hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From the...@apache.org
Subject svn commit: r1563321 - in /hive/trunk/ql/src: java/org/apache/hadoop/hive/ql/parse/ java/org/apache/hadoop/hive/ql/security/authorization/ java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/ test/org/apache/hadoop/hive/ql/parse/authori...
Date Fri, 31 Jan 2014 22:47:19 GMT
Author: thejas
Date: Fri Jan 31 22:47:18 2014
New Revision: 1563321

URL: http://svn.apache.org/r1563321
Log:
HIVE-6112 : SQL std auth - support new privileges INSERT, DELETE (Thejas Nair, reviewed by Ashutosh Chauhan)

Added:
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java
    hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java
    hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/ListSizeMatcher.java
    hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java
    hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java
    hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV2.java
    hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q
    hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out
    hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out
Modified:
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
    hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g?rev=1563321&r1=1563320&r2=1563321&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g Fri Jan 31 22:47:18 2014
@@ -267,8 +267,10 @@ TOK_GRANT_WITH_ADMIN_OPTION;
 TOK_PRIV_ALL;
 TOK_PRIV_ALTER_METADATA;
 TOK_PRIV_ALTER_DATA;
+TOK_PRIV_DELETE;
 TOK_PRIV_DROP;
 TOK_PRIV_INDEX;
+TOK_PRIV_INSERT;
 TOK_PRIV_LOCK;
 TOK_PRIV_SELECT;
 TOK_PRIV_SHOW_DATABASE;
@@ -1432,6 +1434,8 @@ privilegeType
     | KW_LOCK -> ^(TOK_PRIV_LOCK)
     | KW_SELECT -> ^(TOK_PRIV_SELECT)
     | KW_SHOW_DATABASE -> ^(TOK_PRIV_SHOW_DATABASE)
+    | KW_INSERT -> ^(TOK_PRIV_INSERT)
+    | KW_DELETE -> ^(TOK_PRIV_DELETE)
     ;
 
 principalSpecification

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java?rev=1563321&r1=1563320&r2=1563321&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java Fri Jan 31 22:47:18 2014
@@ -19,82 +19,17 @@
 package org.apache.hadoop.hive.ql.security.authorization;
 
 import java.util.EnumSet;
-import org.apache.hadoop.hive.ql.parse.HiveParser;
 
 /**
  * Privilege defines a privilege in Hive. Each privilege has a name and scope associated with it.
  * This class contains all of the predefined privileges in Hive.
  */
 public class Privilege {
-  
-  public enum PrivilegeType {
-    ALL,
-    ALTER_DATA,
-    ALTER_METADATA,
-    CREATE,
-    DROP,
-    INDEX,
-    LOCK,
-    SELECT,
-    SHOW_DATABASE,
-    UNKNOWN
-  }
-
-
-  public static PrivilegeType getPrivTypeByToken(int token) {
-    switch (token) {
-    case HiveParser.TOK_PRIV_ALL:
-      return PrivilegeType.ALL;
-    case HiveParser.TOK_PRIV_ALTER_DATA:
-      return PrivilegeType.ALTER_DATA;
-    case HiveParser.TOK_PRIV_ALTER_METADATA:
-      return PrivilegeType.ALTER_METADATA;
-    case HiveParser.TOK_PRIV_CREATE:
-      return PrivilegeType.CREATE;
-    case HiveParser.TOK_PRIV_DROP:
-      return PrivilegeType.DROP;
-    case HiveParser.TOK_PRIV_INDEX:
-      return PrivilegeType.INDEX;
-    case HiveParser.TOK_PRIV_LOCK:
-      return PrivilegeType.LOCK;
-    case HiveParser.TOK_PRIV_SELECT:
-      return PrivilegeType.SELECT;
-    case HiveParser.TOK_PRIV_SHOW_DATABASE:
-      return PrivilegeType.SHOW_DATABASE;
-    default:
-      return PrivilegeType.UNKNOWN;
-    }
-  }
-
-  public static PrivilegeType getPrivTypeByName(String privilegeName) {
-    String canonicalizedName = privilegeName.toLowerCase();
-    if (canonicalizedName.equals("all")) {
-      return PrivilegeType.ALL;
-    } else if (canonicalizedName.equals("update")) {
-      return PrivilegeType.ALTER_DATA;
-    } else if (canonicalizedName.equals("alter")) {
-      return PrivilegeType.ALTER_METADATA;
-    } else if (canonicalizedName.equals("create")) {
-      return PrivilegeType.CREATE;
-    } else if (canonicalizedName.equals("drop")) {
-      return PrivilegeType.DROP;
-    } else if (canonicalizedName.equals("index")) {
-      return PrivilegeType.INDEX;
-    } else if (canonicalizedName.equals("lock")) {
-      return PrivilegeType.LOCK;
-    } else if (canonicalizedName.equals("select")) {
-      return PrivilegeType.SELECT;
-    } else if (canonicalizedName.equals("show_database")) {
-      return PrivilegeType.SHOW_DATABASE;
-    }
-
-    return PrivilegeType.UNKNOWN;
-  }
 
