From commits-return-12766-archive-asf-public=cust-asf.ponee.io@sentry.apache.org Wed Jun 27 18:47:31 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 8D98218066B for ; Wed, 27 Jun 2018 18:47:29 +0200 (CEST) Received: (qmail 36727 invoked by uid 500); 27 Jun 2018 16:47:28 -0000 Mailing-List: contact commits-help@sentry.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@sentry.apache.org Delivered-To: mailing list commits@sentry.apache.org Received: (qmail 36712 invoked by uid 99); 27 Jun 2018 16:47:28 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Jun 2018 16:47:28 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 2060AE10D8; Wed, 27 Jun 2018 16:47:28 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: spena@apache.org To: commits@sentry.apache.org Date: Wed, 27 Jun 2018 16:47:29 -0000 Message-Id: <033ca90e8f15410d89e79e1faa5efbd7@git.apache.org> In-Reply-To: <0f3e143325f343e1a37de850648a0138@git.apache.org> References: <0f3e143325f343e1a37de850648a0138@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [02/17] sentry git commit: SENTRY-2282: Remove hive-authzv2 binding and tests modules completely (Sergio Pena, reviewed by Na Li) http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java deleted file mode 100644 index f1e6d75..0000000 --- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java +++ /dev/null @@ -1,218 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.tests.e2e.metastore; - -import java.io.IOException; -import java.security.PrivilegedExceptionAction; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.hadoop.hive.cli.CliSessionState; -import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.metastore.HiveMetaStoreClient; -import org.apache.hadoop.hive.metastore.api.Database; -import org.apache.hadoop.hive.metastore.api.FieldSchema; -import org.apache.hadoop.hive.metastore.api.Order; -import org.apache.hadoop.hive.metastore.api.Partition; -import org.apache.hadoop.hive.metastore.api.SerDeInfo; -import org.apache.hadoop.hive.metastore.api.StorageDescriptor; -import org.apache.hadoop.hive.metastore.api.Table; -import org.apache.hadoop.hive.ql.Driver; -import org.apache.hadoop.hive.ql.processors.CommandProcessorResponse; -import org.apache.hadoop.hive.ql.session.SessionState; -import org.apache.hadoop.hive.serde.serdeConstants; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.pig.PigServer; -import org.apache.sentry.provider.file.PolicyFile; -import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; -import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory.HiveServer2Type; -import org.junit.BeforeClass; - -public abstract class AbstractMetastoreTestWithStaticConfiguration extends - AbstractTestWithStaticConfiguration { - - @BeforeClass - public static void setupTestStaticConfiguration() throws Exception { - useSentryService = true; - clearDbPerTest = false; - testServerType = HiveServer2Type.InternalMetastore.name(); - AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); - } - - protected static void writePolicyFile(PolicyFile policyFile) throws Exception { - policyFile.write(context.getPolicyFile()); - } - - public static PolicyFile setAdminOnServer1(String adminGroup) - throws Exception { - return SentryPolicyProviderForDb.setAdminOnServer1(adminGroup, - getSentryClient()); - } - /** - * create a metastore table using the given attributes - * @param client - * @param dbName - * @param tabName - * @param cols - * @return - * @throws Exception - */ - public Table createMetastoreTable(HiveMetaStoreClient client, String dbName, - String tabName, List cols) throws Exception { - - Table tbl = makeMetastoreTableObject(client, dbName, tabName, cols); - client.createTable(tbl); - return tbl; - } - - public Table createMetastoreTableWithLocation(HiveMetaStoreClient client, - String dbName, String tabName, List cols, String location) - throws Exception { - Table tbl = makeMetastoreTableObject(client, dbName, tabName, cols); - tbl.getSd().setLocation(location); - client.createTable(tbl); - return tbl; - - } - - public Table createMetastoreTableWithPartition(HiveMetaStoreClient client, - String dbName, String tabName, List cols, - List partionVals) throws Exception { - Table tbl = makeMetastoreTableObject(client, dbName, tabName, cols); - tbl.setPartitionKeys(partionVals); - client.createTable(tbl); - return client.getTable(dbName, tabName); - } - - public void addPartition(HiveMetaStoreClient client, String dbName, - String tblName, List ptnVals, Table tbl) throws Exception { - Partition part = makeMetastorePartitionObject(dbName, tblName, ptnVals, tbl); - client.add_partition(part); - } - - public void addPartitionWithLocation(HiveMetaStoreClient client, - String dbName, String tblName, List ptnVals, Table tbl, - String location) throws Exception { - Partition part = makeMetastorePartitionObject(dbName, tblName, ptnVals, - tbl, location); - client.add_partition(part); - } - - public Table makeMetastoreTableObject(HiveMetaStoreClient client, - String dbName, String tabName, List cols) throws Exception { - Table tbl = new Table(); - tbl.setDbName(dbName); - tbl.setTableName(tabName); - StorageDescriptor sd = new StorageDescriptor(); - tbl.setSd(sd); - tbl.setParameters(new HashMap()); - sd.setCols(cols); - sd.setCompressed(false); - sd.setParameters(new HashMap()); - sd.setSerdeInfo(new SerDeInfo()); - sd.getSerdeInfo().setName(tbl.getTableName()); - sd.getSerdeInfo().setParameters(new HashMap()); - sd.getSerdeInfo().getParameters() - .put(serdeConstants.SERIALIZATION_FORMAT, "1"); - sd.setSortCols(new ArrayList()); - return tbl; - } - - public Partition makeMetastorePartitionObject(String dbName, String tblName, - List ptnVals, Table tbl, String partitionLocation) { - Partition part = makeMetastoreBasePartitionObject(dbName, tblName, ptnVals, - tbl); - part.getSd().setLocation(partitionLocation); - return part; - } - - public Partition makeMetastorePartitionObject(String dbName, String tblName, - List ptnVals, Table tbl) { - Partition part = makeMetastoreBasePartitionObject(dbName, tblName, ptnVals, - tbl); - return part; - } - - private