Repository: incubator-hawq Updated Branches: refs/heads/master 7a22bdd78 -> c09ac9259
HAWQ-1359. Add test cases for Ranger support, combinations of different allow/exclude policies. Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/c09ac925 Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/c09ac925 Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/c09ac925 Branch: refs/heads/master Commit: c09ac9259661a4a22dcbe3dd8ec7674cca116182 Parents: 7a22bdd Author: Wen Lin <[email protected]> Authored: Tue Mar 14 15:17:32 2017 +0800 Committer: Wen Lin <[email protected]> Committed: Wed Mar 15 10:11:43 2017 +0800 ---------------------------------------------------------------------- ranger-plugin/.gitignore | 1 + .../feature/Ranger/allowexcludepolicy/3/1.json | 1 + src/test/feature/Ranger/allowpolicy/3/1.json | 1 + src/test/feature/Ranger/allowpolicy/3/2.json | 1 + src/test/feature/Ranger/allowpolicy/4/1.json | 1 + src/test/feature/Ranger/allowpolicy/5/1.json | 1 + src/test/feature/Ranger/allowpolicy/6/1.json | 1 + src/test/feature/Ranger/ans/allow6_fail.ans | 13 + .../feature/Ranger/ans/allowexclude3_fail.ans | 8 + .../Ranger/ans/allowexclude3_succeed.ans | 11 + src/test/feature/Ranger/ans/deny1_fail.ans | 8 + src/test/feature/Ranger/ans/deny1_succeed.ans | 11 + .../feature/Ranger/ans/denyexclude2_fail.ans | 8 + .../feature/Ranger/ans/denyexclude2_succeed.ans | 11 + .../Ranger/ans/denyexclude2_succeed2.ans | 11 + .../Ranger/ans/resourceexclude4_fail.ans | 20 ++ .../Ranger/ans/resourceexclude4_succeed.ans | 13 + .../Ranger/ans/resourceexclude5_fail.ans | 13 + .../Ranger/ans/resourceexclude5_fail2.ans | 8 + .../feature/Ranger/denyexcludepolicy/2/1.json | 1 + src/test/feature/Ranger/denypolicy/1/1.json | 1 + src/test/feature/Ranger/denypolicy/2/1.json | 1 + src/test/feature/Ranger/rangerpolicy.py | 7 + src/test/feature/Ranger/rangeruser.py | 7 +- .../Ranger/resourceexcludepolicy/4/1.json | 1 + .../Ranger/resourceexcludepolicy/5/1.json | 1 + src/test/feature/Ranger/sql/allow/6.sql | 2 + src/test/feature/Ranger/sql/allowexclude/3.sql | 3 + src/test/feature/Ranger/sql/deny/1.sql | 3 + src/test/feature/Ranger/sql/denyexclude/2.sql | 3 + .../feature/Ranger/sql/resourceexclude/4.sql | 4 + .../feature/Ranger/sql/resourceexclude/5.sql | 3 + src/test/feature/Ranger/test_ranger.cpp | 278 ++++++++++++++++++- src/test/feature/Ranger/test_ranger.h | 19 +- src/test/feature/lib/sql_util.cpp | 3 + 35 files changed, 463 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/ranger-plugin/.gitignore ---------------------------------------------------------------------- diff --git a/ranger-plugin/.gitignore b/ranger-plugin/.gitignore index 9f5b5c2..3ed4d88 100644 --- a/ranger-plugin/.gitignore +++ b/ranger-plugin/.gitignore @@ -1,2 +1,3 @@ target/ Makefile.global +/bin/ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/allowexcludepolicy/3/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/allowexcludepolicy/3/1.json b/src/test/feature/Ranger/allowexcludepolicy/3/1.json new file mode 100644 index 0000000..358d863 --- /dev/null +++ b/src/test/feature/Ranger/allowexcludepolicy/3/1.json @@ -0,0 +1 @@ +{"policyItems": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "allowexcludepolicy3-1", "allowExceptions": [{"accesses": [{"isAllowed": true, "type": "select"}], "conditions": [], "delegateAdmin": true, "groups": null, "users": ["userallowexclude3"]}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_allowexcludetest"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["a"]}}, "service": "hawq", "version": 2} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/allowpolicy/3/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/allowpolicy/3/1.json b/src/test/feature/Ranger/allowpolicy/3/1.json new file mode 100644 index 0000000..807bec2 --- /dev/null +++ b/src/test/feature/Ranger/allowpolicy/3/1.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "allowpolicy3-1", "policyItems": [{"accesses": [{"isAllowed": true, "type": "usage-schema"}], "conditions": [], "delegateAdmin": true, "groups": ["public"], "users": null}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_allowexcludetest"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["*"]}}, "service": "hawq", "version": 3} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/allowpolicy/3/2.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/allowpolicy/3/2.json b/src/test/feature/Ranger/allowpolicy/3/2.json new file mode 100644 index 0000000..36cfa2b --- /dev/null +++ b/src/test/feature/Ranger/allowpolicy/3/2.