   private PrivilegeType priv;
-  
+
   private EnumSet<PrivilegeScope> supportedScopeSet;
-  
+
   private Privilege(PrivilegeType priv, EnumSet<PrivilegeScope> scopeSet) {
     super();
     this.priv = priv;
@@ -104,7 +39,7 @@ public class Privilege {
   public Privilege(PrivilegeType priv) {
     super();
     this.priv = priv;
-    
+
   }
 
   public PrivilegeType getPriv() {
@@ -114,7 +49,7 @@ public class Privilege {
   public void setPriv(PrivilegeType priv) {
     this.priv = priv;
   }
-  
+
   public boolean supportColumnLevel() {
     return supportedScopeSet != null
         && supportedScopeSet.contains(PrivilegeScope.COLUMN_LEVEL_SCOPE);
@@ -129,31 +64,10 @@ public class Privilege {
     return supportedScopeSet != null
         && supportedScopeSet.contains(PrivilegeScope.TABLE_LEVEL_SCOPE);
   }
-  
+
   @Override
   public String toString() {
-    switch (this.priv) {
-    case ALL:
-      return "All";
-    case ALTER_DATA:
-      return "Update";
-    case ALTER_METADATA:
-      return "Alter";
-    case CREATE:
-      return "Create";
-    case DROP:
-      return "Drop";
-    case INDEX:
-      return "Index";
-    case LOCK:
-      return "Lock";
-    case SELECT:
-      return "Select";
-    case SHOW_DATABASE:
-      return "Show_Database";
-    default:
-      return "Unknown";
-    }
+    return this.getPriv().toString();
   }
 
   public Privilege() {
@@ -183,6 +97,12 @@ public class Privilege {
   public static Privilege SELECT = new Privilege(PrivilegeType.SELECT,
       PrivilegeScope.ALLSCOPE);
 
+  public static Privilege INSERT = new Privilege(PrivilegeType.INSERT,
+      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
+
+  public static Privilege DELETE = new Privilege(PrivilegeType.DELETE,
+      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
+
   public static Privilege SHOW_DATABASE = new Privilege(PrivilegeType.SHOW_DATABASE,
       EnumSet.of(PrivilegeScope.USER_LEVEL_SCOPE));
 

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java?rev=1563321&r1=1563320&r2=1563321&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java Fri Jan 31 22:47:18 2014
@@ -19,8 +19,9 @@
 package org.apache.hadoop.hive.ql.security.authorization;
 
 import java.util.HashMap;
+import java.util.Map;
 
-import org.apache.hadoop.hive.ql.security.authorization.Privilege.PrivilegeType;
+import org.apache.hadoop.hive.ql.session.SessionState;
 
 /**
  * PrivilegeRegistry is used to do privilege lookups. Given a privilege name, it
@@ -28,9 +29,35 @@ import org.apache.hadoop.hive.ql.securit
  */
 public class PrivilegeRegistry {
 
-  protected static HashMap<PrivilegeType, Privilege> Registry = new HashMap<PrivilegeType, Privilege>();
+  protected static Map<PrivilegeType, Privilege> Registry = null;
 
-  static {
+  public static Privilege getPrivilege(PrivilegeType privilegeType) {
+    initializeRegistry();
+    return Registry.get(privilegeType);
+  }
+
+  private static void initializeRegistry() {
+    if(Registry != null){
+      //already initialized, nothing to do
+      return;
+    }
+    //population of registry done in separate synchronized call
+    populateRegistry();
+  }
+
+  /**
+   * Add entries to registry. This needs to be synchronized to avoid Registry being populated
+   * multiple times.
+   */
+  private static synchronized void populateRegistry() {
+    //do check again in synchronized block
+    if(Registry != null){
+      //already initialized, nothing to do
+      return;
+    }
+    Registry = new HashMap<PrivilegeType, Privilege>();
+
+    //add the privileges supported in authorization mode V1
     Registry.put(Privilege.ALL.getPriv(), Privilege.ALL);
     Registry.put(Privilege.ALTER_DATA.getPriv(), Privilege.ALTER_DATA);
     Registry.put(Privilege.ALTER_METADATA.getPriv(), Privilege.ALTER_METADATA);
@@ -41,18 +68,23 @@ public class PrivilegeRegistry {
     Registry.put(Privilege.SELECT.getPriv(), Privilege.SELECT);
     Registry.put(Privilege.SHOW_DATABASE.getPriv(),
         Privilege.SHOW_DATABASE);
-  }
-
-  public static Privilege getPrivilege(PrivilegeType privilegeType) {
-    return Registry.get(privilegeType);
+    if(SessionState.get().isAuthorizationModeV2()){
+      //add the privileges not supported in V1
+      //The list of privileges supported in V2 is implementation defined,
+      //so just pass everything that syntax supports.
+      Registry.put(Privilege.INSERT.getPriv(), Privilege.INSERT);
+      Registry.put(Privilege.DELETE.getPriv(), Privilege.DELETE);
+    }
   }
 
