sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sp...@apache.org
Subject [06/17] sentry git commit: SENTRY-2282: Remove hive-authzv2 binding and tests modules completely (Sergio Pena, reviewed by Na Li)
Date Wed, 27 Jun 2018 16:47:33 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java
deleted file mode 100644
index 24acc79..0000000
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e.hive;
-
-import java.sql.Connection;
-import java.sql.Statement;
-
-import org.junit.Assert;
-
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.Before;
-import org.junit.Test;
-
-
-public class TestMetadataPermissions extends AbstractTestWithStaticConfiguration {
-  private PolicyFile policyFile;
-
-  @Before
-  public void setup() throws Exception {
-    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
-    policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping());
-    writePolicyFile(policyFile);
-
-    Connection adminCon = context.createConnection(ADMIN1);
-    Statement adminStmt = context.createStatement(adminCon);
-    for (String dbName : new String[] { "" + DB1, DB2 }) {
-      exec(adminStmt, "USE default");
-      exec(adminStmt, "DROP DATABASE IF EXISTS " + dbName + " CASCADE");
-      exec(adminStmt, "CREATE DATABASE " + dbName);
-      exec(adminStmt, "USE " + dbName);
-      for (String tabName : new String[] { "tab1", "tab2" }) {
-        exec(adminStmt, "CREATE TABLE " + tabName + " (id int)");
-      }
-    }
-
-    policyFile
-        .addRolesToGroup(USERGROUP1, "db1_all", "db2_all")
-        .addRolesToGroup(USERGROUP2, "db1_all")
-        .addPermissionsToRole("db1_all", "server=server1->db=" + DB1)
-        .addPermissionsToRole("db2_all", "server=server1->db=" + DB2);
-
-    writePolicyFile(policyFile);
-  }
-
-  /**
-   * Ensure that a user with no privileges on a database cannot
-   * query that databases metadata.
-   */
-  @Test
-  public void testDescPrivilegesNegative() throws Exception {
-    Connection connection = context.createConnection(USER2_1);
-    Statement statement = context.createStatement(connection);
-    context.assertAuthzException(statement, "USE " + DB2);
-//    TODO when DESCRIBE db.table is supported tests should be uncommented
-//    for (String tabName : new String[] { "tab1", "tab2" }) {
-//      context.assertAuthzException(statement, "DESCRIBE " + DB1 + "." + tabName);
-//      context.assertAuthzException(statement, "DESCRIBE EXTENDED " + DB1 + "." + tabName);
-//    }
-    statement.close();
-    connection.close();
-  }
-
-  /**
-   * Ensure that a user cannot describe databases to which the user
-   * has no privilege.
-   */
-  @Test
-  public void testDescDbPrivilegesNegative() throws Exception {
-    Connection connection = context.createConnection(USER2_1);
-    Statement statement = context.createStatement(connection);
-    context.assertAuthzException(statement, "DESCRIBE DATABASE " + DB2);
-    context.assertAuthzException(statement, "DESCRIBE DATABASE EXTENDED " + DB2);
-    statement.close();
-    connection.close();
-  }
-
-  /**
-   * Ensure that a user with privileges on a database can describe
-   * the database.
-   */
-  @Test
-  public void testDescDbPrivilegesPositive() throws Exception {
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    for (String dbName : new String[] { DB1, DB2 }) {
-      statement.execute("USE " + dbName);
-      Assert.assertTrue(statement.executeQuery("DESCRIBE DATABASE " + dbName).next());
-      Assert.assertTrue(statement.executeQuery("DESCRIBE DATABASE EXTENDED " + dbName).next());
-    }
-    statement.close();
-    connection.close();
-  }
-
-  /**
-   * Ensure that a user with privileges on a table can describe the table.
-   */
-  @Test
-  public void testDescPrivilegesPositive() throws Exception {
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    for (String dbName : new String[] { DB1, DB2 }) {
-      statement.execute("USE " + dbName);
-      Assert.assertTrue(statement.executeQuery("DESCRIBE DATABASE " + dbName).next());
-      for (String tabName : new String[] { "tab1", "tab2" }) {
-        Assert.assertTrue(statement.executeQuery("DESCRIBE " + tabName).next());
-        Assert.assertTrue(statement.executeQuery("DESCRIBE EXTENDED " + tabName).next());
-
-      }
-    }
-    statement.close();
-    connection.close();
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
deleted file mode 100644
index a6edf03..0000000
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e.hive;
-
-import org.apache.sentry.provider.file.PolicyFile;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.Statement;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.io.Resources;
-
-public class TestMovingToProduction extends AbstractTestWithStaticConfiguration {
-  private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
-  private PolicyFile policyFile;
-
-
-  @Before
-  public void setup() throws Exception {
-    File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
-    to.close();
-    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP)
-        .setUserGroupMapping(StaticUserGroup.getStaticMapping());
-    writePolicyFile(policyFile);
-  }
-
-  /**
-   * Steps:
-   * 1. admin create DB_1, admin create GROUP_1, GROUP_2
-   * 2. admin grant all to GROUP_1 on DB_1
-   * 3. user in GROUP_1 create table tb_1 and load data into
-   * 4. admin create table production.tb_1.
-   * 5. admin grant all to GROUP_1 on production.tb_1.
-   *   positive test cases:
-   *     a)verify user in GROUP_1 can load data from DB_1.tb_1 to production.tb_1
-   *     b)verify user in GROUP_1 has proper privilege on production.tb_1
-   *     (read and insert)
-   *   negative test cases:
-   *     c)verify user in GROUP_2 cannot load data from DB_1.tb_1
-   *     to production.tb_1
-   *     d)verify user in GROUP_1 cannot drop production.tb_1
-   */
-  @Test
-  public void testMovingTable1() throws Exception {
-    String tableName1 = "tb_1";
-    Connection connection = context.createConnection(ADMIN1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE");
-    statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE");
-    statement.execute("CREATE DATABASE " + DB1);
-    statement.execute("CREATE DATABASE " + DB2);
-    statement.execute("DROP TABLE IF EXISTS " + DB2 + "." + tableName1);
-    statement.execute("create table " + DB2 + "." + tableName1
-        + " (under_col int comment 'the under column', value string)");
-    statement.close();
-    connection.close();
-
-    policyFile
-        .addRolesToGroup(USERGROUP1, "all_db1", "load_data")
-        .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataDir.getPath())
-        .addPermissionsToRole("all_db1", "server=server1->db="  + DB1);
-    writePolicyFile(policyFile);
-
-
-    // a
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("USE " + DB1);
-    statement.execute("DROP TABLE IF EXISTS " + tableName1);
-    statement.execute("create table " + tableName1
-        + " (under_col int comment 'the under column', value string)");
-    statement.execute("LOAD DATA LOCAL INPATH 'file://" + dataDir.getPath()
-        + "' INTO TABLE " + tableName1);
-
-    policyFile
-        .addRolesToGroup(USERGROUP1, "insert_proddb_tbl1")
-        .addPermissionsToRole("insert_proddb_tbl1", "server=server1->db="  + DB2 + "->table=tb_1->action=insert");
-    writePolicyFile(policyFile);
-    statement.execute("USE " + DB2);
-    statement.execute("INSERT OVERWRITE TABLE "
-        + tableName1 + " SELECT * FROM " + DB1
-        + "." + tableName1);
-
-    // b
-    policyFile
-        .addRolesToGroup(USERGROUP1, "select_proddb_tbl1")
-        .addPermissionsToRole("select_proddb_tbl1", "server=server1->db="  + DB2 + "->table=tb_1->action=select");
-    writePolicyFile(policyFile);
-
-    ResultSet resultSet = statement.executeQuery("SELECT * FROM " + tableName1 + " LIMIT 10");
-    int count = 0;
-    while(resultSet.next()) {
-      count++;
-    }
-    assertEquals(10, count);
-    statement.execute("DESCRIBE " + tableName1);
-
-    // c
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    context.assertAuthzException(statement, "USE " + DB2);
-    context.assertAuthzException(statement, "INSERT OVERWRITE TABLE "
-        + DB2 + "." + tableName1 + " SELECT * FROM " + DB1
-        + "." + tableName1);
-    context.assertAuthzException(statement, "SELECT * FROM " + DB2 + "." + tableName1 + " LIMIT 10");
-    statement.close();
-    connection.close();
-
-    // d
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("USE " + DB2);
-    context.assertAuthzException(statement, "DROP TABLE " + tableName1);
-    statement.close();
-    connection.close();
-  }
-
-  /**
-   * repeat above tests, only difference is don't do 'USE <database>'
-   * in this test. Instead, access table objects across database by
-   * database.table
-   * @throws Exception
-   */
-  @Test
-  public void testMovingTable2() throws Exception {
-    String tableName1 = "tb_1";
-    Connection connection = context.createConnection(ADMIN1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE");
-    statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE");
-    statement.execute("CREATE DATABASE " + DB1);
-    statement.execute("CREATE DATABASE " + DB2);
-    statement.execute("DROP TABLE IF EXISTS " + DB2 + "." + tableName1);
