This is an automated email from the ASF dual-hosted git repository. tarmstrong pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/impala.git
commit 89cf6aed65c0556d9b96b8f1d47762131e167a6a Author: Fredy Wijaya <[email protected]> AuthorDate: Thu May 30 15:19:18 2019 -0500 IMPALA-8604: Improve authorization test coverage for update/upsert/delete statements This patch improves the test authorization test coverage by adding test cases for update, upsert, and delete statements at the database and tabel level. Testing: - Ran authorization FE tests Change-Id: Ic4095476945ff413fc59ec99dc3b9dfd71d95e96 Reviewed-on: http://gerrit.cloudera.org:8080/13480 Reviewed-by: Impala Public Jenkins <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> --- .../authorization/AuthorizationStmtTest.java | 52 ++++++++++++++++++++-- 1 file changed, 48 insertions(+), 4 deletions(-) diff --git a/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java b/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java index cc1ce76..ec957e1 100644 --- a/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java +++ b/fe/src/test/java/org/apache/impala/authorization/AuthorizationStmtTest.java @@ -2432,9 +2432,18 @@ public class AuthorizationStmtTest extends AuthorizationTestBase { authorize("explain update functional_kudu.alltypes set int_col = 1")}) { test.ok(onServer(TPrivilegeLevel.ALL)) .ok(onServer(TPrivilegeLevel.OWNER)) + .ok(onDatabase("functional_kudu", TPrivilegeLevel.ALL)) + .ok(onDatabase("functional_kudu", TPrivilegeLevel.OWNER)) + .ok(onTable("functional_kudu", "alltypes", TPrivilegeLevel.ALL)) + .ok(onTable("functional_kudu", "alltypes", TPrivilegeLevel.OWNER)) .error(accessError("functional_kudu.alltypes")) .error(accessError("functional_kudu.alltypes"), onServer(allExcept( - TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))); + TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))) + .error(accessError("functional_kudu.alltypes"), onDatabase("functional", + allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))) + .error(accessError("functional_kudu.alltypes"), onTable( + "functional", "alltypes", allExcept( + TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))); } // Database does not exist. @@ -2466,9 +2475,18 @@ public class AuthorizationStmtTest extends AuthorizationTestBase { "values(1, 'a')")}) { test.ok(onServer(TPrivilegeLevel.ALL)) .ok(onServer(TPrivilegeLevel.OWNER)) + .ok(onDatabase("functional_kudu", TPrivilegeLevel.ALL)) + .ok(onDatabase("functional_kudu", TPrivilegeLevel.OWNER)) + .ok(onTable("functional_kudu", "testtbl", TPrivilegeLevel.ALL)) + .ok(onTable("functional_kudu", "testtbl", TPrivilegeLevel.OWNER)) .error(accessError("functional_kudu.testtbl")) .error(accessError("functional_kudu.testtbl"), onServer(allExcept( - TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))); + TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))) + .error(accessError("functional_kudu.testtbl"), onDatabase("functional", + allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))) + .error(accessError("functional_kudu.testtbl"), onTable( + "functional", "testtbl", allExcept( + TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))); } // Upsert select. @@ -2476,9 +2494,26 @@ public class AuthorizationStmtTest extends AuthorizationTestBase { "select int_col from functional.alltypes") .ok(onServer(TPrivilegeLevel.ALL)) .ok(onServer(TPrivilegeLevel.OWNER)) + .ok(onDatabase("functional_kudu", TPrivilegeLevel.ALL), + onDatabase("functional", TPrivilegeLevel.SELECT)) + .ok(onTable("functional_kudu", "testtbl", TPrivilegeLevel.ALL), + onTable("functional", "alltypes", TPrivilegeLevel.SELECT)) .error(selectError("functional.alltypes")) .error(accessError("functional_kudu.testtbl"), onServer(allExcept( - TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))); + TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))) + .error(accessError("functional_kudu.testtbl"), + onDatabase("functional_kudu", allExcept( + TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER)), + onDatabase("functional", TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, + TPrivilegeLevel.SELECT)) + .error(selectError("functional.alltypes"), + onTable("functional_kudu", "testtbl", TPrivilegeLevel.ALL), + onTable("functional", "alltypes", allExcept( + TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT))) + .error(accessError("functional_kudu.testtbl"), + onTable("functional_kudu", "testtbl", allExcept(TPrivilegeLevel.ALL, + TPrivilegeLevel.OWNER)), + onTable("functional", "alltypes", TPrivilegeLevel.SELECT)); // Database does not exist. authorize("upsert into table nodb.testtbl(id, name) values(1, 'a')") @@ -2503,9 +2538,18 @@ public class AuthorizationStmtTest extends AuthorizationTestBase { authorize("explain delete from functional_kudu.alltypes")}) { test.ok(onServer(TPrivilegeLevel.ALL)) .ok(onServer(TPrivilegeLevel.OWNER)) + .ok(onDatabase("functional_kudu", TPrivilegeLevel.ALL)) + .ok(onDatabase("functional_kudu", TPrivilegeLevel.OWNER)) + .ok(onTable("functional_kudu", "alltypes", TPrivilegeLevel.ALL)) + .ok(onTable("functional_kudu", "alltypes", TPrivilegeLevel.OWNER)) .error(accessError("functional_kudu.alltypes")) .error(accessError("functional_kudu.alltypes"), onServer(allExcept( - TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))); + TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))) + .error(accessError("functional_kudu.alltypes"), onDatabase("functional", + allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))) + .error(accessError("functional_kudu.alltypes"), onTable( + "functional", "alltypes", allExcept( + TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER))); } // Database does not exist.