   public static Privilege getPrivilege(int privilegeToken) {
-    return Registry.get(Privilege.getPrivTypeByToken(privilegeToken));
+    initializeRegistry();
+    return Registry.get(PrivilegeType.getPrivTypeByToken(privilegeToken));
   }
 
   public static Privilege getPrivilege(String privilegeName) {
-    return Registry.get(Privilege.getPrivTypeByName(privilegeName));
+    initializeRegistry();
+    return Registry.get(PrivilegeType.getPrivTypeByName(privilegeName));
   }
 
 }

Added: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java (added)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,116 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hive.ql.security.authorization;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.hadoop.hive.ql.parse.HiveParser;
+
+/**
+ * Privilege type
+ */
+public enum PrivilegeType {
+
+  ALL(HiveParser.TOK_PRIV_ALL, "All"),
+  ALTER_DATA(HiveParser.TOK_PRIV_ALTER_DATA, "Update"),
+  ALTER_METADATA(HiveParser.TOK_PRIV_ALTER_METADATA, "Alter"),
+  CREATE(HiveParser.TOK_PRIV_CREATE, "Create"),
+  DROP(HiveParser.TOK_PRIV_DROP, "Drop"),
+  INDEX(HiveParser.TOK_PRIV_INDEX, "Index"),
+  LOCK(HiveParser.TOK_PRIV_LOCK, "Lock"),
+  SELECT(HiveParser.TOK_PRIV_SELECT, "Select"),
+  SHOW_DATABASE(HiveParser.TOK_PRIV_SHOW_DATABASE, "Show_Database"),
+  INSERT(HiveParser.TOK_PRIV_INSERT, "Insert"),
+  DELETE(HiveParser.TOK_PRIV_DELETE, "Delete"),
+  UNKNOWN(null, null);
+
+  private final String name;
+  private final Integer token;
+
+  PrivilegeType(Integer token, String name){
+    this.name = name;
+    this.token = token;
+  }
+
+  @Override
+  public String toString(){
+    return name == null ? "unkown" : name;
+  }
+
+  public Integer getToken() {
+    return token;
+  }
+
+  private static Map<Integer, PrivilegeType> token2Type;
+  private static Map<String, PrivilegeType> name2Type;
+
+  /**
+   * Do case lookup of PrivilegeType associated with this antlr token
+   * @param privilegeName
+   * @return corresponding PrivilegeType
+   */
+  public static PrivilegeType getPrivTypeByToken(int token) {
+    if(token2Type == null){
+      populateToken2Type();
+    }
+    PrivilegeType privType = token2Type.get(token);
+    if(privType != null){
+      return privType;
+    }
+    return PrivilegeType.UNKNOWN;
+  }
+
+  private static synchronized void populateToken2Type() {
+    if(token2Type != null){
+      return;
+    }
+    token2Type = new HashMap<Integer, PrivilegeType>();
+    for(PrivilegeType privType : PrivilegeType.values()){
+      token2Type.put(privType.getToken(), privType);
+    }
+  }
+
+  /**
+   * Do case insensitive lookup of PrivilegeType with this name
+   * @param privilegeName
+   * @return corresponding PrivilegeType
+   */
+  public static PrivilegeType getPrivTypeByName(String privilegeName) {
+    if(name2Type == null){
+      populateName2Type();
+    }
+    String canonicalizedName = privilegeName.toLowerCase();
+    PrivilegeType privType = name2Type.get(canonicalizedName);
+    if(privType != null){
+      return privType;
+    }
+    return PrivilegeType.UNKNOWN;
+  }
+
+  private static synchronized void populateName2Type() {
+    if(name2Type != null){
+      return;
+    }
+    name2Type = new HashMap<String, PrivilegeType>();
+    for(PrivilegeType privType : PrivilegeType.values()){
+      name2Type.put(privType.toString().toLowerCase(), privType);
+    }
+  }
+}

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java?rev=1563321&r1=1563320&r2=1563321&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java Fri Jan 31 22:47:18 2014
@@ -18,7 +18,11 @@
 package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;
 
