sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kal...@apache.org
Subject [1/2] sentry git commit: SENTRY-2233: Add e2e tests for testing HDFS sync for owner privileges. (Kalyan Kumar Kalvagadda reviewed by Lina li)
Date Fri, 24 Aug 2018 17:17:04 GMT
Repository: sentry
Updated Branches:
  refs/heads/master 50e1d23e4 -> 85cf7f296


http://git-wip-us.apache.org/repos/asf/sentry/blob/85cf7f29/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationEnd2End.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationEnd2End.java
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationEnd2End.java
index 061900a..574bc4b 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationEnd2End.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationEnd2End.java
@@ -84,7 +84,7 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
     stmt.execute(
             "create table ext101 (s string) location \'/tmp/external/ext101\'");
     verifyQuery(stmt, "ext100", 5);
-    verifyOnAllSubDirs("/tmp/external/ext100", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/tmp/external/ext100", FsAction.ALL, "hbase", true);
     stmt.execute("drop table ext100");
     stmt.execute("drop table ext101");
     stmt.execute("use default");
@@ -128,26 +128,26 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
     stmt.execute("grant role p1_admin to group hbase");
 
     // Verify default db is inaccessible initially
-    verifyOnAllSubDirs("/user/hive/warehouse", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse", null, "hbase", false);
 
-    verifyOnAllSubDirs("/user/hive/warehouse/p1", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p1", null, "hbase", false);
 
     stmt.execute("grant all on database db5 to role db_role");
     stmt.execute("use db5");
     stmt.execute("grant all on table p2 to role tab_role");
     stmt.execute("use default");
-    verifyOnAllSubDirs("/user/hive/warehouse/db5.db", FsAction.ALL, "hbase", true);
-    verifyOnAllSubDirs("/user/hive/warehouse/db5.db/p2", FsAction.ALL, "hbase", true);
-    verifyOnAllSubDirs("/user/hive/warehouse/db5.db/p2", FsAction.ALL, "flume", true);
-    verifyOnPath("/user/hive/warehouse/db5.db", FsAction.ALL, "flume", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db5.db", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db5.db/p2", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db5.db/p2", FsAction.ALL, "flume",
true);
+    verifyGroupPermOnPath("/user/hive/warehouse/db5.db", FsAction.ALL, "flume", false);
 
     loadData(stmt);
 
     verifyHDFSandMR(stmt);
 
     // Verify default db is STILL inaccessible after grants but tables are fine
-    verifyOnPath("/user/hive/warehouse", null, "hbase", false);
-    verifyOnAllSubDirs("/user/hive/warehouse/p1", FsAction.READ_EXECUTE,
+    verifyGroupPermOnPath("/user/hive/warehouse", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p1", FsAction.READ_EXECUTE,
         "hbase", true);
 
     adminUgi.doAs(new PrivilegedExceptionAction<Void>() {
@@ -169,38 +169,38 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
     });
 
     stmt.execute("revoke select on table p1 from role p1_admin");
-    verifyOnAllSubDirs("/user/hive/warehouse/p1", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p1", null, "hbase", false);
 
     // Verify default db grants work
     stmt.execute("grant select on database default to role p1_admin");
-    verifyOnPath("/user/hive/warehouse", FsAction.READ_EXECUTE, "hbase", true);
+    verifyGroupPermOnPath("/user/hive/warehouse", FsAction.READ_EXECUTE, "hbase", true);
 
     // Verify default db grants are propagated to the tables
-    verifyOnAllSubDirs("/user/hive/warehouse/p1", FsAction.READ_EXECUTE,
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p1", FsAction.READ_EXECUTE,
         "hbase", true);
 
     // Verify default db revokes work
     stmt.execute("revoke select on database default from role p1_admin");
-    verifyOnPath("/user/hive/warehouse", null, "hbase", false);
-    verifyOnAllSubDirs("/user/hive/warehouse/p1", null, "hbase", false);
+    verifyGroupPermOnPath("/user/hive/warehouse", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p1", null, "hbase", false);
 
     stmt.execute("grant all on table p1 to role p1_admin");
-    verifyOnAllSubDirs("/user/hive/warehouse/p1", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p1", FsAction.ALL, "hbase", true);
 
     stmt.execute("revoke select on table p1 from role p1_admin");
-    verifyOnAllSubDirs("/user/hive/warehouse/p1", FsAction.WRITE_EXECUTE, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p1", FsAction.WRITE_EXECUTE, "hbase",
true);
 
