You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by jd...@apache.org on 2016/10/24 17:38:25 UTC
hive git commit: HIVE-9941: sql std authorization on partitioned
table: truncate and insert (Sushanth Sowmyan via Jason Dere)
Repository: hive
Updated Branches:
refs/heads/master e22392d37 -> 5c35d0c52
HIVE-9941: sql std authorization on partitioned table: truncate and insert (Sushanth Sowmyan via Jason Dere)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/5c35d0c5
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/5c35d0c5
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/5c35d0c5
Branch: refs/heads/master
Commit: 5c35d0c5202de2ceacb40e061bdfe4d33bb9f3cb
Parents: e22392d
Author: Jason Dere <jd...@hortonworks.com>
Authored: Mon Oct 24 10:37:49 2016 -0700
Committer: Jason Dere <jd...@hortonworks.com>
Committed: Mon Oct 24 10:37:49 2016 -0700
----------------------------------------------------------------------
.../authorization_alter_drop_ptn.q | 11 +++++++
.../clientnegative/authorization_export_ptn.q | 19 +++++++++++
.../clientnegative/authorization_import_ptn.q | 23 +++++++++++++
.../clientnegative/authorization_truncate_2.q | 11 +++++++
.../authorization_alter_drop_ptn.q.out | 18 +++++++++++
.../authorization_export_ptn.q.out | 19 +++++++++++
.../authorization_import_ptn.q.out | 34 ++++++++++++++++++++
.../authorization_truncate_2.q.out | 18 +++++++++++
8 files changed, 153 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/5c35d0c5/ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q b/ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q
new file mode 100644
index 0000000..5b2c1ed
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q
@@ -0,0 +1,11 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+-- check alter-drop on partition
+create table auth_trunc2(i int) partitioned by (j int);
+alter table auth_trunc2 add partition (j=42);
+set user.name=user1;
+alter table auth_trunc2 drop partition(j=42);
+
http://git-wip-us.apache.org/repos/asf/hive/blob/5c35d0c5/ql/src/test/queries/clientnegative/authorization_export_ptn.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_export_ptn.q b/ql/src/test/queries/clientnegative/authorization_export_ptn.q
new file mode 100644
index 0000000..c9b4675
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_export_ptn.q
@@ -0,0 +1,19 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875-export/temp;
+dfs -rmr ${system:test.tmp.dir}/hive-12875-export;
+dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875-export/;
+
+-- check export on partition
+create table auth_export_ptn(i int) partitioned by (j int);
+alter table auth_export_ptn add partition (j=42);
+set user.name=user1;
+export table auth_export_ptn partition (j=42) to 'pfile://${system:test.tmp.dir}/hive-12875-export';
+
+set hive.security.authorization.enabled=false;
+
+drop table auth_export_ptn;
+
http://git-wip-us.apache.org/repos/asf/hive/blob/5c35d0c5/ql/src/test/queries/clientnegative/authorization_import_ptn.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_import_ptn.q b/ql/src/test/queries/clientnegative/authorization_import_ptn.q
new file mode 100644
index 0000000..70c3a36
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_import_ptn.q
@@ -0,0 +1,23 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875-import/temp;
+dfs -rmr ${system:test.tmp.dir}/hive-12875-import;
+dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875-import/;
+
+-- check export on partition
+create table auth_import_ptn(i int) partitioned by (j int);
+alter table auth_import_ptn add partition (j=42);
+export table auth_import_ptn partition (j=42) to 'pfile://${system:test.tmp.dir}/hive-12875-import';
+
+alter table auth_import_ptn drop partition (j=42);
+
+set user.name=user1;
+import table auth_import_ptn partition (j=42) from 'pfile://${system:test.tmp.dir}/hive-12875-import';
+
+set hive.security.authorization.enabled=false;
+
+drop table auth_import_ptn;
+
http://git-wip-us.apache.org/repos/asf/hive/blob/5c35d0c5/ql/src/test/queries/clientnegative/authorization_truncate_2.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_truncate_2.q b/ql/src/test/queries/clientnegative/authorization_truncate_2.q
new file mode 100644
index 0000000..120cf5d
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_truncate_2.q
@@ -0,0 +1,11 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+-- check truncate on partition
+create table auth_trunc2(i int) partitioned by (j int);
+alter table auth_trunc2 add partition (j=42);
+set user.name=user1;
+truncate table auth_trunc2 partition (j=42);
+
http://git-wip-us.apache.org/repos/asf/hive/blob/5c35d0c5/ql/src/test/results/clientnegative/authorization_alter_drop_ptn.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_alter_drop_ptn.q.out b/ql/src/test/results/clientnegative/authorization_alter_drop_ptn.q.out
new file mode 100644
index 0000000..07eddc2
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_alter_drop_ptn.q.out