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Locale;
+import java.util.Set;
 
 import org.apache.hadoop.classification.InterfaceAudience.Private;
 import org.apache.hadoop.hive.conf.HiveConf;
@@ -48,6 +52,9 @@ import org.apache.hadoop.hive.ql.securit
 public class SQLStdHiveAccessController implements HiveAccessController {
 
   private HiveMetastoreClientFactory metastoreClientFactory;
+  private static final String [] SUPPORTED_PRIVS = {"INSERT", "UPDATE", "DELETE", "SELECT", "ALL"};
+  private static final Set<String> SUPPORTED_PRIVS_SET
+    = new HashSet<String>(Arrays.asList(SUPPORTED_PRIVS));
 
 
   SQLStdHiveAccessController(HiveMetastoreClientFactory metastoreClientFactory,
@@ -91,6 +98,10 @@ public class SQLStdHiveAccessController 
         throw new HiveAuthorizationPluginException("Privileges on columns not supported currently"
             + " in sql standard authorization mode");
       }
+      if(!SUPPORTED_PRIVS_SET.contains(privilege.getName().toUpperCase(Locale.US))){
+        throw new HiveAuthorizationPluginException("Privilege: " + privilege.getName() +
+            " is not supported in sql standard authorization mode");
+      }
       PrivilegeGrantInfo grantInfo = getThriftPrivilegeGrantInfo(privilege, grantorPrincipal, grantOption);
       for(HivePrincipal principal : hivePrincipals){
         HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj, principal.getName(),

Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import java.io.Serializable;
+import java.util.List;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.Context;
+import org.apache.hadoop.hive.ql.exec.Task;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.parse.ASTNode;
+import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer;
+import org.apache.hadoop.hive.ql.parse.ParseDriver;
+import org.apache.hadoop.hive.ql.parse.ParseUtils;
+import org.apache.hadoop.hive.ql.plan.DDLWork;
+import org.apache.hadoop.hive.ql.session.SessionState;
+
+/**
+ * Util function for authorization tests
+ */
+public class AuthorizationTestUtil {
+
+  /**
+   * Create DDLWork from given ast
+   * @param ast
+   * @param conf
+   * @param db
+   * @return
+   * @throws Exception
+   */
+  public static DDLWork analyze(ASTNode ast, HiveConf conf, Hive db) throws Exception {
+    DDLSemanticAnalyzer analyzer = new DDLSemanticAnalyzer(conf, db);
+    SessionState.start(conf);
+    analyzer.analyze(ast, new Context(conf));
+    List<Task<? extends Serializable>> rootTasks = analyzer.getRootTasks();
+    return (DDLWork) inList(rootTasks).ofSize(1).get(0).getWork();
+  }
+
+  /**
+   * Create DDLWork from given command string
+   * @param command
+   * @param conf
+   * @param db
+   * @return
+   * @throws Exception
+   */
+  public static DDLWork analyze(String command, HiveConf conf, Hive db) throws Exception {
+    return analyze(parse(command), conf, db);
+  }
+
+  private static ASTNode parse(String command) throws Exception {
+    return ParseUtils.findRootNonNullToken((new ParseDriver()).parse(command));
+  }
+
+  /**
+   * Helper class that lets you check the size and return the list in one line.
+   *
+   * @param <E>
+   */
+  public static class ListSizeMatcher<E> {
+    private final List<E> list;
+    private ListSizeMatcher(List<E> list) {
+      this.list = list;
+    }
+    private List<E> ofSize(int size) {
+      Assert.assertEquals(list.toString(),  size, list.size());
+      return list;
+    }
+  }
+
+  public static <E> ListSizeMatcher<E> inList(List<E> list) {
+    return new ListSizeMatcher<E>(list);
+  }
+
+}
+

Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/ListSizeMatcher.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/ListSizeMatcher.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/ListSizeMatcher.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/ListSizeMatcher.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import java.util.List;
+
+import junit.framework.Assert;
+
+public class ListSizeMatcher<E> {
+  private final List<E> list;
+  private ListSizeMatcher(List<E> list) {
+    this.list = list;
+  }
+
+  public List<E> ofSize(int size) {
+    Assert.assertEquals(list.toString(),  size, list.size());
+    return list;
+  }
+
+
+  public static <E> ListSizeMatcher<E> inList(List<E> list) {
+    return new ListSizeMatcher<E>(list);
+  }
+}
+

Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.metastore.api.PrincipalType;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.plan.DDLWork;
+import org.apache.hadoop.hive.ql.plan.GrantDesc;
+import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType;
+
+public class PrivilegesTestBase {
+  protected static final String DB = "default";
+  protected static final String TABLE = "table1";
+  protected static final String USER = "user1";
+
+  public static void grantUserTable(String privStr, PrivilegeType privType, HiveConf conf, Hive db)
+      throws Exception {
+    DDLWork work = AuthorizationTestUtil.analyze("GRANT " + privStr + " ON TABLE " + TABLE + " TO USER " + USER, conf, db);
+    GrantDesc grantDesc = work.getGrantDesc();
+    Assert.assertNotNull("Grant should not be null", grantDesc);
+
+    //check privileges
+    for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
+      Assert.assertEquals(privType, privilege.getPrivilege().getPriv());
+    }
+
+    //check other parts
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
+      Assert.assertEquals(PrincipalType.USER, principal.getType());
+      Assert.assertEquals(USER, principal.getName());
+    }
+    Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
+    Assert.assertEquals(TABLE, grantDesc.getPrivilegeSubjectDesc().getObject());
+  }
+
+}