 
     // Verify table rename works when locations are also changed
     stmt.execute("alter table p1 rename to p3");
-    verifyOnAllSubDirs("/user/hive/warehouse/p3", FsAction.WRITE_EXECUTE, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p3", FsAction.WRITE_EXECUTE, "hbase",
true);
     //This is true as parent hive object's (p3) ACLS are used.
-    verifyOnAllSubDirs("/user/hive/warehouse/p3/month=1/day=1", FsAction.WRITE_EXECUTE, "hbase",
true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p3/month=1/day=1", FsAction.WRITE_EXECUTE,
"hbase", true);
 
     // Verify when oldName == newName and oldPath != newPath
     stmt.execute("alter table p3 partition (month=1, day=1) rename to partition (month=1,
day=3)");
-    verifyOnAllSubDirs("/user/hive/warehouse/p3", FsAction.WRITE_EXECUTE, "hbase", true);
-    verifyOnAllSubDirs("/user/hive/warehouse/p3/month=1/day=3", FsAction.WRITE_EXECUTE, "hbase",
true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p3", FsAction.WRITE_EXECUTE, "hbase",
true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p3/month=1/day=3", FsAction.WRITE_EXECUTE,
"hbase", true);
 
     // Test DB case insensitivity
     stmt.execute("create database extdb");
@@ -211,18 +211,18 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
     stmt.execute(
         "create table ext100 (s string) location \'/tmp/external/ext100\'");
     verifyQuery(stmt, "ext100", 5);
-    verifyOnAllSubDirs("/tmp/external/ext100", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/tmp/external/ext100", FsAction.ALL, "hbase", true);
     stmt.execute("use default");
 
     stmt.execute("use EXTDB");
     stmt.execute(
         "create table ext101 (s string) location \'/tmp/external/ext101\'");
     verifyQuery(stmt, "ext101", 5);
-    verifyOnAllSubDirs("/tmp/external/ext101", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/tmp/external/ext101", FsAction.ALL, "hbase", true);
 
     // Test table case insensitivity
     stmt.execute("grant all on table exT100 to role tab_role");
-    verifyOnAllSubDirs("/tmp/external/ext100", FsAction.ALL, "flume", true);
+    verifyGroupPermOnAllSubDirs("/tmp/external/ext100", FsAction.ALL, "flume", true);
 
     stmt.execute("drop table ext100");
     stmt.execute("drop table ext101");
@@ -237,20 +237,20 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
 
       // Verify that Sentry permission are still enforced for the "stale" period only if
stop did not take too long
       if(timeTakenForStopMs < STALE_THRESHOLD) {
-        verifyOnAllSubDirs("/user/hive/warehouse/p3", FsAction.WRITE_EXECUTE, "hbase", true);
+        verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p3", FsAction.WRITE_EXECUTE, "hbase",
true);
         Thread.sleep((STALE_THRESHOLD - timeTakenForStopMs));
       } else {
         LOGGER.warn("Sentry server stop took too long");
       }
 
       // Verify that Sentry permission are NOT enforced AFTER "stale" period
-      verifyOnAllSubDirs("/user/hive/warehouse/p3", null, "hbase", false);
+      verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p3", null, "hbase", false);
 
       sentryServer.startAll();
     }
 
     // Verify that After Sentry restart permissions are re-enforced
-    verifyOnAllSubDirs("/user/hive/warehouse/p3", FsAction.WRITE_EXECUTE, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p3", FsAction.WRITE_EXECUTE, "hbase",
true);
 
     // Create new table and verify everything is fine after restart...
     stmt.execute("create table p2 (s string) partitioned by (month int, day int)");
@@ -259,13 +259,13 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
     stmt.execute("alter table p2 add partition (month=2, day=1)");
     stmt.execute("alter table p2 add partition (month=2, day=2)");
 
