sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ak...@apache.org
Subject [2/2] sentry git commit: SENTRY-1390: Add test cases to ensure usability of URI privileges for HMS binding (Hao Hao, Reviewed by: Sravya Tirukkovalur)
Date Sat, 11 Mar 2017 02:10:14 GMT
SENTRY-1390: Add test cases to ensure usability of URI privileges for HMS binding (Hao Hao,
Reviewed by: Sravya Tirukkovalur)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/c8de9a90
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/c8de9a90
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/c8de9a90

Branch: refs/heads/sentry-ha-redesign
Commit: c8de9a907f06c5ab08836e816176cb2a1598199b
Parents: f71e2e8
Author: Alexander Kolbasov <akolb@cloudera.com>
Authored: Fri Mar 10 18:10:03 2017 -0800
Committer: Alexander Kolbasov <akolb@cloudera.com>
Committed: Fri Mar 10 18:10:03 2017 -0800

----------------------------------------------------------------------
 .../AbstractTestWithStaticConfiguration.java    |   5 +
 .../tests/e2e/metastore/TestURIMetastore.java   | 178 +++++++++++++++++++
 2 files changed, 183 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/c8de9a90/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
index 47be188..4994cf8 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
@@ -160,6 +160,7 @@ public abstract class AbstractTestWithStaticConfiguration {
   private static final String ENABLE_NOTIFICATION_LOG = "sentry.e2etest.enable.notification.log";
 
   protected static boolean policyOnHdfs = false;
+  protected static boolean defaultFSOnHdfs = false;
   protected static boolean useSentryService = false;
   protected static boolean setMetastoreListener = true;
   protected static boolean useDbNotificationListener = false;
@@ -330,6 +331,10 @@ public abstract class AbstractTestWithStaticConfiguration {
       setupSentryService();
     }
 