-    statement.execute("create table " + DB2 + "." + tableName1
-        + " (under_col int comment 'the under column', value string)");
-    statement.close();
-    connection.close();
-
-    policyFile
-        .addRolesToGroup(USERGROUP1, "all_db1", "load_data")
-        .addPermissionsToRole("all_db1", "server=server1->db="  + DB1)
-        .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataDir.getPath());
-    writePolicyFile(policyFile);
-
-    // a
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + tableName1);
-    statement.execute("create table " + DB1 + "." + tableName1
-        + " (under_col int comment 'the under column', value string)");
-    statement.execute("LOAD DATA LOCAL INPATH 'file://" + dataDir.getPath()
-        + "' INTO TABLE " + DB1 + "." + tableName1);
-
-    policyFile
-        .addRolesToGroup(USERGROUP1, "insert_proddb_tbl1")
-        .addPermissionsToRole("insert_proddb_tbl1", "server=server1->db="  + DB2 + "->table=tb_1->action=insert");
-    writePolicyFile(policyFile);
-
-    statement.execute("INSERT OVERWRITE TABLE "
-        + DB2 + "." + tableName1 + " SELECT * FROM " + DB1
-        + "." + tableName1);
-
-    // b
-    policyFile
-        .addRolesToGroup(USERGROUP1, "select_proddb_tbl1")
-        .addPermissionsToRole("select_proddb_tbl1", "server=server1->db="  + DB2 + "->table=tb_1->action=select");
-    writePolicyFile(policyFile);
-
-    assertTrue("user1 should be able to select data from "
-        + DB2 + "." + DB2 + "." + tableName1, statement.execute("SELECT * FROM "
-            + DB2 + "." + tableName1 + " LIMIT 10"));
-    assertTrue("user1 should be able to describe table " + DB2 + "." + tableName1,
-        statement.execute("DESCRIBE " + DB2 + "." + tableName1));
-
-    // c
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-
-    context.assertAuthzException(statement, "INSERT OVERWRITE TABLE "
-        + DB2 + "." + tableName1 + " SELECT * FROM " + DB1
-        + "." + tableName1);
-
-    context.assertAuthzException(statement, "SELECT * FROM "
-        + DB2 + "." + tableName1 + " LIMIT 10");
-    statement.close();
-    connection.close();
-
-    // d
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("USE " + DB2);
-    context.assertAuthzException(statement, "DROP TABLE " + tableName1);
-    statement.close();
-    connection.close();
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
deleted file mode 100644
index eba46fb..0000000
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
+++ /dev/null
@@ -1,1289 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e.hive;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.sql.Connection;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.sentry.provider.file.PolicyFile;
-import static org.junit.Assert.assertTrue;
-import org.junit.Before;
-import org.junit.Ignore;
-import org.junit.Test;
-
-import com.google.common.io.Resources;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class TestOperations extends AbstractTestWithStaticConfiguration {
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(TestOperations.class);
-
-  private PolicyFile policyFile;
-  final String tableName = "tb1";
-
-  static Map<String, String> privileges = new HashMap<String, String>();
-  static {
-    privileges.put("all_server", "server=server1->action=all");
-    privileges.put("create_server", "server=server1->action=create");
-    privileges.put("all_db1", "server=server1->db=" + DB1 + "->action=all");
-    privileges.put("select_db1", "server=server1->db=" + DB1 + "->action=select");
-    privileges.put("select_default", "server=server1->db=" + DEFAULT + "->action=select");
-    privileges.put("insert_db1", "server=server1->db=" + DB1 + "->action=insert");
-    privileges.put("create_db1", "server=server1->db=" + DB1 + "->action=create");
-    privileges.put("create_default", "server=server1->db=" + DEFAULT + "->action=create");
-    privileges.put("drop_db1", "server=server1->db=" + DB1 + "->action=drop");
-    privileges.put("drop_default", "server=server1->db=" + DEFAULT + "->action=drop");
-    privileges.put("alter_db1", "server=server1->db=" + DB1 + "->action=alter");
-    privileges.put("create_db2", "server=server1->db=" + DB2 + "->action=create");
-
-    privileges.put("all_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=all");
-    privileges.put("select_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=select");
-    privileges.put("insert_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=insert");
-    privileges.put("alter_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=alter");
-    privileges.put("alter_db1_ptab", "server=server1->db=" + DB1 + "->table=ptab->action=alter");
-    privileges.put("index_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=index");
-    privileges.put("lock_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=lock");
-    privileges.put("drop_db1_tb1", "server=server1->db=" + DB1 + "->table=tb1->action=drop");
-    privileges.put("insert_db2_tb2", "server=server1->db=" + DB2 + "->table=tb2->action=insert");
-    privileges.put("select_db1_view1", "server=server1->db=" + DB1 + "->table=view1->action=select");
-
-  }
-
-  @Before
-  public void setup() throws Exception{
-    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP)
-        .setUserGroupMapping(StaticUserGroup.getStaticMapping());
-    writePolicyFile(policyFile);
-  }
-
-  private void adminCreate(String db, String table) throws Exception{
-    adminCreate(db, table, false);
-  }
-
-  private void adminCreate(String db, String table, boolean partitioned) throws Exception{
-    Connection connection = context.createConnection(ADMIN1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("DROP DATABASE IF EXISTS " + db + " CASCADE");
-    statement.execute("CREATE DATABASE " + db);
-    if(table !=null) {
-      if (partitioned) {
-        statement.execute("CREATE table  " + db + "." + table + " (a string) PARTITIONED BY (b string)");
-      } else{
-        statement.execute("CREATE table  " + db + "." + table + " (a string)");
-      }
-
-    }
-    statement.close();
-    connection.close();
-  }
-
-  private void adminCreatePartition() throws Exception{
-    Connection connection = context.createConnection(ADMIN1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("USE " + DB1);
-    statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '1') ");
-    statement.close();
-    connection.close();
-  }
-
-  /* Test all operations that require create on Server
-  1. Create database : HiveOperation.CREATEDATABASE
-   */
-  @Test
-  public void testCreateOnServer() throws Exception{
-    policyFile
-        .addPermissionsToRole("create_server", privileges.get("create_server"))
-        .addRolesToGroup(USERGROUP1, "create_server");
-
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("Create database " + DB2);
-    statement.close();
-    connection.close();
-
-    //Negative case
-    policyFile
-        .addPermissionsToRole("create_db1", privileges.get("create_db1"))
-        .addRolesToGroup(USERGROUP2, "create_db1");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    context.assertSentrySemanticException(statement, "CREATE database " + DB1, semanticException);
-    statement.close();
-    connection.close();
-
-  }
-
-  @Test
-  public void testInsertInto() throws Exception{
-    File dataFile;
-    dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
-    to.close();
-
-    adminCreate(DB1, null);
-    policyFile
-        .addPermissionsToRole("all_db1", privileges.get("all_db1"))
-        .addPermissionsToRole("all_uri", "server=server1->uri=file://" + dataDir)
-        .addRolesToGroup(USERGROUP1, "all_db1", "all_uri");
-
-
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("create table bar (key int)");
-    statement.execute("load data local inpath '" + dataFile.getPath() + "' into table bar");
-    statement.execute("create table foo (key int) partitioned by (part int) stored as parquet");
-    statement.execute("insert into table foo PARTITION(part=1) select key from bar");
-
-    statement.close();
-    connection.close();
-  }
-
-  @Test
-  public void testCreateMacro() throws Exception {
-    policyFile
-        .addPermissionsToRole("create_default", privileges.get("create_default"))
-        .addRolesToGroup(USERGROUP1, "create_default");
-
-    writePolicyFile(policyFile);
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
-    statement.close();
-    connection.close();
-
-    //Negative case
-    policyFile
-        .addPermissionsToRole("select_default", privileges.get("select_default"))
-        .addRolesToGroup(USERGROUP2, "select_default");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    context.assertSentrySemanticException(statement,
-        "CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))", semanticException);
-    statement.close();
-    connection.close();
-  }
-
-  @Test
-  public void testDropMacro() throws Exception {
-    adminCreate(DB1, null);
-    policyFile
-        .addPermissionsToRole("drop_default", privileges.get("drop_default"))
-        .addRolesToGroup(USERGROUP1, "drop_default");
-
-    writePolicyFile(policyFile);
-
-    Connection connection;
-    Statement statement;
-