-    verifyOnAllSubDirs("/user/hive/warehouse/p2", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p2", null, "hbase", false);
 
     stmt.execute("grant select on table p2 to role p1_admin");
-    verifyOnAllSubDirs("/user/hive/warehouse/p2", FsAction.READ_EXECUTE, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p2", FsAction.READ_EXECUTE, "hbase",
true);
 
     stmt.execute("grant select on table p2 to role p1_admin");
-    verifyOnAllSubDirs("/user/hive/warehouse/p2", FsAction.READ_EXECUTE, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p2", FsAction.READ_EXECUTE, "hbase",
true);
 
     // Create external table
     writeToPath("/tmp/external/ext1", 5, "foo", "bar");
@@ -274,65 +274,65 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
     verifyQuery(stmt, "ext1", 5);
 
     // Ensure existing group permissions are never returned..
-    verifyOnAllSubDirs("/tmp/external/ext1", null, "bar", false);
-    verifyOnAllSubDirs("/tmp/external/ext1", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/tmp/external/ext1", null, "bar", false);
+    verifyGroupPermOnAllSubDirs("/tmp/external/ext1", null, "hbase", false);
 
     stmt.execute("grant all on table ext1 to role p1_admin");
-    verifyOnAllSubDirs("/tmp/external/ext1", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/tmp/external/ext1", FsAction.ALL, "hbase", true);
 
     stmt.execute("revoke select on table ext1 from role p1_admin");
-    verifyOnAllSubDirs("/tmp/external/ext1", FsAction.WRITE_EXECUTE, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/tmp/external/ext1", FsAction.WRITE_EXECUTE, "hbase", true);
 
     // Verify database operations works correctly
     stmt.execute("create database db1");
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db", null, "hbase", false);
 
     stmt.execute("create table db1.tbl1 (s string)");
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/tbl1", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/tbl1", null, "hbase", false);
     stmt.execute("create table db1.tbl2 (s string)");
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/tbl2", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/tbl2", null, "hbase", false);
 
     // Verify default db grants do not affect other dbs
     stmt.execute("grant all on database default to role p1_admin");
-    verifyOnPath("/user/hive/warehouse", FsAction.ALL, "hbase", true);
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db", null, "hbase", false);
+    verifyGroupPermOnPath("/user/hive/warehouse", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db", null, "hbase", false);
 
     // Verify table rename works
     stmt.execute("create table q1 (s string)");
-    verifyOnAllSubDirs("/user/hive/warehouse/q1", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/q1", FsAction.ALL, "hbase", true);
     stmt.execute("alter table q1 rename to q2");
-    verifyOnAllSubDirs("/user/hive/warehouse/q2", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/q2", FsAction.ALL, "hbase", true);
 
     // Verify table GRANTS do not trump db GRANTS
     stmt.execute("grant select on table q2 to role p1_admin");
-    verifyOnAllSubDirs("/user/hive/warehouse/q2", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/q2", FsAction.ALL, "hbase", true);
 
     stmt.execute("create table q3 (s string)");
-    verifyOnAllSubDirs("/user/hive/warehouse/q3", FsAction.ALL, "hbase", true);
-    verifyOnAllSubDirs("/user/hive/warehouse/q2", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/q3", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/q2", FsAction.ALL, "hbase", true);
 
     // Verify db privileges are propagated to tables
     stmt.execute("grant select on database db1 to role p1_admin");
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/tbl1", FsAction.READ_EXECUTE, "hbase",
true);
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/tbl2", FsAction.READ_EXECUTE, "hbase",
true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/tbl1", FsAction.READ_EXECUTE,
"hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/tbl2", FsAction.READ_EXECUTE,
"hbase", true);
 
     // Verify default db revokes do not affect other dbs
     stmt.execute("revoke all on database default from role p1_admin");
-    verifyOnPath("/user/hive/warehouse", null, "hbase", false);
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/tbl1", FsAction.READ_EXECUTE, "hbase",
true);
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/tbl2", FsAction.READ_EXECUTE, "hbase",
true);
+    verifyGroupPermOnPath("/user/hive/warehouse", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/tbl1", FsAction.READ_EXECUTE,
"hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/tbl2", FsAction.READ_EXECUTE,
"hbase", true);
 
     stmt.execute("use db1");
     stmt.execute("grant all on table tbl1 to role p1_admin");
 
