svn commit: r1628115 - in /hive/branches/branch-0.14/ql/src/test: queries/clientnegative/ queries/clientpositive/ results/clientnegative/ results/clientpositive/

thejas Sun, 28 Sep 2014 21:42:18 -0700

Author: thejas
Date: Mon Sep 29 04:41:46 2014
New Revision: 1628115

URL: http://svn.apache.org/r1628115
Log:
HIVE-8279 : sql std auth - additional test cases (Thejas Nair, reviewed by 
Jason Dere)


Added:
    
hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q
    
hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_show_columns.q
    
hive/branches/branch-0.14/ql/src/test/queries/clientpositive/authorization_grant_option_role.q
    
hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out
    
hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_show_columns.q.out
    
hive/branches/branch-0.14/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out

Added: 
hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q
URL: 
http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q?rev=1628115&view=auto
==============================================================================
--- 
hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q
 (added)
+++ 
hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q
 Mon Sep 29 04:41:46 2014
@@ -0,0 +1,14 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set 
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set 
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+set user.name=user1;
+
+create database db1;
+use db1;
+-- check if create table fails as different user. use db.table sytax
+create table t1(i int);
+use default;
+
+set user.name=user2;
+drop table db1.t1;

Added: 
hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_show_columns.q
URL: 
http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_show_columns.q?rev=1628115&view=auto
==============================================================================
--- 
hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_show_columns.q
 (added)
+++ 
hive/branches/branch-0.14/ql/src/test/queries/clientnegative/authorization_show_columns.q
 Mon Sep 29 04:41:46 2014
@@ -0,0 +1,13 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set 
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set 
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+create database db1;
+use db1;
+-- check query without select privilege fails
+create table t1(i int);
+
+set user.name=user1;
+show columns in t1;
+

Added: 
hive/branches/branch-0.14/ql/src/test/queries/clientpositive/authorization_grant_option_role.q
URL: 
http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/queries/clientpositive/authorization_grant_option_role.q?rev=1628115&view=auto
==============================================================================
--- 
hive/branches/branch-0.14/ql/src/test/queries/clientpositive/authorization_grant_option_role.q
 (added)
+++ 
hive/branches/branch-0.14/ql/src/test/queries/clientpositive/authorization_grant_option_role.q
 Mon Sep 29 04:41:46 2014
@@ -0,0 +1,28 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set 
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set 
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+
+set user.name=hive_admin_user;
+set role admin;
+create role r1;
+grant role r1 to user r1user;
+
+set user.name=user1;
+CREATE TABLE  t1(i int);
+
+-- all privileges should have been set for user
+
+GRANT ALL ON t1 TO ROLE r1 WITH GRANT OPTION;
+
+set user.name=r1user;
+-- check if user belong to role r1 can grant privileges to others
+GRANT ALL ON t1 TO USER user3;
+
+set user.name=hive_admin_user;
+set role admin;
+-- check privileges on table
+show grant on table t1;
+
+-- check if drop role removes privileges for that role
+drop role r1;
+show grant on table t1;

Added: 
hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out
URL: 
http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out?rev=1628115&view=auto
==============================================================================
--- 
hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out
 (added)
+++ 
hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out
 Mon Sep 29 04:41:46 2014
@@ -0,0 +1,29 @@
+PREHOOK: query: create database db1
+PREHOOK: type: CREATEDATABASE
+PREHOOK: Output: database:db1
+POSTHOOK: query: create database db1
+POSTHOOK: type: CREATEDATABASE
+POSTHOOK: Output: database:db1
+PREHOOK: query: use db1
+PREHOOK: type: SWITCHDATABASE
+PREHOOK: Input: database:db1
+POSTHOOK: query: use db1
+POSTHOOK: type: SWITCHDATABASE
+POSTHOOK: Input: database:db1
+PREHOOK: query: -- check if create table fails as different user. use db.table 
sytax
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:db1
+PREHOOK: Output: db1@t1
+POSTHOOK: query: -- check if create table fails as different user. use 
db.table sytax
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:db1
+POSTHOOK: Output: db1@t1
+PREHOOK: query: use default
+PREHOOK: type: SWITCHDATABASE
+PREHOOK: Input: database:default
+POSTHOOK: query: use default
+POSTHOOK: type: SWITCHDATABASE
+POSTHOOK: Input: database:default
+FAILED: HiveAccessControlException Permission denied: Principal [name=user2, 
type=USER] does not have following privileges for operation DROPTABLE [[OBJECT 
OWNERSHIP] on Object [type=TABLE_OR_VIEW, name=db1.t1]]

