hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From the...@apache.org
Subject svn commit: r1628115 - in /hive/branches/branch-0.14/ql/src/test: queries/clientnegative/ queries/clientpositive/ results/clientnegative/ results/clientpositive/
Date Mon, 29 Sep 2014 04:41:47 GMT
Author: thejas
Date: Mon Sep 29 04:41:46 2014
New Revision: 1628115

URL: http://svn.apache.org/r1628115
Log:
HIVE-8279 : sql std auth - additional test cases (Thejas Nair, reviewed by Jason Dere)

Added:
    hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q
    hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_show_columns.q
    hive/branches/branch-0.14/ql/src/test/queries/clientpositive/authorization_grant_option_role.q
    hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out
    hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_show_columns.q.out
    hive/branches/branch-0.14/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out

Added: hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q?rev=1628115&view=auto
==============================================================================
--- hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q
(added)
+++ hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q
Mon Sep 29 04:41:46 2014
@@ -0,0 +1,14 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+set user.name=user1;
+
+create database db1;
+use db1;
+-- check if create table fails as different user. use db.table sytax
+create table t1(i int);
+use default;
+
+set user.name=user2;
+drop table db1.t1;

Added: hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_show_columns.q
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_show_columns.q?rev=1628115&view=auto
==============================================================================
--- hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_show_columns.q
(added)
+++ hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_show_columns.q
Mon Sep 29 04:41:46 2014
@@ -0,0 +1,13 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+create database db1;
+use db1;
+-- check query without select privilege fails
+create table t1(i int);
+
+set user.name=user1;
+show columns in t1;
+

Added: hive/branches/branch-0.14/ql/src/test/queries/clientpositive/authorization_grant_option_role.q
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/queries/clientpositive/authorization_grant_option_role.q?rev=1628115&view=auto
==============================================================================
--- hive/branches/branch-0.14/ql/src/test/queries/clientpositive/authorization_grant_option_role.q
(added)
+++ hive/branches/branch-0.14/ql/src/test/queries/clientpositive/authorization_grant_option_role.q
Mon Sep 29 04:41:46 2014
@@ -0,0 +1,28 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+
+set user.name=hive_admin_user;
+set role admin;
+create role r1;
+grant role r1 to user r1user;
+
+set user.name=user1;
+CREATE TABLE  t1(i int);
+
+-- all privileges should have been set for user
+
+GRANT ALL ON t1 TO ROLE r1 WITH GRANT OPTION;
+
+set user.name=r1user;
+-- check if user belong to role r1 can grant privileges to others
+GRANT ALL ON t1 TO USER user3;
+
+set user.name=hive_admin_user;
+set role admin;
+-- check privileges on table
+show grant on table t1;
+
+-- check if drop role removes privileges for that role
+drop role r1;
+show grant on table t1;

Added: hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out?rev=1628115&view=auto
==============================================================================
--- hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out
(added)
+++ hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out
Mon Sep 29 04:41:46 2014
@@ -0,0 +1,29 @@
+PREHOOK: query: create database db1
+PREHOOK: type: CREATEDATABASE
+PREHOOK: Output: database:db1
+POSTHOOK: query: create database db1
+POSTHOOK: type: CREATEDATABASE
+POSTHOOK: Output: database:db1
+PREHOOK: query: use db1
+PREHOOK: type: SWITCHDATABASE
+PREHOOK: Input: database:db1
+POSTHOOK: query: use db1
+POSTHOOK: type: SWITCHDATABASE
+POSTHOOK: Input: database:db1
+PREHOOK: query: -- check if create table fails as different user. use db.table sytax
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:db1
+PREHOOK: Output: db1@t1
+POSTHOOK: query: -- check if create table fails as different user. use db.table sytax
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:db1
+POSTHOOK: Output: db1@t1
+PREHOOK: query: use default
+PREHOOK: type: SWITCHDATABASE
+PREHOOK: Input: database:default
+POSTHOOK: query: use default
+POSTHOOK: type: SWITCHDATABASE
+POSTHOOK: Input: database:default
+FAILED: HiveAccessControlException Permission denied: Principal [name=user2, type=USER] does
not have following privileges for operation DROPTABLE [[OBJECT OWNERSHIP] on Object [type=TABLE_OR_VIEW,
name=db1.t1]]

