http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java new file mode 100644 index 0000000..4c1cd8e --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java @@ -0,0 +1,662 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.hive; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.FileOutputStream; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; + +import org.junit.Assert; + +import org.apache.sentry.provider.file.PolicyFile; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +import com.google.common.io.Resources; + +/* Tests privileges at table scope within a single database. + */ + +public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfiguration { + + private static PolicyFile policyFile; + private final static String MULTI_TYPE_DATA_FILE_NAME = "emp.dat"; + + @Before + public void setup() throws Exception { + policyFile = super.setupPolicy(); + super.setup(); + prepareDBDataForTest(); + } + + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + + protected static void prepareDBDataForTest() throws Exception { + // copy data file to test dir + File dataDir = context.getDataDir(); + File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME); + FileOutputStream to = new FileOutputStream(dataFile); + Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to); + to.close(); + + // setup db objects needed by the test + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + + statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE"); + statement.execute("CREATE DATABASE DB_1"); + statement.execute("USE DB_1"); + + statement.execute("CREATE TABLE " + TBL1 + "(B INT, A STRING) " + + " row format delimited fields terminated by '|' stored as textfile"); + statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE " + TBL1); + statement.execute("CREATE TABLE " + TBL2 + "(B INT, A STRING) " + + " row format delimited fields terminated by '|' stored as textfile"); + statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE " + TBL2); + statement.execute("CREATE VIEW VIEW_1 AS SELECT A, B FROM " + TBL1); + + statement.close(); + connection.close(); + } + + /* + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, loads data into + * TBL1, TBL2 Admin grants SELECT on TBL1, TBL2, INSERT on TBL1 to + * USER_GROUP of which user1 is a member. + */ + @Test + public void testInsertAndSelect() throws Exception { + policyFile + .addRolesToGroup(USERGROUP1, "select_tab1", "insert_tab1", "select_tab2") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=insert") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // test execution + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("USE DB_1"); + // test user can insert + statement.execute("INSERT INTO TABLE " + TBL1 + " SELECT A, B FROM " + TBL2); + // test user can query table + statement.executeQuery("SELECT A FROM " + TBL2); + // negative test: test user can't drop + try { + statement.execute("DROP TABLE " + TBL1); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + statement.close(); + connection.close(); + + // connect as admin and drop TBL1 + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("USE DB_1"); + statement.execute("DROP TABLE " + TBL1); + statement.close(); + connection.close(); + + // negative test: connect as user1 and try to recreate TBL1 + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("USE DB_1"); + try { + statement.execute("CREATE TABLE " + TBL1 + "(A STRING)"); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + + statement.close(); + connection.close(); + + // connect as admin to restore the TBL1 + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("USE DB_1"); + statement.execute("CREATE TABLE " + TBL1 + "(B INT, A STRING) " + + " row format delimited fields terminated by '|' stored as textfile"); + statement.execute("INSERT INTO TABLE " + TBL1 + " SELECT A, B FROM " + TBL2); + statement.close(); + connection.close(); + + } + + /* + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, loads data into + * TBL1, TBL2. Admin grants INSERT on TBL1, SELECT on TBL2 to USER_GROUP + * of which user1 is a member. + */ + @Test + public void testInsert() throws Exception { + policyFile + .addRolesToGroup(USERGROUP1, "insert_tab1", "select_tab2") + .