Partition makeMetastoreBasePartitionObject(String dbName, - String tblName, List ptnVals, Table tbl) { - Partition part4 = new Partition(); - part4.setDbName(dbName); - part4.setTableName(tblName); - part4.setValues(ptnVals); - part4.setParameters(new HashMap()); - part4.setSd(tbl.getSd().deepCopy()); - part4.getSd().setSerdeInfo(tbl.getSd().getSerdeInfo().deepCopy()); - part4.setParameters(new HashMap()); - return part4; - } - - public void createMetastoreDB(HiveMetaStoreClient client, String dbName) - throws Exception { - Database db = new Database(); - db.setName(dbName); - client.createDatabase(db); - } - - public void execHiveSQLwithOverlay(final String sqlStmt, - final String userName, Map overLay) throws Exception { - final HiveConf hiveConf = new HiveConf(); - for (Map.Entry entry : overLay.entrySet()) { - hiveConf.set(entry.getKey(), entry.getValue()); - } - UserGroupInformation clientUgi = UserGroupInformation - .createRemoteUser(userName); - clientUgi.doAs(new PrivilegedExceptionAction() { - @Override - public Void run() throws Exception { - Driver driver = new Driver(hiveConf, userName); - SessionState.start(new CliSessionState(hiveConf)); - CommandProcessorResponse cpr = driver.run(sqlStmt); - if (cpr.getResponseCode() != 0) { - throw new IOException("Failed to execute \"" + sqlStmt - + "\". Driver returned " + cpr.getResponseCode() + " Error: " - + cpr.getErrorMessage()); - } - driver.close(); - SessionState.get().close(); - return null; - } - }); - } - - - public void execHiveSQL(String sqlStmt, String userName) throws Exception { - execHiveSQLwithOverlay(sqlStmt, userName, new HashMap()); - } - - public void execPigLatin(String userName, final PigServer pigServer, - final String pigLatin) throws Exception { - UserGroupInformation clientUgi = UserGroupInformation - .createRemoteUser(userName); - clientUgi.doAs( - new PrivilegedExceptionAction() { - @Override - public Void run() throws Exception { - pigServer.registerQuery(pigLatin); - return null; - } - }); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java deleted file mode 100644 index 0d1af81..0000000 --- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/SentryPolicyProviderForDb.java +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.tests.e2e.metastore; - -import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SPLITTER; -import static org.apache.sentry.core.common.utils.SentryConstants.PRIVILEGE_PREFIX; -import static org.apache.sentry.core.common.utils.SentryConstants.ROLE_SPLITTER; - -import java.io.File; -import java.io.IOException; -import java.util.Collection; -import java.util.Map.Entry; -import java.util.Set; - -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.core.model.db.DBModelAction; -import org.apache.sentry.core.model.db.DBModelAuthorizable; -import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType; -import org.apache.sentry.core.model.db.DBModelAuthorizables; -import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.api.service.thrift.TSentryRole; -import org.apache.sentry.provider.file.PolicyFile; -import org.apache.sentry.tests.e2e.hive.StaticUserGroup; -import org.apache.tools.ant.util.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Sets; - -public class SentryPolicyProviderForDb extends PolicyFile { - private static final Logger LOG = LoggerFactory.getLogger(SentryPolicyProviderForDb.class); - protected static final Set ADMIN_GROUP_SET = Sets - .newHashSet(StaticUserGroup.ADMINGROUP); - private SentryPolicyServiceClient sentryClient; - - protected SentryPolicyServiceClient getSentryClient() { - return sentryClient; - } - - public SentryPolicyProviderForDb(SentryPolicyServiceClient sentryClient) { - this.sentryClient = sentryClient; - } - - public static SentryPolicyProviderForDb setAdminOnServer1(String admin, - SentryPolicyServiceClient sentryClient) - throws Exception { - SentryPolicyProviderForDb policyFile = new SentryPolicyProviderForDb( - sentryClient); - policyFile.addRolesToGroup(admin, "admin_role").addPermissionsToRole( - "admin_role", "server=server1"); - return policyFile; - } - - public void write(File file) throws Exception { - super.write(file); - if (!usingSentryService()) { - return; - } - - // remove existing metadata - for (TSentryRole tRole : sentryClient.listAllRoles(StaticUserGroup.ADMIN1)) { - sentryClient.dropRole(StaticUserGroup.ADMIN1, tRole.getRoleName()); - } - - // create roles and add privileges - for (Entry> roleEntry : getRolesToPermissions() - .asMap().entrySet()) { - sentryClient.createRole(StaticUserGroup.ADMIN1, roleEntry.getKey()); - for (String privilege : roleEntry.getValue()) { - addPrivilege(roleEntry.getKey(), privilege); - } - } - - // grant roles to groups - for (Entry> groupEntry : getGroupsToRoles().asMap() - .entrySet()) { - for (String roleNames : groupEntry.getValue()) { - for (String roleName : roleNames.split(",")) { - try { - sentryClient - .grantRoleToGroup(StaticUserGroup.ADMIN1, groupEntry.getKey(), roleName); - } catch (SentryUserException e) { - LOG.warn("Error granting role " + roleName + " to group " - + groupEntry.getKey()); - } - } - } - } - } - - private void addPrivilege(String roleName, String privileges) - throws Exception { - String serverName = null, dbName = null, tableName = null, columnName = null, uriPath = null; - String action = AccessConstants.ALL; - for (String privilege : ROLE_SPLITTER.split(privileges)) { - for (String section : AUTHORIZABLE_SPLITTER.split(privilege)) { - // action is not an authorizeable - if (!