Added: hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_show_columns.q.out
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_show_columns.q.out?rev=1628115&view=auto
==============================================================================
--- hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_show_columns.q.out
(added)
+++ hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_show_columns.q.out
Mon Sep 29 04:41:46 2014
@@ -0,0 +1,23 @@
+PREHOOK: query: create database db1
+PREHOOK: type: CREATEDATABASE
+PREHOOK: Output: database:db1
+POSTHOOK: query: create database db1
+POSTHOOK: type: CREATEDATABASE
+POSTHOOK: Output: database:db1
+PREHOOK: query: use db1
+PREHOOK: type: SWITCHDATABASE
+PREHOOK: Input: database:db1
+POSTHOOK: query: use db1
+POSTHOOK: type: SWITCHDATABASE
+POSTHOOK: Input: database:db1
+PREHOOK: query: -- check query without select privilege fails
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:db1
+PREHOOK: Output: db1@t1
+POSTHOOK: query: -- check query without select privilege fails
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:db1
+POSTHOOK: Output: db1@t1
+FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does
not have following privileges for operation SHOWCOLUMNS [[SELECT] on Object [type=TABLE_OR_VIEW,
name=db1.t1]]

Added: hive/branches/branch-0.14/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out?rev=1628115&view=auto
==============================================================================
--- hive/branches/branch-0.14/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out
(added)
+++ hive/branches/branch-0.14/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out
Mon Sep 29 04:41:46 2014
@@ -0,0 +1,78 @@
+PREHOOK: query: set role admin
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role admin
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: create role r1
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: create role r1
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant role r1 to user r1user
+PREHOOK: type: GRANT_ROLE
+POSTHOOK: query: grant role r1 to user r1user
+POSTHOOK: type: GRANT_ROLE
+PREHOOK: query: CREATE TABLE  t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@t1
+POSTHOOK: query: CREATE TABLE  t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@t1
+PREHOOK: query: -- all privileges should have been set for user
+
+GRANT ALL ON t1 TO ROLE r1 WITH GRANT OPTION
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@t1
+POSTHOOK: query: -- all privileges should have been set for user
+
+GRANT ALL ON t1 TO ROLE r1 WITH GRANT OPTION
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@t1
+PREHOOK: query: -- check if user belong to role r1 can grant privileges to others
+GRANT ALL ON t1 TO USER user3
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@t1
+POSTHOOK: query: -- check if user belong to role r1 can grant privileges to others
+GRANT ALL ON t1 TO USER user3
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@t1
+PREHOOK: query: set role admin
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role admin
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: -- check privileges on table
+show grant on table t1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: -- check privileges on table
+show grant on table t1
+POSTHOOK: type: SHOW_GRANT
+default	t1			r1	ROLE	DELETE	true	-1	user1
+default	t1			r1	ROLE	INSERT	true	-1	user1
+default	t1			r1	ROLE	SELECT	true	-1	user1
+default	t1			r1	ROLE	UPDATE	true	-1	user1
+default	t1			user1	USER	DELETE	true	-1	hive_admin_user
+default	t1			user1	USER	INSERT	true	-1	hive_admin_user
+default	t1			user1	USER	SELECT	true	-1	hive_admin_user
+default	t1			user1	USER	UPDATE	true	-1	hive_admin_user
+default	t1			user3	USER	DELETE	false	-1	r1user
+default	t1			user3	USER	INSERT	false	-1	r1user
+default	t1			user3	USER	SELECT	false	-1	r1user
+default	t1			user3	USER	UPDATE	false	-1	r1user
+PREHOOK: query: -- check if drop role removes privileges for that role
+drop role r1
+PREHOOK: type: DROPROLE
+POSTHOOK: query: -- check if drop role removes privileges for that role
+drop role r1
+POSTHOOK: type: DROPROLE
+PREHOOK: query: show grant on table t1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant on table t1
+POSTHOOK: type: SHOW_GRANT
+default	t1			user1	USER	DELETE	true	-1	hive_admin_user
+default	t1			user1	USER	INSERT	true	-1	hive_admin_user
+default	t1			user1	USER	SELECT	true	-1	hive_admin_user
+default	t1			user1	USER	UPDATE	true	-1	hive_admin_user
+default	t1			user3	USER	DELETE	false	-1	r1user
+default	t1			user3	USER	INSERT	false	-1	r1user
+default	t1			user3	USER	SELECT	false	-1	r1user
+default	t1			user3	USER	UPDATE	false	-1	r1user



Mime
View raw message