You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2016/03/30 03:51:58 UTC
[02/13] sentry git commit: SENTRY-514: Enable e2e tests for
authorization V2 (Dapeng Sun, reviewed by Anne Yu)
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java
new file mode 100644
index 0000000..f1e6d75
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java
@@ -0,0 +1,218 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.tests.e2e.metastore;
+
+import java.io.IOException;
+import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.hadoop.hive.cli.CliSessionState;
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
+import org.apache.hadoop.hive.metastore.api.Database;
+import org.apache.hadoop.hive.metastore.api.FieldSchema;
+import org.apache.hadoop.hive.metastore.api.Order;
+import org.apache.hadoop.hive.metastore.api.Partition;
+import org.apache.hadoop.hive.metastore.api.SerDeInfo;
+import org.apache.hadoop.hive.metastore.api.StorageDescriptor;
+import org.apache.hadoop.hive.metastore.api.Table;
+import org.apache.hadoop.hive.ql.Driver;
+import org.apache.hadoop.hive.ql.processors.CommandProcessorResponse;
+import org.apache.hadoop.hive.ql.session.SessionState;
+import org.apache.hadoop.hive.serde.serdeConstants;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.pig.PigServer;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration;
+import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory.HiveServer2Type;
+import org.junit.BeforeClass;
+
+public abstract class AbstractMetastoreTestWithStaticConfiguration extends
+ AbstractTestWithStaticConfiguration {
+
+ @BeforeClass
+ public static void setupTestStaticConfiguration() throws Exception {
+ useSentryService = true;
+ clearDbPerTest = false;
+ testServerType = HiveServer2Type.InternalMetastore.name();
+ AbstractTestWithStaticConfiguration.setupTestStaticConfiguration();
+ }
+
+ protected static void writePolicyFile(PolicyFile policyFile) throws Exception {
+ policyFile.write(context.getPolicyFile());
+ }
+
+ public static PolicyFile setAdminOnServer1(String adminGroup)
+ throws Exception {
+ return SentryPolicyProviderForDb.setAdminOnServer1(adminGroup,
+ getSentryClient());
+ }
+ /**
+ * create a metastore table using the given attributes
+ * @param client
+ * @param dbName
+ * @param tabName
+ * @param cols
+ * @return
+ * @throws Exception
+ */
+ public Table createMetastoreTable(HiveMetaStoreClient client, String dbName,
+ String tabName, List<FieldSchema> cols) throws Exception {
+
+ Table tbl = makeMetastoreTableObject(client, dbName, tabName, cols);
+ client.createTable(tbl);
+ return tbl;
+ }
+
+ public Table createMetastoreTableWithLocation(HiveMetaStoreClient client,
+ String dbName, String tabName, List<FieldSchema> cols, String location)
+ throws Exception {
+ Table tbl = makeMetastoreTableObject(client, dbName, tabName, cols);
+ tbl.getSd().setLocation(location);
+ client.createTable(tbl);
+ return tbl;
+
+ }
+
+ public Table createMetastoreTableWithPartition(HiveMetaStoreClient client,
+ String dbName, String tabName, List<FieldSchema> cols,
+ List<FieldSchema> partionVals) throws Exception {
+ Table tbl = makeMetastoreTableObject(client, dbName, tabName, cols);
+ tbl.setPartitionKeys(partionVals);
+ client.createTable(tbl);
+ return client.getTable(dbName, tabName);
+ }
+
+ public void addPartition(HiveMetaStoreClient client, String dbName,
+ String tblName, List<String> ptnVals, Table tbl) throws Exception {
+ Partition part = makeMetastorePartitionObject(dbName, tblName, ptnVals, tbl);
+ client.add_partition(part);
+ }
+
+ public void addPartitionWithLocation(HiveMetaStoreClient client,
+ String dbName, String tblName, List<String> ptnVals, Table tbl,
+ String location) throws Exception {
+ Partition part = makeMetastorePartitionObject(dbName, tblName, ptnVals,
+ tbl, location);
+ client.add_partition(part);
+ }
+
+ public Table makeMetastoreTableObject(HiveMetaStoreClient client,
+ String dbName, String tabName, List<FieldSchema> cols) throws Exception {
+ Table tbl = new Table();
+ tbl.setDbName(dbName);
+ tbl.setTableName(tabName);
+ StorageDescriptor sd = new StorageDescriptor();
+ tbl.setSd(sd);
+ tbl.setParameters(new HashMap<String, String>());
+ sd.setCols(cols);
+ sd.setCompressed(false);
+ sd.setParameters(new HashMap<String, String>());
+ sd.setSerdeInfo(new SerDeInfo());
+ sd.getSerdeInfo().setName(tbl.getTableName());
+ sd.getSerdeInfo().setParameters(new HashMap<String, String>());
+ sd.getSerdeInfo().getParameters()
+ .put(serdeConstants.SERIALIZATION_FORMAT, "1");
+ sd.setSortCols(new ArrayList<Order>());
+ return tbl;
+ }
+
+ public Partition makeMetastorePartitionObject(String dbName, String tblName,
+ List<String> ptnVals, Table tbl, String partitionLocation) {