Added: 
hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_show_columns.q.out
URL: 
http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_show_columns.q.out?rev=1628115&view=auto
==============================================================================
--- 
hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_show_columns.q.out
 (added)
+++ 
hive/branches/branch-0.14/ql/src/test/results/clientnegative/authorization_show_columns.q.out
 Mon Sep 29 04:41:46 2014
@@ -0,0 +1,23 @@
+PREHOOK: query: create database db1
+PREHOOK: type: CREATEDATABASE
+PREHOOK: Output: database:db1
+POSTHOOK: query: create database db1
+POSTHOOK: type: CREATEDATABASE
+POSTHOOK: Output: database:db1
+PREHOOK: query: use db1
+PREHOOK: type: SWITCHDATABASE
+PREHOOK: Input: database:db1
+POSTHOOK: query: use db1
+POSTHOOK: type: SWITCHDATABASE
+POSTHOOK: Input: database:db1
+PREHOOK: query: -- check query without select privilege fails
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:db1
+PREHOOK: Output: db1@t1
+POSTHOOK: query: -- check query without select privilege fails
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:db1
+POSTHOOK: Output: db1@t1
+FAILED: HiveAccessControlException Permission denied: Principal [name=user1, 
type=USER] does not have following privileges for operation SHOWCOLUMNS 
[[SELECT] on Object [type=TABLE_OR_VIEW, name=db1.t1]]

Added: 
hive/branches/branch-0.14/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out
URL: 
http://svn.apache.org/viewvc/hive/branches/branch-0.14/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out?rev=1628115&view=auto
==============================================================================
--- 
hive/branches/branch-0.14/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out
 (added)
+++ 
hive/branches/branch-0.14/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out
 Mon Sep 29 04:41:46 2014
@@ -0,0 +1,78 @@
+PREHOOK: query: set role admin
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role admin
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: create role r1
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: create role r1
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant role r1 to user r1user
+PREHOOK: type: GRANT_ROLE
+POSTHOOK: query: grant role r1 to user r1user
+POSTHOOK: type: GRANT_ROLE
+PREHOOK: query: CREATE TABLE  t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@t1
+POSTHOOK: query: CREATE TABLE  t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@t1
+PREHOOK: query: -- all privileges should have been set for user
+
+GRANT ALL ON t1 TO ROLE r1 WITH GRANT OPTION
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@t1
+POSTHOOK: query: -- all privileges should have been set for user
+
+GRANT ALL ON t1 TO ROLE r1 WITH GRANT OPTION
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@t1
+PREHOOK: query: -- check if user belong to role r1 can grant privileges to 
others
+GRANT ALL ON t1 TO USER user3
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@t1
+POSTHOOK: query: -- check if user belong to role r1 can grant privileges to 
others
+GRANT ALL ON t1 TO USER user3
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@t1
+PREHOOK: query: set role admin
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role admin
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: -- check privileges on table
+show grant on table t1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: -- check privileges on table
+show grant on table t1
+POSTHOOK: type: SHOW_GRANT
+default        t1                      r1      ROLE    DELETE  true    -1      
user1
+default        t1                      r1      ROLE    INSERT  true    -1      
user1
+default        t1                      r1      ROLE    SELECT  true    -1      
user1
+default        t1                      r1      ROLE    UPDATE  true    -1      
user1
+default        t1                      user1   USER    DELETE  true    -1      
hive_admin_user
+default        t1                      user1   USER    INSERT  true    -1      
hive_admin_user
+default        t1                      user1   USER    SELECT  true    -1      
hive_admin_user
+default        t1                      user1   USER    UPDATE  true    -1      
hive_admin_user
+default        t1                      user3   USER    DELETE  false   -1      
r1user
+default        t1                      user3   USER    INSERT  false   -1      
r1user
+default        t1                      user3   USER    SELECT  false   -1      
r1user
+default        t1                      user3   USER    UPDATE  false   -1      
r1user
+PREHOOK: query: -- check if drop role removes privileges for that role
+drop role r1
+PREHOOK: type: DROPROLE
+POSTHOOK: query: -- check if drop role removes privileges for that role
+drop role r1
+POSTHOOK: type: DROPROLE
+PREHOOK: query: show grant on table t1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant on table t1
+POSTHOOK: type: SHOW_GRANT
+default        t1                      user1   USER    DELETE  true    -1      
hive_admin_user
+default        t1                      user1   USER    INSERT  true    -1      
hive_admin_user
+default        t1                      user1   USER    SELECT  true    -1      
hive_admin_user
+default        t1                      user1   USER    UPDATE  true    -1      
hive_admin_user
+default        t1                      user3   USER    DELETE  false   -1      
r1user
+default        t1                      user3   USER    INSERT  false   -1      
r1user
+default        t1                      user3   USER    SELECT  false   -1      
r1user
+default        t1                      user3   USER    UPDATE  false   -1      
r1user

svn commit: r1628115 - in /hive/branches/branch-0.14/ql/src/test: queries/clientnegative/ queries/clientpositive/ results/clientnegative/ results/clientpositive/

Reply via email to