-    connection = context.createConnection(ADMIN1);
-    statement = context.createStatement(connection);
-    statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
-
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("DROP TEMPORARY MACRO SIGMOID");
-    statement.close();
-    connection.close();
-
-
-    connection = context.createConnection(ADMIN1);
-    statement = context.createStatement(connection);
-    statement.execute("CREATE TEMPORARY MACRO SIGMOID (x DOUBLE) 1.0 / (1.0 + EXP(-x))");
-    //Negative case
-    adminCreate(DB1, null);
-    policyFile
-        .addPermissionsToRole("select_default", privileges.get("select_default"))
-        .addRolesToGroup(USERGROUP2, "select_default");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    context.assertSentrySemanticException(statement, " DROP TEMPORARY MACRO SIGMOID", semanticException);
-    statement.close();
-    connection.close();
-  }
-
-  /* Test all operations that require create on Database alone
-  1. Create table : HiveOperation.CREATETABLE
-  */
-  @Test
-  public void testCreateOnDatabase() throws Exception{
-    adminCreate(DB1, null);
-    policyFile
-        .addPermissionsToRole("create_db1", privileges.get("create_db1"))
-        .addPermissionsToRole("all_db1", privileges.get("all_db1"))
-        .addRolesToGroup(USERGROUP1, "create_db1")
-        .addRolesToGroup(USERGROUP2, "all_db1");
-
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("CREATE TABLE " + DB1 + ".tb2(a int)");
-    statement.close();
-    connection.close();
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("CREATE TABLE " + DB1 + ".tb3(a int)");
-
-    statement.close();
-    connection.close();
-
-    //Negative case
-    policyFile
-        .addPermissionsToRole("all_db1_tb1", privileges.get("select_db1"))
-        .addRolesToGroup(USERGROUP3, "all_db1_tb1");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    context.assertSentrySemanticException(statement, "CREATE TABLE " + DB1 + ".tb1(a int)", semanticException);
-    statement.close();
-    connection.close();
-  }
-
-  /* Test all operations that require drop on Database alone
-  1. Drop database : HiveOperation.DROPDATABASE
-  */
-  @Test
-  public void testDropOnDatabase() throws Exception{
-    adminCreate(DB1, null);
-    policyFile
-        .addPermissionsToRole("drop_db1", privileges.get("drop_db1"))
-        .addRolesToGroup(USERGROUP1, "drop_db1");
-
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("DROP DATABASE " + DB1);
-    statement.close();
-    connection.close();
-
-    adminCreate(DB1, null);
-
-    policyFile
-        .addPermissionsToRole("all_db1", privileges.get("all_db1"))
-        .addRolesToGroup(USERGROUP2, "all_db1");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("DROP DATABASE " + DB1);
-
-    statement.close();
-    connection.close();
-
-    //Negative case
-    adminCreate(DB1, null);
-    policyFile
-        .addPermissionsToRole("select_db1", privileges.get("select_db1"))
-        .addRolesToGroup(USERGROUP3, "select_db1");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    context.assertSentrySemanticException(statement, "drop database " + DB1, semanticException);
-    statement.close();
-    connection.close();
-  }
-
-  /* Test all operations that require alter on Database alone
-  1. Alter database : HiveOperation.ALTERDATABASE
-   */
-  @Test
-  public void testAlterOnDatabase() throws Exception{
-    adminCreate(DB1, null);
-    policyFile
-        .addPermissionsToRole("alter_db1", privileges.get("alter_db1"))
-        .addPermissionsToRole("all_db1", privileges.get("all_db1"))
-        .addRolesToGroup(USERGROUP2, "all_db1")
-        .addRolesToGroup(USERGROUP1, "alter_db1");
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("ALTER DATABASE " + DB1 + " SET DBPROPERTIES ('comment'='comment')");
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("ALTER DATABASE " + DB1 + " SET DBPROPERTIES ('comment'='comment')");
-    statement.close();
-    connection.close();
-
-    //Negative case
-    adminCreate(DB1, null);
-    policyFile
-        .addPermissionsToRole("select_db1", privileges.get("select_db1"))
-        .addRolesToGroup(USERGROUP3, "select_db1");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    context.assertSentrySemanticException(statement, "ALTER DATABASE " + DB1 + " SET DBPROPERTIES ('comment'='comment')", semanticException);
-    statement.close();
-    connection.close();
-  }
-
-  /* Test all operations that require alter on Database alone
-  1. Alter database : HiveOperation.ALTERDATABASE_OWNER
-   */
-  @Test
-  public void testAlterDatabaseOwner() throws Exception{
-    adminCreate(DB1, null);
-
-
-    Connection connection = context.createConnection(ADMIN1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("ALTER DATABASE " + DB1 + " SET OWNER USER " + USER1_1);
-
-
-    //Negative case
-    adminCreate(DB1, null);
-    policyFile
-        .addPermissionsToRole("select_db1", privileges.get("select_db1"))
-        .addRolesToGroup(USERGROUP1, "select_db1");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    context.assertSentrySemanticException(statement, "ALTER DATABASE " + DB1 + " SET OWNER USER " + USER2_1, semanticException);
-    statement.close();
-    connection.close();
-  }
-
-  /* SELECT/INSERT on DATABASE
-   1. HiveOperation.DESCDATABASE
-   */
-  @Test
-  public void testDescDB() throws Exception {
-    adminCreate(DB1, tableName);
-    policyFile
-        .addPermissionsToRole("select_db1", privileges.get("select_db1"))
-        .addPermissionsToRole("insert_db1", privileges.get("insert_db1"))
-        .addRolesToGroup(USERGROUP1, "select_db1")
-        .addRolesToGroup(USERGROUP2, "insert_db1");
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("describe database " + DB1);
-    statement.close();
-    connection.close();
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("describe database " + DB1);
-    statement.close();
-    connection.close();
-
-    //Negative case
-    policyFile
-        .addPermissionsToRole("all_db1_tb1", privileges.get("all_db1_tb1"))
-        .addRolesToGroup(USERGROUP3, "all_db1_tb1");
-    writePolicyFile(policyFile);
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    context.assertSentrySemanticException(statement, "describe database " + DB1, semanticException);
-    statement.close();
-    connection.close();
-
-  }
-
-  private void assertSemanticException(Statement stmt, String command) throws SQLException{
-    context.assertSentrySemanticException(stmt, command, semanticException);
-  }
-
-  /*
-  1. Analyze table (HiveOperation.QUERY) : select + insert on table
-   */
-  @Test
-  public void testSelectAndInsertOnTable() throws Exception {
-    adminCreate(DB1, tableName, true);
-    adminCreatePartition();
-    policyFile
-        .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1"))
-        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-        .addRolesToGroup(USERGROUP1, "select_db1_tb1", "insert_db1_tb1");
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("ANALYZE TABLE tb1 PARTITION (b='1' ) COMPUTE STATISTICS");
-    statement.close();
-    connection.close();
-  }
-
-  /* Operations which require select on table alone
-  1. HiveOperation.QUERY
-  2. HiveOperation.SHOW_TBLPROPERTIES
-  3. HiveOperation.SHOW_CREATETABLE
-  4. HiveOperation.SHOWINDEXES
-  5. HiveOperation.SHOWCOLUMNS
-  6. Describe tb1 : HiveOperation.DESCTABLE5.
-  7. HiveOperation.SHOWPARTITIONS
-  8. TODO: show functions?
-  9. HiveOperation.SHOW_TABLESTATUS
-   */
-  @Test
-  public void testSelectOnTable() throws Exception {
-    adminCreate(DB1, tableName, true);
-    adminCreatePartition();
-    policyFile
-        .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1"))
-        .addRolesToGroup(USERGROUP1, "select_db1_tb1");
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("select * from tb1");
-
-    statement.executeQuery("SHOW Partitions tb1");
-    statement.executeQuery("SHOW TBLPROPERTIES tb1");
-    statement.executeQuery("SHOW CREATE TABLE tb1");
-    statement.executeQuery("SHOW indexes on tb1");
-    statement.executeQuery("SHOW COLUMNS from tb1");
-    statement.executeQuery("SHOW functions '.*'");
-    statement.executeQuery("SHOW TABLE EXTENDED IN " + DB1 + " LIKE 'tb*'");
-
-    statement.executeQuery("DESCRIBE tb1");
-    statement.executeQuery("DESCRIBE tb1 PARTITION (b=1)");
-
-    statement.close();
-    connection.close();
-
-    //Negative case
-    adminCreate(DB2, tableName);
-    policyFile
-        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-        .addRolesToGroup(USERGROUP3, "insert_db1_tb1");
-    writePolicyFile(policyFile);
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    context.assertSentrySemanticException(statement, "select * from tb1", semanticException);
-    context.assertSentrySemanticException(statement,
-        "SHOW TABLE EXTENDED IN " + DB2 + " LIKE 'tb*'", semanticException);
-
-    statement.close();
-    connection.close();
-
-
-  }
-
-  /* Operations which require insert on table alone
-  1. HiveOperation.SHOW_TBLPROPERTIES
-  2. HiveOperation.SHOW_CREATETABLE
-  3. HiveOperation.SHOWINDEXES
-  4. HiveOperation.SHOWCOLUMNS
-  5. HiveOperation.DESCTABLE
-  6. HiveOperation.SHOWPARTITIONS
-  7. TODO: show functions?