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "allowpolicy3-2", "policyItems": [{"accesses": [{"isAllowed": true, "type": "select"}], "conditions": [], "delegateAdmin": true, "groups": ["public"], "users": null}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_allowexcludetest"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["a"]}}, "service": "hawq", "version": 3} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/allowpolicy/4/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/allowpolicy/4/1.json b/src/test/feature/Ranger/allowpolicy/4/1.json new file mode 100644 index 0000000..b61cda9 --- /dev/null +++ b/src/test/feature/Ranger/allowpolicy/4/1.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "allowpolicy4-1", "policyItems": [{"accesses": [{"isAllowed": true, "type": "usage-schema"}], "conditions": [], "delegateAdmin": true, "groups": ["public"], "users": null}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_resourceexcludetest"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["*"]}}, "service": "hawq", "version": 1} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/allowpolicy/5/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/allowpolicy/5/1.json b/src/test/feature/Ranger/allowpolicy/5/1.json new file mode 100644 index 0000000..d79fd7b --- /dev/null +++ b/src/test/feature/Ranger/allowpolicy/5/1.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "allowpolicy5-1", "policyItems": [{"accesses": [{"isAllowed": true, "type": "usage-schema"}], "conditions": [], "delegateAdmin": true, "groups": ["public"], "users": null}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_resourceexcludestartest"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["*"]}}, "service": "hawq", "version": 1} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/allowpolicy/6/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/allowpolicy/6/1.json b/src/test/feature/Ranger/allowpolicy/6/1.json new file mode 100644 index 0000000..f794bd6 --- /dev/null +++ b/src/test/feature/Ranger/allowpolicy/6/1.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "allowpolicy6-1", "policyItems": [{"accesses": [{"isAllowed": true, "type": "usage-schema"},{"isAllowed": true, "type": "select"}], "conditions": [], "delegateAdmin": true, "groups": null, "users": ["userallow6"]}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_resourceincludeatest"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["a"]}}, "service": "hawq", "version": 1} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/allow6_fail.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/allow6_fail.ans b/src/test/feature/Ranger/ans/allow6_fail.ans new file mode 100644 index 0000000..e2e112f --- /dev/null +++ b/src/test/feature/Ranger/ans/allow6_fail.ans @@ -0,0 +1,13 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_ResourceIncludeATest; +SET +-- end_ignore +set session role= 'userallow6'; +SET +select * from a; +psql:/tmp/TestHawqRanger_ResourceIncludeATest.sql:5: WARNING: usage privilege of namespace testhawqranger_resourceincludeatest is required. +LINE 1: select * from a; + ^ +psql:/tmp/TestHawqRanger_ResourceIncludeATest.sql:5: ERROR: relation "a" does not exist +LINE 1: select * from a; + ^ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/allowexclude3_fail.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/allowexclude3_fail.ans b/src/test/feature/Ranger/ans/allowexclude3_fail.ans new file mode 100644 index 0000000..2112527 --- /dev/null +++ b/src/test/feature/Ranger/ans/allowexclude3_fail.ans @@ -0,0 +1,8 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_AllowExcludeTest; +SET +-- end_ignore +set session role= 'userallowexclude3'; +SET +select * from a; +psql:/tmp/TestHawqRanger_AllowExcludeTest.sql:5: ERROR: permission denied for relation(s): testhawqranger_allowexcludetest.a http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/allowexclude3_succeed.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/allowexclude3_succeed.ans b/src/test/feature/Ranger/ans/allowexclude3_succeed.ans new file mode 100644 index 0000000..a7fce7b --- /dev/null +++ b/src/test/feature/Ranger/ans/allowexclude3_succeed.ans @@ -0,0 +1,11 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_AllowExcludeTest; +SET +-- end_ignore +set session role= 'userallowexclude3'; +SET +select * from a; + i +--- +(0 rows) + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/deny1_fail.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/deny1_fail.ans b/src/test/feature/Ranger/ans/deny1_fail.ans new file mode 100644 index 0000000..8e4c59c --- /dev/null +++ b/src/test/feature/Ranger/ans/deny1_fail.ans @@ -0,0 +1,8 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_DenyTest; +SET +-- end_ignore +set session role= 'userdeny1'; +SET +select * from a; +psql:/tmp/TestHawqRanger_DenyTest.sql:5: ERROR: permission denied for relation(s): testhawqranger_denytest.a http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/deny1_succeed.