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=insert") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // test execution + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // test user can execute insert on table + statement.execute("INSERT INTO TABLE " + TBL1 + " SELECT A, B FROM " + TBL2); + + // negative test: user can't query table + try { + statement.executeQuery("SELECT A FROM " + TBL1); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + + // negative test: test user can't query view + try { + statement.executeQuery("SELECT A FROM VIEW_1"); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + + // negative test case: show tables shouldn't list VIEW_1 + ResultSet resultSet = statement.executeQuery("SHOW TABLES"); + while (resultSet.next()) { + String tableName = resultSet.getString(1); + assertNotNull("table name is null in result set", tableName); + assertFalse("Found VIEW_1 in the result set", + "VIEW_1".equalsIgnoreCase(tableName)); + } + + // negative test: test user can't create a new view + try { + statement.executeQuery("CREATE VIEW VIEW_2(A) AS SELECT A FROM " + TBL1); + Assert.fail("Expected SQL Exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + statement.close(); + connection.close(); + } + + /* + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, loads data into + * TBL1, TBL2. Admin grants SELECT on TBL1, TBL2 to USER_GROUP of which + * user1 is a member. + */ + @Test + public void testSelect() throws Exception { + policyFile + .addRolesToGroup(USERGROUP1, "select_tab1", "select_tab2") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=insert") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // test execution + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // test user can execute query on table + statement.executeQuery("SELECT A FROM " + TBL1); + + // negative test: test insert into table + try { + statement.executeQuery("INSERT INTO TABLE " + TBL1 + " SELECT A, B FROM " + TBL2); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + + // negative test: test user can't query view + try { + statement.executeQuery("SELECT A FROM VIEW_1"); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + + // negative test: test user can't create a new view + try { + statement.executeQuery("CREATE VIEW VIEW_2(A) AS SELECT A FROM " + TBL1); + Assert.fail("Expected SQL Exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + statement.close(); + connection.close(); + } + + /* + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, VIEW_1 on TBL1 + * loads data into TBL1, TBL2. Admin grants SELECT on TBL1,TBL2 to + * USER_GROUP of which user1 is a member. + */ + @Test + public void testTableViewJoin() throws Exception { + policyFile + .addRolesToGroup(USERGROUP1, "select_tab1", "select_tab2") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // test execution + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // test user can execute query TBL1 JOIN TBL2 + statement.executeQuery("SELECT T1.B FROM " + TBL1 + " T1 JOIN " + TBL2 + " T2 ON (T1.B = T2.B)"); + + // negative test: test user can't execute query VIEW_1 JOIN TBL2 + try { + statement.executeQuery("SELECT V1.B FROM VIEW_1 V1 JOIN " + TBL2 + " T2 ON (V1.B = T2.B)"); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + + statement.close(); + connection.close(); + } + + /* + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, VIEW_1 on TBL1 + * loads data into TBL1, TBL2. Admin grants SELECT on TBL2 to USER_GROUP of + * which user1 is a member. + */ + @Test + public void testTableViewJoin2() throws Exception { + policyFile + .addRolesToGroup(USERGROUP1, "select_tab2") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // test execution + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // test user can execute query on TBL2 + statement.executeQuery("SELECT A FROM " + TBL2); + + // negative test: test user can't execute query VIEW_1 JOIN TBL2 + try { + statement.executeQuery("SELECT VIEW_1.B FROM VIEW_1 JOIN " + TBL2 + " ON (VIEW_1.B = " + TBL2 + ".B)"); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + + // negative test: test user can't execute query TBL1 JOIN TBL2 + try { + statement.executeQuery("SELECT " + TBL1 + ".B FROM " + TBL1 + " JOIN " + TBL2 + " ON (" + TBL1 + ".B = " + TBL2 + ".B)"); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + + statement.close(); + connection.close(); + } + + /* + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, VIEW_1 on TBL1 + * loads data into TBL1, TBL2. Admin grants SELECT on TBL2, VIEW_1 to + * USER_GROUP of which user1 is a member. + */ + @Test + public void testTableViewJoin3() throws Exception { + policyFile + .addRolesToGroup(USERGROUP1, "select_tab2", "select_view1") + .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // test execution + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // test user can execute query on TBL2 + statement.executeQuery("SELECT A FROM " + TBL2); + + // test user can execute query VIEW_1 JOIN TBL2 + statement.executeQuery("SELECT V1.B FROM VIEW_1 V1 JOIN " + TBL2 + " T2 ON (V1.B = T2.B)"); + + // test user can execute query on VIEW_1 + statement.executeQuery("SELECT A FROM VIEW_1"); + + // negative test: test user can't execute query TBL1 JOIN TBL2 + try { + statement.executeQuery("SELECT T1.B FROM " + TBL1 + " T1 JOIN " + TBL2 + " T2 ON (T1.B = T2.B)"); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + + statement.close(); + connection.close(); + } + + /* + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, VIEW_1 on TBL1 + * loads data into TBL1, TBL2. Admin grants SELECT on TBL1, VIEW_1 to + * USER_GROUP of which user1 is a member. + */ + @Test + public void testTableViewJoin4() throws Exception { + policyFile + .addRolesToGroup(USERGROUP1, "select_tab1", "select_view1") + .