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) { - DBModelAuthorizable dbAuthorizable = DBModelAuthorizables - .from(section); - if (dbAuthorizable == null) { - throw new IOException("Unknow Auth type " + section); - } - - if (AuthorizableType.Server.equals(dbAuthorizable.getAuthzType())) { - serverName = dbAuthorizable.getName(); - } else if (AuthorizableType.Db.equals(dbAuthorizable.getAuthzType())) { - dbName = dbAuthorizable.getName(); - } else if (AuthorizableType.Table.equals(dbAuthorizable - .getAuthzType())) { - tableName = dbAuthorizable.getName(); - } else if (AuthorizableType.URI.equals(dbAuthorizable.getAuthzType())) { - uriPath = dbAuthorizable.getName(); - } else if (AuthorizableType.Column.equals(dbAuthorizable.getAuthzType())) { - columnName = dbAuthorizable.getName(); - } else { - throw new IOException("Unsupported auth type " - + dbAuthorizable.getName() + " : " - + dbAuthorizable.getTypeName()); - } - } else { - action = DBModelAction - .valueOf( - StringUtils.removePrefix(section, PRIVILEGE_PREFIX) - .toUpperCase()).toString(); - } - } - - if (columnName != null) { - sentryClient.grantColumnPrivilege(StaticUserGroup.ADMIN1, roleName, serverName, dbName, - tableName, columnName, action); - } else if (tableName != null) { - sentryClient.grantTablePrivilege(StaticUserGroup.ADMIN1, roleName, serverName, dbName, - tableName, action); - } else if (dbName != null) { - sentryClient.grantDatabasePrivilege(StaticUserGroup.ADMIN1, roleName, serverName, - dbName, action); - } else if (uriPath != null) { - sentryClient.grantURIPrivilege(StaticUserGroup.ADMIN1, roleName, serverName, uriPath); - } else if (serverName != null) { - sentryClient.grantServerPrivilege(StaticUserGroup.ADMIN1, roleName, serverName, action); - } - } - - } - - private boolean usingSentryService() { - return sentryClient != null; - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java deleted file mode 100644 index 815c38e..0000000 --- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java +++ /dev/null @@ -1,1106 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.tests.e2e.metastore; - -import static org.hamcrest.Matchers.equalTo; -import static org.hamcrest.core.IsNull.notNullValue; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.fail; - -import java.util.ArrayList; -import java.util.Arrays; - -import org.apache.hadoop.hive.metastore.HiveMetaStoreClient; -import org.apache.hadoop.hive.metastore.api.FieldSchema; -import org.apache.hadoop.hive.metastore.api.MetaException; -import org.apache.hadoop.hive.metastore.api.NoSuchObjectException; -import org.apache.hadoop.hive.metastore.api.Table; -import org.apache.sentry.provider.file.PolicyFile; -import org.apache.sentry.tests.e2e.hive.StaticUserGroup; -import org.apache.thrift.TException; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.Lists; - -public class TestAuthorizingObjectStore extends - AbstractMetastoreTestWithStaticConfiguration { - private PolicyFile policyFile; - private static final String dbName1 = "db_1"; - private static final String dbName2 = "db_2"; - private static final String tabName1 = "tab1"; - private static final String tabName2 = "tab2"; - private static final String tabName3 = "tab3"; - private static final String tabName4 = "tab4"; - private static final String all_role = "all_role"; - private static final String db1_t1_role = "db1_t1_role"; - private static final String partitionVal = "part1"; - private static final String colName1 = "col1"; - // this user is configured for sentry.metastore.service.users, - // for this test, the value is set when creating the HiveServer. - private static final String userWithoutAccess = "accessAllMetaUser"; - - @BeforeClass - public static void setupTestStaticConfiguration () throws Exception { - AbstractMetastoreTestWithStaticConfiguration.setupTestStaticConfiguration(); - } - - @Override - @Before - public void setup() throws Exception { - policyFile = setAdminOnServer1(ADMINGROUP); - // add user ACCESSAllMETAUSER for the test case testPrivilegesForUserNameCaseSensitive - policyFile.addGroupsToUser(userWithoutAccess.toUpperCase(), "tempGroup").setUserGroupMapping( - StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - super.setup(); - - HiveMetaStoreClient client = null; - for (int i=0; i < 10; i++) { - try { - client = context.getMetaStoreClient(ADMIN1); - break; - } catch (Throwable e) { - // ignore - } - Thread.sleep(6000); - } - client.dropDatabase(dbName1, true, true, true); - client.dropDatabase(dbName2, true, true, true); - createMetastoreDB(client, dbName1); - createMetastoreDB(client, dbName2); - - Table tbl1 = createMetastoreTableWithPartition(client, dbName1, tabName1, - Lists.newArrayList(new FieldSchema("col1", "int", "")), - Lists.newArrayList(new FieldSchema("part_col1", "string", ""))); - addPartition(client, dbName1, tabName1, Lists.newArrayList(partitionVal), tbl1); - - Table tbl2 = createMetastoreTableWithPartition(client, dbName1, tabName2, - Lists.newArrayList(new FieldSchema("col1", "int", "")), - Lists.newArrayList(new FieldSchema("part_col1", "string", ""))); - addPartition(client, dbName1, tabName2, Lists.newArrayList(partitionVal), tbl2); - - Table tbl3 = createMetastoreTableWithPartition(client, dbName2, tabName3, - Lists.newArrayList(new FieldSchema("col1", "int", "")), - Lists.newArrayList(new FieldSchema("part_col1", "string", ""))); - addPartition(client, dbName2, tabName3, Lists.newArrayList(partitionVal), tbl3); - - Table tbl4 = createMetastoreTableWithPartition(client, dbName2, tabName4, - Lists.newArrayList(new FieldSchema("col1", "int", "")), - Lists.newArrayList(new FieldSchema("part_col1", "string", ""))); - addPartition(client, dbName2, tabName4, Lists.newArrayList(partitionVal), tbl4); - - client.close(); - - policyFile - .addRolesToGroup(USERGROUP1, all_role) - .addRolesToGroup(USERGROUP2, db1_t1_role) - .addPermissionsToRole(all_role, "server=server1->db=" + dbName1) - .addPermissionsToRole(all_role, "server=server1->db=" + dbName2) - .addPermissionsToRole(all_role, - "server=server1->db=" + dbName1 + "->table=" + tabName1 + "->action=SELECT") - .addPermissionsToRole(all_role, - "server=server1->db=" + dbName1 + "->table=" + tabName2 + "->action=SELECT") - .addPermissionsToRole(all_role, - "server=server1->db=" + dbName2 + "->table=" + tabName3 + "->action=SELECT") - .addPermissionsToRole(all_role, - "server=server1->db=" + dbName2 + "->table=" + tabName4 + "->action=SELECT") - .addPermissionsToRole(db1_t1_role, - "server=server1->db=" + dbName1 + "->table=" + tabName1 + "->action=SELECT") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - } - - /** - * The configuration "sentry.metastore.service.users" is for user who has all - * access to metadata, and the value should be case-sensitive. - * - * @throws Exception - */ - @Test - public void testPrivilegesForUserNameCaseSensitive() throws Exception { - // The value of "sentry.metastore.service.users" is "accessAllMetaUser", and - // the value is case-sensitive. - // The input name is "ACCESSALLMEATAUSER", and the client should has no - // access to metadata. - HiveMetaStoreClient client = context.getMetaStoreClient(userWithoutAccess.toUpperCase()); - try { - client.getDatabase(dbName1); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - } - - /** - * User accessAllMetaUser is configured as the value of - * "sentry.metastore.service.users" and has all access to databases and - * tables. - * - * @throws Exception - */ - @Test - public void testPrivilegesForUserWithoutAccess() throws Exception { - HiveMetaStoreClient client = context.getMetaStoreClient(userWithoutAccess); - assertThat(client.getDatabase(dbName1), notNullValue()); - assertThat(client.getDatabase(dbName2), notNullValue()); - // including the "default" db - assertThat(client.getAllDatabases().size(), equalTo(3)); - // including the "default" db - assertThat(client.getDatabases("*").size(), equalTo(3)); - assertThat(client.getTable(dbName1, tabName1), notNullValue()); - assertThat(client.getTable(dbName1, tabName2), notNullValue()); - assertThat(client.getTable(dbName2, tabName3), notNullValue()); - assertThat(client.getTable(dbName2, tabName4), notNullValue()); - assertThat(client.listPartitions(dbName1, tabName1, (short) 1).size(), equalTo(1)); - assertThat(client.listPartitions(dbName1, tabName2, (short) 1).size(), equalTo(1)); - assertThat(client.listPartitions(dbName2, tabName3, (short) 1).size(), equalTo(1)); - assertThat(client.listPartitions(dbName2, tabName4, (short) 1).size(), equalTo(1)); - - assertThat( - client.listPartitions(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1)); - assertThat( - client.listPartitions(dbName1, tabName2, - new ArrayList(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1)); - assertThat( - client.listPartitions(dbName2, tabName3, - new ArrayList(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1)); - assertThat( - client.listPartitions(dbName2, tabName4, - new ArrayList(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1)); - - assertThat( - client.getPartition(dbName1, tabName1, new ArrayList(Arrays.asList(partitionVal))), - notNullValue()); - assertThat( - client.getPartition(dbName1, tabName2, new ArrayList(Arrays.asList(partitionVal))), - notNullValue()); - assertThat( - client.getPartition(dbName2, tabName3, new ArrayList(Arrays.asList(partitionVal))), - notNullValue()); - assertThat( - client.getPartition(dbName2, tabName4, new ArrayList(Arrays.asList(partitionVal))), - notNullValue()); - assertThat(client.getTables(dbName1, "tab*").size(), equalTo(2)); - assertThat(client.getTables(dbName2, "tab*").size(), equalTo(2)); - assertThat( - client.getTableObjectsByName(dbName1, - new ArrayList(Arrays.asList(tabName1, tabName2))).size(), equalTo(2)); - assertThat( - client.getTableObjectsByName(dbName2, - new ArrayList(Arrays.asList(tabName3, tabName4))).size(), equalTo(2)); - assertThat(client.getAllTables(dbName1).size(), equalTo(2)); - assertThat(client.getAllTables(dbName2).size(), equalTo(2)); - assertThat(client.listPartitionNames(dbName1, tabName1, (short) 2).size(), equalTo(1)); - assertThat(client.listPartitionNames(dbName1, tabName2, (short) 2).size(), equalTo(1)); - assertThat(client.listPartitionNames(dbName2, tabName3, (short) 2).size(), equalTo(1)); - assertThat(client.listPartitionNames(dbName2, tabName4, (short) 2).size(), equalTo(1)); - assertThat( - client.listPartitionNames(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1)); - assertThat( - client.listPartitionNames(dbName1, tabName2, - new ArrayList(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1)); - assertThat( - client.listPartitionNames(dbName2, tabName3, - new ArrayList(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1)); - assertThat( - client.listPartitionNames(dbName2, tabName4, - new ArrayList(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1)); - assertThat( - client.getPartitionsByNames(dbName1, tabName1, new ArrayList(Arrays.asList(""))) - .size(), equalTo(0)); - assertThat( - client.getPartitionsByNames(dbName1, tabName2, new ArrayList(Arrays.asList(""))) - .size(), equalTo(0)); - assertThat( - client.getPartitionsByNames(dbName2, tabName3, new ArrayList(Arrays.asList(""))) - .size(), equalTo(0)); - assertThat( - client.getPartitionsByNames(dbName2, tabName4, new ArrayList(Arrays.asList(""))) - .size(), equalTo(0)); - try { - client.getIndex(dbName1, tabName1, "empty"); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is successful. - } - try { - client.getIndex(dbName1, tabName2, "empty"); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is successful. - } - try { - client.getIndex(dbName2, tabName3, "empty"); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is successful. - } - try { - client.getIndex(dbName2, tabName3, "empty"); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is successful. - } - - assertThat(client.listIndexes(dbName1, tabName1, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexes(dbName1, tabName2, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexes(dbName2, tabName3, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexes(dbName2, tabName4, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexNames(dbName1, tabName1, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexNames(dbName1, tabName2, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexNames(dbName2, tabName3, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexNames(dbName2, tabName4, (short) 