Modified: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java?rev=1563321&r1=1563320&r2=1563321&view=diff
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java (original)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java Fri Jan 31 22:47:18 2014
@@ -17,23 +17,18 @@
  */
 package org.apache.hadoop.hive.ql.parse.authorization;
 
-import java.io.Serializable;
 import java.util.HashMap;
-import java.util.List;
 
 import junit.framework.Assert;
 
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.metastore.api.PrincipalType;
 import org.apache.hadoop.hive.ql.Context;
-import org.apache.hadoop.hive.ql.exec.Task;
 import org.apache.hadoop.hive.ql.metadata.Hive;
 import org.apache.hadoop.hive.ql.metadata.Partition;
 import org.apache.hadoop.hive.ql.metadata.Table;
-import org.apache.hadoop.hive.ql.parse.ASTNode;
 import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer;
 import org.apache.hadoop.hive.ql.parse.ParseDriver;
-import org.apache.hadoop.hive.ql.parse.ParseUtils;
 import org.apache.hadoop.hive.ql.plan.DDLWork;
 import org.apache.hadoop.hive.ql.plan.GrantDesc;
 import org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL;
@@ -91,7 +86,7 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testCreateRole() throws Exception {
-    DDLWork work = analyze(parse("CREATE ROLE " + ROLE));
+    DDLWork work = analyze("CREATE ROLE " + ROLE);
     RoleDDLDesc roleDesc = work.getRoleDDLDesc();
     Assert.assertNotNull("Role should not be null", roleDesc);
     Assert.assertEquals(RoleOperation.CREATE_ROLE, roleDesc.getOperation());
@@ -103,7 +98,7 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testDropRole() throws Exception {
-    DDLWork work = analyze(parse("DROp ROLE " + ROLE));
+    DDLWork work = analyze("DROp ROLE " + ROLE);
     RoleDDLDesc roleDesc = work.getRoleDDLDesc();
     Assert.assertNotNull("Role should not be null", roleDesc);
     Assert.assertEquals(RoleOperation.DROP_ROLE, roleDesc.getOperation());
@@ -115,14 +110,14 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testGrantUserTable() throws Exception {
-    DDLWork work = analyze(parse("GRANT " + SELECT + " ON TABLE " + TABLE + " TO USER " + USER));
+    DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO USER " + USER);
     GrantDesc grantDesc = work.getGrantDesc();
     Assert.assertNotNull("Grant should not be null", grantDesc);
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.USER, principal.getType());
       Assert.assertEquals(USER, principal.getName());
     }
-    for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+    for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
       Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
     }
     Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -133,14 +128,14 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testGrantRoleTable() throws Exception {
-    DDLWork work = analyze(parse("GRANT " + SELECT + " ON TABLE " + TABLE + " TO ROLE " + ROLE));
+    DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO ROLE " + ROLE);
     GrantDesc grantDesc = work.getGrantDesc();
     Assert.assertNotNull("Grant should not be null", grantDesc);
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.ROLE, principal.getType());
       Assert.assertEquals(ROLE, principal.getName());
     }
-    for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+    for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
       Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
     }
     Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -151,14 +146,14 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testGrantGroupTable() throws Exception {
-    DDLWork work = analyze(parse("GRANT " + SELECT + " ON TABLE " + TABLE + " TO GROUP " + GROUP));
+    DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO GROUP " + GROUP);
     GrantDesc grantDesc = work.getGrantDesc();
     Assert.assertNotNull("Grant should not be null", grantDesc);
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.GROUP, principal.getType());
       Assert.assertEquals(GROUP, principal.getName());
     }
-    for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+    for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
       Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
     }
     Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -169,14 +164,14 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testRevokeUserTable() throws Exception {
-    DDLWork work = analyze(parse("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM USER " + USER));
+    DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM USER " + USER);
     RevokeDesc grantDesc = work.getRevokeDesc();
     Assert.assertNotNull("Revoke should not be null", grantDesc);
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.USER, principal.getType());
       Assert.assertEquals(USER, principal.getName());
     }
-    for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+    for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
       Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
     }
     Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -187,14 +182,14 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testRevokeRoleTable() throws Exception {