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // test execution + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + + // test user can execute query VIEW_1 JOIN TBL1 + statement.executeQuery("SELECT VIEW_1.B FROM VIEW_1 JOIN " + TBL1 + " ON (VIEW_1.B = " + TBL1 + ".B)"); + + // negative test: test user can't execute query TBL1 JOIN TBL2 + try { + statement.executeQuery("SELECT " + TBL1 + ".B FROM " + TBL1 + " JOIN " + TBL2 + " ON (" + TBL1 + ".B = " + TBL2 + ".B)"); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + + statement.close(); + connection.close(); + } + + /*** + * Verify truncate table permissions for different users with different + * privileges + * @throws Exception + */ + @Test + public void testTruncateTable() throws Exception { + File dataDir = context.getDataDir(); + // copy data file to test dir + File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME); + FileOutputStream to = new FileOutputStream(dataFile); + Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to); + to.close(); + + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // setup db objects needed by the test + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + + statement.execute("USE " + DB1); + statement.execute("DROP TABLE if exists " + TBL1); + statement.execute("DROP TABLE if exists " + TBL2); + statement.execute("DROP TABLE if exists " + TBL3); + statement.execute("CREATE TABLE " + TBL1 + "(B INT, A STRING) " + + " row format delimited fields terminated by '|' stored as textfile"); + statement.execute("CREATE TABLE " + TBL2 + "(B INT, A STRING) " + + " row format delimited fields terminated by '|' stored as textfile"); + statement.execute("CREATE TABLE " + TBL3 + "(B INT, A STRING) " + + " row format delimited fields terminated by '|' stored as textfile"); + statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + + "' INTO TABLE " + TBL1); + statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + + "' INTO TABLE " + TBL2); + statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + + "' INTO TABLE " + TBL3); + + // verify admin can execute truncate table + statement.execute("TRUNCATE TABLE " + TBL1); + assertFalse(hasData(statement, TBL1)); + + statement.close(); + connection.close(); + + // add roles and grant permissions + updatePolicyFile(); + + // test truncate table without partitions + truncateTableTests(false); + } + + /*** + * Verify truncate partitioned permissions for different users with different + * privileges + * @throws Exception + */ + @Test + public void testTruncatePartitionedTable() throws Exception { + File dataDir = context.getDataDir(); + // copy data file to test dir + File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME); + FileOutputStream to = new FileOutputStream(dataFile); + Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to); + to.close(); + + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // create partitioned tables + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + statement.execute("DROP TABLE if exists " + TBL1); + statement.execute("CREATE TABLE " + TBL1 + " (i int) PARTITIONED BY (j int)"); + statement.execute("DROP TABLE if exists " + TBL2); + statement.execute("CREATE TABLE " + TBL2 + " (i int) PARTITIONED BY (j int)"); + statement.execute("DROP TABLE if exists " + TBL3); + statement.execute("CREATE TABLE " + TBL3 + " (i int) PARTITIONED BY (j int)"); + + // verify admin can execute truncate empty partitioned table + statement.execute("TRUNCATE TABLE " + TBL1); + assertFalse(hasData(statement, TBL1)); + statement.close(); + connection.close(); + + // add roles and grant permissions + updatePolicyFile(); + + // test truncate empty partitioned tables + truncateTableTests(false); + + // add partitions to tables + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + statement.execute("ALTER TABLE " + TBL1 + " ADD PARTITION (j=1) PARTITION (j=2)"); + statement.execute("ALTER TABLE " + TBL2 + " ADD PARTITION (j=1) PARTITION (j=2)"); + statement.execute("ALTER TABLE " + TBL3 + " ADD PARTITION (j=1) PARTITION (j=2)"); + + // verify admin can execute truncate NOT empty partitioned table + statement.execute("TRUNCATE TABLE " + TBL1 + " partition (j=1)"); + statement.execute("TRUNCATE TABLE " + TBL1); + assertFalse(hasData(statement, TBL1)); + statement.close(); + connection.close(); + + // test truncate NOT empty partitioned tables + truncateTableTests(true); + } + + /** + * Test queries without from clause. Hive rewrites the queries with dummy db and table + * entities which should not trip authorization check. + * @throws Exception + */ + @Test + public void testSelectWithoutFrom() throws Exception { + policyFile + .addRolesToGroup(USERGROUP1, "all_tab1") + .addPermissionsToRole("all_tab1", + "server=server1->db=" + DB1 + "->table=" + TBL1) + .addRolesToGroup(USERGROUP2, "select_tab1") + .addPermissionsToRole("select_tab1", + "server=server1->db=" + DB1 + "->table=" + TBL1) + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + + // test with implicit default database + assertTrue(statement.executeQuery("SELECT 1 ").next()); + assertTrue(statement.executeQuery("SELECT current_database()").next()); + + // test after switching database + statement.execute("USE " + DB1); + assertTrue(statement.executeQuery("SELECT 1 ").next()); + assertTrue(statement.executeQuery("SELECT current_database() ").next()); + statement.close(); + connection.close(); + } + + // verify that the given table has data + private boolean hasData(Statement stmt, String tableName) throws Exception { + ResultSet rs1 = stmt.executeQuery("SELECT * FROM " + tableName); + boolean hasResults = rs1.next(); + rs1.close(); + return hasResults; + } + + @Test + public void testDummyPartition() throws Exception { + + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // setup db objects needed by the test + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + + statement.execute("USE " + DB1); + + statement.execute("DROP TABLE if exists " + TBL1); + statement.execute("CREATE table " + TBL1 + " (a int) PARTITIONED BY (b string, c string)"); + statement.execute("DROP TABLE if exists " + TBL3); + statement.execute("CREATE table " + TBL3 + " (a2 int) PARTITIONED BY (b2 string, c2 string)"); + statement.close(); + connection.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "select_tab1", "select_tab2") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL3 + "->action=insert"); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + + statement.execute("USE " + DB1); + statement.execute("INSERT OVERWRITE TABLE " + TBL3 + " PARTITION(b2='abc', c2) select a, b as c2 from " + TBL1); + statement.close(); + connection.close(); + + } + + /** + * update policy file for truncate table tests + */ + private void updatePolicyFile() throws Exception{ + policyFile + .addRolesToGroup(USERGROUP1, "all_tab1") + .addPermissionsToRole("all_tab1", + "server=server1->db=" + DB1 + "->table=" + TBL2) + .addRolesToGroup(USERGROUP2, "drop_tab1") + .addPermissionsToRole("drop_tab1", + "server=server1->db=" + DB1 + "->table=" + TBL3 + "->action=drop", + "server=server1->db=" + DB1 + "->table=" + TBL3 + "->action=select") + .addRolesToGroup(USERGROUP3, "select_tab1") + .addPermissionsToRole("select_tab1", + "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=select"); + writePolicyFile(policyFile); + } + + /** + * Test truncate table with or without partitions for users with different privileges. + * Only test truncate table partition if truncPartition is true. + */ + private void truncateTableTests(boolean truncPartition) throws Exception{ + Connection connection = null; + Statement statement = null; + try { + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // verify all privileges on table can truncate table + if (truncPartition) { + statement.execute("TRUNCATE TABLE " + TBL2 + " PARTITION (j=1)"); + } + statement.execute("TRUNCATE TABLE " + TBL2); + assertFalse(hasData(statement, TBL2)); + statement.close(); + connection.close(); + + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // verify drop privilege on table can truncate table + if (truncPartition) { + statement.execute("TRUNCATE TABLE " + TBL3 + " partition (j=1)"); + } + statement.execute("TRUNCATE TABLE " + TBL3); + assertFalse(hasData(statement, TBL3)); + statement.close(); + connection.close(); + + connection = context.createConnection(USER3_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // verify select privilege on table can NOT truncate table + if (truncPartition) { + context.assertAuthzException( + statement, "TRUNCATE TABLE " + TBL1 + " PARTITION (j=1)"); + } + context.assertAuthzException(statement, "TRUNCATE TABLE " + TBL1); + } finally { + if (statement != null) { + statement.close(); + } + if (connection != null) { + connection.close(); + } + } + } +}