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/deny1_succeed.ans b/src/test/feature/Ranger/ans/deny1_succeed.ans new file mode 100644 index 0000000..5ec539f --- /dev/null +++ b/src/test/feature/Ranger/ans/deny1_succeed.ans @@ -0,0 +1,11 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_NegativeTest; +SET +-- end_ignore +set session role= 'userdeny1'; +SET +select * from a; + i +--- +(0 rows) + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/denyexclude2_fail.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/denyexclude2_fail.ans b/src/test/feature/Ranger/ans/denyexclude2_fail.ans new file mode 100644 index 0000000..03e98b1 --- /dev/null +++ b/src/test/feature/Ranger/ans/denyexclude2_fail.ans @@ -0,0 +1,8 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_DenyExcludeTest; +SET +-- end_ignore +set session role= 'userdenyexclude2'; +SET +select * from a; +psql:/tmp/TestHawqRanger_DenyExcludeTest.sql:5: ERROR: permission denied for relation(s): testhawqranger_denyexcludetest.a http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/denyexclude2_succeed.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/denyexclude2_succeed.ans b/src/test/feature/Ranger/ans/denyexclude2_succeed.ans new file mode 100644 index 0000000..028555e --- /dev/null +++ b/src/test/feature/Ranger/ans/denyexclude2_succeed.ans @@ -0,0 +1,11 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_DenyExcludeTest; +SET +-- end_ignore +set session role= 'userdenyexclude2'; +SET +select * from a; + i +--- +(0 rows) + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/denyexclude2_succeed2.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/denyexclude2_succeed2.ans b/src/test/feature/Ranger/ans/denyexclude2_succeed2.ans new file mode 100644 index 0000000..028555e --- /dev/null +++ b/src/test/feature/Ranger/ans/denyexclude2_succeed2.ans @@ -0,0 +1,11 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_DenyExcludeTest; +SET +-- end_ignore +set session role= 'userdenyexclude2'; +SET +select * from a; + i +--- +(0 rows) + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/resourceexclude4_fail.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/resourceexclude4_fail.ans b/src/test/feature/Ranger/ans/resourceexclude4_fail.ans new file mode 100644 index 0000000..5b90e6f --- /dev/null +++ b/src/test/feature/Ranger/ans/resourceexclude4_fail.ans @@ -0,0 +1,20 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_ResourceExcludeTest; +SET +-- end_ignore +set session role= 'userresourceexclude4'; +SET +select * from a; +psql:/tmp/TestHawqRanger_ResourceExcludeTest.sql:5: WARNING: usage privilege of namespace testhawqranger_resourceexcludetest is required. +LINE 1: select * from a; + ^ +psql:/tmp/TestHawqRanger_ResourceExcludeTest.sql:5: ERROR: relation "a" does not exist +LINE 1: select * from a; + ^ +select * from b; +psql:/tmp/TestHawqRanger_ResourceExcludeTest.sql:6: WARNING: usage privilege of namespace testhawqranger_resourceexcludetest is required. +LINE 1: select * from b; + ^ +psql:/tmp/TestHawqRanger_ResourceExcludeTest.sql:6: ERROR: relation "b" does not exist +LINE 1: select * from b; + ^ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/resourceexclude4_succeed.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/resourceexclude4_succeed.ans b/src/test/feature/Ranger/ans/resourceexclude4_succeed.ans new file mode 100644 index 0000000..424e6d2 --- /dev/null +++ b/src/test/feature/Ranger/ans/resourceexclude4_succeed.ans @@ -0,0 +1,13 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_ResourceExcludeTest; +SET +-- end_ignore +set session role= 'userresourceexclude4'; +SET +select * from a; +psql:/tmp/TestHawqRanger_ResourceExcludeTest.sql:5: ERROR: permission denied for relation(s): testhawqranger_resourceexcludetest.a +select * from b; + i +--- +(0 rows) + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/resourceexclude5_fail.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/resourceexclude5_fail.ans b/src/test/feature/Ranger/ans/resourceexclude5_fail.ans new file mode 100644 index 0000000..45ee67c --- /dev/null +++ b/src/test/feature/Ranger/ans/resourceexclude5_fail.ans @@ -0,0 +1,13 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_ResourceExcludeStarTest; +SET +-- end_ignore +set session role= 'userresourceexclude5'; +SET +select * from a; +psql:/tmp/TestHawqRanger_ResourceExcludeStarTest.sql:5: WARNING: usage privilege of namespace testhawqranger_resourceexcludestartest is required. +LINE 1: select * from a; + ^ +psql:/tmp/TestHawqRanger_ResourceExcludeStarTest.sql:5: ERROR: relation "a" does not exist +LINE 1: select * from a; + ^ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/ans/resourceexclude5_fail2.