+ Partition part = makeMetastoreBasePartitionObject(dbName, tblName, ptnVals,
+ tbl);
+ part.getSd().setLocation(partitionLocation);
+ return part;
+ }
+
+ public Partition makeMetastorePartitionObject(String dbName, String tblName,
+ List<String> ptnVals, Table tbl) {
+ Partition part = makeMetastoreBasePartitionObject(dbName, tblName, ptnVals,
+ tbl);
+ return part;
+ }
+
+ private Partition makeMetastoreBasePartitionObject(String dbName,
+ String tblName, List<String> ptnVals, Table tbl) {
+ Partition part4 = new Partition();
+ part4.setDbName(dbName);
+ part4.setTableName(tblName);
+ part4.setValues(ptnVals);
+ part4.setParameters(new HashMap<String, String>());
+ part4.setSd(tbl.getSd().deepCopy());
+ part4.getSd().setSerdeInfo(tbl.getSd().getSerdeInfo().deepCopy());
+ part4.setParameters(new HashMap<String, String>());
+ return part4;
+ }
+
+ public void createMetastoreDB(HiveMetaStoreClient client, String dbName)
+ throws Exception {
+ Database db = new Database();
+ db.setName(dbName);
+ client.createDatabase(db);
+ }
+
+ public void execHiveSQLwithOverlay(final String sqlStmt,
+ final String userName, Map<String, String> overLay) throws Exception {
+ final HiveConf hiveConf = new HiveConf();
+ for (Map.Entry<String, String> entry : overLay.entrySet()) {
+ hiveConf.set(entry.getKey(), entry.getValue());
+ }
+ UserGroupInformation clientUgi = UserGroupInformation
+ .createRemoteUser(userName);
+ clientUgi.doAs(new PrivilegedExceptionAction<Object>() {
+ @Override
+ public Void run() throws Exception {
+ Driver driver = new Driver(hiveConf, userName);
+ SessionState.start(new CliSessionState(hiveConf));
+ CommandProcessorResponse cpr = driver.run(sqlStmt);
+ if (cpr.getResponseCode() != 0) {
+ throw new IOException("Failed to execute \"" + sqlStmt
+ + "\". Driver returned " + cpr.getResponseCode() + " Error: "
+ + cpr.getErrorMessage());
+ }
+ driver.close();
+ SessionState.get().close();
+ return null;
+ }
+ });
+ }
+
+
+ public void execHiveSQL(String sqlStmt, String userName) throws Exception {
+ execHiveSQLwithOverlay(sqlStmt, userName, new HashMap<String, String>());
+ }
+
+ public void execPigLatin(String userName, final PigServer pigServer,
+ final String pigLatin) throws Exception {
+ UserGroupInformation clientUgi = UserGroupInformation
+ .createRemoteUser(userName);
+ clientUgi.doAs(
+ new PrivilegedExceptionAction<Object>() {
+ @Override
+ public Void run() throws Exception {
+ pigServer.registerQuery(pigLatin);
+ return null;
+ }
+ });
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java
new file mode 100644
index 0000000..2507f83
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java
@@ -0,0 +1,163 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.tests.e2e.metastore;
+
+import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER;
+import static org.apache.sentry.policy.common.PolicyConstants.PRIVILEGE_PREFIX;
+import static org.apache.sentry.policy.common.PolicyConstants.ROLE_SPLITTER;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.Map.Entry;
+import java.util.Set;
+
+import org.apache.sentry.SentryUserException;
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.core.model.db.DBModelAction;
+import org.apache.sentry.core.model.db.DBModelAuthorizable;
+import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
+import org.apache.sentry.policy.db.DBModelAuthorizables;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.provider.db.service.thrift.TSentryRole;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.tests.e2e.hive.StaticUserGroup;
+import org.apache.tools.ant.util.StringUtils;
+import org.mortbay.log.Log;
+
+import com.google.common.collect.Sets;
+
+public class SentryPolicyProviderForDb extends PolicyFile {
+ protected static final Set<String> ADMIN_GROUP_SET = Sets
+ .newHashSet(StaticUserGroup.ADMINGROUP);
+ private SentryPolicyServiceClient sentryClient;
+
+ protected SentryPolicyServiceClient getSentryClient() {
+ return sentryClient;
+ }
+
+ public SentryPolicyProviderForDb(SentryPolicyServiceClient sentryClient) {
+ this.sentryClient = sentryClient;
+ }
+
+ public static SentryPolicyProviderForDb setAdminOnServer1(String admin,
+ SentryPolicyServiceClient sentryClient)
+ throws Exception {
+ SentryPolicyProviderForDb policyFile = new SentryPolicyProviderForDb(
+ sentryClient);
+ policyFile.addRolesToGroup(admin, "admin_role").addPermissionsToRole(
+ "admin_role", "server=server1");
+ return policyFile;
+ }
+
+ public void write(File file) throws Exception {
+ super.write(file);
+ if (!usingSentryService()) {
+ return;
+ }
+
+ // remove existing metadata
+ for (TSentryRole tRole : sentryClient.listRoles(StaticUserGroup.ADMIN1)) {