@@ -0,0 +1,18 @@
+PREHOOK: query: -- check alter-drop on partition
+create table auth_trunc2(i int) partitioned by (j int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@auth_trunc2
+POSTHOOK: query: -- check alter-drop on partition
+create table auth_trunc2(i int) partitioned by (j int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@auth_trunc2
+PREHOOK: query: alter table auth_trunc2 add partition (j=42)
+PREHOOK: type: ALTERTABLE_ADDPARTS
+PREHOOK: Output: default@auth_trunc2
+POSTHOOK: query: alter table auth_trunc2 add partition (j=42)
+POSTHOOK: type: ALTERTABLE_ADDPARTS
+POSTHOOK: Output: default@auth_trunc2
+POSTHOOK: Output: default@auth_trunc2@j=42
+FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation ALTERTABLE_DROPPARTS [[DELETE] on Object [type=TABLE_OR_VIEW, name=default.auth_trunc2]]
http://git-wip-us.apache.org/repos/asf/hive/blob/5c35d0c5/ql/src/test/results/clientnegative/authorization_export_ptn.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_export_ptn.q.out b/ql/src/test/results/clientnegative/authorization_export_ptn.q.out
new file mode 100644
index 0000000..be0bb9f
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_export_ptn.q.out
@@ -0,0 +1,19 @@
+#### A masked pattern was here ####
+PREHOOK: query: -- check export on partition
+create table auth_export_ptn(i int) partitioned by (j int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@auth_export_ptn
+POSTHOOK: query: -- check export on partition
+create table auth_export_ptn(i int) partitioned by (j int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@auth_export_ptn
+PREHOOK: query: alter table auth_export_ptn add partition (j=42)
+PREHOOK: type: ALTERTABLE_ADDPARTS
+PREHOOK: Output: default@auth_export_ptn
+POSTHOOK: query: alter table auth_export_ptn add partition (j=42)
+POSTHOOK: type: ALTERTABLE_ADDPARTS
+POSTHOOK: Output: default@auth_export_ptn
+POSTHOOK: Output: default@auth_export_ptn@j=42
+#### A masked pattern was here ####
http://git-wip-us.apache.org/repos/asf/hive/blob/5c35d0c5/ql/src/test/results/clientnegative/authorization_import_ptn.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_import_ptn.q.out b/ql/src/test/results/clientnegative/authorization_import_ptn.q.out
new file mode 100644
index 0000000..17e9c9e
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_import_ptn.q.out
@@ -0,0 +1,34 @@
+#### A masked pattern was here ####
+PREHOOK: query: -- check export on partition
+create table auth_import_ptn(i int) partitioned by (j int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@auth_import_ptn
+POSTHOOK: query: -- check export on partition
+create table auth_import_ptn(i int) partitioned by (j int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@auth_import_ptn
+PREHOOK: query: alter table auth_import_ptn add partition (j=42)
+PREHOOK: type: ALTERTABLE_ADDPARTS
+PREHOOK: Output: default@auth_import_ptn
+POSTHOOK: query: alter table auth_import_ptn add partition (j=42)
+POSTHOOK: type: ALTERTABLE_ADDPARTS
+POSTHOOK: Output: default@auth_import_ptn
+POSTHOOK: Output: default@auth_import_ptn@j=42
+#### A masked pattern was here ####
+PREHOOK: type: EXPORT
+PREHOOK: Input: default@auth_import_ptn@j=42
+#### A masked pattern was here ####
+POSTHOOK: type: EXPORT
+POSTHOOK: Input: default@auth_import_ptn@j=42
+#### A masked pattern was here ####
+PREHOOK: query: alter table auth_import_ptn drop partition (j=42)
+PREHOOK: type: ALTERTABLE_DROPPARTS
+PREHOOK: Input: default@auth_import_ptn
+PREHOOK: Output: default@auth_import_ptn@j=42
+POSTHOOK: query: alter table auth_import_ptn drop partition (j=42)
+POSTHOOK: type: ALTERTABLE_DROPPARTS
+POSTHOOK: Input: default@auth_import_ptn
+POSTHOOK: Output: default@auth_import_ptn@j=42
+#### A masked pattern was here ####
http://git-wip-us.apache.org/repos/asf/hive/blob/5c35d0c5/ql/src/test/results/clientnegative/authorization_truncate_2.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_truncate_2.q.out b/ql/src/test/results/clientnegative/authorization_truncate_2.q.out
new file mode 100644
index 0000000..04246f4
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_truncate_2.q.out
@@ -0,0 +1,18 @@
+PREHOOK: query: -- check truncate on partition
+create table auth_trunc2(i int) partitioned by (j int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@auth_trunc2
+POSTHOOK: query: -- check truncate on partition
+create table auth_trunc2(i int) partitioned by (j int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@auth_trunc2
+PREHOOK: query: alter table auth_trunc2 add partition (j=42)
+PREHOOK: type: ALTERTABLE_ADDPARTS
+PREHOOK: Output: default@auth_trunc2
+POSTHOOK: query: alter table auth_trunc2 add partition (j=42)
+POSTHOOK: type: ALTERTABLE_ADDPARTS
+POSTHOOK: Output: default@auth_trunc2
+POSTHOOK: Output: default@auth_trunc2@j=42
+FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation TRUNCATETABLE [[OBJECT OWNERSHIP] on Object [type=TABLE_OR_VIEW, name=default.auth_trunc2]]