This is an automated email from the ASF dual-hosted git repository.
hellostephen pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.1 by this push:
new 90757a9283d [test](auth)add upgrade and downgrade compatibility test
case (#37523)
90757a9283d is described below
commit 90757a9283d13fcd57e5b4f220e4b332b869cabd
Author: zfr95 <[email protected]>
AuthorDate: Tue Jul 9 21:13:54 2024 +0800
[test](auth)add upgrade and downgrade compatibility test case (#37523)
## Proposed changes
[test](auth)add upgrade and downgrade compatibility test case
---
.../test_master_slave_consistency_auth.groovy | 323 +++++++++++++++++++++
.../suites/auth_p0/test_select_column_auth.groovy | 126 ++++++++
regression-test/suites/auth_up_down_p0/load.groovy | 191 ++++++++++++
.../auth_up_down_p0/test_grant_revoke_auth.groovy | 75 +++++
4 files changed, 715 insertions(+)
diff --git
a/regression-test/suites/auth_p0/test_master_slave_consistency_auth.groovy
b/regression-test/suites/auth_p0/test_master_slave_consistency_auth.groovy
new file mode 100644
index 00000000000..b9493bf2e03
--- /dev/null
+++ b/regression-test/suites/auth_p0/test_master_slave_consistency_auth.groovy
@@ -0,0 +1,323 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+suite ("test_follower_consistent_auth","p0,auth") {
+
+ def get_follower_ip = {
+ def result = sql """show frontends;"""
+ for (int i = 0; i < result.size(); i++) {
+ if (result[i][7] == "FOLLOWER" && result[i][8] == "false") {
+ return result[i][1]
+ }
+ }
+ return "null"
+ }
+ def switch_ip = get_follower_ip()
+ if (switch_ip != "null") {
+ logger.info("switch_ip: " + switch_ip)
+ def new_jdbc_url = context.config.jdbcUrl.replaceAll(/\/\/[0-9.]+:/,
"//${switch_ip}:")
+ logger.info("new_jdbc_url: " + new_jdbc_url)
+
+ String user = 'test_follower_consistent_user'
+ String pwd = 'C123_567p'
+ String dbName = 'test_select_column_auth_db'
+ String tableName = 'test_select_column_auth_table'
+ String role = 'test_select_column_auth_role'
+ String wg = 'test_select_column_auth_wg'
+ String rg = 'test_select_column_auth_rg'
+ try_sql("DROP role ${role}")
+ sql """CREATE ROLE ${role}"""
+ sql """drop WORKLOAD GROUP if exists '${wg}'"""
+ sql """CREATE WORKLOAD GROUP "${wg}"
+ PROPERTIES (
+ "cpu_share"="10"
+ );"""
+ sql """DROP RESOURCE if exists ${rg}"""
+ sql """
+ CREATE RESOURCE IF NOT EXISTS "${rg}"
+ PROPERTIES(
+ "type"="hdfs",
+ "fs.defaultFS"="127.0.0.1:8120",
+ "hadoop.username"="hive",
+ "hadoop.password"="hive",
+ "dfs.nameservices" = "my_ha",
+ "dfs.ha.namenodes.my_ha" = "my_namenode1, my_namenode2",
+ "dfs.namenode.rpc-address.my_ha.my_namenode1" = "127.0.0.1:10000",
+ "dfs.namenode.rpc-address.my_ha.my_namenode2" = "127.0.0.1:10000",
+ "dfs.client.failover.proxy.provider" =
"org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider"
+ );
+ """
+ try_sql("drop user ${user}")
+ try_sql """drop table if exists ${dbName}.${tableName}"""
+ sql """drop database if exists ${dbName}"""
+ sql """create database ${dbName}"""
+ sql """
+ CREATE TABLE IF NOT EXISTS ${dbName}.`${tableName}` (
+ id BIGINT,
+ username VARCHAR(20)
+ )
+ DISTRIBUTED BY HASH(id) BUCKETS 2
+ PROPERTIES (
+ "replication_num" = "1"
+ );
+ """
+
+ sql """create view ${dbName}.v1 as select * from
${dbName}.${tableName};"""
+ sql """alter table ${dbName}.${tableName} add rollup
rollup1(username)"""
+ sleep(5 * 1000)
+ sql """create materialized view mv1 as select username from
${dbName}.${tableName}"""
+ sleep(5 * 1000)
+ sql """CREATE MATERIALIZED VIEW ${dbName}.mtmv1
+ BUILD IMMEDIATE REFRESH AUTO ON MANUAL
+ DISTRIBUTED BY RANDOM BUCKETS 1
+ PROPERTIES ('replication_num' = '1')
+ AS select username, sum(id) from ${dbName}.${tableName} group by
username"""
+ sql """
+ insert into ${dbName}.`${tableName}` values
+ (1, "111"),
+ (2, "222"),
+ (3, "333");
+ """
+ sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
