Re: [PR] [#5180][part-1] improvement(test): Add more integration tests about access control [gravitino]

Sun, 27 Oct 2024 23:20:36 -0700 


jerqi commented on code in PR #5190:
URL: https://github.com/apache/gravitino/pull/5190#discussion_r1818433462


##########
authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerHiveE2EIT.java:
##########
@@ -204,52 +229,327 @@ public void stop() {
   }
 
   @Test
-  void testAllowUseSchemaPrivilege() throws InterruptedException {
-    // First, create a schema use Gravitino client
-    createSchema();
+  void testCreateSchema() throws InterruptedException {
+    // First, fail to create the schema
+    Assertions.assertThrows(
+        AccessControlException.class, () -> 
sparkSession.sql(SQL_CREATE_SCHEMA));
 
-    // Use Spark to show this databases(schema)
-    Dataset dataset1 = sparkSession.sql(SQL_SHOW_DATABASES);
-    dataset1.show();
-    List<Row> rows1 = dataset1.collectAsList();
-    // The schema should not be shown, because the user does not have the 
permission
-    Assertions.assertEquals(
-        0, rows1.stream().filter(row -> 
row.getString(0).equals(schemaName)).count());
+    // Second, grant the `CREATE_SCHEMA` role
+    String userName1 = System.getenv(HADOOP_USER_NAME);
+    String roleName = "createSchemaRole";
+    SecurableObject securableObject =
+        SecurableObjects.ofMetalake(
+            metalakeName, Lists.newArrayList(Privileges.CreateSchema.allow()));
+    metalake.createRole(roleName, Collections.emptyMap(), 
Lists.newArrayList(securableObject));
+    metalake.grantRolesToUser(Lists.newArrayList(roleName), userName1);
+    waitForUpdatingPolicies();
+
+    // Third, succeed to create the schema
+    sparkSession.sql(SQL_CREATE_SCHEMA);
+
+    // Clean up
+    catalog.asSchemas().dropSchema(schemaName, true);
+    metalake.deleteRole(roleName);
+  }
+
+  @Test
+  void testCreateTable() throws InterruptedException {
+    // First, create a role for creating a database and grant role to the user
+    String createSchemaRole = "createSchemaRole";

Review Comment:
   OK.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to