You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Sravya Tirukkovalur <sr...@cloudera.com> on 2014/06/07 00:13:32 UTC
Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/
-----------------------------------------------------------
Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
Bugs: sentry-238 and sentry-261
https://issues.apache.org/jira/browse/sentry-238
https://issues.apache.org/jira/browse/sentry-261
Repository: sentry
Description
-------
This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
Apart from these test cases it does:
- Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
- Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
1. Grant/Revoke privileges test cases:
1.1. All on server
1.2. All on database
1.3. All on URI
1.4. All on table
1.5. Insert on table
1.6. Select on table
1.7. Partial privileges on table
1.7.1. Grant all, revoke insert leads to select on table
1.7.2. Grant all, revoke select leads to select on table
2.Create/Drop role
3. Show roles
3.1. When there are no roles, returns empty list
3.2. When there are roles, returns correct list with correct schema.
4. Show role grant
4.1. When there are no roles and group, throws SentryNoSuchObjectException
4.2. When there are roles, returns correct list with correct schema.
5. Show privileges
5.1. When there are no privileges granted to a role, returns an empty list
5.2. When there are privileges, returns correct list with correct schema.
5.3. Given privileges on table, show grant on table should return table privilege.
5.4. Privileges on database
5.4.1. Show grant on database should return correct priv
5.4.2. Show grant on table should return correct priv
5.5. Privileges on server
5.5.1. Show grant on database should return correct priv
5.5.2. Show grant on table should return correct priv
5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
5.6. Show grant on uri (sql not supported yet in hive)
6. Show current role
7. Corner test cases:
7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
7.2. Create role which already exists, throws SentryAlreadyExitsException
7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
7.5. Grant role when mapping exists, silently allows
7.6. Grant multiple roles to a group
7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
7.8. Revoke role from a group when mapping doesnt exist, silently allows
7.9. Grant privilege to a role, privilege already exists, silently allows
7.10. Grant privilege to a role, mapping already exists, silently allows
7.11. Multiple privileges to a role
7.12. Revoke privilege when privilege doesnt exist, silently allows
7.13. Revoke privilege, when role doesnt exist, SentryNoSuchObjectException
7.14. Revoke privilege when mapping doesnt exist, silently allows
8. Sentry Auth DDL by non admin user tests, shouls fire SentryOnFailureHook and should throw SentryAccessDeniedException
8.1. Create role
8.2. Drop role
8.3. Grant role
8.4. Revoke role
8.5. Grant privilege
8.6. Revoke privilege
8.7. Show roles
8.8. Show role grant
8.9. Show grant
Diffs
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryPrivilegesResponse.java 7d1e18b2c232ab07064b3c7450846f721ffacd42
sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java f3dfac2881cf8135d99bbad48ffa7434eaf2bcd8
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
Diff: https://reviews.apache.org/r/22322/diff/
Testing
-------
Yes.
Thanks,
Sravya Tirukkovalur
Re: Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
Posted by Jarek Cecho <ja...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/#review45000
-----------------------------------------------------------
Just few suggestions:
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
<https://reviews.apache.org/r/22322/#comment79646>
This test seems to be failing, can we comment it out and create follow up JIRA?
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
<https://reviews.apache.org/r/22322/#comment79647>
This test seems to be failing, can we comment it out and create follow up JIRA?
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
<https://reviews.apache.org/r/22322/#comment79648>
This test seems to be failing, can we comment it out and create follow up JIRA?
Jarcec
- Jarek Cecho
On June 7, 2014, 1:32 a.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22322/
> -----------------------------------------------------------
>
> (Updated June 7, 2014, 1:32 a.m.)
>
>
> Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
>
>
> Bugs: sentry-238 and sentry-261
> https://issues.apache.org/jira/browse/sentry-238
> https://issues.apache.org/jira/browse/sentry-261
>
>
> Repository: sentry
>
>
> Description
> -------
>
> This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
> Apart from these test cases it does:
> - Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
> - Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
>
> 1. Grant/Revoke privileges test cases:
> 1.1. All on server
> 1.2. All on database
> 1.3. All on URI
> 1.4. All on table
> 1.5. Insert on table
> 1.6. Select on table
> 1.7. Partial privileges on table
> 1.7.1. Grant all, revoke insert leads to select on table
> 1.7.2. Grant all, revoke select leads to select on table
>
> 2.Create/Drop role
>
> 3. Show roles
> 3.1. When there are no roles, returns empty list
> 3.2. When there are roles, returns correct list with correct schema.
>
> 4. Show role grant
> 4.1. When there are no roles and group, throws SentryNoSuchObjectException
> 4.2. When there are roles, returns correct list with correct schema.
>
> 5. Show privileges
> 5.1. When there are no privileges granted to a role, returns an empty list
> 5.2. When there are privileges, returns correct list with correct schema.
> 5.3. Given privileges on table, show grant on table should return table privilege.