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/resourceexclude5_fail2.ans b/src/test/feature/Ranger/ans/resourceexclude5_fail2.ans new file mode 100644 index 0000000..822b2f4 --- /dev/null +++ b/src/test/feature/Ranger/ans/resourceexclude5_fail2.ans @@ -0,0 +1,8 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_ResourceExcludeStarTest; +SET +-- end_ignore +set session role= 'userresourceexclude5'; +SET +select * from a; +psql:/tmp/TestHawqRanger_ResourceExcludeStarTest.sql:5: ERROR: permission denied for relation(s): testhawqranger_resourceexcludestartest.a http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/denyexcludepolicy/2/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/denyexcludepolicy/2/1.json b/src/test/feature/Ranger/denyexcludepolicy/2/1.json new file mode 100644 index 0000000..ba0cf38 --- /dev/null +++ b/src/test/feature/Ranger/denyexcludepolicy/2/1.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyPolicyItems": [], "policyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "denyexcludepolicy2-1", "denyExceptions": [{"accesses": [{"isAllowed": true, "type": "select"}], "conditions": [], "delegateAdmin": true, "groups": null, "users": ["userdenyexclude2"]}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_denyexcludetest"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["a"]}}, "service": "hawq", "version": 1} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/denypolicy/1/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/denypolicy/1/1.json b/src/test/feature/Ranger/denypolicy/1/1.json new file mode 100644 index 0000000..a81f16b --- /dev/null +++ b/src/test/feature/Ranger/denypolicy/1/1.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "policyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "denypolicy1-1", "denyPolicyItems": [{"accesses": [{"isAllowed": true, "type": "select"}], "conditions": [], "delegateAdmin": true, "groups": null, "users": ["userdeny1", "userdeny1"]}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_denytest"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["a"]}}, "service": "hawq", "version": 1} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/denypolicy/2/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/denypolicy/2/1.json b/src/test/feature/Ranger/denypolicy/2/1.json new file mode 100644 index 0000000..c9df4c8 --- /dev/null +++ b/src/test/feature/Ranger/denypolicy/2/1.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "policyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "denypolicy2-1", "denyPolicyItems": [{"accesses": [{"isAllowed": true, "type": "select"}], "conditions": [], "delegateAdmin": true, "groups": ["public"], "users": null}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_denyexcludetest"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["a"]}}, "service": "hawq", "version": 1} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/rangerpolicy.py ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/rangerpolicy.py b/src/test/feature/Ranger/rangerpolicy.py index 035ed14..b5a7c48 100644 --- a/src/test/feature/Ranger/rangerpolicy.py +++ b/src/test/feature/Ranger/rangerpolicy.py @@ -69,6 +69,13 @@ def create_policy(policy_json_file_name, rangerhelper): response_dict = json.load(response) for new_policy_item in json_decode['policyItems']: response_dict["policyItems"].append(new_policy_item) + for new_policy_item in json_decode['denyPolicyItems']: + response_dict["denyPolicyItems"].append(new_policy_item) + for new_policy_item in json_decode['allowExceptions']: + response_dict["allowExceptions"].append(new_policy_item) + for new_policy_item in json_decode['denyExceptions']: + response_dict["denyExceptions"].append(new_policy_item) + rangerhelper.update_policy(service_name, dup_policy_name, \ json.dumps(response_dict)); return policyname http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/rangeruser.py ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/rangeruser.py b/src/test/feature/Ranger/rangeruser.py index b1970a1..dcaaa3e 100644 --- a/src/test/feature/Ranger/rangeruser.py +++ b/src/test/feature/Ranger/rangeruser.py @@ -111,7 +111,8 @@ if __name__ == '__main__': add_full_privilege_for_user(user, policy_names, helper) print 'user {} complete'.format(user) else: - for user in unames: - add_user(user, helper) - print 'user {} is added'.format(user) + if unames != None: + for user in unames: + add_user(user, helper) + print 'user {} is added'.format(user) http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/resourceexcludepolicy/4/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/resourceexcludepolicy/4/1.json b/src/test/feature/Ranger/resourceexcludepolicy/4/1.json new file mode 100644 index 0000000..4209e3d --- /dev/null +++ b/src/test/feature/Ranger/resourceexcludepolicy/4/1.