+ sentryClient.dropRole(StaticUserGroup.ADMIN1, tRole.getRoleName());
+ }
+
+ // create roles and add privileges
+ for (Entry<String, Collection<String>> roleEntry : rolesToPermissions
+ .asMap().entrySet()) {
+ sentryClient.createRole(StaticUserGroup.ADMIN1, roleEntry.getKey());
+ for (String privilege : roleEntry.getValue()) {
+ addPrivilege(roleEntry.getKey(), privilege);
+ }
+ }
+
+ // grant roles to groups
+ for (Entry<String, Collection<String>> groupEntry : groupsToRoles.asMap()
+ .entrySet()) {
+ for (String roleNames : groupEntry.getValue()) {
+ for (String roleName : roleNames.split(",")) {
+ try {
+ sentryClient
+ .grantRoleToGroup(StaticUserGroup.ADMIN1, groupEntry.getKey(), roleName);
+ } catch (SentryUserException e) {
+ Log.warn("Error granting role " + roleName + " to group "
+ + groupEntry.getKey());
+ }
+ }
+ }
+ }
+ }
+
+ private void addPrivilege(String roleName, String privileges)
+ throws Exception {
+ String serverName = null, dbName = null, tableName = null, columnName = null, uriPath = null;
+ String action = AccessConstants.ALL;
+ for (String privilege : ROLE_SPLITTER.split(privileges)) {
+ for (String section : AUTHORIZABLE_SPLITTER.split(privilege)) {
+ // action is not an authorizeable
+ if (!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
+ DBModelAuthorizable dbAuthorizable = DBModelAuthorizables
+ .from(section);
+ if (dbAuthorizable == null) {
+ throw new IOException("Unknow Auth type " + section);
+ }
+
+ if (AuthorizableType.Server.equals(dbAuthorizable.getAuthzType())) {
+ serverName = dbAuthorizable.getName();
+ } else if (AuthorizableType.Db.equals(dbAuthorizable.getAuthzType())) {
+ dbName = dbAuthorizable.getName();
+ } else if (AuthorizableType.Table.equals(dbAuthorizable
+ .getAuthzType())) {
+ tableName = dbAuthorizable.getName();
+ } else if (AuthorizableType.URI.equals(dbAuthorizable.getAuthzType())) {
+ uriPath = dbAuthorizable.getName();
+ } else if (AuthorizableType.Column.equals(dbAuthorizable.getAuthzType())) {
+ columnName = dbAuthorizable.getName();
+ } else {
+ throw new IOException("Unsupported auth type "
+ + dbAuthorizable.getName() + " : "
+ + dbAuthorizable.getTypeName());
+ }
+ } else {
+ action = DBModelAction
+ .valueOf(
+ StringUtils.removePrefix(section, PRIVILEGE_PREFIX)
+ .toUpperCase()).toString();
+ }
+ }
+
+ if (columnName != null) {
+ sentryClient.grantColumnPrivilege(StaticUserGroup.ADMIN1, roleName, serverName, dbName,
+ tableName, columnName, action);
+ } else if (tableName != null) {
+ sentryClient.grantTablePrivilege(StaticUserGroup.ADMIN1, roleName, serverName, dbName,
+ tableName, action);
+ } else if (dbName != null) {
+ sentryClient.grantDatabasePrivilege(StaticUserGroup.ADMIN1, roleName, serverName,
+ dbName, action);
+ } else if (uriPath != null) {
+ sentryClient.grantURIPrivilege(StaticUserGroup.ADMIN1, roleName, serverName, uriPath);
+ } else if (serverName != null) {
+ sentryClient.grantServerPrivilege(StaticUserGroup.ADMIN1, roleName, serverName, action);
+ }
+ }
+
+ }
+
+ private boolean usingSentryService() {
+ return sentryClient != null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java
new file mode 100644
index 0000000..815c38e
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java
@@ -0,0 +1,1106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.tests.e2e.metastore;
+
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.core.IsNull.notNullValue;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+
+import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
+import org.apache.hadoop.hive.metastore.api.FieldSchema;
+import org.apache.hadoop.hive.metastore.api.MetaException;
+import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
+import org.apache.hadoop.hive.metastore.api.Table;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.tests.e2e.hive.StaticUserGroup;
+import org.apache.thrift.TException;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.google.common.collect.Lists;
+
+public class TestAuthorizingObjectStore extends
+ AbstractMetastoreTestWithStaticConfiguration {
+ private PolicyFile policyFile;
+ private static final String dbName1 = "db_1";
+ private static final String dbName2 = "db_2";
+ private static final String tabName1 = "tab1";
+ private static final String tabName2 = "tab2";
+ private static final String tabName3 = "tab3";
+ private static final String tabName4 = "tab4";
+ private static final String all_role = "all_role";
+ private static final String db1_t1_role = "db1_t1_role";
+ private static final String partitionVal = "part1";
+ private static final String colName1 = "col1";
+ // this user is configured for sentry.metastore.service.users,
+ // for this test, the value is set when creating the HiveServer.