> 5.4. Privileges on database
> 5.4.1. Show grant on database should return correct priv
> 5.4.2. Show grant on table should return correct priv
> 5.5. Privileges on server
> 5.5.1. Show grant on database should return correct priv
> 5.5.2. Show grant on table should return correct priv
> 5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
> 5.6. Show grant on uri (sql not supported yet in hive)
>
> 6. Show current role
>
> 7. Corner test cases:
> 7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
> 7.2. Create role which already exists, throws SentryAlreadyExitsException
> 7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
> 7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
> 7.5. Grant role when mapping exists, silently allows
> 7.6. Grant multiple roles to a group
> 7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
> 7.8. Revoke role from a group when mapping doesn't exist, silently allows
> 7.9. Grant privilege to a role, privilege already exists, silently allows
> 7.10. Grant privilege to a role, mapping already exists, silently allows
> 7.11. Multiple privileges to a role
> 7.12. Revoke privilege when privilege doesn't exist, silently allows
> 7.13. Revoke privilege, when role doesn't exist, SentryNoSuchObjectException
> 7.14. Revoke privilege when mapping doesn't exist, silently allows
>
> 8. Sentry Auth DDL by non admin user tests, should fire SentryOnFailureHook and should throw SentryAccessDeniedException
> 8.1. Create role
> 8.2. Drop role
> 8.3. Grant role
> 8.4. Revoke role
> 8.5. Grant privilege
> 8.6. Revoke privilege
> 8.7. Show roles
> 8.8. Show role grant
> 8.9. Show grant
> 8.10. Grant Revoke on data objects, do not expose database/table entities
> 8.10.1. table
> 8.10.1. database
>
> 9. Denied non auth DDLs and Queries, should invoke SentryOnFailureHook
> 9.1. Denied create table, when table exists: Exposes only db object
> 9.2. Denied create table, when table does not exist: exposes only db object
> 9.3. select when table exist: doesn't expose database and table
> 9.4. alter table, doesn't invoke failure hook. (this test fails)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
> sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
>
> Diff: https://reviews.apache.org/r/22322/diff/
>
>
> Testing
> -------
>
> Yes.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
Posted by Jarek Cecho <ja...@apache.org>.
> On June 7, 2014, 6:11 a.m., Sravya Tirukkovalur wrote:
> > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java, lines 221-222
> > <https://reviews.apache.org/r/22322/diff/5/?file=605171#file605171line221>
> >
> > These tests should pass with the thrift fixes in this patch, are you sure you had the thrift generated code? They work for me.
You're correct, I did not regenerated the thrift interfaces. After the regeneration the tests are passing!
- Jarek
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/#review45002
-----------------------------------------------------------
On June 7, 2014, 1:32 a.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22322/
> -----------------------------------------------------------
>
> (Updated June 7, 2014, 1:32 a.m.)
>
>
> Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
>
>
> Bugs: sentry-238 and sentry-261
> https://issues.apache.org/jira/browse/sentry-238
> https://issues.apache.org/jira/browse/sentry-261
>
>
> Repository: sentry
>
>
> Description
> -------
>
> This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
> Apart from these test cases it does:
> - Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
> - Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
>
> 1. Grant/Revoke privileges test cases:
> 1.1. All on server
> 1.2. All on database
> 1.3. All on URI
> 1.4. All on table
> 1.5. Insert on table
> 1.6. Select on table
> 1.7. Partial privileges on table
> 1.7.1. Grant all, revoke insert leads to select on table
> 1.7.2. Grant all, revoke select leads to select on table
>
> 2.Create/Drop role
>
> 3. Show roles
> 3.1. When there are no roles, returns empty list
> 3.2. When there are roles, returns correct list with correct schema.
>
> 4. Show role grant
> 4.1. When there are no roles and group, throws SentryNoSuchObjectException
> 4.2. When there are roles, returns correct list with correct schema.
>
> 5. Show privileges
> 5.1. When there are no privileges granted to a role, returns an empty list
> 5.2. When there are privileges, returns correct list with correct schema.
> 5.3. Given privileges on table, show grant on table should return table privilege.
> 5.4. Privileges on database
> 5.4.1. Show grant on database should return correct priv
> 5.4.2. Show grant on table should return correct priv
> 5.5. Privileges on server
> 5.5.1. Show grant on database should return correct priv
> 5.5.2. Show grant on table should return correct priv
> 5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
> 5.6. Show grant on uri (sql not supported yet in hive)
>
> 6. Show current role
>
> 7. Corner test cases:
> 7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
> 7.2. Create role which already exists, throws SentryAlreadyExitsException
> 7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
> 7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
> 7.5. Grant role when mapping exists, silently allows
> 7.6. Grant multiple roles to a group
> 7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
> 7.8. Revoke role from a group when mapping doesn't exist, silently allows
> 7.9. Grant privilege to a role, privilege already exists, silently allows
> 7.10. Grant privilege to a role, mapping already exists, silently allows
> 7.11. Multiple privileges to a role
> 7.12. Revoke privilege when privilege doesn't exist, silently allows
> 7.13. Revoke privilege, when role doesn't exist, SentryNoSuchObjectException
> 7.14. Revoke privilege when mapping doesn't exist, silently allows
>
> 8. Sentry Auth DDL by non admin user tests, should fire SentryOnFailureHook and should throw SentryAccessDeniedException
> 8.1. Create role
> 8.2. Drop role
> 8.3. Grant role
> 8.4. Revoke role
> 8.5. Grant privilege
> 8.6. Revoke privilege
> 8.7. Show roles
> 8.8. Show role grant
> 8.9. Show grant
> 8.10. Grant Revoke on data objects, do not expose database/table entities
> 8.10.1. table
> 8.10.1. database
>
> 9. Denied non auth DDLs and Queries, should invoke SentryOnFailureHook
> 9.1. Denied create table, when table exists: Exposes only db object
> 9.2. Denied create table, when table does not exist: exposes only db object
> 9.3. select when table exist: doesn't expose database and table
> 9.4. alter table, doesn't invoke failure hook. (this test fails)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
> sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
>
> Diff: https://reviews.apache.org/r/22322/diff/
>
>
> Testing
> -------
>
> Yes.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/#review45002
-----------------------------------------------------------
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
<https://reviews.apache.org/r/22322/#comment79651>
These tests should pass with the thrift fixes in this patch, are you sure you had the thrift generated code? They work for me.