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/tbl1", FsAction.ALL, "hbase", true);
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/tbl2", FsAction.READ_EXECUTE, "hbase",
true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/tbl1", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/tbl2", FsAction.READ_EXECUTE,
"hbase", true);
 
     // Verify recursive revoke
     stmt.execute("revoke select on database db1 from role p1_admin");
 
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/tbl1", FsAction.WRITE_EXECUTE, "hbase",
true);
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/tbl2", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/tbl1", FsAction.WRITE_EXECUTE,
"hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/tbl2", null, "hbase", false);
 
     // Verify cleanup..
     stmt.execute("drop table tbl1");
@@ -353,13 +353,13 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
     stmt.execute("alter table ext2 add partition (i=1)");
     stmt.execute("alter table ext2 add partition (i=2)");
     verifyQuery(stmt, "ext2", 10);
-    verifyOnAllSubDirs("/tmp/external/tables/ext2_before", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/tmp/external/tables/ext2_before", null, "hbase", false);
     stmt.execute("grant all on table ext2 to role p1_admin");
-    verifyOnPath("/tmp/external/tables/ext2_before", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=1", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=2", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=1/stuff.txt", FsAction.ALL, "hbase",
true);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=2/stuff.txt", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=1", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=2", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=1/stuff.txt", FsAction.ALL,
"hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=2/stuff.txt", FsAction.ALL,
"hbase", true);
 
     writeToPath("/tmp/external/tables/ext2_after/i=1", 6, "foo", "bar");
     writeToPath("/tmp/external/tables/ext2_after/i=2", 6, "foo", "bar");
@@ -368,27 +368,27 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
     // Even though table location is altered, partition location is still old (still 10 rows)
     verifyQuery(stmt, "ext2", 10);
     // You have to explicitly alter partition location..
-    verifyOnPath("/tmp/external/tables/ext2_before", null, "hbase", false);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=1", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=2", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=1/stuff.txt", FsAction.ALL, "hbase",
true);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=2/stuff.txt", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before", null, "hbase", false);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=1", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=2", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=1/stuff.txt", FsAction.ALL,
"hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=2/stuff.txt", FsAction.ALL,
"hbase", true);
 
     stmt.execute("alter table ext2 partition (i=1) set location \'hdfs:///tmp/external/tables/ext2_after/i=1\'");
     stmt.execute("alter table ext2 partition (i=2) set location \'hdfs:///tmp/external/tables/ext2_after/i=2\'");
     // Now that partition location is altered, it picks up new data (12 rows instead of 10)
     verifyQuery(stmt, "ext2", 12);
 
-    verifyOnPath("/tmp/external/tables/ext2_before", null, "hbase", false);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=1", null, "hbase", false);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=2", null, "hbase", false);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=1/stuff.txt", null, "hbase", false);
-    verifyOnPath("/tmp/external/tables/ext2_before/i=2/stuff.txt", null, "hbase", false);
-    verifyOnPath("/tmp/external/tables/ext2_after", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_after/i=1", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_after/i=2", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_after/i=1/stuff.txt", FsAction.ALL, "hbase",
true);
-    verifyOnPath("/tmp/external/tables/ext2_after/i=2/stuff.txt", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before", null, "hbase", false);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=1", null, "hbase", false);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=2", null, "hbase", false);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=1/stuff.txt", null, "hbase",
false);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_before/i=2/stuff.txt", null, "hbase",
false);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after/i=1", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after/i=2", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after/i=1/stuff.txt", FsAction.ALL,
"hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after/i=2/stuff.txt", FsAction.ALL,
"hbase", true);
     // END : Verify external table set location..
 