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestReloadPrivileges.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestReloadPrivileges.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestReloadPrivileges.java new file mode 100644 index 0000000..6d4e8d3 --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestReloadPrivileges.java @@ -0,0 +1,54 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.hive; + +import java.sql.Connection; +import java.sql.Statement; + +import org.apache.sentry.provider.file.PolicyFile; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +public class TestReloadPrivileges extends AbstractTestWithStaticConfiguration { + private PolicyFile policyFile; + + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + + @Before + public void setup() throws Exception { + policyFile = + PolicyFile.setAdminOnServer1(ADMINGROUP).setUserGroupMapping( + StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + } + + @Test + public void testReload() throws Exception { + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("RELOAD"); + statement.close(); + connection.close(); + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java new file mode 100644 index 0000000..efb588e --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java @@ -0,0 +1,429 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.tests.e2e.hive; + +import java.io.File; +import java.io.FileOutputStream; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import org.apache.sentry.provider.file.PolicyFile; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +import com.google.common.io.Resources; + +/** + * Metadata tests for show tables and show databases. * Unlike rest of the + * access privilege validation which is handled in semantic hooks, these + * statements are validaed via a runtime fetch hook + */ +public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfiguration { + private PolicyFile policyFile; + private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat"; + private File dataDir; + private File dataFile; + + @BeforeClass + public static void setupTestStaticConfiguration () throws Exception { + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + + @Before + public void setup() throws Exception { + policyFile = super.setupPolicy(); + super.setup(); + dataDir = context.getDataDir(); + dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); + FileOutputStream to = new FileOutputStream(dataFile); + Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); + to.close(); + } + + /** + * Steps: 1. admin create db_1 and db_1.tb_1 + * 2. admin should see all tables + * 3. user1 should only see the tables it has any level of privilege + */ + @Test + public void testShowTables1() throws Exception { + // tables visible to user1 (not access to tb_4 + String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"}; + List<String> tableNamesValidation = new ArrayList<String>(); + + String user1TableNames[] = {"tb_1", "tb_2", "tb_3"}; + + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + createTabs(statement, DB1, tableNames); + // Admin should see all tables + ResultSet rs = statement.executeQuery("SHOW TABLES"); + tableNamesValidation.addAll(Arrays.asList(tableNames)); + + validateTables(rs, tableNamesValidation); + statement.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "tab1_priv,tab2_priv,tab3_priv") + .addPermissionsToRole("tab1_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[0] + "->action=select") + .addPermissionsToRole("tab2_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[1] + "->action=insert") + .addPermissionsToRole("tab3_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[2] + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // User1 should see tables with any level of access + rs = statement.executeQuery("SHOW TABLES"); + tableNamesValidation.addAll(Arrays.asList(user1TableNames)); + validateTables(rs, tableNamesValidation); + statement.close(); + } + + /** + * Steps: 1. admin create db_1 and tables + * 2. admin should see all tables + * 3. user1 should only see the all tables with db level privilege + */ + @Test + public void testShowTables2() throws Exception { + // tables visible to user1 (not access to tb_4 + String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"}; + List<String> tableNamesValidation = new ArrayList<String>(); + + String user1TableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"}; + + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + createTabs(statement, DB1, tableNames); + // Admin should see all tables + ResultSet rs = statement.executeQuery("SHOW TABLES"); + tableNamesValidation.addAll(Arrays.asList(tableNames)); + validateTables(rs, tableNamesValidation); + statement.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "db_priv") + .addPermissionsToRole("db_priv", "server=server1->db=" + DB1) + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // User1 should see tables with any level of access + rs = statement.executeQuery("SHOW TABLES"); + tableNamesValidation.addAll(Arrays.asList(user1TableNames)); + validateTables(rs, tableNamesValidation); + statement.close(); + } + + /** + * Steps: 1. admin create db_1 and db_1.tb_1 + * 2. admin should see all tables + * 3. user1 should only see the tables he/she has any level of privilege + */ + @Test + public void testShowTables3() throws Exception { + // tables visible to user1 (not access to tb_4 + String tableNames[] = {"tb_1", "tb_2", "tb_3", "newtab_3"}; + List<String> tableNamesValidation = new ArrayList<String>(); + + String adminTableNames[] = {"tb_3", "newtab_3", "tb_2", "tb_1"}; + String user1TableNames[] = {"newtab_3"}; + + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + createTabs(statement, DB1, tableNames); + // Admin should see all tables + ResultSet rs = statement.executeQuery("SHOW TABLES"); + tableNamesValidation.addAll(Arrays.asList(adminTableNames)); + validateTables(rs, tableNamesValidation); + statement.