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
<https://reviews.apache.org/r/22322/#comment79652>
Same as above
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
<https://reviews.apache.org/r/22322/#comment79653>
Same as above.
- Sravya Tirukkovalur
On June 7, 2014, 1:32 a.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22322/
> -----------------------------------------------------------
>
> (Updated June 7, 2014, 1:32 a.m.)
>
>
> Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
>
>
> Bugs: sentry-238 and sentry-261
> https://issues.apache.org/jira/browse/sentry-238
> https://issues.apache.org/jira/browse/sentry-261
>
>
> Repository: sentry
>
>
> Description
> -------
>
> This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
> Apart from these test cases it does:
> - Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
> - Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
>
> 1. Grant/Revoke privileges test cases:
> 1.1. All on server
> 1.2. All on database
> 1.3. All on URI
> 1.4. All on table
> 1.5. Insert on table
> 1.6. Select on table
> 1.7. Partial privileges on table
> 1.7.1. Grant all, revoke insert leads to select on table
> 1.7.2. Grant all, revoke select leads to select on table
>
> 2.Create/Drop role
>
> 3. Show roles
> 3.1. When there are no roles, returns empty list
> 3.2. When there are roles, returns correct list with correct schema.
>
> 4. Show role grant
> 4.1. When there are no roles and group, throws SentryNoSuchObjectException
> 4.2. When there are roles, returns correct list with correct schema.
>
> 5. Show privileges
> 5.1. When there are no privileges granted to a role, returns an empty list
> 5.2. When there are privileges, returns correct list with correct schema.
> 5.3. Given privileges on table, show grant on table should return table privilege.
> 5.4. Privileges on database
> 5.4.1. Show grant on database should return correct priv
> 5.4.2. Show grant on table should return correct priv
> 5.5. Privileges on server
> 5.5.1. Show grant on database should return correct priv
> 5.5.2. Show grant on table should return correct priv
> 5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
> 5.6. Show grant on uri (sql not supported yet in hive)
>
> 6. Show current role
>
> 7. Corner test cases:
> 7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
> 7.2. Create role which already exists, throws SentryAlreadyExitsException
> 7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
> 7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
> 7.5. Grant role when mapping exists, silently allows
> 7.6. Grant multiple roles to a group
> 7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
> 7.8. Revoke role from a group when mapping doesn't exist, silently allows
> 7.9. Grant privilege to a role, privilege already exists, silently allows
> 7.10. Grant privilege to a role, mapping already exists, silently allows
> 7.11. Multiple privileges to a role
> 7.12. Revoke privilege when privilege doesn't exist, silently allows
> 7.13. Revoke privilege, when role doesn't exist, SentryNoSuchObjectException
> 7.14. Revoke privilege when mapping doesn't exist, silently allows
>
> 8. Sentry Auth DDL by non admin user tests, should fire SentryOnFailureHook and should throw SentryAccessDeniedException
> 8.1. Create role
> 8.2. Drop role
> 8.3. Grant role
> 8.4. Revoke role
> 8.5. Grant privilege
> 8.6. Revoke privilege
> 8.7. Show roles
> 8.8. Show role grant
> 8.9. Show grant
> 8.10. Grant Revoke on data objects, do not expose database/table entities
> 8.10.1. table
> 8.10.1. database
>
> 9. Denied non auth DDLs and Queries, should invoke SentryOnFailureHook
> 9.1. Denied create table, when table exists: Exposes only db object
> 9.2. Denied create table, when table does not exist: exposes only db object
> 9.3. select when table exist: doesn't expose database and table
> 9.4. alter table, doesn't invoke failure hook. (this test fails)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
> sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
>
> Diff: https://reviews.apache.org/r/22322/diff/
>
>
> Testing
> -------
>
> Yes.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
Posted by Jarek Cecho <ja...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/#review45016
-----------------------------------------------------------
Ship it!
Ship It!
- Jarek Cecho
On June 7, 2014, 1:32 a.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22322/
> -----------------------------------------------------------
>
> (Updated June 7, 2014, 1:32 a.m.)