-  8. TODO: lock, unlock, Show locks
-  9. HiveOperation.SHOW_TABLESTATUS
-   */
-  @Test
-  public void testInsertOnTable() throws Exception {
-    adminCreate(DB1, tableName, true);
-    adminCreatePartition();
-    policyFile
-        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-        .addRolesToGroup(USERGROUP1, "insert_db1_tb1");
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    /*statement.execute("LOCK TABLE tb1 EXCLUSIVE");
-    statement.execute("UNLOCK TABLE tb1");
-    */
-    statement.executeQuery("SHOW TBLPROPERTIES tb1");
-    statement.executeQuery("SHOW CREATE TABLE tb1");
-    statement.executeQuery("SHOW indexes on tb1");
-    statement.executeQuery("SHOW COLUMNS from tb1");
-    statement.executeQuery("SHOW functions '.*'");
-    //statement.executeQuery("SHOW LOCKS tb1");
-    statement.executeQuery("SHOW TABLE EXTENDED IN " + DB1 + " LIKE 'tb*'");
-
-    //NoViableAltException
-    //statement.executeQuery("SHOW transactions");
-    //statement.executeQuery("SHOW compactions");
-    statement.executeQuery("DESCRIBE tb1");
-    statement.executeQuery("DESCRIBE tb1 PARTITION (b=1)");
-    statement.executeQuery("SHOW Partitions tb1");
-
-
-    statement.close();
-    connection.close();
-  }
-
-  @Test
-  public void testAlterTableBucket() throws Exception {
-    adminCreate(DB1, tableName, true);
-
-    Connection connection;
-    Statement statement;
-
-    connection = context.createConnection(ADMIN1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("ALTER TABLE tb1 CLUSTERED BY (a) SORTED BY (a) INTO 1 BUCKETS");
-    statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '1') ");
-
-    policyFile.addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
-        .addRolesToGroup(USERGROUP1, "alter_db1_tb1")
-        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-        .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
-    writePolicyFile(policyFile);
-
-    //positive test cases
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("ALTER TABLE tb1 INTO 6 BUCKETS");
-    statement.execute("ALTER TABLE tb1 PARTITION (b = '1') INTO 6 BUCKETS");
-
-    statement.close();
-    connection.close();
-
-    //negative test cases
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    context.assertSentrySemanticException(statement, "ALTER TABLE tb1 INTO 6 BUCKETS",
-        semanticException);
-    context.assertSentrySemanticException(statement, "ALTER TABLE tb1 PARTITION (b = '1') INTO 6 BUCKETS", semanticException);
-
-    statement.close();
-    connection.close();
-  }
-
-  @Test
-  public void AlterTablePartColType() throws Exception {
-    adminCreate(DB1, tableName, true);
-
-    Connection connection;
-    Statement statement;
-
-    policyFile
-        .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
-        .addRolesToGroup(USERGROUP1, "alter_db1_tb1")
-        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-        .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
-    writePolicyFile(policyFile);
-
-    //Positive cases
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("ALTER TABLE tb1 PARTITION COLUMN (b string)");
-
-    statement.close();
-    connection.close();
-
-    //Negative test cases
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-
-    assertSemanticException(statement, "ALTER TABLE tb1 PARTITION COLUMN (b string)");
-
-    statement.close();
-    connection.close();
-
-  }
-
-  /* Test all operations that require alter on table
-  1. HiveOperation.ALTERTABLE_PROPERTIES
-  2. HiveOperation.ALTERTABLE_SERDEPROPERTIES
-  3. HiveOperation.ALTERTABLE_CLUSTER_SORT
-  4. HiveOperation.ALTERTABLE_TOUCH
-  5. HiveOperation.ALTERTABLE_PROTECTMODE
-  6. HiveOperation.ALTERTABLE_FILEFORMAT
-  7. HiveOperation.ALTERTABLE_RENAMEPART
-  8. HiveOperation.ALTERPARTITION_SERDEPROPERTIES
-  9. TODO: archive partition
-  10. TODO: unarchive partition
-  11. HiveOperation.ALTERPARTITION_FILEFORMAT
-  12. TODO: partition touch (is it same as  HiveOperation.ALTERTABLE_TOUCH?)
-  13. HiveOperation.ALTERPARTITION_PROTECTMODE
-  14. HiveOperation.ALTERTABLE_RENAMECOL
-  15. HiveOperation.ALTERTABLE_ADDCOLS
-  16. HiveOperation.ALTERTABLE_REPLACECOLS
-  17. TODO: HiveOperation.ALTERVIEW_PROPERTIES
-  18. TODO: HiveOperation.ALTERTABLE_SERIALIZER
-  19. TODO: HiveOperation.ALTERPARTITION_SERIALIZER
-   */
-  @Test
-  public void testAlterTable() throws Exception {
-    adminCreate(DB1, tableName, true);
-
-    Connection connection;
-    Statement statement;
-    //Setup
-    connection = context.createConnection(ADMIN1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '10') ");
-    statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '1') ");
-    statement.execute("DROP TABLE IF EXISTS ptab");
-    statement.execute("CREATE TABLE ptab (a int) STORED AS PARQUET");
-
-    policyFile
-      .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
-      .addPermissionsToRole("alter_db1_ptab", privileges.get("alter_db1_ptab"))
-      .addRolesToGroup(USERGROUP1, "alter_db1_tb1", "alter_db1_ptab")
-      .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-      .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
-    writePolicyFile(policyFile);
-
-    //Negative test cases
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    assertSemanticException(statement, "ALTER TABLE tb1 SET TBLPROPERTIES ('comment' = 'new_comment')");
-    assertSemanticException(statement, "ALTER TABLE tb1 SET SERDEPROPERTIES ('field.delim' = ',')");
-    assertSemanticException(statement, "ALTER TABLE tb1 CLUSTERED BY (a) SORTED BY (a) INTO 1 BUCKETS");
-    assertSemanticException(statement, "ALTER TABLE tb1 TOUCH");
-    // OFFLINE and NO_DROP were removed from tables and partitions after Hive 2.0.0 (HIVE-11145)
-    //assertSemanticException(statement, "ALTER TABLE tb1 ENABLE NO_DROP cascade");
-    //assertSemanticException(statement, "ALTER TABLE tb1 DISABLE OFFLINE");
-    assertSemanticException(statement, "ALTER TABLE tb1 SET FILEFORMAT RCFILE");
-
-    assertSemanticException(statement, "ALTER TABLE tb1 PARTITION (b = 10) RENAME TO PARTITION (b = 2)");
-    assertSemanticException(statement, "ALTER TABLE tb1 PARTITION (b = 10) SET SERDEPROPERTIES ('field.delim' = ',')");
-    //assertSemanticException(statement, "ALTER TABLE tb1 ARCHIVE PARTITION (b = 2)");
-    //assertSemanticException(statement, "ALTER TABLE tb1 UNARCHIVE PARTITION (b = 2)");
-    assertSemanticException(statement, "ALTER TABLE tb1 PARTITION (b = 10) SET FILEFORMAT RCFILE");
-    assertSemanticException(statement, "ALTER TABLE tb1 TOUCH PARTITION (b = 10)");
-    // OFFLINE and NO_DROP were removed from tables and partitions after Hive 2.0.0 (HIVE-11145)
-    // assertSemanticException(statement, "ALTER TABLE tb1 PARTITION (b = 10) DISABLE NO_DROP");
-    // assertSemanticException(statement, "ALTER TABLE tb1 PARTITION (b = 10) DISABLE OFFLINE");
-
-    assertSemanticException(statement, "ALTER TABLE tb1 CHANGE COLUMN a c int");
-    assertSemanticException(statement, "ALTER TABLE tb1 ADD COLUMNS (a int)");
-    assertSemanticException(statement, "ALTER TABLE ptab REPLACE COLUMNS (a int, c int)");
-    assertSemanticException(statement, "MSCK REPAIR TABLE tb1");
-
-    //assertSemanticException(statement, "ALTER VIEW view1 SET TBLPROPERTIES ('comment' = 'new_comment')");
-
-
-    statement.close();
-    connection.close();
-
-    //Positive cases
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("ALTER TABLE tb1 SET TBLPROPERTIES ('comment' = 'new_comment')");
-    statement.execute("ALTER TABLE tb1 SET SERDEPROPERTIES ('field.delim' = ',')");
-    statement.execute("ALTER TABLE tb1 CLUSTERED BY (a) SORTED BY (a) INTO 1 BUCKETS");
-    statement.execute("ALTER TABLE tb1 TOUCH");
-    // OFFLINE and NO_DROP were removed from tables and partitions after Hive 2.0.0 (HIVE-11145)
-    // statement.execute("ALTER TABLE tb1 ENABLE NO_DROP");
-    // statement.execute("ALTER TABLE tb1 DISABLE OFFLINE");
-    statement.execute("ALTER TABLE tb1 SET FILEFORMAT RCFILE");
-
-    statement.execute("ALTER TABLE tb1 PARTITION (b = 1) RENAME TO PARTITION (b = 2)");
-    statement.execute("ALTER TABLE tb1 PARTITION (b = 2) SET SERDEPROPERTIES ('field.delim' = ',')");
-    //statement.execute("ALTER TABLE tb1 ARCHIVE PARTITION (b = 2)");
-    //statement.execute("ALTER TABLE tb1 UNARCHIVE PARTITION (b = 2)");
-    statement.execute("ALTER TABLE tb1 PARTITION (b = 2) SET FILEFORMAT RCFILE");
-    statement.execute("ALTER TABLE tb1 TOUCH PARTITION (b = 2)");
-    // OFFLINE and NO_DROP were removed from tables and partitions after Hive 2.0.0 (HIVE-11145)