+ private static final String userWithoutAccess = "accessAllMetaUser";
+
+ @BeforeClass
+ public static void setupTestStaticConfiguration () throws Exception {
+ AbstractMetastoreTestWithStaticConfiguration.setupTestStaticConfiguration();
+ }
+
+ @Override
+ @Before
+ public void setup() throws Exception {
+ policyFile = setAdminOnServer1(ADMINGROUP);
+ // add user ACCESSAllMETAUSER for the test case testPrivilegesForUserNameCaseSensitive
+ policyFile.addGroupsToUser(userWithoutAccess.toUpperCase(), "tempGroup").setUserGroupMapping(
+ StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
+ super.setup();
+
+ HiveMetaStoreClient client = null;
+ for (int i=0; i < 10; i++) {
+ try {
+ client = context.getMetaStoreClient(ADMIN1);
+ break;
+ } catch (Throwable e) {
+ // ignore
+ }
+ Thread.sleep(6000);
+ }
+ client.dropDatabase(dbName1, true, true, true);
+ client.dropDatabase(dbName2, true, true, true);
+ createMetastoreDB(client, dbName1);
+ createMetastoreDB(client, dbName2);
+
+ Table tbl1 = createMetastoreTableWithPartition(client, dbName1, tabName1,
+ Lists.newArrayList(new FieldSchema("col1", "int", "")),
+ Lists.newArrayList(new FieldSchema("part_col1", "string", "")));
+ addPartition(client, dbName1, tabName1, Lists.newArrayList(partitionVal), tbl1);
+
+ Table tbl2 = createMetastoreTableWithPartition(client, dbName1, tabName2,
+ Lists.newArrayList(new FieldSchema("col1", "int", "")),
+ Lists.newArrayList(new FieldSchema("part_col1", "string", "")));
+ addPartition(client, dbName1, tabName2, Lists.newArrayList(partitionVal), tbl2);
+
+ Table tbl3 = createMetastoreTableWithPartition(client, dbName2, tabName3,
+ Lists.newArrayList(new FieldSchema("col1", "int", "")),
+ Lists.newArrayList(new FieldSchema("part_col1", "string", "")));
+ addPartition(client, dbName2, tabName3, Lists.newArrayList(partitionVal), tbl3);
+
+ Table tbl4 = createMetastoreTableWithPartition(client, dbName2, tabName4,
+ Lists.newArrayList(new FieldSchema("col1", "int", "")),
+ Lists.newArrayList(new FieldSchema("part_col1", "string", "")));
+ addPartition(client, dbName2, tabName4, Lists.newArrayList(partitionVal), tbl4);
+
+ client.close();
+
+ policyFile
+ .addRolesToGroup(USERGROUP1, all_role)
+ .addRolesToGroup(USERGROUP2, db1_t1_role)
+ .addPermissionsToRole(all_role, "server=server1->db=" + dbName1)
+ .addPermissionsToRole(all_role, "server=server1->db=" + dbName2)
+ .addPermissionsToRole(all_role,
+ "server=server1->db=" + dbName1 + "->table=" + tabName1 + "->action=SELECT")
+ .addPermissionsToRole(all_role,
+ "server=server1->db=" + dbName1 + "->table=" + tabName2 + "->action=SELECT")
+ .addPermissionsToRole(all_role,
+ "server=server1->db=" + dbName2 + "->table=" + tabName3 + "->action=SELECT")
+ .addPermissionsToRole(all_role,
+ "server=server1->db=" + dbName2 + "->table=" + tabName4 + "->action=SELECT")
+ .addPermissionsToRole(db1_t1_role,
+ "server=server1->db=" + dbName1 + "->table=" + tabName1 + "->action=SELECT")
+ .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
+ }
+
+ /**
+ * The configuration "sentry.metastore.service.users" is for user who has all
+ * access to metadata, and the value should be case-sensitive.
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testPrivilegesForUserNameCaseSensitive() throws Exception {
+ // The value of "sentry.metastore.service.users" is "accessAllMetaUser", and
+ // the value is case-sensitive.
+ // The input name is "ACCESSALLMEATAUSER", and the client should has no
+ // access to metadata.
+ HiveMetaStoreClient client = context.getMetaStoreClient(userWithoutAccess.toUpperCase());
+ try {
+ client.getDatabase(dbName1);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ }
+
+ /**
+ * User accessAllMetaUser is configured as the value of
+ * "sentry.metastore.service.users" and has all access to databases and
+ * tables.
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testPrivilegesForUserWithoutAccess() throws Exception {
+ HiveMetaStoreClient client = context.getMetaStoreClient(userWithoutAccess);
+ assertThat(client.getDatabase(dbName1), notNullValue());
+ assertThat(client.getDatabase(dbName2), notNullValue());
+ // including the "default" db
+ assertThat(client.getAllDatabases().size(), equalTo(3));
+ // including the "default" db
+ assertThat(client.getDatabases("*").size(), equalTo(3));
+ assertThat(client.getTable(dbName1, tabName1), notNullValue());
+ assertThat(client.getTable(dbName1, tabName2), notNullValue());
+ assertThat(client.getTable(dbName2, tabName3), notNullValue());
+ assertThat(client.getTable(dbName2, tabName4), notNullValue());
+ assertThat(client.listPartitions(dbName1, tabName1, (short) 1).size(), equalTo(1));
+ assertThat(client.listPartitions(dbName1, tabName2, (short) 1).size(), equalTo(1));
+ assertThat(client.listPartitions(dbName2, tabName3, (short) 1).size(), equalTo(1));
+ assertThat(client.listPartitions(dbName2, tabName4, (short) 1).size(), equalTo(1));
+
+ assertThat(
+ client.listPartitions(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
+ assertThat(
+ client.listPartitions(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
+ assertThat(
+ client.listPartitions(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
+ assertThat(
+ client.listPartitions(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
+
+ assertThat(
+ client.getPartition(dbName1, tabName1, new ArrayList<String>(Arrays.asList(partitionVal))),
+ notNullValue());
+ assertThat(
+ client.getPartition(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal))),
+ notNullValue());
+ assertThat(
+ client.getPartition(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal))),
+ notNullValue());
+ assertThat(
+ client.getPartition(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal))),
+ notNullValue());
+ assertThat(client.getTables(dbName1, "tab*").size(), equalTo(2));
+ assertThat(client.getTables(dbName2, "tab*").size(), equalTo(2));
+ assertThat(
+ client.getTableObjectsByName(dbName1,
+ new ArrayList<String>(Arrays.asList(tabName1, tabName2))).size(), equalTo(2));
+ assertThat(
+ client.getTableObjectsByName(dbName2,
+ new ArrayList<String>(Arrays.asList(tabName3, tabName4))).size(), equalTo(2));
+ assertThat(client.getAllTables(dbName1).size(), equalTo(2));
+ assertThat(client.getAllTables(dbName2).size(), equalTo(2));
+ assertThat(client.listPartitionNames(dbName1, tabName1, (short) 2).size(), equalTo(1));
+ assertThat(client.listPartitionNames(dbName1, tabName2, (short) 2).size(), equalTo(1));
+ assertThat(client.listPartitionNames(dbName2, tabName3, (short) 2).size(), equalTo(1));
