hawq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From w...@apache.org
Subject incubator-hawq git commit: HAWQ-1396. Add cases for querying hcatalog via PXF with Ranger enable.
Date Tue, 28 Mar 2017 03:21:33 GMT
Repository: incubator-hawq
Updated Branches:
  refs/heads/master a803aab4e -> 9d88cdd81


HAWQ-1396. Add cases for querying hcatalog via PXF with Ranger enable.


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/9d88cdd8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/9d88cdd8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/9d88cdd8

Branch: refs/heads/master
Commit: 9d88cdd8187b9f26ed8c43411b2b45ea18b65e48
Parents: a803aab
Author: interma <interma@outlook.com>
Authored: Mon Mar 27 13:44:18 2017 +0800
Committer: Wen Lin <wlin@pivotal.io>
Committed: Tue Mar 28 11:19:46 2017 +0800

----------------------------------------------------------------------
 src/test/feature/Ranger/ans/pxf1_fail.ans    | 10 ++++++++
 src/test/feature/Ranger/ans/pxf1_success.ans | 14 ++++++++++
 src/test/feature/Ranger/data/testhive.sql    |  5 ++++
 src/test/feature/Ranger/pxfpolicy/1/1.json   |  1 +
 src/test/feature/Ranger/pxfpolicy/1/2.json   |  1 +
 src/test/feature/Ranger/pxfpolicy/1/3.json   |  1 +
 src/test/feature/Ranger/sql/pxf/1.sql        |  2 ++
 src/test/feature/Ranger/test_ranger.cpp      | 31 +++++++++++++++++++++++
 8 files changed, 65 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/ans/pxf1_fail.ans
----------------------------------------------------------------------
diff --git a/src/test/feature/Ranger/ans/pxf1_fail.ans b/src/test/feature/Ranger/ans/pxf1_fail.ans
new file mode 100644
index 0000000..a8a7197
--- /dev/null
+++ b/src/test/feature/Ranger/ans/pxf1_fail.ans
@@ -0,0 +1,10 @@
+-- start_ignore
+SET SEARCH_PATH=TestHawqRanger_HcatalogTest;
+SET
+-- end_ignore
+set session role= 'userpxf1';
+SET
+select * from hcatalog.default.testhive;
+psql:/tmp/TestHawqRanger_HcatalogTest.sql:5: ERROR:  permission denied for schema default
+LINE 1: select * from hcatalog.default.testhive;
+                      ^

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/ans/pxf1_success.ans
----------------------------------------------------------------------
diff --git a/src/test/feature/Ranger/ans/pxf1_success.ans b/src/test/feature/Ranger/ans/pxf1_success.ans
new file mode 100644
index 0000000..8a0088f
--- /dev/null
+++ b/src/test/feature/Ranger/ans/pxf1_success.ans
@@ -0,0 +1,14 @@
+-- start_ignore
+SET SEARCH_PATH=TestHawqRanger_HcatalogTest;
+SET
+-- end_ignore
+set session role= 'userpxf1';
+SET
+select * from hcatalog.default.testhive;
+ a | b 
+---+---
+ 1 | 2
+ 2 | 4
+ 3 | 6
+(3 rows)
+

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/data/testhive.sql
----------------------------------------------------------------------
diff --git a/src/test/feature/Ranger/data/testhive.sql b/src/test/feature/Ranger/data/testhive.sql
new file mode 100644
index 0000000..3ae6c58
--- /dev/null
+++ b/src/test/feature/Ranger/data/testhive.sql
@@ -0,0 +1,5 @@
+drop table if exists testhive;
+CREATE TABLE testhive (a int, b int) ;
+INSERT INTO testhive VALUES(1, 2);
+INSERT INTO testhive VALUES(2, 4);
+INSERT INTO testhive VALUES(3, 6);