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "tab_priv") + .addPermissionsToRole("tab_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[3] + "->action=insert") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // User1 should see tables with any level of access + rs = statement.executeQuery("SHOW TABLES"); + tableNamesValidation.addAll(Arrays.asList(user1TableNames)); + validateTables(rs, tableNamesValidation); + statement.close(); + } + + /** + * Steps: 1. admin create db_1 and db_1.tb_1 + * 2. admin should see all tables + * 3. user1 should only see the tables with db level privilege + */ + @Test + public void testShowTables4() throws Exception { + String tableNames[] = {"tb_1", "tb_2", "tb_3", "newtab_3"}; + List<String> tableNamesValidation = new ArrayList<String>(); + + String adminTableNames[] = {"tb_3", "newtab_3", "tb_1", "tb_2"}; + String user1TableNames[] = {"tb_3", "newtab_3", "tb_1", "tb_2"}; + + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + createTabs(statement, DB1, tableNames); + // Admin should be able to see all tables + ResultSet rs = statement.executeQuery("SHOW TABLES"); + tableNamesValidation.addAll(Arrays.asList(adminTableNames)); + validateTables(rs, tableNamesValidation); + statement.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "tab_priv") + .addPermissionsToRole("tab_priv", "server=server1->db=" + DB1) + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // User1 should see tables with any level of access + rs = statement.executeQuery("SHOW TABLES"); + tableNamesValidation.addAll(Arrays.asList(user1TableNames)); + validateTables(rs, tableNamesValidation); + statement.close(); + } + + /** + * Steps: 1. admin creates tables in default db + * 2. user1 shouldn't see any table when he/she doesn't have any privilege on default + */ + @Test + public void testShowTables5() throws Exception { + String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"}; + + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + createTabs(statement, "default", tableNames); + + policyFile + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + // User1 should see tables with any level of access + ResultSet rs = statement.executeQuery("SHOW TABLES"); + // user1 doesn't have access to any tables in default db + Assert.assertFalse(rs.next()); + statement.close(); + } + + /** + * Steps: 1. admin create db_1 and tb_1, tb_2, tb_3, tb_4 and table_5 + * 2. admin should see all tables except table_5 which does not match tb* + * 3. user1 should only see the matched tables it has any level of privilege + */ + @Test + public void testShowTablesExtended() throws Exception { + // tables visible to user1 (not access to tb_4 + String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4", "table_5"}; + List<String> tableNamesValidation = new ArrayList<String>(); + + String user1TableNames[] = {"tb_1", "tb_2", "tb_3"}; + + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + createTabs(statement, DB1, tableNames); + + policyFile + .addRolesToGroup(USERGROUP1, "tab1_priv,tab2_priv,tab3_priv") + .addPermissionsToRole("tab1_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[0] + "->action=select") + .addPermissionsToRole("tab2_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[1] + "->action=insert") + .addPermissionsToRole("tab3_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[2] + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + // Admin should see all tables except table_5, the one does not match the pattern + ResultSet rs = statement.executeQuery("SHOW TABLE EXTENDED IN " + DB1 + " LIKE 'tb*'"); + tableNamesValidation.addAll(Arrays.asList(tableNames).subList(0, 4)); + validateTablesInRs(rs, tableNamesValidation); + statement.close(); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + // User1 should see tables with any level of access + rs = statement.executeQuery("SHOW TABLE EXTENDED IN " + DB1 + " LIKE 'tb*'"); + tableNamesValidation.addAll(Arrays.asList(user1TableNames)); + validateTablesInRs(rs, tableNamesValidation); + statement.close(); + } + + /** + * Steps: 1. admin create few dbs + * 2. admin can do show databases + * 3. users with db level permissions should only those dbs on 'show database' + */ + @Test + public void testShowDatabases1() throws Exception { + List<String> dbNamesValidation = new ArrayList<String>(); + String[] dbNames = {DB1, DB2, DB3}; + String[] user1DbNames = {DB1}; + + createDb(ADMIN1, dbNames); + dbNamesValidation.addAll(Arrays.asList(dbNames)); + dbNamesValidation.add("default"); + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + ResultSet rs = statement.executeQuery("SHOW DATABASES"); + validateDBs(rs, dbNamesValidation); // admin should see all dbs + rs.