+    if (defaultFSOnHdfs) {
+      properties.put("fs.defaultFS", fileSystem.getUri().toString());
+    }
+
     hiveServer = create(properties, baseDir, confDir, logDir, policyURI, fileSystem);
     hiveServer.start();
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/c8de9a90/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestURIMetastore.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestURIMetastore.java
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestURIMetastore.java
new file mode 100644
index 0000000..667df51
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestURIMetastore.java
@@ -0,0 +1,178 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.tests.e2e.metastore;
+
+import com.google.common.collect.Lists;
+import com.google.common.io.Resources;
+import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
+import org.apache.hadoop.hive.metastore.api.FieldSchema;
+import org.apache.hadoop.hive.metastore.api.MetaException;
+import org.apache.hadoop.hive.metastore.api.Table;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.tests.e2e.hive.Context;
+import org.apache.sentry.tests.e2e.hive.StaticUserGroup;
+import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.net.URI;
+import java.util.ArrayList;
+
+import static org.junit.Assert.fail;
+
+/**
+ * This clase is to test URI privileges usability for Hive MetaStore binding.
+ */
+public class TestURIMetastore extends
+    AbstractMetastoreTestWithStaticConfiguration {
+
+  private PolicyFile policyFile;
+  private File dataFile;
+  private static final String dbName = "db_1";
+  private static final String db_all_role = "all_db1";
+  private static final String uri_role = "uri_role";
+
+
+  @BeforeClass
+  public static void setupTestStaticConfiguration() throws Exception {
+    setMetastoreListener = false;
+    defaultFSOnHdfs = true;
+    AbstractMetastoreTestWithStaticConfiguration.setupTestStaticConfiguration();
+  }
+
+  @Override
+  @Before
+  public void setup() throws Exception {
+
+    policyFile = setAdminOnServer1(ADMINGROUP);
+    policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping());
+    writePolicyFile(policyFile);
+    super.setup();
+
+    dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
+    FileOutputStream to = new FileOutputStream(dataFile);
+    Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
+    to.close();
+
+    HiveMetaStoreClient client = context.getMetaStoreClient(ADMIN1);
+    client.dropDatabase(dbName, true, true, true);
+    createMetastoreDB(client, dbName);
+    client.close();
+
+    policyFile
+            .addRolesToGroup(USERGROUP1, db_all_role)
+            .addPermissionsToRole(db_all_role, "server=server1->db=" + dbName)
+            .setUserGroupMapping(StaticUserGroup.getStaticMapping());
+    writePolicyFile(policyFile);
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    if (context != null) {
+      context.close();
+    }
+  }
+
+  /**
+   * Verify URI privileges for create table DDL without scheme and authority
+   * @throws Exception
+   */
+  @Test
+  public void testCreateTableWithURINoSchemeAndAuthority() throws Exception {
+
+    String tabName1 = "tab1";
+    String tabDir1 = hiveServer.getProperty(HiveServerFactory.WAREHOUSE_DIR) + File.separator
+ tabName1;
+
+    // URI location that contains no scheme and authority.
+    String tabDir1Path = new URI(tabDir1).getPath();
+
+    policyFile.addRolesToGroup(USERGROUP1, uri_role)
+    .addRolesToGroup(USERGROUP2, db_all_role)
+    .addPermissionsToRole(uri_role, "server=server1->URI=" + tabDir1);
+    writePolicyFile(policyFile);
+
+    // user with URI privileges should be able to add table to URI locations which has no
authority and scheme.
+    HiveMetaStoreClient client = context.getMetaStoreClient(USER1_1);
+    createMetastoreTableWithLocation(client, dbName, tabName1, Lists.newArrayList(new FieldSchema("col1",
"int", "")), tabDir1Path);
+
+    client.close();
+
+    // user without URI privileges should be NOT able to create table to a specific location
+    client = context.getMetaStoreClient(USER2_1);
+    try {
+      createMetastoreTableWithLocation(client, dbName, "fooTab", Lists.newArrayList(new FieldSchema("col1",
"int", "")), tabDir1Path);
+      fail("Create table with location should fail without URI privilege");
+    } catch (MetaException e) {
+      Context.verifyMetastoreAuthException(e);
+    }
+    client.close();
+  }
+
+  /**
+   * Verify URI privileges for alter table DDL without scheme and authority
+   * @throws Exception
+   */
+  @Test
+  public void testAlterTableWithURINoSchemeAndAuthority() throws Exception {
+    String tabName1 = "tab1";
+    String newPath1 = "fooTab1";
+    String newPath2 = "fooTab2";
+    ArrayList<String> partVals1 = Lists.newArrayList("part1");
+    ArrayList<String> partVals2 = Lists.newArrayList("part2");
+    ArrayList<String> partVals3 = Lists.newArrayList("part3");
+
+    String tabDir1 = hiveServer.getProperty(HiveServerFactory.WAREHOUSE_DIR)
+        + File.separator + tabName1 + newPath1;
+    String tabDir2 = hiveServer.getProperty(HiveServerFactory.WAREHOUSE_DIR)
+    + File.separator + tabName1 + newPath2;
+    // URI location that contains no scheme and authority.
+    String tabDir1Path = new URI(tabDir1).getPath();
+    String tabDir2Path = new URI(tabDir2).getPath();
+
+    policyFile.addRolesToGroup(USERGROUP1, uri_role)
+    .addRolesToGroup(USERGROUP2, db_all_role)
+    .addPermissionsToRole(uri_role, "server=server1->URI=" + tabDir1);
+    writePolicyFile(policyFile);
+
+    // user with URI privileges should be able to alter partition to set that specific location
+    HiveMetaStoreClient client = context.getMetaStoreClient(USER1_1);
+    Table tbl1 = createMetastoreTableWithPartition(client, dbName, tabName1,
+        Lists.newArrayList(new FieldSchema("col1", "int", "")),
+        Lists.newArrayList(new FieldSchema("part_col1", "string", "")));
+    addPartition(client, dbName, tabName1, partVals1, tbl1);
+    addPartitionWithLocation(client, dbName, tabName1, partVals2, tbl1, tabDir1Path);
+    client.close();
+
+    // user without URI privileges should be NOT able to alter partition to set
+    // that specific location
+    client = context.getMetaStoreClient(USER2_1);
+    try {
+      tbl1 = client.getTable(dbName, tabName1);
+      addPartitionWithLocation(client, dbName, tabName1, partVals3, tbl1, tabDir2Path);
+      fail("Add partition with location should have failed");
+    } catch (MetaException e) {
+      Context.verifyMetastoreAuthException(e);
+    }
+    client.close();
+  }
+}


Mime
View raw message