-    DDLWork work = analyze(parse("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM ROLE " + ROLE));
+    DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM ROLE " + ROLE);
     RevokeDesc grantDesc = work.getRevokeDesc();
     Assert.assertNotNull("Revoke should not be null", grantDesc);
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.ROLE, principal.getType());
       Assert.assertEquals(ROLE, principal.getName());
     }
-    for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+    for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
       Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
     }
     Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -205,14 +200,14 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testRevokeGroupTable() throws Exception {
-    DDLWork work = analyze(parse("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM GROUP " + GROUP));
+    DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM GROUP " + GROUP);
     RevokeDesc grantDesc = work.getRevokeDesc();
     Assert.assertNotNull("Revoke should not be null", grantDesc);
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipals()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.GROUP, principal.getType());
       Assert.assertEquals(GROUP, principal.getName());
     }
-    for(PrivilegeDesc privilege : inList(grantDesc.getPrivileges()).ofSize(1)) {
+    for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
       Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
     }
     Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
@@ -223,17 +218,17 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testGrantRoleUser() throws Exception {
-    DDLWork work = analyze(parse("GRANT ROLE " + ROLE + " TO USER " + USER));
+    DDLWork work = analyze("GRANT ROLE " + ROLE + " TO USER " + USER);
     GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
     Assert.assertNotNull("Grant should not be null", grantDesc);
     Assert.assertTrue("Expected grant ", grantDesc.getGrant());
     Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
     Assert.assertEquals(currentUser, grantDesc.getGrantor());
     Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
-    for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+    for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
       Assert.assertEquals(ROLE, role);
     }
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.USER, principal.getType());
       Assert.assertEquals(USER, principal.getName());
     }
@@ -243,17 +238,17 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testGrantRoleRole() throws Exception {
-    DDLWork work = analyze(parse("GRANT ROLE " + ROLE + " TO ROLE " + ROLE));
+    DDLWork work = analyze("GRANT ROLE " + ROLE + " TO ROLE " + ROLE);
     GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
     Assert.assertNotNull("Grant should not be null", grantDesc);
     Assert.assertTrue("Expected grant ", grantDesc.getGrant());
     Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
     Assert.assertEquals(currentUser, grantDesc.getGrantor());
     Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
-    for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+    for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
       Assert.assertEquals(ROLE, role);
     }
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.ROLE, principal.getType());
       Assert.assertEquals(ROLE, principal.getName());
     }
@@ -263,17 +258,17 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testGrantRoleGroup() throws Exception {
-    DDLWork work = analyze(parse("GRANT ROLE " + ROLE + " TO GROUP " + GROUP));
+    DDLWork work = analyze("GRANT ROLE " + ROLE + " TO GROUP " + GROUP);
     GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
     Assert.assertNotNull("Grant should not be null", grantDesc);
     Assert.assertTrue("Expected grant ", grantDesc.getGrant());
     Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
     Assert.assertEquals(currentUser, grantDesc.getGrantor());
     Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
-    for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+    for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
       Assert.assertEquals(ROLE, role);
     }
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.GROUP, principal.getType());
       Assert.assertEquals(GROUP, principal.getName());
     }
@@ -283,17 +278,17 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testRevokeRoleUser() throws Exception {
-    DDLWork work = analyze(parse("REVOKE ROLE " + ROLE + " FROM USER " + USER));
+    DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM USER " + USER);
     GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
     Assert.assertNotNull("Grant should not be null", grantDesc);
     Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
     Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
     Assert.assertEquals(currentUser, grantDesc.getGrantor());
     Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
-    for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+    for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
       Assert.assertEquals(ROLE, role);
     }
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.USER, principal.getType());