+ sql """refresh MATERIALIZED VIEW ${dbName}.mtmv1 auto"""
+ sql """grant select_priv on regression_test to ${user}"""
+
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "SHOW CATALOG RECYCLE BIN WHERE NAME = 'test'"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ try {
+ sql "SHOW CATALOG RECYCLE BIN WHERE NAME = 'test'"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "SHOW DATA"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ try {
+ sql "SHOW DATA"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.${tableName}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ try {
+ sql "select username from ${dbName}.${tableName}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ sql """grant select_priv(username) on ${dbName}.${tableName} to
${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.${tableName}"
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ sql "select username from ${dbName}.${tableName}"
+ }
+
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.v1"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ try {
+ sql "select username from ${dbName}.v1"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ sql """grant select_priv(username) on ${dbName}.v1 to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.v1"
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ sql "select username from ${dbName}.v1"
+ }
+
+
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.mtmv1"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ try {
+ sql "select username from ${dbName}.mtmv1"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ sql """grant select_priv(username) on ${dbName}.mtmv1 to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.mtmv1"
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ sql "select username from ${dbName}.mtmv1"
+ }
+
+
+ sql """ADMIN SET FRONTEND CONFIG ('experimental_enable_workload_group'
= 'true');"""
+ sql """set experimental_enable_pipeline_engine = true;"""
+
+ // user
+ sql """grant select_priv on ${dbName}.${tableName} to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.${tableName}"
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ sql "select username from ${dbName}.${tableName}"
+ }
+
+ sql """revoke select_priv on ${dbName}.${tableName} from ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.${tableName}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ try {
+ sql "select username from ${dbName}.${tableName}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+
+ // role
+ sql """grant select_priv on ${dbName}.${tableName} to ROLE '${role}'"""
+ sql """grant Load_priv on ${dbName}.${tableName} to ROLE '${role}'"""
+ sql """grant '${role}' to '${user}'"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.${tableName}"
+ sql """insert into ${dbName}.`${tableName}` values (4, "444")"""
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ sql "select username from ${dbName}.${tableName}"
+ sql """insert into ${dbName}.`${tableName}` values (4, "444")"""
+ }
+
+ sql """revoke '${role}' from '${user}'"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.${tableName}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ try {
+ sql "select username from ${dbName}.${tableName}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+
+
+ // workload group
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """set workload_group = '${wg}';"""
+ try {
+ sql "select username from ${dbName}.${tableName}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ sql """set workload_group = '${wg}';"""
+ try {
+ sql "select username from ${dbName}.${tableName}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ sql """GRANT USAGE_PRIV ON WORKLOAD GROUP '${wg}' TO '${user}';"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """set workload_group = '${wg}';"""
+ sql """select username from ${dbName}.${tableName}"""
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ sql """set workload_group = '${wg}';"""