+ assertThat(client.listPartitionNames(dbName2, tabName4, (short) 2).size(), equalTo(1));
+ assertThat(
+ client.listPartitionNames(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
+ assertThat(
+ client.listPartitionNames(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
+ assertThat(
+ client.listPartitionNames(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
+ assertThat(
+ client.listPartitionNames(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
+ assertThat(
+ client.getPartitionsByNames(dbName1, tabName1, new ArrayList<String>(Arrays.asList("")))
+ .size(), equalTo(0));
+ assertThat(
+ client.getPartitionsByNames(dbName1, tabName2, new ArrayList<String>(Arrays.asList("")))
+ .size(), equalTo(0));
+ assertThat(
+ client.getPartitionsByNames(dbName2, tabName3, new ArrayList<String>(Arrays.asList("")))
+ .size(), equalTo(0));
+ assertThat(
+ client.getPartitionsByNames(dbName2, tabName4, new ArrayList<String>(Arrays.asList("")))
+ .size(), equalTo(0));
+ try {
+ client.getIndex(dbName1, tabName1, "empty");
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is successful.
+ }
+ try {
+ client.getIndex(dbName1, tabName2, "empty");
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is successful.
+ }
+ try {
+ client.getIndex(dbName2, tabName3, "empty");
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is successful.
+ }
+ try {
+ client.getIndex(dbName2, tabName3, "empty");
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is successful.
+ }
+
+ assertThat(client.listIndexes(dbName1, tabName1, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexes(dbName1, tabName2, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexes(dbName2, tabName3, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexes(dbName2, tabName4, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexNames(dbName1, tabName1, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexNames(dbName1, tabName2, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexNames(dbName2, tabName3, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexNames(dbName2, tabName4, (short) 1).size(), equalTo(0));
+ assertThat(client.getPartitionWithAuthInfo(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup"))), notNullValue());
+ assertThat(client.getPartitionWithAuthInfo(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup"))), notNullValue());
+ assertThat(client.getPartitionWithAuthInfo(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup"))), notNullValue());
+ assertThat(client.getPartitionWithAuthInfo(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup"))), notNullValue());
+ assertThat(
+ client.getTableColumnStatistics(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
+ assertThat(
+ client.getTableColumnStatistics(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
+ assertThat(
+ client.getTableColumnStatistics(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
+ assertThat(
+ client.getTableColumnStatistics(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
+ client.close();
+ }
+
+ /**
+ * The group of USER1_1 is USERGROUP1, and has all access to databases and
+ * tables.
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testPrivilegesForFullAccess() throws Exception {
+ HiveMetaStoreClient client = context.getMetaStoreClient(USER1_1);
+ assertThat(client.getDatabase(dbName1), notNullValue());
+ assertThat(client.getDatabase(dbName2), notNullValue());
+ // including the "default" db
+ assertThat(client.getAllDatabases().size(), equalTo(3));
+ // including the "default" db
+ assertThat(client.getDatabases("*").size(), equalTo(3));
+ assertThat(client.getTable(dbName1, tabName1), notNullValue());
+ assertThat(client.getTable(dbName1, tabName2), notNullValue());
+ assertThat(client.getTable(dbName2, tabName3), notNullValue());
+ assertThat(client.getTable(dbName2, tabName4), notNullValue());
+ assertThat(client.listPartitions(dbName1, tabName1, (short) 1).size(), equalTo(1));
+ assertThat(client.listPartitions(dbName1, tabName2, (short) 1).size(), equalTo(1));
+ assertThat(client.listPartitions(dbName2, tabName3, (short) 1).size(), equalTo(1));
+ assertThat(client.listPartitions(dbName2, tabName4, (short) 1).size(), equalTo(1));
+
+ assertThat(
+ client.listPartitions(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
+ assertThat(
+ client.listPartitions(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
+ assertThat(
+ client.listPartitions(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
+ assertThat(
+ client.listPartitions(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
+
+ assertThat(
+ client.getPartition(dbName1, tabName1, new ArrayList<String>(Arrays.asList(partitionVal))),
+ notNullValue());
+ assertThat(
+ client.getPartition(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal))),
+ notNullValue());
+ assertThat(
+ client.getPartition(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal))),
+ notNullValue());
+ assertThat(
+ client.getPartition(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal))),
+ notNullValue());
+ assertThat(client.getTables(dbName1, "tab*").size(), equalTo(2));
+ assertThat(client.getTables(dbName2, "tab*").size(), equalTo(2));
+ assertThat(
+ client.getTableObjectsByName(dbName1,
+ new ArrayList<String>(Arrays.asList(tabName1, tabName2))).size(), equalTo(2));
+ assertThat(
+ client.getTableObjectsByName(dbName2,
+ new ArrayList<String>(Arrays.asList(tabName3, tabName4))).size(), equalTo(2));
+ assertThat(client.getAllTables(dbName1).size(), equalTo(2));
+ assertThat(client.getAllTables(dbName2).size(), equalTo(2));
+ assertThat(client.listPartitionNames(dbName1, tabName1, (short) 2).size(), equalTo(1));
+ assertThat(client.listPartitionNames(dbName1, tabName2, (short) 2).size(), equalTo(1));
+ assertThat(client.listPartitionNames(dbName2, tabName3, (short) 2).size(), equalTo(1));
+ assertThat(client.listPartitionNames(dbName2, tabName4, (short) 2).size(), equalTo(1));
+ assertThat(
+ client.listPartitionNames(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
+ assertThat(
+ client.listPartitionNames(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
+ assertThat(
+ client.listPartitionNames(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
+ assertThat(
+ client.listPartitionNames(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
+ assertThat(
+ client.getPartitionsByNames(dbName1, tabName1, new ArrayList<String>(Arrays.asList("")))
+ .size(), equalTo(0));
+ assertThat(
+ client.getPartitionsByNames(dbName1, tabName2, new ArrayList<String>(Arrays.asList("")))
+ .size(), equalTo(0));