       Assert.assertEquals(USER, principal.getName());
     }
@@ -303,17 +298,17 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testRevokeRoleRole() throws Exception {
-    DDLWork work = analyze(parse("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE));
+    DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE);
     GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
     Assert.assertNotNull("Grant should not be null", grantDesc);
     Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
     Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
     Assert.assertEquals(currentUser, grantDesc.getGrantor());
     Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
-    for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+    for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
       Assert.assertEquals(ROLE, role);
     }
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.ROLE, principal.getType());
       Assert.assertEquals(ROLE, principal.getName());
     }
@@ -323,17 +318,17 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testRevokeRoleGroup() throws Exception {
-    DDLWork work = analyze(parse("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP));
+    DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP);
     GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
     Assert.assertNotNull("Grant should not be null", grantDesc);
     Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
     Assert.assertTrue("Grant option is always true ", grantDesc.isGrantOption());
     Assert.assertEquals(currentUser, grantDesc.getGrantor());
     Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
-    for(String role : inList(grantDesc.getRoles()).ofSize(1)) {
+    for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
       Assert.assertEquals(ROLE, role);
     }
-    for(PrincipalDesc principal : inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
+    for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
       Assert.assertEquals(PrincipalType.GROUP, principal.getType());
       Assert.assertEquals(GROUP, principal.getName());
     }
@@ -343,7 +338,7 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testShowRoleGrantUser() throws Exception {
-    DDLWork work = analyze(parse("SHOW ROLE GRANT USER " + USER));
+    DDLWork work = analyze("SHOW ROLE GRANT USER " + USER);
     RoleDDLDesc roleDesc = work.getRoleDDLDesc();
     Assert.assertNotNull("Role should not be null", roleDesc);
     Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation());
@@ -355,7 +350,7 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testShowRoleGrantRole() throws Exception {
-    DDLWork work = analyze(parse("SHOW ROLE GRANT ROLE " + ROLE));
+    DDLWork work = analyze("SHOW ROLE GRANT ROLE " + ROLE);
     RoleDDLDesc roleDesc = work.getRoleDDLDesc();
     Assert.assertNotNull("Role should not be null", roleDesc);
     Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation());
@@ -367,7 +362,7 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testShowRoleGrantGroup() throws Exception {
-    DDLWork work = analyze(parse("SHOW ROLE GRANT GROUP " + GROUP));
+    DDLWork work = analyze("SHOW ROLE GRANT GROUP " + GROUP);
     RoleDDLDesc roleDesc = work.getRoleDDLDesc();
     Assert.assertNotNull("Role should not be null", roleDesc);
     Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation());
@@ -379,7 +374,7 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testShowGrantUserOnTable() throws Exception {
-    DDLWork work = analyze(parse("SHOW GRANT USER " + USER + " ON TABLE " + TABLE));
+    DDLWork work = analyze("SHOW GRANT USER " + USER + " ON TABLE " + TABLE);
     ShowGrantDesc grantDesc = work.getShowGrantDesc();
     Assert.assertNotNull("Show grant should not be null", grantDesc);
     Assert.assertEquals(PrincipalType.USER, grantDesc.getPrincipalDesc().getType());
@@ -393,7 +388,7 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testShowGrantRoleOnTable() throws Exception {
-    DDLWork work = analyze(parse("SHOW GRANT ROLE " + ROLE + " ON TABLE " + TABLE));
+    DDLWork work = analyze("SHOW GRANT ROLE " + ROLE + " ON TABLE " + TABLE);
     ShowGrantDesc grantDesc = work.getShowGrantDesc();
     Assert.assertNotNull("Show grant should not be null", grantDesc);
     Assert.assertEquals(PrincipalType.ROLE, grantDesc.getPrincipalDesc().getType());
@@ -407,7 +402,7 @@ public class TestHiveAuthorizationTaskFa
    */
   @Test
   public void testShowGrantGroupOnTable() throws Exception {
-    DDLWork work = analyze(parse("SHOW GRANT GROUP " + GROUP + " ON TABLE " + TABLE));
+    DDLWork work = analyze("SHOW GRANT GROUP " + GROUP + " ON TABLE " + TABLE);
     ShowGrantDesc grantDesc = work.getShowGrantDesc();
     Assert.assertNotNull("Show grant should not be null", grantDesc);
     Assert.assertEquals(PrincipalType.GROUP, grantDesc.getPrincipalDesc().getType());
@@ -416,26 +411,10 @@ public class TestHiveAuthorizationTaskFa
     Assert.assertEquals(TABLE, grantDesc.getHiveObj().getObject());
     Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable());
   }
-  private ASTNode parse(String command) throws Exception {
-    return ParseUtils.findRootNonNullToken(parseDriver.parse(command));
-  }
 