+ sql """select username from ${dbName}.${tableName}"""
+ }
+
+ // resource group
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ def res = sql """SHOW RESOURCES;"""
+ assertTrue(res == [])
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ def res = sql """SHOW RESOURCES;"""
+ assertTrue(res == [])
+ }
+ sql """GRANT USAGE_PRIV ON RESOURCE ${rg} TO ${user};"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ def res = sql """SHOW RESOURCES;"""
+ assertTrue(res.size == 10)
+ }
+ connect(user=user, password="${pwd}", url=new_jdbc_url) {
+ def res = sql """SHOW RESOURCES;"""
+ assertTrue(res.size == 10)
+ }
+
+ try_sql("DROP USER ${user}")
+ try_sql("drop workload group if exists ${wg};")
+
+ }
+
+}
diff --git a/regression-test/suites/auth_p0/test_select_column_auth.groovy
b/regression-test/suites/auth_p0/test_select_column_auth.groovy
new file mode 100644
index 00000000000..b4f24ee3c17
--- /dev/null
+++ b/regression-test/suites/auth_p0/test_select_column_auth.groovy
@@ -0,0 +1,126 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+suite("test_select_column_auth","p0,auth") {
+ String user = 'test_select_column_auth_user'
+ String pwd = 'C123_567p'
+ String dbName = 'test_select_column_auth_db'
+ String tableName = 'test_select_column_auth_table'
+ try_sql("drop user ${user}")
+ try_sql """drop table if exists ${dbName}.${tableName}"""
+ sql """drop database if exists ${dbName}"""
+
+ sql """create user '${user}' IDENTIFIED by '${pwd}'"""
+
+ sql """create database ${dbName}"""
+ sql """
+ CREATE TABLE IF NOT EXISTS ${dbName}.`${tableName}` (
+ id BIGINT,
+ username VARCHAR(20)
+ )
+ DISTRIBUTED BY HASH(id) BUCKETS 2
+ PROPERTIES (
+ "replication_num" = "1"
+ );
+ """
+
+ sql """create view ${dbName}.v1 as select * from ${dbName}.${tableName};"""
+ sql """alter table ${dbName}.${tableName} add rollup rollup1(username)"""
+ sleep(5 * 1000)
+ sql """create materialized view mv1 as select username from
${dbName}.${tableName}"""
+ sleep(5 * 1000)
+ sql """CREATE MATERIALIZED VIEW ${dbName}.mtmv1
+ BUILD IMMEDIATE REFRESH AUTO ON MANUAL
+ DISTRIBUTED BY RANDOM BUCKETS 1
+ PROPERTIES ('replication_num' = '1')
+ AS select username, sum(id) as sum_id from ${dbName}.${tableName}
group by username"""
+ sql """
+ insert into ${dbName}.`${tableName}` values
+ (1, "111"),
+ (2, "222"),
+ (3, "333");
+ """
+ sql """refresh MATERIALIZED VIEW ${dbName}.mtmv1 auto"""
+ sql """grant select_priv on regression_test to ${user}"""
+
+ // table column
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.${tableName}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ sql """grant select_priv(username) on ${dbName}.${tableName} to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.${tableName}"
+ }
+
+ // view column
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.v1"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ sql """grant select_priv(username) on ${dbName}.v1 to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.v1"
+ }
+
+ // mtmv column
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.mtmv1"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ sql """grant select_priv(username) on ${dbName}.mtmv1 to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.mtmv1"
+ }
+
+
+ // mtmv hit
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "SET enable_materialized_view_rewrite=true"
+ try {
+ sql "select username, sum(id) from ${dbName}.${tableName} group by
username"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ sql """grant select_priv(username) on ${dbName}.mtmv1 to ${user}"""
+ sql """grant select_priv(sum_id) on ${dbName}.mtmv1 to ${user}"""
+ sql """grant select_priv(id) on ${dbName}.${tableName} to ${user}"""
+ connect(user=user, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "SET enable_materialized_view_rewrite=true"
+ explain {