     //Create a new table partition on the existing partition
@@ -396,17 +396,17 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
     stmt.execute("alter table tmp add partition (i=1)");
     stmt.execute("alter table tmp partition (i=1) set location \'hdfs:///tmp/external/tables/ext2_after/i=1\'");
     stmt.execute("grant all on table tmp to role tab_role");
-    verifyOnPath("/tmp/external/tables/ext2_after/i=1", FsAction.ALL, "flume", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after/i=1", FsAction.ALL, "flume", true);
 
     //Alter table rename of external table => oldName != newName, oldPath == newPath
     stmt.execute("alter table ext2 rename to ext3");
     //Verify all original paths still have the privileges
-    verifyOnPath("/tmp/external/tables/ext2_after", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_after/i=1", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_after/i=1", FsAction.ALL, "flume", true);
-    verifyOnPath("/tmp/external/tables/ext2_after/i=2", FsAction.ALL, "hbase", true);
-    verifyOnPath("/tmp/external/tables/ext2_after/i=1/stuff.txt", FsAction.ALL, "hbase",
true);
-    verifyOnPath("/tmp/external/tables/ext2_after/i=2/stuff.txt", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after/i=1", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after/i=1", FsAction.ALL, "flume", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after/i=2", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after/i=1/stuff.txt", FsAction.ALL,
"hbase", true);
+    verifyGroupPermOnPath("/tmp/external/tables/ext2_after/i=2/stuff.txt", FsAction.ALL,
"hbase", true);
 
 
     // Restart HDFS to verify if things are fine after re-start..
@@ -418,8 +418,8 @@ public class TestHDFSIntegrationEnd2End extends TestHDFSIntegrationBase
{
     // miniDFS.shutdown();
     // miniDFS.restartNameNode(true);
     // miniDFS.waitActive();
-    // verifyOnPath("/tmp/external/tables/ext2_after", FsAction.ALL, "hbase", true);
-    // verifyOnAllSubDirs("/user/hive/warehouse/p2", FsAction.READ_EXECUTE, "hbase", true);
+    // verifyGroupPermOnPath("/tmp/external/tables/ext2_after", FsAction.ALL, "hbase", true);
+    // verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p2", FsAction.READ_EXECUTE, "hbase",
true);
 
     stmt.close();
     conn.close();
@@ -500,7 +500,7 @@ TODO:SENTRY-819
     Thread.sleep(100);
 
     //User with privileges on all columns of the data cannot still read the HDFS files
-    verifyOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", null, StaticUserGroup.USERGROUP1,
false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", null, StaticUserGroup.USERGROUP1,
false);
 
     stmt.close();
     conn.close();
@@ -559,17 +559,17 @@ TODO:SENTRY-819
     Thread.sleep(WAIT_BEFORE_TESTVERIFY);//Wait till sentry cache is updated in Namenode
 
     //User with just column level privileges cannot read HDFS
-    verifyOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", null, StaticUserGroup.USERGROUP1,
false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", null, StaticUserGroup.USERGROUP1,
false);
 
     //User with permissions on table and column can read HDFS file
-    verifyOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", FsAction.READ_EXECUTE,
StaticUserGroup.USERGROUP2, true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", FsAction.READ_EXECUTE,
StaticUserGroup.USERGROUP2, true);
 
     //User with permissions on db and column can read HDFS file
-    verifyOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", FsAction.READ_EXECUTE,
StaticUserGroup.USERGROUP3, true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", FsAction.READ_EXECUTE,
StaticUserGroup.USERGROUP3, true);
 
     //User with permissions on server and column cannot read HDFS file
     //TODO:SENTRY-751
-    verifyOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", null, StaticUserGroup.ADMINGROUP,
false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", null, StaticUserGroup.ADMINGROUP,
false);
 
     stmt.close();
     conn.close();
@@ -601,7 +601,7 @@ TODO:SENTRY-819
     stmt = conn.createStatement();
     stmt.execute("create database " + dbName);
     stmt.execute("create external table tab1(a int) location '/tmp/external/tab1_loc'");
-    verifyOnAllSubDirs("/tmp/external/tab1_loc", FsAction.ALL, StaticUserGroup.ADMINGROUP,
true);
+    verifyGroupPermOnAllSubDirs("/tmp/external/tab1_loc", FsAction.ALL, StaticUserGroup.ADMINGROUP,
true);
 
     stmt.close();
     conn.close();