-  private DDLWork analyze(ASTNode ast) throws Exception {
-    analyzer.analyze(ast, context);
-    List<Task<? extends Serializable>> rootTasks = analyzer.getRootTasks();
-    return (DDLWork) inList(rootTasks).ofSize(1).get(0).getWork();
-  }
-  private static class ListSizeMatcher<E> {
-    private final List<E> list;
-    private ListSizeMatcher(List<E> list) {
-      this.list = list;
-    }
-    private List<E> ofSize(int size) {
-      Assert.assertEquals(list.toString(),  size, list.size());
-      return list;
-    }
-  }
-  private static <E> ListSizeMatcher<E> inList(List<E> list) {
-    return new ListSizeMatcher<E>(list);
+  private DDLWork analyze(String command) throws Exception {
+    return AuthorizationTestUtil.analyze(command, conf, db);
   }
+
+
 }

Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import java.util.HashMap;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.metadata.Partition;
+import org.apache.hadoop.hive.ql.metadata.Table;
+import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType;
+import org.apache.hadoop.hive.ql.session.SessionState;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class TestPrivilegesV1 extends PrivilegesTestBase{
+
+  private HiveConf conf;
+  private Hive db;
+  private Table table;
+  private Partition partition;
+
+  @Before
+  public void setup() throws Exception {
+    conf = new HiveConf();
+    db = Mockito.mock(Hive.class);
+    table = new Table(DB, TABLE);
+    partition = new Partition(table);
+    SessionState.start(conf);
+    Mockito.when(db.getTable(DB, TABLE, false)).thenReturn(table);
+    Mockito.when(db.getPartition(table, new HashMap<String, String>(), false))
+    .thenReturn(partition);
+  }
+
+  /**
+   * Check acceptable privileges in grant statement
+   * @return
+   * @throws Exception
+   */
+  @Test
+  public void testPrivInGrant() throws Exception{
+    grantUserTable("all", PrivilegeType.ALL);
+    grantUserTable("update", PrivilegeType.ALTER_DATA);
+    grantUserTable("alter", PrivilegeType.ALTER_METADATA);
+    grantUserTable("create", PrivilegeType.CREATE);
+    grantUserTable("drop", PrivilegeType.DROP);
+    grantUserTable("index", PrivilegeType.INDEX);
+    grantUserTable("lock", PrivilegeType.LOCK);
+    grantUserTable("select", PrivilegeType.SELECT);
+    grantUserTable("show_database", PrivilegeType.SHOW_DATABASE);
+  }
+
+  /**
+   * Check acceptable privileges in grant statement
+   * @return
+   * @throws Exception
+   */
+  @Test
+  public void testPrivInGrantNotAccepted() throws Exception{
+    grantUserTableFail("insert");
+    grantUserTableFail("delete");
+  }
+
+  private void grantUserTableFail(String privName) {
+    try{
+      grantUserTable(privName, PrivilegeType.UNKNOWN);
+      Assert.fail("Exception expected");
+    }catch(Exception e){
+
+    }
+  }
+
+  private void grantUserTable(String privName, PrivilegeType privType) throws Exception {
+    grantUserTable(privName, privType, conf, db);
+  }
+}

Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV2.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV2.java?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV2.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV2.java Fri Jan 31 22:47:18 2014
@@ -0,0 +1,72 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import java.util.HashMap;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.metadata.Partition;
+import org.apache.hadoop.hive.ql.metadata.Table;
+import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+import org.apache.hadoop.hive.ql.session.SessionState;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class TestPrivilegesV2 extends PrivilegesTestBase{
+
+  private HiveConf conf;
+  private Hive db;
+  private Table table;
+  private Partition partition;
+
+  @Before
+  public void setup() throws Exception {
+    conf = new HiveConf();
+    //set authorization mode to V2
+    conf.setVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER,
+        SQLStdHiveAuthorizerFactory.class.getName());
+    db = Mockito.mock(Hive.class);
+    table = new Table(DB, TABLE);
+    SessionState.start(conf);
+    Mockito.when(db.getTable(DB, TABLE, false)).thenReturn(table);
+    Mockito.when(db.getPartition(table, new HashMap<String, String>(), false))
+    .thenReturn(partition);
+  }
+
+  /**
+   * Check acceptable privileges in grant statement
+   * @return
+   * @throws Exception
+   */
+  @Test
+  public void testPrivInGrant() throws Exception{
+    grantUserTable("select", PrivilegeType.SELECT);
+    grantUserTable("insert", PrivilegeType.INSERT);
+    grantUserTable("delete", PrivilegeType.DELETE);
+    grantUserTable("update", PrivilegeType.ALTER_DATA);
+    grantUserTable("all", PrivilegeType.ALL);
+  }
+
+  private void grantUserTable(String privName, PrivilegeType privType) throws Exception {
+    grantUserTable(privName, privType, conf, db);
+  }
+
+}

Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q Fri Jan 31 22:47:18 2014
@@ -0,0 +1,6 @@
+create table if not exists authorization_invalid_v1 (key int, value string);
+grant delete on table authorization_invalid_v1 to user hive_test_user;
+drop table authorization_invalid_v1;
+
+
+

Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q Fri Jan 31 22:47:18 2014
@@ -0,0 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+
+create table if not exists authorization_invalid_v2 (key int, value string);
+grant index on table authorization_invalid_v2 to user hive_test_user;
+drop table authorization_invalid_v2;

Added: hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out Fri Jan 31 22:47:18 2014
@@ -0,0 +1,6 @@
+PREHOOK: query: create table if not exists authorization_invalid_v1 (key int, value string)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: create table if not exists authorization_invalid_v1 (key int, value string)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@authorization_invalid_v1
+FAILED: SemanticException undefined privilege 731

Added: hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out?rev=1563321&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out Fri Jan 31 22:47:18 2014
@@ -0,0 +1,9 @@
+PREHOOK: query: create table if not exists authorization_invalid_v2 (key int, value string)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: create table if not exists authorization_invalid_v2 (key int, value string)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@authorization_invalid_v2
+PREHOOK: query: grant index on table authorization_invalid_v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@authorization_invalid_v2
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Privilege: Index is not supported in sql standard authorization mode



Mime
View raw message