+ sql("""select username, sum(id) from ${dbName}.${tableName} group
by username""")
+ contains "mtmv1(mtmv1)"
+ }
+ }
+
+ try_sql("DROP USER ${user}")
+
+}
diff --git a/regression-test/suites/auth_up_down_p0/load.groovy
b/regression-test/suites/auth_up_down_p0/load.groovy
new file mode 100644
index 00000000000..b4178fa7a48
--- /dev/null
+++ b/regression-test/suites/auth_up_down_p0/load.groovy
@@ -0,0 +1,191 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+suite("test_upgrade_downgrade_prepare_auth","p0,auth") {
+
+ String user1 = 'test_upgrade_downgrade_compatibility_auth_user1'
+ String user2 = 'test_upgrade_downgrade_compatibility_auth_user2'
+ String role1 = 'test_upgrade_downgrade_compatibility_auth_role1'
+ String role2 = 'test_upgrade_downgrade_compatibility_auth_role2'
+ String pwd = 'C123_567p'
+
+ String dbName = 'test_auth_up_down_db'
+ String tableName1 = 'test_auth_up_down_table1'
+ String tableName2 = 'test_auth_up_down_table2'
+
+ String wg1 = 'wg_1'
+ String wg2 = 'wg_2'
+
+ String rg1 = 'test_up_down_resource_1_hdfs'
+ String rg2 = 'test_up_down_resource_2_hdfs'
+
+ try_sql("DROP USER ${user1}")
+ try_sql("DROP USER ${user2}")
+ try_sql("DROP role ${role1}")
+ try_sql("DROP role ${role2}")
+ sql """CREATE USER '${user1}' IDENTIFIED BY '${pwd}'"""
+ sql """CREATE USER '${user2}' IDENTIFIED BY '${pwd}'"""
+ sql """grant select_priv on regression_test to ${user1}"""
+ sql """grant select_priv on regression_test to ${user2}"""
+
+ sql """CREATE ROLE ${role1}"""
+ sql """CREATE ROLE ${role2}"""
+
+
+ try_sql """drop table if exists ${dbName}.${tableName1}"""
+ sql """drop database if exists ${dbName}"""
+ sql """create database ${dbName}"""
+ sql """
+ CREATE TABLE IF NOT EXISTS ${dbName}.`${tableName1}` (
+ id BIGINT,
+ username VARCHAR(20)
+ )
+ DISTRIBUTED BY HASH(id) BUCKETS 2
+ PROPERTIES (
+ "replication_allocation" = "tag.location.default: 1"
+ );
+ """
+
+ try_sql """drop table if exists ${dbName}.${tableName2}"""
+ sql """
+ CREATE TABLE IF NOT EXISTS ${dbName}.`${tableName2}` (
+ id BIGINT,
+ username VARCHAR(20)
+ )
+ DISTRIBUTED BY HASH(id) BUCKETS 2
+ PROPERTIES (
+ "replication_num" = "1"
+ );
+ """
+
+ sql """drop WORKLOAD GROUP if exists '${wg1}'"""
+ sql """drop WORKLOAD GROUP if exists '${wg2}'"""
+ sql """CREATE WORKLOAD GROUP "${wg1}"
+ PROPERTIES (
+ "cpu_share"="10"
+ );"""
+ sql """CREATE WORKLOAD GROUP "${wg2}"
+ PROPERTIES (
+ "cpu_share"="10"
+ );"""
+
+ sql """DROP RESOURCE if exists ${rg1}"""
+ sql """DROP RESOURCE if exists ${rg2}"""
+ sql """
+ CREATE RESOURCE IF NOT EXISTS "${rg1}"
+ PROPERTIES(
+ "type"="hdfs",
+ "fs.defaultFS"="127.0.0.1:8120",
+ "hadoop.username"="hive",
+ "hadoop.password"="hive",
+ "dfs.nameservices" = "my_ha",
+ "dfs.ha.namenodes.my_ha" = "my_namenode1, my_namenode2",
+ "dfs.namenode.rpc-address.my_ha.my_namenode1" = "127.0.0.1:10000",
+ "dfs.namenode.rpc-address.my_ha.my_namenode2" = "127.0.0.1:10000",
+ "dfs.client.failover.proxy.provider" =
"org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider"
+ );
+ """
+ sql """
+ CREATE RESOURCE IF NOT EXISTS "${rg2}"
+ PROPERTIES(
+ "type"="hdfs",
+ "fs.defaultFS"="127.0.0.1:8120",
+ "hadoop.username"="hive",
+ "hadoop.password"="hive",
+ "dfs.nameservices" = "my_ha",
+ "dfs.ha.namenodes.my_ha" = "my_namenode1, my_namenode2",
+ "dfs.namenode.rpc-address.my_ha.my_namenode1" = "127.0.0.1:10000",
+ "dfs.namenode.rpc-address.my_ha.my_namenode2" = "127.0.0.1:10000",
+ "dfs.client.failover.proxy.provider" =
"org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider"
+ );
+ """
+
+ sql """ADMIN SET FRONTEND CONFIG ('experimental_enable_workload_group' =
'true');"""
+ sql """set experimental_enable_pipeline_engine = true;"""
+
+ // user
+ sql """grant select_priv on ${dbName}.${tableName1} to ${user1}"""
+ sql """grant select_priv on ${dbName}.${tableName2} to ${user1}"""
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.${tableName1}"