>
>
> Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
>
>
> Bugs: sentry-238 and sentry-261
> https://issues.apache.org/jira/browse/sentry-238
> https://issues.apache.org/jira/browse/sentry-261
>
>
> Repository: sentry
>
>
> Description
> -------
>
> This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
> Apart from these test cases it does:
> - Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
> - Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
>
> 1. Grant/Revoke privileges test cases:
> 1.1. All on server
> 1.2. All on database
> 1.3. All on URI
> 1.4. All on table
> 1.5. Insert on table
> 1.6. Select on table
> 1.7. Partial privileges on table
> 1.7.1. Grant all, revoke insert leads to select on table
> 1.7.2. Grant all, revoke select leads to select on table
>
> 2.Create/Drop role
>
> 3. Show roles
> 3.1. When there are no roles, returns empty list
> 3.2. When there are roles, returns correct list with correct schema.
>
> 4. Show role grant
> 4.1. When there are no roles and group, throws SentryNoSuchObjectException
> 4.2. When there are roles, returns correct list with correct schema.
>
> 5. Show privileges
> 5.1. When there are no privileges granted to a role, returns an empty list
> 5.2. When there are privileges, returns correct list with correct schema.
> 5.3. Given privileges on table, show grant on table should return table privilege.
> 5.4. Privileges on database
> 5.4.1. Show grant on database should return correct priv
> 5.4.2. Show grant on table should return correct priv
> 5.5. Privileges on server
> 5.5.1. Show grant on database should return correct priv
> 5.5.2. Show grant on table should return correct priv
> 5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
> 5.6. Show grant on uri (sql not supported yet in hive)
>
> 6. Show current role
>
> 7. Corner test cases:
> 7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
> 7.2. Create role which already exists, throws SentryAlreadyExitsException
> 7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
> 7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
> 7.5. Grant role when mapping exists, silently allows
> 7.6. Grant multiple roles to a group
> 7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
> 7.8. Revoke role from a group when mapping doesn't exist, silently allows
> 7.9. Grant privilege to a role, privilege already exists, silently allows
> 7.10. Grant privilege to a role, mapping already exists, silently allows
> 7.11. Multiple privileges to a role
> 7.12. Revoke privilege when privilege doesn't exist, silently allows
> 7.13. Revoke privilege, when role doesn't exist, SentryNoSuchObjectException
> 7.14. Revoke privilege when mapping doesn't exist, silently allows
>
> 8. Sentry Auth DDL by non admin user tests, should fire SentryOnFailureHook and should throw SentryAccessDeniedException
> 8.1. Create role
> 8.2. Drop role
> 8.3. Grant role
> 8.4. Revoke role
> 8.5. Grant privilege
> 8.6. Revoke privilege
> 8.7. Show roles
> 8.8. Show role grant
> 8.9. Show grant
> 8.10. Grant Revoke on data objects, do not expose database/table entities
> 8.10.1. table
> 8.10.1. database
>
> 9. Denied non auth DDLs and Queries, should invoke SentryOnFailureHook
> 9.1. Denied create table, when table exists: Exposes only db object
> 9.2. Denied create table, when table does not exist: exposes only db object
> 9.3. select when table exist: doesn't expose database and table
> 9.4. alter table, doesn't invoke failure hook. (this test fails)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
> sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
>
> Diff: https://reviews.apache.org/r/22322/diff/
>
>
> Testing
> -------
>
> Yes.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/
-----------------------------------------------------------
(Updated June 7, 2014, 1:32 a.m.)
Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
Changes
-------
Updated the patch as per Jarcec's feedback.
Bugs: sentry-238 and sentry-261
https://issues.apache.org/jira/browse/sentry-238
https://issues.apache.org/jira/browse/sentry-261
Repository: sentry
Description
-------
This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
Apart from these test cases it does:
- Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
- Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
1. Grant/Revoke privileges test cases:
1.1. All on server
1.2. All on database
1.3. All on URI
1.4. All on table
1.5. Insert on table
1.6. Select on table
1.7. Partial privileges on table
1.7.1. Grant all, revoke insert leads to select on table
1.7.2. Grant all, revoke select leads to select on table
2.Create/Drop role
3. Show roles
3.1. When there are no roles, returns empty list
3.2. When there are roles, returns correct list with correct schema.
4. Show role grant
4.1. When there are no roles and group, throws SentryNoSuchObjectException
4.2. When there are roles, returns correct list with correct schema.
5. Show privileges
5.1. When there are no privileges granted to a role, returns an empty list
5.2. When there are privileges, returns correct list with correct schema.
5.3. Given privileges on table, show grant on table should return table privilege.
5.4. Privileges on database
5.4.1. Show grant on database should return correct priv
5.4.2. Show grant on table should return correct priv
5.5. Privileges on server
5.5.1. Show grant on database should return correct priv
5.5.2. Show grant on table should return correct priv
5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
5.6. Show grant on uri (sql not supported yet in hive)
6. Show current role
7. Corner test cases:
7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
7.2. Create role which already exists, throws SentryAlreadyExitsException
7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
7.5. Grant role when mapping exists, silently allows
7.6. Grant multiple roles to a group
7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
7.8. Revoke role from a group when mapping doesn't exist, silently allows
7.9. Grant privilege to a role, privilege already exists, silently allows
7.10. Grant privilege to a role, mapping already exists, silently allows
7.11. Multiple privileges to a role
7.12. Revoke privilege when privilege doesn't exist, silently allows
7.13. Revoke privilege, when role doesn't exist, SentryNoSuchObjectException
7.14. Revoke privilege when mapping doesn't exist, silently allows
8. Sentry Auth DDL by non admin user tests, should fire SentryOnFailureHook and should throw SentryAccessDeniedException
8.1. Create role
8.2. Drop role
8.3. Grant role
8.4. Revoke role
8.5. Grant privilege
8.6. Revoke privilege
8.7. Show roles
8.8. Show role grant
8.9. Show grant
8.10. Grant Revoke on data objects, do not expose database/table entities
8.10.1. table
8.10.1. database
9. Denied non auth DDLs and Queries, should invoke SentryOnFailureHook
9.1. Denied create table, when table exists: Exposes only db object
9.2. Denied create table, when table does not exist: exposes only db object
9.3. select when table exist: doesn't expose database and table
9.4. alter table, doesn't invoke failure hook. (this test fails)
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
Diff: https://reviews.apache.org/r/22322/diff/
Testing
-------
Yes.
Thanks,
Sravya Tirukkovalur
Re: Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
> On June 7, 2014, 12:50 a.m., Jarek Cecho wrote:
> > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java, line 407
> > <https://reviews.apache.org/r/22322/diff/4/?file=605131#file605131line407>
> >
> > Can we just add assert verifying that we've removed privilege?
This is a no op, so checking that the state did not change.
> On June 7, 2014, 12:50 a.m., Jarek Cecho wrote:
> > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java, lines 414-416
> > <https://reviews.apache.org/r/22322/diff/4/?file=605131#file605131line414>
> >
> > Can we add asserts here to ensure that the operations are doing what they should be doing?
This is a no op, so checking that the state did not change.
- Sravya
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/#review44991
-----------------------------------------------------------
On June 7, 2014, 12:09 a.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22322/
> -----------------------------------------------------------
>
> (Updated June 7, 2014, 12:09 a.m.)
>
>
> Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
>
>
> Bugs: sentry-238 and sentry-261
> https://issues.apache.org/jira/browse/sentry-238
> https://issues.apache.org/jira/browse/sentry-261
>
>
> Repository: sentry
>
>
> Description
> -------
>
> This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
> Apart from these test cases it does:
> - Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
> - Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
>
> 1. Grant/Revoke privileges test cases:
> 1.1. All on server
> 1.2. All on database
> 1.3. All on URI
> 1.4. All on table
> 1.5. Insert on table
> 1.6. Select on table
> 1.7. Partial privileges on table
> 1.7.1. Grant all, revoke insert leads to select on table
> 1.7.2. Grant all, revoke select leads to select on table
>
> 2.Create/Drop role
>
> 3. Show roles
> 3.1. When there are no roles, returns empty list
> 3.2. When there are roles, returns correct list with correct schema.
>
> 4. Show role grant
> 4.1. When there are no roles and group, throws SentryNoSuchObjectException
> 4.2. When there are roles, returns correct list with correct schema.
>
> 5. Show privileges
> 5.1. When there are no privileges granted to a role, returns an empty list
> 5.2. When there are privileges, returns correct list with correct schema.
> 5.3. Given privileges on table, show grant on table should return table privilege.
> 5.4. Privileges on database
> 5.4.1. Show grant on database should return correct priv
> 5.4.2. Show grant on table should return correct priv
> 5.5. Privileges on server
> 5.5.1. Show grant on database should return correct priv
> 5.5.2. Show grant on table should return correct priv
> 5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
> 5.6. Show grant on uri (sql not supported yet in hive)
>
> 6. Show current role
>
> 7. Corner test cases:
> 7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
> 7.2. Create role which already exists, throws SentryAlreadyExitsException
> 7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
> 7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
> 7.5. Grant role when mapping exists, silently allows
> 7.6. Grant multiple roles to a group
> 7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
> 7.8. Revoke role from a group when mapping doesn't exist, silently allows
> 7.9. Grant privilege to a role, privilege already exists, silently allows
> 7.10. Grant privilege to a role, mapping already exists, silently allows
> 7.11. Multiple privileges to a role
> 7.12. Revoke privilege when privilege doesn't exist, silently allows
> 7.13. Revoke privilege, when role doesn't exist, SentryNoSuchObjectException
> 7.14. Revoke privilege when mapping doesn't exist, silently allows
>
> 8. Sentry Auth DDL by non admin user tests, should fire SentryOnFailureHook and should throw SentryAccessDeniedException
> 8.1. Create role
> 8.2. Drop role
> 8.3. Grant role
> 8.4. Revoke role
> 8.5. Grant privilege
> 8.6. Revoke privilege
> 8.7. Show roles
> 8.8. Show role grant
> 8.9. Show grant
> 8.10. Grant Revoke on data objects, do not expose database/table entities
> 8.10.1. table
> 8.10.1. database
>
> 9. Denied non auth DDLs and Queries, should invoke SentryOnFailureHook
> 9.1. Denied create table, when table exists: Exposes only db object
> 9.2. Denied create table, when table does not exist: exposes only db object
> 9.3. select when table exist: doesn't expose database and table
> 9.4. alter table, doesn't invoke failure hook. (this test fails)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
> sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
>
> Diff: https://reviews.apache.org/r/22322/diff/
>
>
> Testing
> -------
>
> Yes.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
Posted by Jarek Cecho <ja...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/#review44991
-----------------------------------------------------------
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
<https://reviews.apache.org/r/22322/#comment79603>
Can we add assert verifying that the group have both roles? Just simple assertResultsSet() should be fine.