1).size(), equalTo(0)); - assertThat(client.getPartitionWithAuthInfo(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))), notNullValue()); - assertThat(client.getPartitionWithAuthInfo(dbName1, tabName2, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))), notNullValue()); - assertThat(client.getPartitionWithAuthInfo(dbName2, tabName3, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))), notNullValue()); - assertThat(client.getPartitionWithAuthInfo(dbName2, tabName4, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))), notNullValue()); - assertThat( - client.getTableColumnStatistics(dbName1, tabName1, - new ArrayList(Arrays.asList(colName1))).size(), equalTo(0)); - assertThat( - client.getTableColumnStatistics(dbName1, tabName2, - new ArrayList(Arrays.asList(colName1))).size(), equalTo(0)); - assertThat( - client.getTableColumnStatistics(dbName2, tabName3, - new ArrayList(Arrays.asList(colName1))).size(), equalTo(0)); - assertThat( - client.getTableColumnStatistics(dbName2, tabName4, - new ArrayList(Arrays.asList(colName1))).size(), equalTo(0)); - client.close(); - } - - /** - * The group of USER1_1 is USERGROUP1, and has all access to databases and - * tables. - * - * @throws Exception - */ - @Test - public void testPrivilegesForFullAccess() throws Exception { - HiveMetaStoreClient client = context.getMetaStoreClient(USER1_1); - assertThat(client.getDatabase(dbName1), notNullValue()); - assertThat(client.getDatabase(dbName2), notNullValue()); - // including the "default" db - assertThat(client.getAllDatabases().size(), equalTo(3)); - // including the "default" db - assertThat(client.getDatabases("*").size(), equalTo(3)); - assertThat(client.getTable(dbName1, tabName1), notNullValue()); - assertThat(client.getTable(dbName1, tabName2), notNullValue()); - assertThat(client.getTable(dbName2, tabName3), notNullValue()); - assertThat(client.getTable(dbName2, tabName4), notNullValue()); - assertThat(client.listPartitions(dbName1, tabName1, (short) 1).size(), equalTo(1)); - assertThat(client.listPartitions(dbName1, tabName2, (short) 1).size(), equalTo(1)); - assertThat(client.listPartitions(dbName2, tabName3, (short) 1).size(), equalTo(1)); - assertThat(client.listPartitions(dbName2, tabName4, (short) 1).size(), equalTo(1)); - - assertThat( - client.listPartitions(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1)); - assertThat( - client.listPartitions(dbName1, tabName2, - new ArrayList(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1)); - assertThat( - client.listPartitions(dbName2, tabName3, - new ArrayList(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1)); - assertThat( - client.listPartitions(dbName2, tabName4, - new ArrayList(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1)); - - assertThat( - client.getPartition(dbName1, tabName1, new ArrayList(Arrays.asList(partitionVal))), - notNullValue()); - assertThat( - client.getPartition(dbName1, tabName2, new ArrayList(Arrays.asList(partitionVal))), - notNullValue()); - assertThat( - client.getPartition(dbName2, tabName3, new ArrayList(Arrays.asList(partitionVal))), - notNullValue()); - assertThat( - client.getPartition(dbName2, tabName4, new ArrayList(Arrays.asList(partitionVal))), - notNullValue()); - assertThat(client.getTables(dbName1, "tab*").size(), equalTo(2)); - assertThat(client.getTables(dbName2, "tab*").size(), equalTo(2)); - assertThat( - client.getTableObjectsByName(dbName1, - new ArrayList(Arrays.asList(tabName1, tabName2))).size(), equalTo(2)); - assertThat( - client.getTableObjectsByName(dbName2, - new ArrayList(Arrays.asList(tabName3, tabName4))).size(), equalTo(2)); - assertThat(client.getAllTables(dbName1).size(), equalTo(2)); - assertThat(client.getAllTables(dbName2).size(), equalTo(2)); - assertThat(client.listPartitionNames(dbName1, tabName1, (short) 2).size(), equalTo(1)); - assertThat(client.listPartitionNames(dbName1, tabName2, (short) 2).size(), equalTo(1)); - assertThat(client.listPartitionNames(dbName2, tabName3, (short) 2).size(), equalTo(1)); - assertThat(client.listPartitionNames(dbName2, tabName4, (short) 2).size(), equalTo(1)); - assertThat( - client.listPartitionNames(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1)); - assertThat( - client.listPartitionNames(dbName1, tabName2, - new ArrayList(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1)); - assertThat( - client.listPartitionNames(dbName2, tabName3, - new ArrayList(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1)); - assertThat( - client.listPartitionNames(dbName2, tabName4, - new ArrayList(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1)); - assertThat( - client.getPartitionsByNames(dbName1, tabName1, new ArrayList(Arrays.asList(""))) - .size(), equalTo(0)); - assertThat( - client.getPartitionsByNames(dbName1, tabName2, new ArrayList(Arrays.asList(""))) - .size(), equalTo(0)); - assertThat( - client.getPartitionsByNames(dbName2, tabName3, new ArrayList(Arrays.asList(""))) - .size(), equalTo(0)); - assertThat( - client.getPartitionsByNames(dbName2, tabName4, new ArrayList(Arrays.asList(""))) - .size(), equalTo(0)); - try { - client.getIndex(dbName1, tabName1, "empty"); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is successful. - } - try { - client.getIndex(dbName1, tabName2, "empty"); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is successful. - } - try { - client.getIndex(dbName2, tabName3, "empty"); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is successful. - } - try { - client.getIndex(dbName2, tabName3, "empty"); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is successful. - } - - assertThat(client.listIndexes(dbName1, tabName1, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexes(dbName1, tabName2, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexes(dbName2, tabName3, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexes(dbName2, tabName4, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexNames(dbName1, tabName1, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexNames(dbName1, tabName2, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexNames(dbName2, tabName3, (short) 1).size(), equalTo(0)); - assertThat(client.listIndexNames(dbName2, tabName4, (short) 