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/pxfpolicy/1/1.json
----------------------------------------------------------------------
diff --git a/src/test/feature/Ranger/pxfpolicy/1/1.json b/src/test/feature/Ranger/pxfpolicy/1/1.json
new file mode 100644
index 0000000..50b821b
--- /dev/null
+++ b/src/test/feature/Ranger/pxfpolicy/1/1.json
@@ -0,0 +1 @@
+{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description",
"isAuditEnabled": true, "isEnabled": true, "name": "pxfpolicy1-1", "policyItems": [{"accesses":
[{"isAllowed": true, "type": "usage-schema"}], "conditions": [], "delegateAdmin": true, "groups":
null, "users": ["userpxf1"]}], "resources": {"database": {"isExcludes": false, "isRecursive":
false, "values": ["hcatalog"]}, "schema": {"isExcludes": false, "isRecursive": false, "values":
["default"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["*"]}}, "service":
"hawq", "version": 3}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/pxfpolicy/1/2.json
----------------------------------------------------------------------
diff --git a/src/test/feature/Ranger/pxfpolicy/1/2.json b/src/test/feature/Ranger/pxfpolicy/1/2.json
new file mode 100644
index 0000000..ff97050
--- /dev/null
+++ b/src/test/feature/Ranger/pxfpolicy/1/2.json
@@ -0,0 +1 @@
+{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description",
"isAuditEnabled": true, "isEnabled": true, "name": "pxfpolicy1-2", "policyItems": [{"accesses":
[{"isAllowed": true, "type": "select"}], "conditions": [], "delegateAdmin": true, "groups":
null, "users": ["userpxf1"]}], "resources": {"database": {"isExcludes": false, "isRecursive":
false, "values": ["hcatalog"]}, "schema": {"isExcludes": false, "isRecursive": false, "values":
["default"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["testhive"]}},
"service": "hawq", "version": 1}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/pxfpolicy/1/3.json
----------------------------------------------------------------------
diff --git a/src/test/feature/Ranger/pxfpolicy/1/3.json b/src/test/feature/Ranger/pxfpolicy/1/3.json
new file mode 100644
index 0000000..08937c4
--- /dev/null
+++ b/src/test/feature/Ranger/pxfpolicy/1/3.json
@@ -0,0 +1 @@
+{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description",
"isAuditEnabled": true, "isEnabled": true, "name": "pxfpolicy1-3", "policyItems": [{"accesses":
[{"isAllowed": true, "type": "usage-schema"}], "conditions": [], "delegateAdmin": true, "groups":
null, "users": ["userpxf1"]}], "resources": {"database": {"isExcludes": false, "isRecursive":
false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive":
false, "values": ["testhawqranger_hcatalogtest"]}, "table": {"isExcludes": false, "isRecursive":
false, "values": ["*"]}}, "service": "hawq", "version": 3}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/sql/pxf/1.sql
----------------------------------------------------------------------
diff --git a/src/test/feature/Ranger/sql/pxf/1.sql b/src/test/feature/Ranger/sql/pxf/1.sql
new file mode 100644
index 0000000..be66b55
--- /dev/null
+++ b/src/test/feature/Ranger/sql/pxf/1.sql
@@ -0,0 +1,2 @@
+set session role= 'userpxf1';
+select * from hcatalog.default.testhive;

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/test_ranger.cpp
----------------------------------------------------------------------
diff --git a/src/test/feature/Ranger/test_ranger.cpp b/src/test/feature/Ranger/test_ranger.cpp
index 7461d66..9a61826 100644
--- a/src/test/feature/Ranger/test_ranger.cpp
+++ b/src/test/feature/Ranger/test_ranger.cpp
@@ -314,6 +314,37 @@ TEST_F(TestHawqRanger, ResourceIncludeATest) {
 	}
 }
 
+TEST_F(TestHawqRanger, HcatalogTest) {
+	SQLUtility util;
+	if (util.getGUCValue("hawq_acl_type") == "ranger")
+	{
+		/*
+		 * create a table in hive and populate some rows
+		 */
+		clearEnv(&util, "pxf", 1);
+		clearEnv(&util, "pxf", 2);
+		clearEnv(&util, "pxf", 3);
+		string rootPath(util.getTestRootPath());
+		string sqlPath = rootPath + "/Ranger/data/testhive.sql";
+		auto cmd =  hawq::test::stringFormat("hive -f %s", sqlPath.c_str());
+		Command::getCommandStatus(cmd);
+
+		/*
+		 * create a user and query this table, fail.
+		 */
+		addUser(&util, "pxf", 1, false);
+		runSQLFile(&util, "pxf", "fail", 1);
+
+		/*
+		 * add allow policies for this user and query again, succeed.
+		 */
+		addPolicy(&util, "pxf", 1); // usage of default
+		addPolicy(&util, "pxf", 2); // select of table
+		addPolicy(&util, "pxf", 3); // usage of current schema(e.g.testhawqranger_hcatalogtest)
+		runSQLFile(&util, "pxf", "success", 1);
+	}
+}
+
 void TestHawqRanger::addUser(hawq::test::SQLUtility* util, std::string case_name, int user_index,
bool full_policy, int writable_index)
 {
 	string rootPath = util->getTestRootPath();


Mime
View raw message