http://git-wip-us.apache.org/repos/asf/sentry/blob/85cf7f29/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationTogglingConf.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationTogglingConf.java
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationTogglingConf.java
index 7f1ec7b..e504a8a 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationTogglingConf.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationTogglingConf.java
@@ -106,9 +106,9 @@ public class TestHDFSIntegrationTogglingConf extends TestHDFSIntegrationBase
{
     stmt.execute("use db1");
     stmt.execute("grant all on table p2 to role tab_role");
     stmt.execute("use default");
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db", FsAction.ALL, "hbase", false);
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/p2", FsAction.ALL, "flume", false);
-    verifyOnPath("/user/hive/warehouse/db1.db", FsAction.ALL, "flume", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db", FsAction.ALL, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/p2", FsAction.ALL, "flume",
false);
+    verifyGroupPermOnPath("/user/hive/warehouse/db1.db", FsAction.ALL, "flume", false);
 
     //Enabling HDFS sync back in sentry server
     enableHdfsSync(0);
@@ -157,18 +157,18 @@ public class TestHDFSIntegrationTogglingConf extends TestHDFSIntegrationBase
{
     stmt.execute("grant role p1_admin to group hbase");
 
     // Verify default db is inaccessible initially
-    verifyOnAllSubDirs("/user/hive/warehouse", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse", null, "hbase", false);
 
-    verifyOnAllSubDirs("/user/hive/warehouse/p1", null, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/p1", null, "hbase", false);
 
     stmt.execute("grant all on database db1 to role db_role");
     stmt.execute("use db1");
     stmt.execute("grant all on table p2 to role tab_role");
     stmt.execute("use default");
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db", FsAction.ALL, "hbase", true);
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/p2", FsAction.ALL, "hbase", true);
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db/p2", FsAction.ALL, "flume", true);
-    verifyOnPath("/user/hive/warehouse/db1.db", FsAction.ALL, "flume", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/p2", FsAction.ALL, "hbase",
true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db/p2", FsAction.ALL, "flume",
true);
+    verifyGroupPermOnPath("/user/hive/warehouse/db1.db", FsAction.ALL, "flume", false);
 
     loadData(stmt);
 
@@ -178,14 +178,14 @@ public class TestHDFSIntegrationTogglingConf extends TestHDFSIntegrationBase
{
     disableHdfsSync(0);
 
     stmt.execute("revoke all on database db1 from role db_role");
-    verifyOnAllSubDirs("/user/hive/warehouse/db1.db", FsAction.ALL, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db1.db", FsAction.ALL, "hbase", false);
 
     // create a table and grant all to db_role
     stmt.execute("create database db6");
     stmt.execute("grant all on database db6 to role db_role");
 
     // verify that db_role does not have required ACL's as HDFS sync is disabled in sentry
server.
-    verifyOnAllSubDirs("/user/hive/warehouse/db6.db", FsAction.ALL, "hbase", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db6.db", FsAction.ALL, "hbase", false);
 
     //Create table in db6 and grant all privileges to tab role
     stmt.execute("use db6");
@@ -193,7 +193,7 @@ public class TestHDFSIntegrationTogglingConf extends TestHDFSIntegrationBase
{
     stmt.execute("grant all on table db6.p1 to role tab_role");
 
     // verify that tab_role does not have required permissions
-    verifyOnAllSubDirs("/user/hive/warehouse/db6.db/p1", FsAction.ALL, "flume", false);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db6.db/p1", FsAction.ALL, "flume",
false);
 
     //Enabling HDFS sync in sentry server
     enableHdfsSync(0);
@@ -202,8 +202,8 @@ public class TestHDFSIntegrationTogglingConf extends TestHDFSIntegrationBase
{
     // db_role and tab_role should have required privileges.
     // Checks below will make sure that sentry/NN have the updates that happened
     // to HMS objects when HDFS was disabled.
-    verifyOnAllSubDirs("/user/hive/warehouse/db6.db", FsAction.ALL, "hbase", true);
-    verifyOnAllSubDirs("/user/hive/warehouse/db6.db/p1", FsAction.ALL, "flume", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db6.db", FsAction.ALL, "hbase", true);
+    verifyGroupPermOnAllSubDirs("/user/hive/warehouse/db6.db/p1", FsAction.ALL, "flume",
true);
 
     stmt.close();
     conn.close();


Mime
View raw message