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "resourceexcludepolicy4-1", "policyItems": [{"accesses": [{"isAllowed": true, "type": "select"},{"isAllowed": true, "type": "usage-schema"}], "conditions": [], "delegateAdmin": true, "groups": null, "users": ["userresourceexclude4"]}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_resourceexcludetest"]}, "table": {"isExcludes": true, "isRecursive": false, "values": ["a"]}}, "service": "hawq", "version": 3} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/resourceexcludepolicy/5/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/resourceexcludepolicy/5/1.json b/src/test/feature/Ranger/resourceexcludepolicy/5/1.json new file mode 100644 index 0000000..5a39ac5 --- /dev/null +++ b/src/test/feature/Ranger/resourceexcludepolicy/5/1.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "resourceexcludepolicy5-1", "policyItems": [{"accesses": [{"isAllowed": true, "type": "select"},{"isAllowed": true, "type": "usage-schema"}], "conditions": [], "delegateAdmin": true, "groups": null, "users": ["userresourceexclude5"]}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_resourceexcludestartest"]}, "table": {"isExcludes": true, "isRecursive": false, "values": ["*"]}}, "service": "hawq", "version": 3} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/sql/allow/6.sql ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/sql/allow/6.sql b/src/test/feature/Ranger/sql/allow/6.sql new file mode 100644 index 0000000..ca10f1f --- /dev/null +++ b/src/test/feature/Ranger/sql/allow/6.sql @@ -0,0 +1,2 @@ +set session role= 'userallow6'; +select * from a; http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/sql/allowexclude/3.sql ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/sql/allowexclude/3.sql b/src/test/feature/Ranger/sql/allowexclude/3.sql new file mode 100644 index 0000000..c0dbf1d --- /dev/null +++ b/src/test/feature/Ranger/sql/allowexclude/3.sql @@ -0,0 +1,3 @@ +set session role= 'userallowexclude3'; +select * from a; + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/sql/deny/1.sql ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/sql/deny/1.sql b/src/test/feature/Ranger/sql/deny/1.sql new file mode 100644 index 0000000..cf61470 --- /dev/null +++ b/src/test/feature/Ranger/sql/deny/1.sql @@ -0,0 +1,3 @@ +set session role= 'userdeny1'; +select * from a; + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/sql/denyexclude/2.sql ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/sql/denyexclude/2.sql b/src/test/feature/Ranger/sql/denyexclude/2.sql new file mode 100644 index 0000000..dcad13e --- /dev/null +++ b/src/test/feature/Ranger/sql/denyexclude/2.sql @@ -0,0 +1,3 @@ +set session role= 'userdenyexclude2'; +select * from a; + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/sql/resourceexclude/4.sql ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/sql/resourceexclude/4.sql b/src/test/feature/Ranger/sql/resourceexclude/4.sql new file mode 100644 index 0000000..8138d2b --- /dev/null +++ b/src/test/feature/Ranger/sql/resourceexclude/4.sql @@ -0,0 +1,4 @@ +set session role= 'userresourceexclude4'; +select * from a; +select * from b; + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/sql/resourceexclude/5.sql ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/sql/resourceexclude/5.sql b/src/test/feature/Ranger/sql/resourceexclude/5.sql new file mode 100644 index 0000000..42976fd --- /dev/null +++ b/src/test/feature/Ranger/sql/resourceexclude/5.sql @@ -0,0 +1,3 @@ +set session role= 'userresourceexclude5'; +select * from a; + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/test_ranger.cpp ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/test_ranger.cpp b/src/test/feature/Ranger/test_ranger.cpp index 93e8452..0aa61dd 100644 --- a/src/test/feature/Ranger/test_ranger.cpp +++ b/src/test/feature/Ranger/test_ranger.cpp @@ -24,7 +24,6 @@ #include "lib/command.h" #include "lib/gpfdist.h" -#include "lib/sql_util.h" #include "lib/string_util.h" using std::vector; @@ -32,11 +31,27 @@ using std::string; using hawq::test::SQLUtility; using hawq::test::Command; +TestHawqRanger::TestHawqRanger() +{ + initfile = hawq::test::stringFormat("Ranger/sql/init_file"); + rangerHost = getRangerHost(); +} + +std::string& TestHawqRanger::getRangerHost() +{ + string cmd = hawq::test::stringFormat("hawq config -s hawq_rps_address_host"); + string rangerHostStr = Command::getCommandOutput(cmd); + rangerHostStr = rangerHostStr.substr(rangerHostStr.find("Value") + 5); + rangerHostStr = rangerHostStr.substr(rangerHostStr.find(":") + 1); + rangerHostStr = rangerHostStr.substr(rangerHostStr.find_first_not_of(' ')); + return