+ }
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.${tableName2}"
+ }
+
+ sql """revoke select_priv on ${dbName}.${tableName1} from ${user1}"""
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.${tableName1}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.${tableName2}"
+ }
+
+ // role
+ sql """grant select_priv on ${dbName}.${tableName1} to ROLE '${role1}'"""
+ sql """grant Load_priv on ${dbName}.${tableName1} to ROLE '${role2}'"""
+ sql """grant '${role1}', '${role2}' to '${user2}'"""
+ connect(user=user2, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.${tableName1}"
+ sql """insert into ${dbName}.`${tableName1}` values (4, "444")"""
+ }
+
+ sql """revoke '${role1}' from '${user2}'"""
+ connect(user=user2, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.${tableName1}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user2, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """insert into ${dbName}.`${tableName1}` values (5, "555")"""
+ }
+
+ // workload group
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """set workload_group = '${wg1}';"""
+ try {
+ sql "select username from ${dbName}.${tableName2}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ sql """GRANT USAGE_PRIV ON WORKLOAD GROUP '${wg1}' TO '${user1}';"""
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """set workload_group = '${wg1}';"""
+ sql """select username from ${dbName}.${tableName2}"""
+ }
+
+ // resource group
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ def res = sql """SHOW RESOURCES;"""
+ assertTrue(res == [])
+ }
+ sql """GRANT USAGE_PRIV ON RESOURCE ${rg1} TO ${user1};"""
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ def res = sql """SHOW RESOURCES;"""
+ assertTrue(res.size == 10)
+ }
+}
diff --git
a/regression-test/suites/auth_up_down_p0/test_grant_revoke_auth.groovy
b/regression-test/suites/auth_up_down_p0/test_grant_revoke_auth.groovy
new file mode 100644
index 00000000000..af620e647de
--- /dev/null
+++ b/regression-test/suites/auth_up_down_p0/test_grant_revoke_auth.groovy
@@ -0,0 +1,75 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+suite("test_upgrade_downgrade_compatibility_auth","p0,auth") {
+
+ sql """ADMIN SET FRONTEND CONFIG ('experimental_enable_workload_group' =
'true');"""
+ sql """set experimental_enable_pipeline_engine = true;"""
+
+ String user1 = 'test_upgrade_downgrade_compatibility_auth_user1'
+ String user2 = 'test_upgrade_downgrade_compatibility_auth_user2'
+ String role1 = 'test_upgrade_downgrade_compatibility_auth_role1'
+ String role2 = 'test_upgrade_downgrade_compatibility_auth_role2'
+ String pwd = 'C123_567p'
+
+ String dbName = 'test_auth_up_down_db'
+ String tableName1 = 'test_auth_up_down_table1'
+ String tableName2 = 'test_auth_up_down_table2'
+
+ String wg1 = 'wg_1'
+ String wg2 = 'wg_2'
+ String rg1 = 'test_up_down_resource_1_hdfs'
+ String rg2 = 'test_up_down_resource_2_hdfs'
+
+ // user
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.${tableName1}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ sql "select username from ${dbName}.${tableName2}"
+ }
+
+ // role
+ connect(user=user2, password="${pwd}", url=context.config.jdbcUrl) {
+ try {
+ sql "select username from ${dbName}.${tableName1}"
+ } catch (Exception e) {
+ log.info(e.getMessage())
+ assertTrue(e.getMessage().contains("denied"))
+ }
+ }
+ connect(user=user2, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """insert into ${dbName}.`${tableName1}` values (5, "555")"""
+ }
+
+ // workload group
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ sql """set workload_group = '${wg1}';"""
+ sql """select username from ${dbName}.${tableName2}"""
+ }
+
+ // resource group
+ connect(user=user1, password="${pwd}", url=context.config.jdbcUrl) {
+ def res = sql """SHOW RESOURCES;"""
+ assertTrue(res.size == 10)
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