-    //statement.execute("ALTER TABLE tb1 PARTITION (b = 2) DISABLE NO_DROP");
-    //statement.execute("ALTER TABLE tb1 PARTITION (b = 2) DISABLE OFFLINE");
-
-    statement.execute("set hive.metastore.disallow.incompatible.col.type.changes=false");
-    statement.execute("ALTER TABLE tb1 CHANGE COLUMN a c int");
-    statement.execute("ALTER TABLE tb1 ADD COLUMNS (a int)");
-    statement.execute("ALTER TABLE ptab REPLACE COLUMNS (a int, c int)");
-    statement.execute("MSCK REPAIR TABLE tb1");
-
-    //statement.execute("ALTER VIEW view1 SET TBLPROPERTIES ('comment' = 'new_comment')");
-
-    statement.close();
-    connection.close();
-  }
-
-  /* Test all operations that require index on table alone
-  1. Create index : HiveOperation.CREATEINDEX
-  2. Drop index : HiveOperation.DROPINDEX
-  3. HiveOperation.ALTERINDEX_REBUILD
-  4. TODO: HiveOperation.ALTERINDEX_PROPS
-  */
-  @Test
-  public void testIndexTable() throws Exception {
-    adminCreate(DB1, tableName, true);
-    policyFile
-        .addPermissionsToRole("index_db1_tb1", privileges.get("index_db1_tb1"))
-        .addRolesToGroup(USERGROUP1, "index_db1_tb1")
-        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-        .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
-    writePolicyFile(policyFile);
-
-    Connection connection;
-    Statement statement;
-
-    //Positive cases
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("CREATE INDEX table01_index ON TABLE tb1 (a) AS 'COMPACT' WITH DEFERRED REBUILD");
-    statement.execute("ALTER INDEX table01_index ON tb1 REBUILD");
-    statement.close();
-    connection.close();
-
-    //Negative case
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    assertSemanticException(statement, "CREATE INDEX table02_index ON TABLE tb1 (a) AS 'COMPACT' WITH DEFERRED REBUILD");
-    assertSemanticException(statement, "ALTER INDEX table01_index ON tb1 REBUILD");
-    assertSemanticException(statement, "DROP INDEX table01_index ON tb1");
-    statement.close();
-    connection.close();
-
-    //Positive cases
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("DROP INDEX table01_index ON tb1");
-    statement.close();
-    connection.close();
-  }
-
-  /* Test all operations that require drop on table alone
-  1. Create index : HiveOperation.DROPTABLE
-  */
-  @Test
-  public void testDropTable() throws Exception {
-    adminCreate(DB1, tableName, true);
-    policyFile
-        .addPermissionsToRole("drop_db1_tb1", privileges.get("drop_db1_tb1"))
-        .addRolesToGroup(USERGROUP1, "drop_db1_tb1")
-        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-        .addRolesToGroup(USERGROUP2, "insert_db1_tb1");
-    writePolicyFile(policyFile);
-
-    Connection connection;
-    Statement statement;
-
-    //Negative case
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    assertSemanticException(statement, "drop table " + tableName);
-
-    statement.close();
-    connection.close();
-
-    //Positive cases
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("drop table " + tableName);
-
-    statement.close();
-    connection.close();
-  }
-
-  @Ignore
-  @Test
-  public void testLockTable() throws Exception {
-   //TODO
-  }
-
-  /* Operations that require alter + drop on table
-    1. HiveOperation.ALTERTABLE_DROPPARTS
-  */
-  @Test
-  public void dropPartition() throws Exception {
-    adminCreate(DB1, tableName, true);
-    policyFile
-        .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
-        .addPermissionsToRole("drop_db1_tb1", privileges.get("drop_db1_tb1"))
-        .addRolesToGroup(USERGROUP1, "alter_db1_tb1", "drop_db1_tb1")
-        .addRolesToGroup(USERGROUP2, "alter_db1_tb1");
-
-    writePolicyFile(policyFile);
-
-    Connection connection;
-    Statement statement;
-    //Setup
-    connection = context.createConnection(ADMIN1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '10') ");
-
-    //Negative case
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("USE " + DB1);
-    assertSemanticException(statement, "ALTER TABLE tb1 DROP PARTITION (b = 10)");
-
-    //Positive case
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("ALTER TABLE tb1 DROP PARTITION (b = 10)");
-    statement.close();
-    connection.close();
-  }
-
-  /*
-   1. HiveOperation.ALTERTABLE_RENAME
-   */
-  @Test
-  public void renameTable() throws Exception {
-    adminCreate(DB1, tableName);
-    policyFile
-        .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
-        .addPermissionsToRole("create_db1", privileges.get("create_db1"))
-        .addRolesToGroup(USERGROUP1, "alter_db1_tb1", "create_db1")
-        .addRolesToGroup(USERGROUP2, "create_db1")
-        .addRolesToGroup(USERGROUP3, "alter_db1_tb1");
-
-    writePolicyFile(policyFile);
-
-    Connection connection;
-    Statement statement;
-
-    //Negative cases
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    assertSemanticException(statement, "ALTER TABLE tb1 RENAME TO tb2");
-    statement.close();
-    connection.close();
-
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    assertSemanticException(statement, "ALTER TABLE tb1 RENAME TO tb2");
-    statement.close();
-    connection.close();
-
-    //Positive case
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("ALTER TABLE tb1 RENAME TO tb2");
-    statement.close();
-    connection.close();
-  }
-
-  /* Test all operations which require alter on table (+ all on URI)
-   1. HiveOperation.ALTERTABLE_LOCATION
-   2. HiveOperation.ALTERTABLE_ADDPARTS
-   3. TODO: HiveOperation.ALTERPARTITION_LOCATION
-   4. TODO: HiveOperation.ALTERTBLPART_SKEWED_LOCATION
-   */
-  @Test
-  public void testAlterOnTableAndURI() throws Exception {
-    adminCreate(DB1, tableName, true);
-    String tabLocation = dfs.getBaseDir() + "/" + Math.random();
-    policyFile
-        .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1"))
-        .addPermissionsToRole("all_uri", "server=server1->uri=" + tabLocation)
-        .addRolesToGroup(USERGROUP1, "alter_db1_tb1", "all_uri")
-        .addRolesToGroup(USERGROUP2, "alter_db1_tb1");
-
-    writePolicyFile(policyFile);
-
-    //Case with out uri
-    Connection connection = context.createConnection(USER2_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("USE " + DB1);
-    assertSemanticException(statement, "ALTER TABLE tb1 SET LOCATION '" + tabLocation + "'");
-    assertSemanticException(statement, "ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '3') LOCATION '" + tabLocation + "/part'");
-    statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '1') ");
-
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("ALTER TABLE tb1 SET LOCATION '" + tabLocation + "'");
-    statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '3') LOCATION '" + tabLocation + "/part'");
-    statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '10') ");
-    statement.close();
-    connection.close();
-
-    //Negative case: User2_1 has privileges on table but on on uri
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    context.assertSentrySemanticException(statement, "ALTER TABLE tb1 SET LOCATION '" + tabLocation + "'",
-        semanticException);
-    context.assertSentrySemanticException(statement,
-        "ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '3') LOCATION '" + tabLocation + "/part'",
-        semanticException);
-    statement.close();
-    connection.close();
-
-    //Negative case: User3_1 has only insert privileges on table
-    policyFile
-        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-        .addRolesToGroup(USERGROUP3, "insert_db1_tb1", "all_uri");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    assertSemanticException(statement, "ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '2') ");
-    assertSemanticException(statement, "ALTER TABLE tb1 SET LOCATION '" + tabLocation + "'");
-
-    assertSemanticException(statement, "ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '3') LOCATION '"
-        + tabLocation + "/part'");
-    statement.close();
-    connection.close();
-
-
-  }
-
-  /* Create on Database and select on table
-  1. Create view :  HiveOperation.CREATEVIEW
-   */
-  @Test
-  public void testCreateView() throws Exception {
-    adminCreate(DB1, tableName);
-    adminCreate(DB2, null);
-    policyFile
-        .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1"))
-        .addPermissionsToRole("create_db2", privileges.get("create_db2"))
-        .addRolesToGroup(USERGROUP1, "select_db1_tb1", "create_db2");