hawq::test::trimNewLine(rangerHostStr); +} + TEST_F(TestHawqRanger, BasicTest) { - SQLUtility util; + SQLUtility util; - if (util.getGUCValue("hawq_acl_type") == "ranger") - { + if (util.getGUCValue("hawq_acl_type") == "ranger") + { hawq::test::GPfdist gpdfist(&util); gpdfist.init_gpfdist(); @@ -45,7 +60,7 @@ TEST_F(TestHawqRanger, BasicTest) { auto cmd = hawq::test::stringFormat("ls -l %s/Ranger/sql/normal/*.sql 2>/dev/null | grep \"^-\" | wc -l", rootPath.c_str()); int sql_num = std::atoi(Command::getCommandOutput(cmd).c_str()); int writableTableCase = 28; - string rangerHost = RANGER_HOST; + string rangerHost = getRangerHost(); cmd = hawq::test::stringFormat("cp %s/Ranger/data/copydata.txt /tmp/a.txt", rootPath.c_str()); Command::getCommandStatus(cmd); @@ -105,7 +120,6 @@ TEST_F(TestHawqRanger, BasicTest) { util.execSQLFile(admin_sqlfile, admin_ansfile, initfile, true, true); - for (int j = 1; j <= policy_num; j++) { cmd = hawq::test::stringFormat("python %s/Ranger/rangerpolicy.py -h %s -a %s/Ranger/policy/%d/%d.json", rootPath.c_str(), rangerHost.c_str(), rootPath.c_str(), i, j); Command::getCommandStatus(cmd); @@ -113,7 +127,6 @@ TEST_F(TestHawqRanger, BasicTest) { } sleep(60); - for (int i = 1; i <= sql_num; i++) { //run sql by different users string normal_sqlfile = hawq::test::stringFormat("Ranger/sql/normal/%d.sql", i); @@ -121,6 +134,9 @@ TEST_F(TestHawqRanger, BasicTest) { string normal_ansfile_success = hawq::test::stringFormat("Ranger/ans/normal%d_success.ans", i); string super_ansfile_success = hawq::test::stringFormat("Ranger/ans/super%d_success.ans", i); + cmd = hawq::test::stringFormat("ls -l %s/Ranger/policy/%d/ 2>/dev/null| grep \"^-\" | wc -l", rootPath.c_str(), i); + int policy_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + cmd = hawq::test::stringFormat("ls -l %s/Ranger/sql/super/%d.sql 2>/dev/null | grep \"^-\" | wc -l", rootPath.c_str(), i); int supersqlexist = std::atoi(Command::getCommandOutput(cmd).c_str()); util.execSQLFile(normal_sqlfile, normal_ansfile_success, initfile, true, true); @@ -152,7 +168,7 @@ TEST_F(TestHawqRanger, BasicTest) { } gpdfist.finalize_gpfdist(); - } + } } static void clear_env(SQLUtility &util, int sql_id, string rootPath, string rangerHost) @@ -174,10 +190,10 @@ static void clear_env(SQLUtility &util, int sql_id, string rootPath, string rang } TEST_F(TestHawqRanger, FallbackTest) { - SQLUtility util; + SQLUtility util; - if (util.getGUCValue("hawq_acl_type") == "ranger") - { + if (util.getGUCValue("hawq_acl_type") == "ranger") + { string rootPath(util.getTestRootPath()); string rangerHost = RANGER_HOST; string initfile = "Ranger/sql/init_file"; @@ -210,3 +226,243 @@ TEST_F(TestHawqRanger, FallbackTest) { clear_env(util, i, rootPath, rangerHost); } } + +TEST_F(TestHawqRanger, DenyTest) { + SQLUtility util; + if (util.getGUCValue("hawq_acl_type") == "ranger") + { + clearEnv(&util, "deny", 1); + util.execute("create table a(i int);"); + addUser(&util, "deny", 1, true); + runSQLFile(&util, "deny", "succeed", 1); + addPolicy(&util, "deny", 1); + runSQLFile(&util, "deny", "fail", 1); + } +} + + +TEST_F(TestHawqRanger, DenyExcludeTest) { + SQLUtility util; + if (util.getGUCValue("hawq_acl_type") == "ranger") + { + clearEnv(&util, "denyexclude", 2); + clearEnv(&util, "deny", 2); + util.execute("create table a(i int);"); + addUser(&util, "denyexclude", 2, true); + runSQLFile(&util, "denyexclude", "succeed", 2); + addPolicy(&util, "deny", 2); + runSQLFile(&util, "denyexclude", "fail", 2); + addPolicy(&util, "denyexclude", 2); + runSQLFile(&util, "denyexclude", "succeed2", 2); + } +} + +TEST_F(TestHawqRanger, AllowExcludeTest) { + SQLUtility util; + if (util.getGUCValue("hawq_acl_type") == "ranger") + { + clearEnv(&util, "allowexclude", 3); + clearEnv(&util, "allow", 3); + util.execute("create table a(i int);"); + addUser(&util, "allowexclude", 3, false); + + addPolicy(&util, "allow", 3); + runSQLFile(&util, "allowexclude", "succeed", 3); + + addPolicy(&util, "allowexclude", 3); + runSQLFile(&util, "allowexclude", "fail", 3); + } +} + +TEST_F(TestHawqRanger, ResourceExcludeTest) { + SQLUtility util; + if (util.getGUCValue("hawq_acl_type") == "ranger") + { + clearEnv(&util, "resourceexclude", 4); + clearEnv(&util, "allow", 4); + util.execute("create table a(i int);"); + util.execute("create table b(i int);"); + addUser(&util, "resourceexclude", 4, false); + + addPolicy(&util, "resourceexclude", 4); + // select a fail, select b succeed + runSQLFile(&util, "resourceexclude", "fail", 4); + + //add usage-schema to public + addPolicy(&util, "allow", 4); + runSQLFile(&util, "resourceexclude", "succeed", 4); + } +} + +TEST_F(TestHawqRanger, ResourceExcludeStarTest) { + SQLUtility util; + if (util.getGUCValue("hawq_acl_type") == "ranger") + { + clearEnv(&util, "resourceexclude", 5); + clearEnv(&util, "allow", 5); + util.execute("create table a(i int);"); + addUser(&util, "resourceexclude", 5, false); + + addPolicy(&util, "resourceexclude", 5); + // fail in select table a , succeed in select table b + runSQLFile(&util, "resourceexclude", "fail", 5); + + //add usage-schema to public + addPolicy(&util, "allow", 5); + runSQLFile(&util, "resourceexclude", "fail2", 5); + } +} + +TEST_F(TestHawqRanger, ResourceIncludeATest) { + SQLUtility util; + if (util.getGUCValue("hawq_acl_type") == "ranger") + { + clearEnv(&util, "allow", 6); + util.execute("create table a(i int);"); + addUser(&util, "allow", 6, false); + + addPolicy(&util, "allow", 6); + runSQLFile(&util, "allow", "fail", 6); + } +} + +void TestHawqRanger::addUser(hawq::test::SQLUtility* util, std::string case_name, int user_index, bool full_policy, int writable_index) +{ + string rootPath = util->getTestRootPath(); + string cmd = ""; + if (user_index == -1) + { + cmd = hawq::test::stringFormat("ls -l %s/Ranger/sql/%s/*.sql 2>/dev/null| grep \"^-\" | wc -l", rootPath.c_str(), case_name.c_str()); + int sql_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + for (int i = 1; i <= sql_num; i++) { + // create user_num + std::string denyusername = hawq::test::stringFormat("user%s%d", case_name.c_str() ,i); + util->execute(hawq::test::stringFormat("create role %s with login createdb CREATEEXTTABLE CREATEROLE;", denyusername.c_str()),true); + if (full_policy) + { + cmd = hawq::test::stringFormat("python %s/Ranger/rangeruser.py -h %s -u %s -f True", rootPath.c_str(), + rangerHost.c_str(),denyusername.c_str()); + } else { + cmd = hawq::test::stringFormat("python %s/Ranger/rangeruser.py -h %s -u %s", rootPath.c_str(), + rangerHost.c_str(),denyusername.c_str()); + } + Command::getCommandStatus(cmd); + if (full_policy) + { + sleep(60); + } + } + } else { + std::string denyusername = hawq::test::stringFormat("user%s%d", case_name.c_str() ,user_index); + util->execute(hawq::test::stringFormat("create role %s with login createdb CREATEEXTTABLE CREATEROLE;", denyusername.c_str()),true); + if (full_policy) + { + cmd = hawq::test::stringFormat("python %s/Ranger/rangeruser.py -h %s -u %s -f True", rootPath.c_str(), + rangerHost.c_str(),denyusername.c_str()); + } else + { + cmd = hawq::test::stringFormat("python %s/Ranger/rangeruser.py -h %s -u %s", rootPath.c_str(), + rangerHost.c_str(),denyusername.c_str()); + } + Command::getCommandStatus(cmd); + if (full_policy) + { + sleep(60); + } + } +} + +void TestHawqRanger::clearEnv(hawq::test::SQLUtility* util, std::string case_name, int user_index) +{ + string rootPath = util->getTestRootPath(); + string cmd = ""; + if (user_index == -1) + { + cmd = hawq::test::stringFormat("ls -l %s/Ranger/sql/%s/*.sql 2>/dev/null| grep \"^-\" | wc -l", rootPath.c_str(), case_name.c_str()); + int sql_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + for (int i = 1; i <= sql_num; i++) { + // delete user_num + std::string denyusername = hawq::test::stringFormat("user%s%d", case_name.c_str(), i); + util->execute(hawq::test::stringFormat("drop role %s;",denyusername.c_str()), false); + // delete policy + std::string cmd = hawq::test::stringFormat("ls -l %s/Ranger/%spolicy/%d/ 2>/dev/null| grep \"^-\" | wc -l ", rootPath.c_str(), case_name.c_str(), i); + int policy_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + for (int j = 1; j <= policy_num; j++) { + cmd = hawq::test::stringFormat("python %s/Ranger/rangerpolicy.py -h %s -d %spolicy%d-%d", rootPath.c_str(), rangerHost.c_str(), case_name.c_str(), i, j); + Command::getCommandStatus(cmd); + } + } + } else { + // delete user_num + std::string denyusername = hawq::test::stringFormat("user%s%d", case_name.c_str(), user_index); + util->execute(hawq::test::stringFormat("drop role %s;",denyusername.c_str()), false); + // delete policy + std::string cmd = hawq::test::stringFormat("ls -l %s/Ranger/%spolicy/%d/ 2>/dev/null| grep \"^-\" | wc -l ", rootPath.c_str(), case_name.c_str(), user_index); + int policy_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + for (int j = 1; j <= policy_num; j++) { + cmd = hawq::test::stringFormat("python %s/Ranger/rangerpolicy.py -h %s -d %spolicy%d-%d", rootPath.c_str(), rangerHost.c_str(), case_name.c_str(), user_index, j); + Command::getCommandStatus(cmd); + } + } +} + +void TestHawqRanger::runSQLFile(hawq::test::SQLUtility* util, std::string case_name, std::string ans_suffix, int sql_index) +{ + string rootPath = util->getTestRootPath(); + auto cmd = hawq::test::stringFormat("ls -l %s/Ranger/sql/%s/*.sql 2>/dev/null| grep \"^-\" | wc -l", rootPath.c_str(), case_name.c_str()); + + // run all the sql files in folder. + if(sql_index == -1) + { + int sql_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + for (int i = 1; i <= sql_num; i++) { + string deny_sqlfile = hawq::test::stringFormat("Ranger/sql/%s/%d.sql", i, case_name.c_str()); + string deny_ansfile_succeed = hawq::test::stringFormat("Ranger/ans/%s%d_%s.ans", case_name.c_str(), i, ans_suffix.c_str()); + + auto cmd = hawq::test::stringFormat("ls -l %s/Ranger/%spolicy/%d/ 2>/dev/null| grep \"^-\"| wc -l", rootPath.c_str(), case_name.c_str(), i); + int policy_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + + if (policy_num > 0){ + util->execSQLFile(deny_sqlfile, deny_ansfile_succeed, initfile); + } + } + } else { + string deny_sqlfile = hawq::test::stringFormat("Ranger/sql/%s/%d.sql", case_name.c_str(), sql_index); + string deny_ansfile_succeed = hawq::test::stringFormat("Ranger/ans/%s%d_%s.ans", case_name.c_str(), sql_index, ans_suffix.c_str()); + + auto cmd = hawq::test::stringFormat("ls -l %s/Ranger/%spolicy/%d/ 2>/dev/null| grep \"^-\"| wc -l", rootPath.c_str(), case_name.c_str(), sql_index); + int policy_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + + if (policy_num > 0){ + util->execSQLFile(deny_sqlfile, deny_ansfile_succeed, initfile); + } + } +} + +void TestHawqRanger::addPolicy(hawq::test::SQLUtility* util, std::string case_name, int policy_index) +{ + string rootPath = util->getTestRootPath(); + auto cmd = hawq::test::stringFormat("ls -l %s/Ranger/sql/%s/*.sql 2>/dev/null| grep \"^-\" | wc -l", rootPath.c_str(), case_name.c_str()); + + if (policy_index == -1) + { + int sql_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + for (int i = 1; i <= sql_num; i++) { + auto cmd = hawq::test::stringFormat("ls -l %s/Ranger/%spolicy/%d/ 2>/dev/null| grep \"^-\"| wc -l", rootPath.c_str(), case_name.c_str(), i); + int policy_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + + for (int j = 1; j <= policy_num; j++) { + cmd = hawq::test::stringFormat("python %s/Ranger/rangerpolicy.py -h %s -a %s/Ranger/%spolicy/%d/%d.json", rootPath.c_str(), rangerHost.c_str(), rootPath.c_str(), case_name.c_str(), i, j); + Command::getCommandStatus(cmd); + } + } + } else { + auto cmd = hawq::test::stringFormat("ls -l %s/Ranger/%spolicy/%d/ 2>/dev/null| grep \"^-\"| wc -l", rootPath.c_str(), case_name.c_str(), policy_index); + int policy_num = std::atoi(Command::getCommandOutput(cmd).c_str()); + for (int j = 1; j <= policy_num; j++) { + cmd = hawq::test::stringFormat("python %s/Ranger/rangerpolicy.py -h %s -a %s/Ranger/%spolicy/%d/%d.json", rootPath.c_str(), rangerHost.c_str(), rootPath.c_str(), case_name.c_str(), policy_index, j); + Command::getCommandStatus(cmd); + } + } + sleep(60); +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/Ranger/test_ranger.h ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/test_ranger.h b/src/test/feature/Ranger/test_ranger.h index a12a71a..9c1e82c 100644 --- a/src/test/feature/Ranger/test_ranger.h +++ b/src/test/feature/Ranger/test_ranger.h @@ -21,13 +21,28 @@ #define TEST_HAWQ_RANGER_H #include "gtest/gtest.h" +#include "lib/sql_util.h" class TestHawqRanger : public ::testing::Test { public: - TestHawqRanger() { - } + TestHawqRanger(); ~TestHawqRanger() { } + + void clearEnv(hawq::test::SQLUtility* util, std::string case_name, int user_index); + void runSQLFile(hawq::test::SQLUtility* util, std::string case_name, + std::string ans_suffix, int sql_index = -1); + + void addPolicy(hawq::test::SQLUtility* util, std::string case_name, int policy_index); + void addUser(hawq::test::SQLUtility* util, std::string case_name, int user_index = -1, bool full_policy = false, + int writable_index = -1); + + std::string& getRangerHost(); + +private: + std::string rangerHost = ""; + std::string initfile = ""; + }; #endif http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c09ac925/src/test/feature/lib/sql_util.cpp ---------------------------------------------------------------------- diff --git a/src/test/feature/lib/sql_util.cpp b/src/test/feature/lib/sql_util.cpp index b52c4f0..7a62ac2 100644 --- a/src/test/feature/lib/sql_util.cpp +++ b/src/test/feature/lib/sql_util.cpp @@ -138,6 +138,7 @@ void SQLUtility::execSQLFile(const string &sqlFile, const string &initFile, bool usingDefaultSchema, bool printTupleOnly) { + printf("dd2d%s\n",schemaName.c_str()); FilePath fp; // do precheck for sqlFile & ansFile @@ -224,7 +225,9 @@ const string SQLUtility::generateSQLFile(const string &sqlFile, bool usingDefaul EXPECT_TRUE(false) << "Error opening file " << newSqlFile; } out << "-- start_ignore" << std::endl; + printf("dd2d%s\n",schemaName.c_str()); if (!usingDefaultSchema) { + printf("ddd%s\n",schemaName.c_str()); out << "SET SEARCH_PATH=" + schemaName + ";" << std::endl; } if (sql_util_mode == MODE_DATABASE) {