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
<https://reviews.apache.org/r/22322/#comment79607>
I'm wondering if the second assert should be for role2?
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
<https://reviews.apache.org/r/22322/#comment79609>
Can we just add assert verifying that we've removed privilege?
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
<https://reviews.apache.org/r/22322/#comment79610>
Can we add asserts here to ensure that the operations are doing what they should be doing?
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
<https://reviews.apache.org/r/22322/#comment79619>
Let's drop the coment?
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java
<https://reviews.apache.org/r/22322/#comment79623>
Let's comment this one for now when it's failing and let's create a separate JIRA to track it!
- Jarek Cecho
On June 7, 2014, 12:09 a.m., Sravya Tirukkovalur wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22322/
> -----------------------------------------------------------
>
> (Updated June 7, 2014, 12:09 a.m.)
>
>
> Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
>
>
> Bugs: sentry-238 and sentry-261
> https://issues.apache.org/jira/browse/sentry-238
> https://issues.apache.org/jira/browse/sentry-261
>
>
> Repository: sentry
>
>
> Description
> -------
>
> This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
> Apart from these test cases it does:
> - Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
> - Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
>
> 1. Grant/Revoke privileges test cases:
> 1.1. All on server
> 1.2. All on database
> 1.3. All on URI
> 1.4. All on table
> 1.5. Insert on table
> 1.6. Select on table
> 1.7. Partial privileges on table
> 1.7.1. Grant all, revoke insert leads to select on table
> 1.7.2. Grant all, revoke select leads to select on table
>
> 2.Create/Drop role
>
> 3. Show roles
> 3.1. When there are no roles, returns empty list
> 3.2. When there are roles, returns correct list with correct schema.
>
> 4. Show role grant
> 4.1. When there are no roles and group, throws SentryNoSuchObjectException
> 4.2. When there are roles, returns correct list with correct schema.
>
> 5. Show privileges
> 5.1. When there are no privileges granted to a role, returns an empty list
> 5.2. When there are privileges, returns correct list with correct schema.
> 5.3. Given privileges on table, show grant on table should return table privilege.
> 5.4. Privileges on database
> 5.4.1. Show grant on database should return correct priv
> 5.4.2. Show grant on table should return correct priv
> 5.5. Privileges on server
> 5.5.1. Show grant on database should return correct priv
> 5.5.2. Show grant on table should return correct priv
> 5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
> 5.6. Show grant on uri (sql not supported yet in hive)
>
> 6. Show current role
>
> 7. Corner test cases:
> 7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
> 7.2. Create role which already exists, throws SentryAlreadyExitsException
> 7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
> 7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
> 7.5. Grant role when mapping exists, silently allows
> 7.6. Grant multiple roles to a group
> 7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
> 7.8. Revoke role from a group when mapping doesn't exist, silently allows
> 7.9. Grant privilege to a role, privilege already exists, silently allows
> 7.10. Grant privilege to a role, mapping already exists, silently allows
> 7.11. Multiple privileges to a role
> 7.12. Revoke privilege when privilege doesn't exist, silently allows
> 7.13. Revoke privilege, when role doesn't exist, SentryNoSuchObjectException
> 7.14. Revoke privilege when mapping doesn't exist, silently allows
>
> 8. Sentry Auth DDL by non admin user tests, should fire SentryOnFailureHook and should throw SentryAccessDeniedException
> 8.1. Create role
> 8.2. Drop role
> 8.3. Grant role
> 8.4. Revoke role
> 8.5. Grant privilege
> 8.6. Revoke privilege
> 8.7. Show roles
> 8.8. Show role grant
> 8.9. Show grant
> 8.10. Grant Revoke on data objects, do not expose database/table entities
> 8.10.1. table
> 8.10.1. database
>
> 9. Denied non auth DDLs and Queries, should invoke SentryOnFailureHook
> 9.1. Denied create table, when table exists: Exposes only db object
> 9.2. Denied create table, when table does not exist: exposes only db object
> 9.3. select when table exist: doesn't expose database and table
> 9.4. alter table, doesn't invoke failure hook. (this test fails)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
> sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
>
> Diff: https://reviews.apache.org/r/22322/diff/
>
>
> Testing
> -------
>
> Yes.
>
>
> Thanks,
>
> Sravya Tirukkovalur
>
>
Re: Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/
-----------------------------------------------------------
(Updated June 7, 2014, 12:09 a.m.)
Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
Changes
-------
Removed thrift generated code from the review.