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("use " + DB2);
-    statement.execute("create view view1 as select a from " + DB1 + ".tb1");
-    statement.close();
-    connection.close();
-
-    //Negative case
-    policyFile
-        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-        .addRolesToGroup(USERGROUP3, "insert_db1_tb1", "create_db2");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB2);
-    context.assertSentrySemanticException(statement, "create view view1 as select a from " + DB1 + ".tb1",
-        semanticException);
-    statement.close();
-    connection.close();
-
-
-  }
-
-  /*
-   1. HiveOperation.IMPORT : Create on db + all on URI
-   2. HiveOperation.EXPORT : SELECT on table + all on uri
-   */
-
-  @Test
-  public void testExportImport() throws Exception {
-    File dataFile;
-    dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
-    to.close();
-
-    dropDb(ADMIN1, DB1);
-    createDb(ADMIN1, DB1);
-    createTable(ADMIN1, DB1, dataFile, tableName);
-    String location = dfs.getBaseDir() + "/" + Math.random();
-    policyFile
-        .addPermissionsToRole("create_db1", privileges.get("create_db1"))
-        .addPermissionsToRole("all_uri", "server=server1->uri="+ location)
-        .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1"))
-        .addPermissionsToRole("insert_db1", privileges.get("insert_db1"))
-        .addRolesToGroup(USERGROUP1, "select_db1_tb1", "all_uri")
-        .addRolesToGroup(USERGROUP2, "create_db1", "all_uri")
-        .addRolesToGroup(USERGROUP3, "insert_db1", "all_uri");
-    writePolicyFile(policyFile);
-    Connection connection;
-    Statement statement;
-
-    //Negative case
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    context.assertSentrySemanticException(statement, "export table tb1 to '" + location + "'",
-        semanticException);
-    statement.close();
-    connection.close();
-
-    //Positive
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("export table tb1 to '" + location + "'" );
-    statement.close();
-    connection.close();
-
-    //Negative
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    context.assertSentrySemanticException(statement, "import table tb2 from '" + location + "'",
-        semanticException);
-    statement.close();
-    connection.close();
-
-    //Positive
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("import table tb2 from '" + location + "'");
-    statement.close();
-    connection.close();
-
-  }
-
-  /*
-  1. HiveOperation.LOAD: INSERT on table + all on uri
-   */
-  @Test
-  public void testLoad() throws Exception {
-    File dataFile;
-    dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
-    to.close();
-
-    adminCreate(DB1, tableName);
-
-    policyFile
-        .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1"))
-        .addPermissionsToRole("all_uri", "server=server1->uri=file://" + dataDir)
-        .addRolesToGroup(USERGROUP1, "insert_db1_tb1", "all_uri");
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("load data local inpath '" + dataFile.getPath() + "' into table tb1" );
-    statement.close();
-    connection.close();
-  }
-
-  /*
-  1. HiveOperation.CREATETABLE_AS_SELECT : Create on db + select on table
-   */
-  @Test
-  public void testCTAS() throws Exception {
-    adminCreate(DB1, tableName);
-    adminCreate(DB2, null);
-
-    String location = dfs.getBaseDir() + "/" + Math.random();
-
-    Connection connection = context.createConnection(ADMIN1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("Use " + DB1);
-    statement.execute("create view view1 as select a from " + DB1 + ".tb1");
-    statement.close();
-    connection.close();
-
-    policyFile
-      .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1"))
-      .addPermissionsToRole("select_db1_view1", privileges.get("select_db1_view1"))
-      .addPermissionsToRole("create_db2", privileges.get("create_db2"))
-      .addPermissionsToRole("all_uri", "server=server1->uri=" + location)
-      .addRolesToGroup(USERGROUP1, "select_db1_tb1", "create_db2")
-      .addRolesToGroup(USERGROUP2, "select_db1_view1", "create_db2")
-      .addRolesToGroup(USERGROUP3, "select_db1_tb1", "create_db2,all_uri");
-    writePolicyFile(policyFile);
-
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB2);
-    statement.execute("create table tb2 as select a from " + DB1 + ".tb1");
-    //Ensure CTAS fails without URI
-    context.assertSentrySemanticException(statement, "create table tb3 location '" + location +
-        "' as select a from " + DB1 + ".tb1",
-      semanticException);
-    context.assertSentrySemanticException(statement, "create table tb3 as select a from " + DB1 + ".view1",
-      semanticException);
-
-
-    statement.close();
-    connection.close();
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("Use " + DB2);
-    statement.execute("create table tb3 as select a from " + DB1 + ".view1" );
-    context.assertSentrySemanticException(statement, "create table tb4 as select a from " + DB1 + ".tb1",
-      semanticException);
-
-    statement.close();
-    connection.close();
-
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    //CTAS is valid with URI
-    statement.execute("Use " + DB2);
-    statement.execute("create table tb4 location '" + location +
-      "' as select a from " + DB1 + ".tb1");
-
-    statement.close();
-    connection.close();
-
-  }
-
-
-  /*
-  1. INSERT : IP: select on table, OP: insert on table + all on uri(optional)
-   */
-  @Test
-  public void testInsert() throws Exception {
-    File dataFile;
-    dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
-    to.close();
-
-    dropDb(ADMIN1, DB1);
-    dropDb(ADMIN1, DB2);
-    createDb(ADMIN1, DB1);
-    createDb(ADMIN1, DB2);
-    createTable(ADMIN1, DB1, dataFile, tableName);
-    createTable(ADMIN1, DB2, null, "tb2");
-    String location = dfs.getBaseDir() + "/" + Math.random();
-
-    policyFile
-        .addPermissionsToRole("select_db1_tb1", privileges.get("select_db1_tb1"))
-        .addPermissionsToRole("insert_db2_tb2", privileges.get("insert_db2_tb2"))
-        .addRolesToGroup(USERGROUP1, "select_db1_tb1", "insert_db2_tb2")
-        .addPermissionsToRole("all_uri", "server=server1->uri=" + location)
-        .addRolesToGroup(USERGROUP2, "select_db1_tb1", "all_uri");
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    assertSemanticException(statement, "insert overwrite directory '" + location + "' select * from " + DB1 + ".tb1");
-    statement.execute("insert overwrite table " + DB2 + ".tb2 select * from " + DB1 + ".tb1");
-    statement.close();
-    connection.close();
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("insert overwrite directory '" + location + "' select * from " + DB1 + ".tb1" );
-    assertSemanticException(statement, "insert overwrite table " + DB2 + ".tb2 select * from " + DB1 + ".tb1");
-    statement.close();
-    connection.close();
-  }
-
-  @Test
-  public void testFullyQualifiedTableName() throws Exception{
-    Connection connection;
-    Statement statement;
-    connection = context.createConnection(ADMIN1);
-    statement = context.createStatement(connection);
-    statement.execute("create database " + DB1);
-    statement.execute("create table " + DB1 + ".tb1(a int)");
-    statement.execute("DROP table " + DB1 + ".tb1");
-    statement.execute("create table " + DB1 + ".tb1(a int)");
-    statement.execute("use " + DB1);
-    statement.execute("drop table tb1");
-  }
-
-  @Test
-  public void testExternalTables() throws Exception{
-    createDb(ADMIN1, DB1);
-    File externalTblDir = new File(dataDir, "exttab");
-    assertTrue("Unable to create directory for external table test" , externalTblDir.mkdir());
-
-    policyFile
-        .addPermissionsToRole("create_db1", privileges.get("create_db1"))
-        .addPermissionsToRole("all_uri", "server=server1->uri=file://" + dataDir.getPath())
-        .addRolesToGroup(USERGROUP1, "create_db1", "all_uri")
-        .addRolesToGroup(USERGROUP2, "create_db1");
-    writePolicyFile(policyFile);
-
-    Connection connection = context.createConnection(USER2_1);
-    Statement statement = context.createStatement(connection);
-    assertSemanticException(statement, "create external table " + DB1 + ".tb1(a int) stored as " +
-        "textfile location 'file:" + externalTblDir.getAbsolutePath() + "'");
-    //Create external table on HDFS
-    assertSemanticException(statement, "create external table " + DB1 + ".tb2(a int) location '/user/hive/warehouse/blah'");
-    statement.close();