+ assertThat(
+ client.getPartitionsByNames(dbName2, tabName3, new ArrayList<String>(Arrays.asList("")))
+ .size(), equalTo(0));
+ assertThat(
+ client.getPartitionsByNames(dbName2, tabName4, new ArrayList<String>(Arrays.asList("")))
+ .size(), equalTo(0));
+ try {
+ client.getIndex(dbName1, tabName1, "empty");
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is successful.
+ }
+ try {
+ client.getIndex(dbName1, tabName2, "empty");
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is successful.
+ }
+ try {
+ client.getIndex(dbName2, tabName3, "empty");
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is successful.
+ }
+ try {
+ client.getIndex(dbName2, tabName3, "empty");
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is successful.
+ }
+
+ assertThat(client.listIndexes(dbName1, tabName1, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexes(dbName1, tabName2, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexes(dbName2, tabName3, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexes(dbName2, tabName4, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexNames(dbName1, tabName1, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexNames(dbName1, tabName2, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexNames(dbName2, tabName3, (short) 1).size(), equalTo(0));
+ assertThat(client.listIndexNames(dbName2, tabName4, (short) 1).size(), equalTo(0));
+ assertThat(client.getPartitionWithAuthInfo(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup"))), notNullValue());
+ assertThat(client.getPartitionWithAuthInfo(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup"))), notNullValue());
+ assertThat(client.getPartitionWithAuthInfo(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup"))), notNullValue());
+ assertThat(client.getPartitionWithAuthInfo(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup"))), notNullValue());
+ assertThat(
+ client.getTableColumnStatistics(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
+ assertThat(
+ client.getTableColumnStatistics(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
+ assertThat(
+ client.getTableColumnStatistics(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
+ assertThat(
+ client.getTableColumnStatistics(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
+ client.close();
+ }
+
+ /**
+ * The group of USER2_1 is USERGROUP2, and has the access to db1 and t1.
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testPrivilegesForPartialAccess() throws Exception {
+ HiveMetaStoreClient client = context.getMetaStoreClient(USER2_1);
+ assertThat(client.getDatabase(dbName1), notNullValue());
+ try {
+ client.getDatabase(dbName2);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ // including the "default" db
+ assertThat(client.getAllDatabases().size(), equalTo(2));
+ // including the "default" db
+ assertThat(client.getDatabases("*").size(), equalTo(2));
+ assertThat(client.getTable(dbName1, tabName1), notNullValue());
+ try {
+ client.getTable(dbName1, tabName2);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getTable(dbName2, tabName3);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getTable(dbName2, tabName4);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(client.listPartitions(dbName1, tabName1, (short) 1).size(), equalTo(1));
+ try {
+ client.listPartitions(dbName1, tabName2, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitions(dbName2, tabName3, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitions(dbName2, tabName4, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(
+ client.listPartitions(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1));
+ try {
+ client.listPartitions(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal)),
+ (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitions(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal)),
+ (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitions(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal)),
+ (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(
+ client.getPartition(dbName1, tabName1, new ArrayList<String>(Arrays.asList(partitionVal))),
+ notNullValue());
+ try {
+ client.getPartition(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal)));
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartition(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal)));
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartition(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal)));
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(client.getTables(dbName1, "tab*").size(), equalTo(1));
+ assertThat(client.getTables(dbName2, "tab*").size(), equalTo(0));
+ assertThat(
+ client.getTableObjectsByName(dbName1,
+ new ArrayList<String>(Arrays.asList(tabName1, tabName2))).size(), equalTo(1));
+ assertThat(
+ client.getTableObjectsByName(dbName2,
+ new ArrayList<String>(Arrays.asList(tabName3, tabName4))).size(), equalTo(0));
+ assertThat(client.getAllTables(dbName1).size(), equalTo(1));
+ assertThat(client.getAllTables(dbName2).size(), equalTo(0));
+
+ assertThat(client.listPartitionNames(dbName1, tabName1, (short) 2).size(), equalTo(1));
+ try {
+ client.listPartitionNames(dbName1, tabName2, (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException te) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitionNames(dbName2, tabName3, (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException te) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitionNames(dbName2, tabName4, (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException te) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(
+ client.listPartitionNames(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1));
+ try {
+ client.listPartitionNames(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitionNames(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitionNames(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(
+ client.getPartitionsByNames(dbName1, tabName1, new ArrayList<String>(Arrays.asList("")))
+ .size(), equalTo(0));
+ try {
+ client.getPartitionsByNames(dbName1, tabName2, new ArrayList<String>(Arrays.asList("")));
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartitionsByNames(dbName2, tabName3, new ArrayList<String>(Arrays.asList("")));
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartitionsByNames(dbName2, tabName4, new ArrayList<String>(Arrays.asList("")));
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.getIndex(dbName1, tabName1, "empty");
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is successful.