Bugs: sentry-238 and sentry-261
https://issues.apache.org/jira/browse/sentry-238
https://issues.apache.org/jira/browse/sentry-261
Repository: sentry
Description
-------
This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
Apart from these test cases it does:
- Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
- Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
1. Grant/Revoke privileges test cases:
1.1. All on server
1.2. All on database
1.3. All on URI
1.4. All on table
1.5. Insert on table
1.6. Select on table
1.7. Partial privileges on table
1.7.1. Grant all, revoke insert leads to select on table
1.7.2. Grant all, revoke select leads to select on table
2.Create/Drop role
3. Show roles
3.1. When there are no roles, returns empty list
3.2. When there are roles, returns correct list with correct schema.
4. Show role grant
4.1. When there are no roles and group, throws SentryNoSuchObjectException
4.2. When there are roles, returns correct list with correct schema.
5. Show privileges
5.1. When there are no privileges granted to a role, returns an empty list
5.2. When there are privileges, returns correct list with correct schema.
5.3. Given privileges on table, show grant on table should return table privilege.
5.4. Privileges on database
5.4.1. Show grant on database should return correct priv
5.4.2. Show grant on table should return correct priv
5.5. Privileges on server
5.5.1. Show grant on database should return correct priv
5.5.2. Show grant on table should return correct priv
5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
5.6. Show grant on uri (sql not supported yet in hive)
6. Show current role
7. Corner test cases:
7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
7.2. Create role which already exists, throws SentryAlreadyExitsException
7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
7.5. Grant role when mapping exists, silently allows
7.6. Grant multiple roles to a group
7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
7.8. Revoke role from a group when mapping doesn't exist, silently allows
7.9. Grant privilege to a role, privilege already exists, silently allows
7.10. Grant privilege to a role, mapping already exists, silently allows
7.11. Multiple privileges to a role
7.12. Revoke privilege when privilege doesn't exist, silently allows
7.13. Revoke privilege, when role doesn't exist, SentryNoSuchObjectException
7.14. Revoke privilege when mapping doesn't exist, silently allows
8. Sentry Auth DDL by non admin user tests, should fire SentryOnFailureHook and should throw SentryAccessDeniedException
8.1. Create role
8.2. Drop role
8.3. Grant role
8.4. Revoke role
8.5. Grant privilege
8.6. Revoke privilege
8.7. Show roles
8.8. Show role grant
8.9. Show grant
8.10. Grant Revoke on data objects, do not expose database/table entities
8.10.1. table
8.10.1. database
9. Denied non auth DDLs and Queries, should invoke SentryOnFailureHook
9.1. Denied create table, when table exists: Exposes only db object
9.2. Denied create table, when table does not exist: exposes only db object
9.3. select when table exist: doesn't expose database and table
9.4. alter table, doesn't invoke failure hook. (this test fails)
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
Diff: https://reviews.apache.org/r/22322/diff/
Testing
-------
Yes.
Thanks,
Sravya Tirukkovalur
Re: Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/
-----------------------------------------------------------
(Updated June 7, 2014, 12:07 a.m.)
Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
Changes
-------
Added more tests
Bugs: sentry-238 and sentry-261
https://issues.apache.org/jira/browse/sentry-238
https://issues.apache.org/jira/browse/sentry-261
Repository: sentry
Description (updated)
-------
This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
Apart from these test cases it does:
- Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
- Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
1. Grant/Revoke privileges test cases:
1.1. All on server
1.2. All on database
1.3. All on URI
1.4. All on table
1.5. Insert on table
1.6. Select on table
1.7. Partial privileges on table
1.7.1. Grant all, revoke insert leads to select on table
1.7.2. Grant all, revoke select leads to select on table
2.Create/Drop role
3. Show roles
3.1. When there are no roles, returns empty list
3.2. When there are roles, returns correct list with correct schema.
4. Show role grant
4.1. When there are no roles and group, throws SentryNoSuchObjectException
4.2. When there are roles, returns correct list with correct schema.
5. Show privileges
5.1. When there are no privileges granted to a role, returns an empty list
5.2. When there are privileges, returns correct list with correct schema.
5.3. Given privileges on table, show grant on table should return table privilege.
5.4. Privileges on database
5.4.1. Show grant on database should return correct priv
5.4.2. Show grant on table should return correct priv
5.5. Privileges on server
5.5.1. Show grant on database should return correct priv
5.5.2. Show grant on table should return correct priv
5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
5.6. Show grant on uri (sql not supported yet in hive)
6. Show current role
7. Corner test cases:
7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
7.2. Create role which already exists, throws SentryAlreadyExitsException
7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
7.5. Grant role when mapping exists, silently allows
7.6. Grant multiple roles to a group
7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
7.8. Revoke role from a group when mapping doesn't exist, silently allows
7.9. Grant privilege to a role, privilege already exists, silently allows
7.10. Grant privilege to a role, mapping already exists, silently allows
7.11. Multiple privileges to a role
7.12. Revoke privilege when privilege doesn't exist, silently allows
7.13. Revoke privilege, when role doesn't exist, SentryNoSuchObjectException
7.14. Revoke privilege when mapping doesn't exist, silently allows
8. Sentry Auth DDL by non admin user tests, should fire SentryOnFailureHook and should throw SentryAccessDeniedException
8.1. Create role
8.2. Drop role
8.3. Grant role
8.4. Revoke role
8.5. Grant privilege
8.6. Revoke privilege
8.7. Show roles
8.8. Show role grant
8.9. Show grant
8.10. Grant Revoke on data objects, do not expose database/table entities
8.10.1. table
8.10.1. database
9. Denied non auth DDLs and Queries, should invoke SentryOnFailureHook
9.1. Denied create table, when table exists: Exposes only db object
9.2. Denied create table, when table does not exist: exposes only db object
9.3. select when table exist: doesn't expose database and table
9.4. alter table, doesn't invoke failure hook. (this test fails)
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryPrivilegesResponse.java 7d1e18b2c232ab07064b3c7450846f721ffacd42
sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryRolesResponse.java f3dfac2881cf8135d99bbad48ffa7434eaf2bcd8
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
Diff: https://reviews.apache.org/r/22322/diff/
Testing
-------
Yes.
Thanks,
Sravya Tirukkovalur
Re: Review Request 22322: SENTRY-261: Improve test coverage for grant/revoke
statements in Hive e2e tests
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22322/
-----------------------------------------------------------
(Updated June 6, 2014, 10:14 p.m.)
Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar.
Changes
-------
Removed thrift generated files.
Bugs: sentry-238 and sentry-261
https://issues.apache.org/jira/browse/sentry-238
https://issues.apache.org/jira/browse/sentry-261
Repository: sentry
Description
-------
This patch adds the following test cases for Sentry Grant/Revoke feature through Hive end to end tests(a few of them are already there).
Apart from these test cases it does:
- Fix sentry-238, denied show roles/show grant/show role grant throws SentryAccessDeniedException instead of Thrift exception.
- Adds a test case for SENTRY-264 ( although, it is not fixed in this patch)
1. Grant/Revoke privileges test cases:
1.1. All on server
1.2. All on database
1.3. All on URI
1.4. All on table
1.5. Insert on table
1.6. Select on table
1.7. Partial privileges on table
1.7.1. Grant all, revoke insert leads to select on table
1.7.2. Grant all, revoke select leads to select on table
2.Create/Drop role
3. Show roles
3.1. When there are no roles, returns empty list
3.2. When there are roles, returns correct list with correct schema.
4. Show role grant
4.1. When there are no roles and group, throws SentryNoSuchObjectException
4.2. When there are roles, returns correct list with correct schema.
5. Show privileges
5.1. When there are no privileges granted to a role, returns an empty list
5.2. When there are privileges, returns correct list with correct schema.
5.3. Given privileges on table, show grant on table should return table privilege.
5.4. Privileges on database
5.4.1. Show grant on database should return correct priv
5.4.2. Show grant on table should return correct priv
5.5. Privileges on server
5.5.1. Show grant on database should return correct priv
5.5.2. Show grant on table should return correct priv
5.5.3. Show grant on server should return correct priv (sql not supported yet in hive)
5.6. Show grant on uri (sql not supported yet in hive)
6. Show current role
7. Corner test cases:
7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException
7.2. Create role which already exists, throws SentryAlreadyExitsException
7.3. Drop role when privileges mapping exists and create role with same name, old mappings should not exist
7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException
7.5. Grant role when mapping exists, silently allows
7.6. Grant multiple roles to a group
7.7. Revoke role after role has been dropped, SentryNoSuchObjectException
7.8. Revoke role from a group when mapping doesnt exist, silently allows
7.9. Grant privilege to a role, privilege already exists, silently allows
7.10. Grant privilege to a role, mapping already exists, silently allows
7.11. Multiple privileges to a role
7.12. Revoke privilege when privilege doesnt exist, silently allows
7.13. Revoke privilege, when role doesnt exist, SentryNoSuchObjectException
7.14. Revoke privilege when mapping doesnt exist, silently allows
8. Sentry Auth DDL by non admin user tests, shouls fire SentryOnFailureHook and should throw SentryAccessDeniedException
8.1. Create role
8.2. Drop role
8.3. Grant role
8.4. Revoke role
8.5. Grant privilege
8.6. Revoke privilege
8.7. Show roles
8.8. Show role grant
8.9. Show grant
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java 62113c89607a7194fef79a3f9d89e89a5a96c51c
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 322e90e5785d20d250be19e75fd2ed4c1c9b817a
sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift 5d584c0a856fbf2bc563481c99dcb69a36a2b507
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java 1089390dc6b2bd709591093b583f1cd5bc32e787
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java 79ca38774818f5cc812a9810bb84784f8429001a
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 84223a941e8072683681ef41e265d0c8e3570f82
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java 8beedd7ba837b132a39da5b794118ab919fc203f
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java 39d411e3c9138d50b6dc3ead5cd0a45653f4873f
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java 079f273f20753c4de90f448f1de47c56b810e18d
Diff: https://reviews.apache.org/r/22322/diff/
Testing
-------
Yes.
Thanks,
Sravya Tirukkovalur