-    connection.close();
-
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("create external table " + DB1 + ".tb1(a int) stored as " +
-        "textfile location 'file:" + externalTblDir.getAbsolutePath() + "'");
-    statement.close();
-    connection.close();
-
-
-  }
-
-  @Test
-  public void testCaseSensitivity() throws Exception {
-    Statement statement = null;
-    Connection connection = null;
-    try {
-      createDb(ADMIN1, DB1);
-      String scratchLikeDir = context.getProperty(HiveConf.ConfVars.SCRATCHDIR.varname);
-      String extParentDir = dfs.assertCreateDir(scratchLikeDir + "/ABC/hhh").toUri().toString();
-      String extTableDir = dfs.assertCreateDir(scratchLikeDir + "/abc/hhh").toUri().toString();
-      LOGGER.info("Created extParentDir = " + extParentDir + ", extTableDir = " + extTableDir);
-      policyFile
-          .addPermissionsToRole("all_db1", privileges.get("all_db1"))
-          .addPermissionsToRole("all_uri", "server=server1->uri=" + extParentDir)
-          .addRolesToGroup(USERGROUP1, "all_db1", "all_uri");
-      writePolicyFile(policyFile);
-      connection = context.createConnection(USER1_1);
-      statement = context.createStatement(connection);
-      assertSemanticException(statement,
-          "create external table " + DB1 + ".tb1(a int) location '" + extTableDir + "'");
-    } finally {
-      if (statement != null) {
-        statement.close();
-      }
-      if (connection != null) {
-        connection.close();
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
deleted file mode 100644
index d1a34a8..0000000
--- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
+++ /dev/null
@@ -1,408 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e.hive;
-
-import static org.junit.Assert.assertTrue;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.io.Resources;
-
-/**
- * Test privileges per database policy files
- */
-public class TestPerDBConfiguration extends AbstractTestWithStaticConfiguration {
-
-  private static final String MULTI_TYPE_DATA_FILE_NAME = "emp.dat";
-  private static final String DB2_POLICY_FILE = "db2-policy-file.ini";
-
-  private static File dataFile;
-  private PolicyFile policyFile;
-  private static String prefix;
-
-  @BeforeClass
-  public static void setupTestStaticConfiguration() throws Exception {
-    AbstractTestWithStaticConfiguration.setupTestStaticConfiguration();
-  }
-
-  @Before
-  public void setup() throws Exception {
-    String hiveServer2 = System.getProperty("sentry.e2etest.hiveServer2Type", "InternalHiveServer2");
-    String policyOnHDFS = System.getProperty("sentry.e2etest.hive.policyOnHDFS", "true");
-    if(policyOnHDFS.trim().equalsIgnoreCase("true") && (hiveServer2.equals("UnmanagedHiveServer2") )){
-      String policyLocation = System.getProperty("sentry.e2etest.hive.policy.location", "/user/hive/sentry");
-      prefix = "hdfs://" + policyLocation + "/";
-    }else {
-      prefix = "file://" + context.getPolicyFile().getParent() + "/";
-    }
-
-    policyFile = super.setupPolicy();
-    super.setup();
-    prepareDBDataForTest();
-  }
-
-  protected static void prepareDBDataForTest() throws Exception {
-    // copy data file to test dir
-    dataDir = context.getDataDir();
-    dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
-    to.close();
-
-    // setup db objects needed by the test
-    Connection connection = context.createConnection(ADMIN1);
-    Statement statement = context.createStatement(connection);
-
-    statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE");
-    statement.execute("CREATE DATABASE " + DB1);
-    statement.execute("USE " + DB1);
-    statement.execute("CREATE TABLE tbl1(B INT, A STRING) "
-        + " row format delimited fields terminated by '|'  stored as textfile");
-    statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl1");
-
-    statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE");
-    statement.execute("CREATE DATABASE " + DB2);
-    statement.execute("USE " + DB2);
-    statement.execute("CREATE TABLE tbl2(B INT, A STRING) "
-        + " row format delimited fields terminated by '|'  stored as textfile");
-    statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl2");
-    statement.execute("CREATE TABLE tbl5(B INT, A STRING) "
-        + " row format delimited fields terminated by '|'  stored as textfile");
-
-    statement.execute("DROP DATABASE IF EXISTS db3 CASCADE");
-    statement.execute("CREATE DATABASE db3");
-    statement.execute("USE db3");
-    statement.execute("CREATE TABLE tbl3(B INT, A STRING) "
-        + " row format delimited fields terminated by '|'  stored as textfile");
-    statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl3");
-
-    statement.execute("DROP DATABASE IF EXISTS db4 CASCADE");
-    statement.execute("CREATE DATABASE db4");
-    statement.execute("USE db4");
-    statement.execute("CREATE TABLE tbl4(B INT, A STRING) "
-        + " row format delimited fields terminated by '|'  stored as textfile");
-    statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl4");
-    statement.close();
-    connection.close();
-  }
-
-  @After
-  public void teardown() throws Exception {
-    // one test turns this on so let's disable it in the teardown method
-    System.setProperty(SentryConstants.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "false");
-  }
-
-  @Test
-  public void testPerDB() throws Exception {
-    PolicyFile db2PolicyFile = new PolicyFile();
-    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
-    db2PolicyFile
-        .addRolesToGroup(USERGROUP2, "select_tbl2")
-        .addPermissionsToRole("select_tbl2", "server=server1->db="  + DB2 + "->table=tbl2->action=select")
-        .write(db2PolicyFileHandle);
-
-    policyFile
-        .addRolesToGroup(USERGROUP1, "select_tbl1")
-        .addRolesToGroup(USERGROUP2, "select_tbl2")
-        .addPermissionsToRole("select_tbl1", "server=server1->db=" + DB1 +"->table=tbl1->action=select")
-        .addDatabase(DB2, prefix + db2PolicyFileHandle.getName())
-        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
-        .write(context.getPolicyFile());
-
-    // test execution
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("USE "  + DB1);
-    // test user1 can execute query on tbl1
-    verifyCount(statement, "SELECT COUNT(*) FROM tbl1", 1, 12);
-
-    // user1 cannot query db2.tbl2
-    context.assertAuthzException(statement, "USE "  + DB2);
-    context.assertAuthzException(statement, "SELECT COUNT(*) FROM " + DB2 + ".tbl2");
-    statement.close();
-    connection.close();
-
-    // test per-db file for db2
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("USE "  + DB2);
-    // test user2 can execute query on tbl2
-    verifyCount(statement, "SELECT COUNT(*) FROM tbl2", 1, 12);
-
-    // user2 cannot query db1.tbl1
-    context.assertAuthzException(statement, "SELECT COUNT(*) FROM " + DB1 + ".tbl1");
-    context.assertAuthzException(statement, "USE "  + DB1);
-
-    statement.close();
-    connection.close();
-
-  }
-
-  /**
-   * Multiple DB files with some containing badly formatted rules
-   * The privileges should work for good files
-   * No access for bad formatted ones
-   * @throws Exception
-   */
-  @Test
-  public void testMultiPerDBwithErrors() throws Exception {
-    String DB3_POLICY_FILE = "db3-policy-file.ini";
-    String DB4_POLICY_FILE = "db4-policy-file.ini";
-
-    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
-    File db3PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB3_POLICY_FILE);
-    File db4PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB4_POLICY_FILE);
-
-    PolicyFile db2PolicyFile = new PolicyFile();
-    PolicyFile db3PolicyFile = new PolicyFile();
-    PolicyFile db4PolicyFile = new PolicyFile();
-    db2PolicyFile
-        .addRolesToGroup(USERGROUP2, "select_tbl2")
-        .addPermissionsToRole("select_tbl2", "server=server1->db="  + DB2 + "->table=tbl2->action=select")
-        .write(db2PolicyFileHandle);
-    db3PolicyFile
-        .addRolesToGroup(USERGROUP3, "select_tbl3_BAD")
-        .addPermissionsToRole("select_tbl3_BAD", "server=server1->db=db3------>table->action=select")
-        .write(db3PolicyFileHandle);
-    db4PolicyFile
-        .addRolesToGroup(USERGROUP4, "select_tbl4")
-        .addPermissionsToRole("select_tbl4", "server=server1->db=db4->table=tbl4->action=select")
-        .write(db4PolicyFileHandle);
-    policyFile
-        .addRolesToGroup(USERGROUP1, "select_tbl1")
-        .addRolesToGroup(USERGROUP2, "select_tbl2")