+ }
+ try {
+ client.getIndex(dbName1, tabName2, "empty");
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getIndex(dbName2, tabName3, "empty");
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getIndex(dbName2, tabName3, "empty");
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(client.listIndexes(dbName1, tabName1, (short) 1).size(), equalTo(0));
+ try {
+ client.listIndexes(dbName1, tabName2, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listIndexes(dbName2, tabName3, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listIndexes(dbName2, tabName4, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(client.listIndexNames(dbName1, tabName1, (short) 1).size(), equalTo(0));
+ try {
+ client.listIndexNames(dbName1, tabName2, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listIndexNames(dbName2, tabName3, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listIndexNames(dbName2, tabName4, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(client.getPartitionWithAuthInfo(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup"))), notNullValue());
+ try {
+ client.getPartitionWithAuthInfo(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup")));
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartitionWithAuthInfo(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup")));
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartitionWithAuthInfo(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup")));
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(
+ client.getTableColumnStatistics(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(colName1))).size(), equalTo(0));
+ try {
+ client.getTableColumnStatistics(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(colName1)));
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getTableColumnStatistics(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(colName1)));
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getTableColumnStatistics(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(colName1)));
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ client.close();
+ }
+
+ /**
+ * The group of USER3_1 is USERGROUP3, and has no access to database and
+ * table.
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testPrivilegesForNoAccess() throws Exception {
+ HiveMetaStoreClient client = context.getMetaStoreClient(USER3_1);
+ try {
+ client.getDatabase(dbName1);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getDatabase(dbName2);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ // including the "default" db
+ assertThat(client.getAllDatabases().size(), equalTo(1));
+ // including the "default" db
+ assertThat(client.getDatabases("*").size(), equalTo(1));
+ try {
+ client.getTable(dbName1, tabName1);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getTable(dbName1, tabName2);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getTable(dbName2, tabName3);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getTable(dbName2, tabName4);
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.listPartitions(dbName1, tabName1, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitions(dbName1, tabName2, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitions(dbName2, tabName3, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitions(dbName2, tabName4, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.listPartitions(dbName1, tabName1, new ArrayList<String>(Arrays.asList(partitionVal)),
+ (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitions(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal)),
+ (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitions(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal)),
+ (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitions(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal)),
+ (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.getPartition(dbName1, tabName1, new ArrayList<String>(Arrays.asList(partitionVal)));
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartition(dbName1, tabName2, new ArrayList<String>(Arrays.asList(partitionVal)));
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartition(dbName2, tabName3, new ArrayList<String>(Arrays.asList(partitionVal)));
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartition(dbName2, tabName4, new ArrayList<String>(Arrays.asList(partitionVal)));
+ fail("NoSuchObjectException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ assertThat(client.getTables(dbName1, "tab*").size(), equalTo(0));
+ assertThat(client.getTables(dbName2, "tab*").size(), equalTo(0));
+ assertThat(
+ client.getTableObjectsByName(dbName1,
+ new ArrayList<String>(Arrays.asList(tabName1, tabName2))).size(), equalTo(0));
+ assertThat(
+ client.getTableObjectsByName(dbName2,
+ new ArrayList<String>(Arrays.asList(tabName3, tabName4))).size(), equalTo(0));
+ assertThat(client.getAllTables(dbName1).size(), equalTo(0));
+ assertThat(client.getAllTables(dbName2).size(), equalTo(0));
+
+ try {
+ client.listPartitionNames(dbName1, tabName1, (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitionNames(dbName1, tabName2, (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitionNames(dbName2, tabName3, (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitionNames(dbName2, tabName4, (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.listPartitionNames(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitionNames(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitionNames(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listPartitionNames(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(partitionVal)), (short) 2);
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.getPartitionsByNames(dbName1, tabName1, new ArrayList<String>(Arrays.asList("")));
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartitionsByNames(dbName1, tabName2, new ArrayList<String>(Arrays.asList("")));
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartitionsByNames(dbName2, tabName3, new ArrayList<String>(Arrays.asList("")));
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartitionsByNames(dbName2, tabName4, new ArrayList<String>(Arrays.asList("")));
+ fail("MetaException should have been thrown");
+ } catch (TException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.getIndex(dbName1, tabName1, "empty");
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getIndex(dbName1, tabName2, "empty");
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getIndex(dbName2, tabName3, "empty");
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getIndex(dbName2, tabName3, "empty");
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.listIndexes(dbName1, tabName1, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listIndexes(dbName1, tabName2, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listIndexes(dbName2, tabName3, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listIndexes(dbName2, tabName4, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.listIndexNames(dbName1, tabName1, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listIndexNames(dbName1, tabName2, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listIndexNames(dbName2, tabName3, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.listIndexNames(dbName2, tabName4, (short) 1);
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.getPartitionWithAuthInfo(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup")));
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartitionWithAuthInfo(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup")));
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartitionWithAuthInfo(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup")));
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getPartitionWithAuthInfo(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(partitionVal)), "tempuser", new ArrayList<String>(
+ Arrays.asList("tempgroup")));
+ fail("MetaException should have been thrown");
+ } catch (NoSuchObjectException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+
+ try {
+ client.getTableColumnStatistics(dbName1, tabName1,
+ new ArrayList<String>(Arrays.asList(colName1)));
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getTableColumnStatistics(dbName1, tabName2,
+ new ArrayList<String>(Arrays.asList(colName1)));
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getTableColumnStatistics(dbName2, tabName3,
+ new ArrayList<String>(Arrays.asList(colName1)));
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ try {
+ client.getTableColumnStatistics(dbName2, tabName4,
+ new ArrayList<String>(Arrays.asList(colName1)));
+ fail("MetaException should have been thrown");
+ } catch (MetaException noe) {
+ // ignore, just make sure the authorization is failed.