1).size(), equalTo(0)); - assertThat(client.getPartitionWithAuthInfo(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))), notNullValue()); - assertThat(client.getPartitionWithAuthInfo(dbName1, tabName2, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))), notNullValue()); - assertThat(client.getPartitionWithAuthInfo(dbName2, tabName3, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))), notNullValue()); - assertThat(client.getPartitionWithAuthInfo(dbName2, tabName4, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))), notNullValue()); - assertThat( - client.getTableColumnStatistics(dbName1, tabName1, - new ArrayList(Arrays.asList(colName1))).size(), equalTo(0)); - assertThat( - client.getTableColumnStatistics(dbName1, tabName2, - new ArrayList(Arrays.asList(colName1))).size(), equalTo(0)); - assertThat( - client.getTableColumnStatistics(dbName2, tabName3, - new ArrayList(Arrays.asList(colName1))).size(), equalTo(0)); - assertThat( - client.getTableColumnStatistics(dbName2, tabName4, - new ArrayList(Arrays.asList(colName1))).size(), equalTo(0)); - client.close(); - } - - /** - * The group of USER2_1 is USERGROUP2, and has the access to db1 and t1. - * - * @throws Exception - */ - @Test - public void testPrivilegesForPartialAccess() throws Exception { - HiveMetaStoreClient client = context.getMetaStoreClient(USER2_1); - assertThat(client.getDatabase(dbName1), notNullValue()); - try { - client.getDatabase(dbName2); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - // including the "default" db - assertThat(client.getAllDatabases().size(), equalTo(2)); - // including the "default" db - assertThat(client.getDatabases("*").size(), equalTo(2)); - assertThat(client.getTable(dbName1, tabName1), notNullValue()); - try { - client.getTable(dbName1, tabName2); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getTable(dbName2, tabName3); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getTable(dbName2, tabName4); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - assertThat(client.listPartitions(dbName1, tabName1, (short) 1).size(), equalTo(1)); - try { - client.listPartitions(dbName1, tabName2, (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitions(dbName2, tabName3, (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitions(dbName2, tabName4, (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - assertThat( - client.listPartitions(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), (short) 1).size(), equalTo(1)); - try { - client.listPartitions(dbName1, tabName2, new ArrayList(Arrays.asList(partitionVal)), - (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitions(dbName2, tabName3, new ArrayList(Arrays.asList(partitionVal)), - (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitions(dbName2, tabName4, new ArrayList(Arrays.asList(partitionVal)), - (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - assertThat( - client.getPartition(dbName1, tabName1, new ArrayList(Arrays.asList(partitionVal))), - notNullValue()); - try { - client.getPartition(dbName1, tabName2, new ArrayList(Arrays.asList(partitionVal))); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartition(dbName2, tabName3, new ArrayList(Arrays.asList(partitionVal))); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartition(dbName2, tabName4, new ArrayList(Arrays.asList(partitionVal))); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - assertThat(client.getTables(dbName1, "tab*").size(), equalTo(1)); - assertThat(client.getTables(dbName2, "tab*").size(), equalTo(0)); - assertThat( - client.getTableObjectsByName(dbName1, - new ArrayList(Arrays.asList(tabName1, tabName2))).size(), equalTo(1)); - assertThat( - client.getTableObjectsByName(dbName2, - new ArrayList(Arrays.asList(tabName3, tabName4))).size(), equalTo(0)); - assertThat(client.getAllTables(dbName1).size(), equalTo(1)); - assertThat(client.getAllTables(dbName2).size(), equalTo(0)); - - assertThat(client.listPartitionNames(dbName1, tabName1, (short) 2).size(), equalTo(1)); - try { - client.listPartitionNames(dbName1, tabName2, (short) 2); - fail("MetaException should have been thrown"); - } catch (TException te) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitionNames(dbName2, tabName3, (short) 2); - fail("MetaException should have been thrown"); - } catch (TException te) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitionNames(dbName2, tabName4, (short) 2); - fail("MetaException should have been thrown"); - } catch (TException te) { - // ignore, just make sure the authorization is failed. - } - - assertThat( - client.listPartitionNames(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), (short) 2).size(), equalTo(1)); - try { - client.listPartitionNames(dbName1, tabName2, - new ArrayList(Arrays.asList(partitionVal)), (short) 2); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitionNames(dbName2, tabName3, - new ArrayList(Arrays.asList(partitionVal)), (short) 2); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitionNames(dbName2, tabName4, - new ArrayList(Arrays.asList(partitionVal)), (short) 2); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - assertThat( - client.getPartitionsByNames(dbName1, tabName1, new ArrayList(Arrays.asList(""))) - .size(), equalTo(0)); - try { - client.getPartitionsByNames(dbName1, tabName2, new ArrayList(Arrays.asList(""))); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartitionsByNames(dbName2, tabName3, new ArrayList(Arrays.asList(""))); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartitionsByNames(dbName2, tabName4, new ArrayList(Arrays.asList(""))); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.getIndex(dbName1, tabName1, "empty"); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is successful. - } - try { - client.getIndex(dbName1, tabName2, "empty"); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getIndex(dbName2, tabName3, "empty"); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getIndex(dbName2, tabName3, "empty"); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - - assertThat(client.listIndexes(dbName1, tabName1, (short) 1).size(), equalTo(0)); - try { - client.listIndexes(dbName1, tabName2, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listIndexes(dbName2, tabName3, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listIndexes(dbName2, tabName4, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - - assertThat(client.listIndexNames(dbName1, tabName1, (short) 1).size(), equalTo(0)); - try { - client.listIndexNames(dbName1, tabName2, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listIndexNames(dbName2, tabName3, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listIndexNames(dbName2, tabName4, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - - assertThat(client.getPartitionWithAuthInfo(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))), notNullValue()); - try { - client.getPartitionWithAuthInfo(dbName1, tabName2, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartitionWithAuthInfo(dbName2, tabName3, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartitionWithAuthInfo(dbName2, tabName4, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - assertThat( - client.getTableColumnStatistics(dbName1, tabName1, - new ArrayList(Arrays.asList(colName1))).size(), equalTo(0)); - try { - client.getTableColumnStatistics(dbName1, tabName2, - new ArrayList(Arrays.asList(colName1))); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getTableColumnStatistics(dbName2, tabName3, - new ArrayList(Arrays.asList(colName1))); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getTableColumnStatistics(dbName2, tabName4, - new ArrayList(Arrays.asList(colName1))); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - client.close(); - } - - /** - * The group of USER3_1 is USERGROUP3, and has no access to database and - * table. - * - * @throws Exception - */ - @Test - public void testPrivilegesForNoAccess() throws Exception { - HiveMetaStoreClient client = context.getMetaStoreClient(USER3_1); - try { - client.getDatabase(dbName1); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getDatabase(dbName2); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - // including the "default" db - assertThat(client.getAllDatabases().size(), equalTo(1)); - // including the "default" db - assertThat(client.getDatabases("*").size(), equalTo(1)); - try { - client.getTable(dbName1, tabName1); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getTable(dbName1, tabName2); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getTable(dbName2, tabName3); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getTable(dbName2, tabName4); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.listPartitions(dbName1, tabName1, (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitions(dbName1, tabName2, (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitions(dbName2, tabName3, (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitions(dbName2, tabName4, (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.listPartitions(dbName1, tabName1, new ArrayList(Arrays.asList(partitionVal)), - (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitions(dbName1, tabName2, new ArrayList(Arrays.asList(partitionVal)), - (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitions(dbName2, tabName3, new ArrayList(Arrays.asList(partitionVal)), - (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitions(dbName2, tabName4, new ArrayList(Arrays.asList(partitionVal)), - (short) 1); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.getPartition(dbName1, tabName1, new ArrayList(Arrays.asList(partitionVal))); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartition(dbName1, tabName2, new ArrayList(Arrays.asList(partitionVal))); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartition(dbName2, tabName3, new ArrayList(Arrays.asList(partitionVal))); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartition(dbName2, tabName4, new ArrayList(Arrays.asList(partitionVal))); - fail("NoSuchObjectException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - assertThat(client.getTables(dbName1, "tab*").size(), equalTo(0)); - assertThat(client.getTables(dbName2, "tab*").size(), equalTo(0)); - assertThat( - client.getTableObjectsByName(dbName1, - new ArrayList(Arrays.asList(tabName1, tabName2))).size(), equalTo(0)); - assertThat( - client.getTableObjectsByName(dbName2, - new ArrayList(Arrays.asList(tabName3, tabName4))).size(), equalTo(0)); - assertThat(client.getAllTables(dbName1).size(), equalTo(0)); - assertThat(client.getAllTables(dbName2).size(), equalTo(0)); - - try { - client.listPartitionNames(dbName1, tabName1, (short) 2); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitionNames(dbName1, tabName2, (short) 2); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitionNames(dbName2, tabName3, (short) 2); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitionNames(dbName2, tabName4, (short) 2); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.listPartitionNames(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), (short) 2); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitionNames(dbName1, tabName2, - new ArrayList(Arrays.asList(partitionVal)), (short) 2); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitionNames(dbName2, tabName3, - new ArrayList(Arrays.asList(partitionVal)), (short) 2); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listPartitionNames(dbName2, tabName4, - new ArrayList(Arrays.asList(partitionVal)), (short) 2); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.getPartitionsByNames(dbName1, tabName1, new ArrayList(Arrays.asList(""))); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartitionsByNames(dbName1, tabName2, new ArrayList(Arrays.asList(""))); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartitionsByNames(dbName2, tabName3, new ArrayList(Arrays.asList(""))); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartitionsByNames(dbName2, tabName4, new ArrayList(Arrays.asList(""))); - fail("MetaException should have been thrown"); - } catch (TException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.getIndex(dbName1, tabName1, "empty"); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getIndex(dbName1, tabName2, "empty"); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getIndex(dbName2, tabName3, "empty"); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getIndex(dbName2, tabName3, "empty"); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.listIndexes(dbName1, tabName1, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listIndexes(dbName1, tabName2, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listIndexes(dbName2, tabName3, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listIndexes(dbName2, tabName4, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.listIndexNames(dbName1, tabName1, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listIndexNames(dbName1, tabName2, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listIndexNames(dbName2, tabName3, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.listIndexNames(dbName2, tabName4, (short) 1); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.getPartitionWithAuthInfo(dbName1, tabName1, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartitionWithAuthInfo(dbName1, tabName2, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartitionWithAuthInfo(dbName2, tabName3, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getPartitionWithAuthInfo(dbName2, tabName4, - new ArrayList(Arrays.asList(partitionVal)), "tempuser", new ArrayList( - Arrays.asList("tempgroup"))); - fail("MetaException should have been thrown"); - } catch (NoSuchObjectException noe) { - // ignore, just make sure the authorization is failed. - } - - try { - client.getTableColumnStatistics(dbName1, tabName1, - new ArrayList(Arrays.asList(colName1))); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getTableColumnStatistics(dbName1, tabName2, - new ArrayList(Arrays.asList(colName1))); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getTableColumnStatistics(dbName2, tabName3, - new ArrayList(Arrays.asList(colName1))); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - try { - client.getTableColumnStatistics(dbName2, tabName4, - new ArrayList(Arrays.asList(colName1))); - fail("MetaException should have been thrown"); - } catch (MetaException noe) { - // ignore, just make sure the authorization is failed. - } - client.close(); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e358fde7/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java deleted file mode 100644 index f406fd7..0000000 --- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetaStoreWithPigHCat.java +++ /dev/null @@ -1,113 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.tests.e2e.metastore; - -import static org.junit.Assert.assertEquals; - -import java.io.File; -import java.io.FileOutputStream; - -import org.apache.hadoop.hive.metastore.HiveMetaStoreClient; -import org.apache.hive.hcatalog.pig.HCatStorer; -import org.apache.pig.ExecType; -import org.apache.pig.PigServer; -import org.apache.sentry.provider.file.PolicyFile; -import org.apache.sentry.tests.e2e.hive.StaticUserGroup; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Test; - -import com.google.common.io.Resources; - -public class TestMetaStoreWithPigHCat extends - AbstractMetastoreTestWithStaticConfiguration { - private PolicyFile policyFile; - private File dataFile; - private static final String dbName = "db_1"; - private static final String tabName1 = "tab1"; - private static final String tabName2 = "tab2"; - private static final String db_all_role = "all_db1"; - - @BeforeClass - public static void beforeClass() { - System.setProperty("hadoopversion", "23"); - } - - @Before - public void setup() throws Exception { - dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); - FileOutputStream to = new FileOutputStream(dataFile); - Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); - to.close(); - - policyFile = setAdminOnServer1(ADMINGROUP); - policyFile - .addRolesToGroup(USERGROUP1, db_all_role) - .addRolesToGroup(USERGROUP2, "read_db_role") - .addPermissionsToRole(db_all_role, "server=server1->db=" + dbName) - .addPermissionsToRole("read_db_role", - "server=server1->db=" + dbName + "->table=" + tabName2 + "->action=SELECT") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - - HiveMetaStoreClient client = context.getMetaStoreClient(ADMIN1); - client.dropDatabase(dbName, true, true, true); - createMetastoreDB(client, dbName); - client.close(); - } - - /** - * Verify add partition via Pig+HCatStore - * - * *** Disabled due to HCat inputformat compatibility issue in Hive 1.1.0 - */ - @Ignore - @Test - public void testPartionLoad() throws Exception { - execHiveSQL("CREATE TABLE " + dbName + "." + tabName1 - + " (id int) PARTITIONED BY (part_col STRING)", ADMIN1); - execHiveSQL("CREATE TABLE " + dbName + "." + tabName2 - + " (id int) PARTITIONED BY (part_col STRING)", ADMIN1); - - // user with ALL on DB should be able to add partion using Pig/HCatStore - PigServer pigServer = context.getPigServer(USER1_1, ExecType.LOCAL); - execPigLatin(USER1_1, pigServer, "A = load '" + dataFile.getPath() - + "' as (id:int);"); - execPigLatin(USER1_1, pigServer, "store A into '" + dbName + "." + tabName1 - + "' using " + HCatStorer.class.getName() + " ('part_col=part1');"); - HiveMetaStoreClient client = context.getMetaStoreClient(ADMIN1); - assertEquals(1, client.listPartitionNames(dbName, tabName1, (short) 10) - .size()); - - // user without select on DB should NOT be able to add partition with Pig/HCatStore - pigServer = context.getPigServer(USER2_1, ExecType.LOCAL); - execPigLatin(USER2_1, pigServer, "A = load '" + dataFile.getPath() - + "' as (id:int);"); - // This action won't be successful because of no permission, but there is no exception will - // be thrown in this thread. The detail exception can be found in - // sentry-tests/sentry-tests-hive/target/surefire-reports/org.apache.sentry.tests.e2e.metastore.TestMetaStoreWithPigHCat-output.txt. - execPigLatin(USER2_1, pigServer, "store A into '" + dbName + "." + tabName2 + "' using " - + HCatStorer.class.getName() + " ('part_col=part2');"); - // The previous action is failed, and there will be no data. - assertEquals(0, client.listPartitionNames(dbName, tabName2, (short) 10).size()); - client.close(); - } - -}