-        .addPermissionsToRole("select_tbl1", "server=server1->db=" + DB1 +"->table=tbl1->action=select")
-        .addDatabase(DB2, prefix + db2PolicyFileHandle.getName())
-        .addDatabase("db3", prefix + db3PolicyFileHandle.getName())
-        .addDatabase("db4", prefix + db4PolicyFileHandle.getName())
-        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
-        .write(context.getPolicyFile());
-
-    // test execution
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("USE "  + DB1);
-    // test user1 can execute query on tbl1
-    verifyCount(statement, "SELECT COUNT(*) FROM tbl1", 1, 12);
-    connection.close();
-
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("USE "  + DB2);
-    // test user1 can execute query on tbl1
-    verifyCount(statement, "SELECT COUNT(*) FROM tbl2", 1, 12);
-    connection.close();
-
-    // verify no access to db3 due to badly formatted rule in db3 policy file
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    context.assertAuthzException(statement, "USE db3");
-    // test user1 can execute query on tbl1
-    context.assertAuthzException(statement, "SELECT COUNT(*) FROM db3.tbl3");
-    connection.close();
-
-    connection = context.createConnection(USER4_1);
-    statement = context.createStatement(connection);
-    statement.execute("USE db4");
-    // test user1 can execute query on tbl1
-    verifyCount(statement, "SELECT COUNT(*) FROM tbl4", 1, 12);
-    connection.close();
-  }
-
-  @Test
-  public void testPerDBPolicyFileWithURI() throws Exception {
-    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
-    PolicyFile db2PolicyFile = new PolicyFile();
-    db2PolicyFile
-        .addRolesToGroup(USERGROUP2, "select_tbl5", "data_read", "insert_tbl5")
-        .addPermissionsToRole("select_tbl5",
-            "server=server1->db=" + DB2 + "->table=tbl5->action=select")
-        .addPermissionsToRole("insert_tbl5",
-            "server=server1->db=" + DB2 + "->table=tbl5->action=insert")
-        .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile)
-        .write(db2PolicyFileHandle);
-
-    policyFile
-        .addRolesToGroup(USERGROUP1, "select_tbl1")
-        .addRolesToGroup(USERGROUP2, "select_tbl5")
-        .addPermissionsToRole("select_tbl1", "server=server1->db=" + DB1 +"->table=tbl1->action=select")
-        .addDatabase(DB2, prefix + db2PolicyFileHandle.getName())
-        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
-        .write(context.getPolicyFile());
-
-    // ugly hack: needs to go away once this becomes a config property. Note that this property
-    // will not be set with external HS and this test will fail. Hope is this fix will go away
-    // by then.
-    System.setProperty(SentryConstants.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
-    // test execution
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("USE "  + DB1);
-    // test user1 can execute query on tbl1
-    verifyCount(statement, "SELECT COUNT(*) FROM tbl1", 1, 12);
-
-    // user1 cannot query db2.tbl5
-    context.assertAuthzException(statement, "USE "  + DB2);
-    context.assertAuthzException(statement, "SELECT COUNT(*) FROM " + DB2 + ".tbl5");
-    statement.close();
-    connection.close();
-
-    // test per-db file for db2
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("USE "  + DB2);
-    // test user2 can execute query on tbl5
-    verifyCount(statement, "SELECT COUNT(*) FROM tbl5", 1, 0);
-
-    // verify user2 can execute LOAD
-    statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl5");
-
-    // user2 cannot query db1.tbl1
-    context.assertAuthzException(statement, "SELECT COUNT(*) FROM " + DB1 + ".tbl1");
-    context.assertAuthzException(statement, "USE "  + DB1);
-
-    // once we disable this property all queries should fail
-    System.setProperty(SentryConstants.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "false");
-    context.assertAuthzException(statement, "USE "  + DB2);
-
-    // re-enable for clean
-    System.setProperty(SentryConstants.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
-
-    statement.close();
-    connection.close();
-  }
-
-  /**
-   * Test 'use default' statement. It should work as long as the user as privilege to assess any object in system
-   * @throws Exception
-   */
-  @Test
-  public void testDefaultDb() throws Exception {
-    policyFile
-        .addRolesToGroup(USERGROUP1, "select_tbl1")
-        .addPermissionsToRole("select_tbl1", "server=server1->db=" + DB1 +"->table=tbl1->action=select")
-        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
-        .write(context.getPolicyFile());
-
-    // user_1 should be able to access default
-    Connection connection = context.createConnection(USER1_1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("USE default");
-    statement.close();
-    connection.close();
-
-    // user_2 should NOT be able to access default since it does have access to any other object
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    context.assertAuthzException(statement, "USE default");
-    statement.close();
-    connection.close();
-
-  }
-
-  @Test
-  public void testDefaultDBwithDbPolicy() throws Exception {
-    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
-    File defaultPolicyFileHandle = new File(context.getPolicyFile().getParent(), "default.ini");
-
-    policyFile
-        .addRolesToGroup(USERGROUP1, "select_tbl1")
-        .addRolesToGroup(USERGROUP2, "select_tbl2")
-        .addPermissionsToRole("select_tbl1", "server=server1->db=" + DB1 +"->table=tbl1->action=select")
-        .addDatabase(DB2, prefix + db2PolicyFileHandle.getName())
-        .addDatabase("default", prefix + defaultPolicyFileHandle.getName())
-        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
-        .write(context.getPolicyFile());
-
-    PolicyFile db2PolicyFile = new PolicyFile();
-    db2PolicyFile
-        .addRolesToGroup(USERGROUP2, "select_tbl2")
-        .addPermissionsToRole("select_tbl2", "server=server1->db="  + DB2 + "->table=tbl2->action=select")
-        .write(db2PolicyFileHandle);
-
-    PolicyFile defaultPolicyFile = new PolicyFile();
-    defaultPolicyFile
-        .addRolesToGroup(USERGROUP2, "select_def")
-        .addPermissionsToRole("select_def", "server=server1->db=default->table=dtab->action=select")
-        .write(defaultPolicyFileHandle);
-
-    // setup db objects needed by the test
-    Connection connection = context.createConnection(ADMIN1);
-    Statement statement = context.createStatement(connection);
-    statement.execute("USE default");
-    statement.execute("DROP TABLE IF EXISTS dtab");
-    statement.execute("CREATE TABLE dtab(B INT, A STRING) "
-        + " row format delimited fields terminated by '|'  stored as textfile");
-    // user_1 should be able to switch to default, but not the tables from default
-    connection = context.createConnection(USER1_1);
-    statement = context.createStatement(connection);
-    statement.execute("USE "  + DB1);
-    statement.execute("USE default");
-    context.assertAuthzException(statement, "SELECT * FROM dtab");
-    statement.execute("USE "  + DB1);
-    context.assertAuthzException(statement, "SELECT * FROM default.dtab");
-
-    statement.close();
-    connection.close();
-
-    // user_2 should be able to access default and select from default's tables
-    connection = context.createConnection(USER2_1);
-    statement = context.createStatement(connection);
-    statement.execute("USE "  + DB2);
-    statement.execute("USE default");
-    statement.execute("SELECT * FROM dtab");
-    statement.execute("USE "  + DB2);
-    statement.execute("SELECT * FROM default.dtab");
-    statement.close();
-    connection.close();
-
-    // user_3 should NOT be able to switch to default since it doesn't have access to any objects
-    connection = context.createConnection(USER3_1);
-    statement = context.createStatement(connection);
-    context.assertAuthzException(statement, "USE default");
-    statement.close();
-    connection.close();
-  }
-
-  private void verifyCount(Statement statement, String query, int exceptedCountRows,
-      int exceptedCount) throws SQLException {
-    ResultSet resultSet = statement.executeQuery(query);
-    int count = 0;
-    int countRows = 0;
-
-    while (resultSet.next()) {
-      count = resultSet.getInt(1);
-      countRows++;
-    }
-    assertTrue("Incorrect row count:" + countRows, countRows == exceptedCountRows);
-    assertTrue("Incorrect result:" + count, count == exceptedCount);
-  }
-}


Mime
View raw message