(ADMIN1, DB1, DB2);
createDb(ADMIN1, DB1, DB2);
@@ -289,7 +290,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
// d
statement.execute("USE " + DB1);
policyFile.removePermissionsFromRole(GROUP1_ROLE, ALL_DB2);
- policyFile.write(context.getPolicyFile());
+ writePolicyFile(policyFile);
// e
// create db1.view1 as select from db2.tbl2
statement.execute("DROP VIEW IF EXISTS " + VIEW2);
@@ -304,7 +305,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
// f
policyFile.addPermissionsToRole(GROUP1_ROLE, SELECT_DB2_TBL2);
- policyFile.write(context.getPolicyFile());
+ writePolicyFile(policyFile);
statement.execute("DROP VIEW IF EXISTS " + VIEW2);
statement.execute("CREATE VIEW " + VIEW2
+ " (value) AS SELECT value from " + DB2 + "." + TBL2 + " LIMIT 10");
@@ -340,8 +341,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
policyFile
.addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_TBL2)
.addRolesToGroup(USERGROUP1, GROUP1_ROLE)
- .setUserGroupMapping(StaticUserGroup.getStaticMapping())
- .write(context.getPolicyFile());
+ .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
createTable(ADMIN1, DB1, dataFile, TBL1);
@@ -359,11 +360,10 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
context.assertAuthzException(statement, "SELECT * FROM " + TBL1 + " WHERE under_col == 5");
context.assertAuthzException(statement, "SHOW INDEXES ON " + TBL1);
policyFile.addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_TBL1, INSERT_DB1_TBL1, loadData);
- policyFile.write(context.getPolicyFile());
+ writePolicyFile(policyFile);
statement.execute("USE " + DB1);
assertTrue(statement.execute("SELECT * FROM " + TBL1 + " WHERE under_col == 5"));
assertTrue(statement.execute("SHOW INDEXES ON " + TBL1));
- policyFile.write(context.getPolicyFile());
dropDb(ADMIN1, DB1, DB2);
}
@@ -401,8 +401,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
.addPermissionsToRole("select_tb1", "server=server1->db=db_1->table=tbl_1->action=select")
.addPermissionsToRole("all_db1", "server=server1->db=db_1")
.addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.toString())
- .setUserGroupMapping(StaticUserGroup.getStaticMapping())
- .write(context.getPolicyFile());
+ .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
@@ -465,8 +465,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
.addPermissionsToRole("load_data", "server=server1->uri=file://" + allowedDir.getPath() +
", server=server1->uri=file://" + allowedDir.getPath() +
", server=server1->uri=" + allowedDfsDir.toString())
- .setUserGroupMapping(StaticUserGroup.getStaticMapping())
- .write(context.getPolicyFile());
+ .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
@@ -499,8 +499,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
policyFile
.addPermissionsToRole(GROUP1_ROLE, ALL_DB1, SELECT_DB2_TBL2, loadData)
.addRolesToGroup(USERGROUP1, GROUP1_ROLE)
- .setUserGroupMapping(StaticUserGroup.getStaticMapping())
- .write(context.getPolicyFile());
+ .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
dropDb(ADMIN1, DB1, DB2);
createDb(ADMIN1, DB1, DB2);
@@ -529,8 +529,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration {
.addRolesToGroup(USERGROUP2, "select_tbl2")
.addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
.setUserGroupMapping(StaticUserGroup.getStaticMapping())
- .addDatabase("db2", dfs.getBaseDir().toUri().toString() + "/" + DB2_POLICY_FILE)
- .write(context.getPolicyFile());
+ .addDatabase("db2", dfs.getBaseDir().toUri().toString() + "/" + DB2_POLICY_FILE);
+ writePolicyFile(policyFile);
File db2PolicyFileHandle = new File(baseDir.getPath(), DB2_POLICY_FILE);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/834033ad/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java
index 069a98b..2350586 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java
@@ -16,10 +16,13 @@
*/
package org.apache.sentry.tests.e2e.hive;
+import java.io.File;
+import java.io.FileOutputStream;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
+import com.google.common.io.Resources;
import junit.framework.Assert;
import org.apache.sentry.tests.e2e.dbprovider.PolicyProviderForTest;
@@ -31,14 +34,20 @@ import org.junit.Test;
public class TestUriPermissions extends AbstractTestWithStaticConfiguration {
private Context context;
private PolicyProviderForTest policyFile;
-
- private static final String dataFile = "/kv1.dat";
- private String dataFilePath = this.getClass().getResource(dataFile).getFile();
+ private File dataFile;
+ private String loadData;
@Before
public void setup() throws Exception {
context = createContext();
policyFile = PolicyProviderForTest.setAdminOnServer1(ADMINGROUP);
+ dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
+ FileOutputStream to = new FileOutputStream(dataFile);
+ Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
+ to.close();
+ policyFile = PolicyProviderForTest.setAdminOnServer1(ADMINGROUP);
+ loadData = "server=server1->uri=file://" + dataFile.getPath();
+
}
@After
@@ -61,7 +70,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration {
.addRolesToGroup(USERGROUP2, "db1_write")
.addPermissionsToRole("db1_write", "server=server1->db=" + dbName + "->table=" + tabName + "->action=INSERT")
.addPermissionsToRole("db1_read", "server=server1->db=" + dbName + "->table=" + tabName + "->action=SELECT")
- .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFilePath)
+ .addPermissionsToRole("data_read", loadData)
.setUserGroupMapping(StaticUserGroup.getStaticMapping());
writePolicyFile(policyFile);
@@ -79,7 +88,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration {
userConn = context.createConnection(USER1_1);
userStmt = context.createStatement(userConn);
userStmt.execute("use " + dbName);
- userStmt.execute("load data local inpath '" + dataFilePath +
+ userStmt.execute("load data local inpath 'file://" + dataFile.toString() +
"' into table " + tabName);
userStmt.execute("select * from " + tabName + " limit 1");
ResultSet res = userStmt.getResultSet();
@@ -91,7 +100,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration {
userConn = context.createConnection(USER2_1);
userStmt = context.createStatement(userConn);
userStmt.execute("use " + dbName);
- context.assertAuthzException(userStmt, "load data local inpath '" + dataFilePath +
+ context.assertAuthzException(userStmt, "load data local inpath '" + dataFile.toString() +
"' into table " + tabName);
userStmt.close();
userConn.close();