+ }
+ client.close();
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java
new file mode 100644
index 0000000..f406fd7
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.tests.e2e.metastore;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.File;
+import java.io.FileOutputStream;
+
+import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
+import org.apache.hive.hcatalog.pig.HCatStorer;
+import org.apache.pig.ExecType;
+import org.apache.pig.PigServer;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.tests.e2e.hive.StaticUserGroup;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import com.google.common.io.Resources;
+
+public class TestMetaStoreWithPigHCat extends
+ AbstractMetastoreTestWithStaticConfiguration {
+ private PolicyFile policyFile;
+ private File dataFile;
+ private static final String dbName = "db_1";
+ private static final String tabName1 = "tab1";
+ private static final String tabName2 = "tab2";
+ private static final String db_all_role = "all_db1";
+
+ @BeforeClass
+ public static void beforeClass() {
+ System.setProperty("hadoopversion", "23");
+ }
+
+ @Before
+ public void setup() throws Exception {
+ dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
+ FileOutputStream to = new FileOutputStream(dataFile);
+ Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
+ to.close();
+
+ policyFile = setAdminOnServer1(ADMINGROUP);
+ policyFile
+ .addRolesToGroup(USERGROUP1, db_all_role)
+ .addRolesToGroup(USERGROUP2, "read_db_role")
+ .addPermissionsToRole(db_all_role, "server=server1->db=" + dbName)
+ .addPermissionsToRole("read_db_role",
+ "server=server1->db=" + dbName + "->table=" + tabName2 + "->action=SELECT")
+ .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+ writePolicyFile(policyFile);
+
+ HiveMetaStoreClient client = context.getMetaStoreClient(ADMIN1);
+ client.dropDatabase(dbName, true, true, true);
+ createMetastoreDB(client, dbName);
+ client.close();
+ }
+
+ /**
+ * Verify add partition via Pig+HCatStore
+ *
+ * *** Disabled due to HCat inputformat compatibility issue in Hive 1.1.0
+ */
+ @Ignore
+ @Test
+ public void testPartionLoad() throws Exception {
+ execHiveSQL("CREATE TABLE " + dbName + "." + tabName1
+ + " (id int) PARTITIONED BY (part_col STRING)", ADMIN1);
+ execHiveSQL("CREATE TABLE " + dbName + "." + tabName2
+ + " (id int) PARTITIONED BY (part_col STRING)", ADMIN1);
+
+ // user with ALL on DB should be able to add partion using Pig/HCatStore
+ PigServer pigServer = context.getPigServer(USER1_1, ExecType.LOCAL);
+ execPigLatin(USER1_1, pigServer, "A = load '" + dataFile.getPath()
+ + "' as (id:int);");
+ execPigLatin(USER1_1, pigServer, "store A into '" + dbName + "." + tabName1
+ + "' using " + HCatStorer.class.getName() + " ('part_col=part1');");
+ HiveMetaStoreClient client = context.getMetaStoreClient(ADMIN1);
+ assertEquals(1, client.listPartitionNames(dbName, tabName1, (short) 10)
+ .size());
+
+ // user without select on DB should NOT be able to add partition with Pig/HCatStore
+ pigServer = context.getPigServer(USER2_1, ExecType.LOCAL);
+ execPigLatin(USER2_1, pigServer, "A = load '" + dataFile.getPath()
+ + "' as (id:int);");
+ // This action won't be successful because of no permission, but there is no exception will
+ // be thrown in this thread. The detail exception can be found in
+ // sentry-tests/sentry-tests-hive/target/surefire-reports/org.apache.sentry.tests.e2e.metastore.TestMetaStoreWithPigHCat-output.txt.
+ execPigLatin(USER2_1, pigServer, "store A into '" + dbName + "." + tabName2 + "' using "
+ + HCatStorer.class.getName() + " ('part_col=part2');");
+ // The previous action is failed, and there will be no data.
+ assertEquals(0, client.listPartitionNames(dbName, tabName2, (short) 10).size());
+ client.close();
+ }
+
+}