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "db1_all") + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + rs = statement.executeQuery("SHOW DATABASES"); + dbNamesValidation.addAll(Arrays.asList(user1DbNames)); + dbNamesValidation.add("default"); + // user should see only dbs with access + validateDBs(rs, dbNamesValidation); + rs.close(); + } + + /** + * Steps: 1. admin create few dbs + * 2. admin can do show databases + * 3. users with table level permissions should should only those parent dbs on 'show + * database' + */ + @Test + public void testShowDatabases2() throws Exception { + String[] dbNames = {DB1, DB2, DB3}; + List<String> dbNamesValidation = new ArrayList<String>(); + String[] user1DbNames = {DB1, DB2}; + String tableNames[] = {"tb_1"}; + + // verify by SQL + // 1, 2 + createDb(ADMIN1, dbNames); + dbNamesValidation.addAll(Arrays.asList(dbNames)); + dbNamesValidation.add("default"); + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + createTabs(statement, DB1, tableNames); + createTabs(statement, DB2, tableNames); + ResultSet rs = statement.executeQuery("SHOW DATABASES"); + validateDBs(rs, dbNamesValidation); // admin should see all dbs + rs.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "db1_tab,db2_tab") + .addPermissionsToRole("db1_tab", "server=server1->db=" + DB1 + "->table=tb_1->action=select") + .addPermissionsToRole("db2_tab", "server=server1->db=" + DB2 + "->table=tb_1->action=insert") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + rs = statement.executeQuery("SHOW DATABASES"); + dbNamesValidation.addAll(Arrays.asList(user1DbNames)); + dbNamesValidation.add("default"); + // user should see only dbs with access + validateDBs(rs, dbNamesValidation); + rs.close(); + } + + // compare the table resultset with given array of table names + private void validateDBs(ResultSet rs, List<String> dbNames) + throws SQLException { + while (rs.next()) { + String dbName = rs.getString(1); + //There might be non test related dbs in the system + if(dbNames.contains(dbName.toLowerCase())) { + dbNames.remove(dbName.toLowerCase()); + } + } + Assert.assertTrue(dbNames.toString(), dbNames.isEmpty()); + } + + // Create the give tables + private void createTabs(Statement statement, String dbName, + String tableNames[]) throws SQLException { + for (String tabName : tableNames) { + statement.execute("DROP TABLE IF EXISTS " + dbName + "." + tabName); + statement.execute("create table " + dbName + "." + tabName + + " (under_col int comment 'the under column', value string)"); + } + } + + // compare the table resultset with given array of table names + private void validateTables(ResultSet rs, List<String> tableNames) throws SQLException { + while (rs.next()) { + String tableName = rs.getString(1); + Assert.assertTrue(tableName, tableNames.remove(tableName.toLowerCase())); + } + Assert.assertTrue(tableNames.toString(), tableNames.isEmpty()); + rs.close(); + } + + // compare the tables in resultset with given array of table names + // for some hive query like 'show table extended ...', the resultset does + // not only contains tableName (See HIVE-8109) + private void validateTablesInRs(ResultSet rs, List<String> tableNames) throws SQLException { + while (rs.next()) { + String tableName = rs.getString(1); + if (tableName.startsWith("tableName:")) { + Assert.assertTrue("Expected table " + tableName.substring(10), + tableNames.remove(tableName.substring(10).toLowerCase())); + } + } + Assert.assertTrue(tableNames.toString(), tableNames.isEmpty()); + rs.close(); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java new file mode 100644 index 0000000..da3b90f --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java @@ -0,0 +1,529 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.hive; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.FileOutputStream; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.Statement; + +import org.apache.hadoop.fs.Path; +import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.provider.file.PolicyFiles; +import org.junit.Before; +import org.junit.Test; + +import com.google.common.io.Resources; + +public class TestSandboxOps extends AbstractTestWithStaticConfiguration { + private PolicyFile policyFile; + private File dataFile; + private String loadData; + private static final String DB2_POLICY_FILE = "db2-policy-file.ini"; + + + @Before + public void setup() throws Exception { + policyFile = super.setupPolicy(); + super.setup(); + dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); + FileOutputStream to = new FileOutputStream(dataFile); + Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); + to.close(); + loadData = "server=server1->uri=file://" + dataFile.getPath(); + } + + private PolicyFile addTwoUsersWithAllDb() throws Exception { + policyFile + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) + .addPermissionsToRole("db2_all", "server=server1->db=" + DB2) + .addRolesToGroup(USERGROUP1, "db1_all", "db2_all"); + return policyFile; + } + /** + * Tests to ensure that users with all@db can create tables + * and that they cannot create databases or load data + */ + @Test + public void testDbPrivileges() throws Exception { + String[] dbs = new String[] { DB1, DB2 }; + for (String dbName : dbs) { + createDb(ADMIN1, dbName); + } + + addTwoUsersWithAllDb(); + writePolicyFile(policyFile); + + for (String user : new String[] { USER1_1, USER1_2 }) { + for (String dbName : dbs) { + Connection userConn = context.createConnection(user); + String tabName = user + "_tab1"; + Statement userStmt = context.createStatement(userConn); + // Positive case: test user1 and user2 has + // permissions to access db1 and db2 + userStmt.execute("use " + dbName); + userStmt.execute("create table " + tabName + " (id int)"); + context.assertAuthzException(userStmt, "load data local inpath '" + dataFile + "' into table " + tabName); + assertTrue(userStmt.execute("select * from " + tabName)); + // negative users cannot create databases + context.assertAuthzException(userStmt, "CREATE DATABASE " + DB3); + userStmt.close(); + userConn.close(); + } + } + } + + /** + * Test Case 2.11 admin user create a new database DB_1 and grant ALL to + * himself on DB_1 should work + */ + @Test + public void testAdminDbPrivileges() throws Exception { + Connection adminCon = context.createConnection(ADMIN1); + Statement adminStmt = context.createStatement(adminCon); + adminStmt.execute("use default"); + adminStmt.execute("CREATE DATABASE " + DB1); + + // access the new databases + adminStmt.execute("use " + DB1); + String tabName = "admin_tab1"; + adminStmt.execute("create table " + tabName + "(c1 string)"); + adminStmt.execute("load data local inpath '" + dataFile.getPath() + "' into table " + + tabName); + adminStmt.execute("select * from " + tabName); + } + + /** + * Test Case 2.16 admin user create a new database DB_1 create TABLE_1 and + * TABLE_2 (same schema) in DB_1 admin user grant SELECT, INSERT to user1's + * group on TABLE_2 negative test case: user1 try to do following on TABLE_1 + * will fail: --insert overwrite TABLE_2 select * from TABLE_1 + */ + @Test + public void testNegativeUserDMLPrivileges() throws Exception { + Connection adminCon = context.createConnection(ADMIN1); + Statement adminStmt = context.createStatement(adminCon); + adminStmt.execute("use default"); + adminStmt.execute("CREATE DATABASE " + DB1); + adminStmt.execute("use " + DB1); + adminStmt.execute("create table table_1 (id int)"); + adminStmt.execute("create table table_2 (id int)"); + adminStmt.close(); + adminCon.close(); + + policyFile + .addPermissionsToRole("db1_tab2_all", "server=server1->db=" + DB1 + "->table=table_2") + .addRolesToGroup(USERGROUP1, "db1_tab2_all"); + writePolicyFile(policyFile); + + Connection userConn = context.createConnection(USER1_1); + Statement userStmt = context.createStatement(userConn); + userStmt.execute("use " + DB1); + // user1 doesn't have select privilege on table_1, so insert/select should fail + context.assertAuthzException(userStmt, "insert overwrite table table_2 select * from table_1"); + context.assertAuthzException(userStmt, "insert overwrite directory '" + baseDir.getPath() + "' select * from table_1"); + userConn.close(); + userStmt.close(); + } + + /** + * Test Case 2.17 Execution steps a) Admin user creates a new database DB_1, + * b) Admin user grants ALL on DB_1 to group GROUP_1 c) User from GROUP_1 + * creates table TAB_1, TAB_2 in DB_1 d) Admin user grants SELECT on TAB_1 to + * group GROUP_2 + * + * 1) verify users from GROUP_2 have only SELECT privileges on TAB_1. They + * shouldn't be able to perform any operation other than those listed as + * requiring SELECT in the privilege model. + * + * 2) verify users from GROUP_2 can't perform queries involving join between + * TAB_1 and TAB_2. + * + * 3) verify users from GROUP_1 can't perform operations requiring ALL @ + * SERVER scope. Refer to list + */ + @Test + public void testNegUserPrivilegesAll() throws Exception { + // create dbs + Connection adminCon = context.createConnection(ADMIN1); + Statement adminStmt = context.createStatement(adminCon); + adminStmt.execute("use default"); + adminStmt.execute("CREATE DATABASE " + DB1); + adminStmt.execute("use " + DB1); + adminStmt.execute("create table table_1 (name string)"); + adminStmt.execute("load data local inpath '" + dataFile.getPath() + "' into table table_1"); + adminStmt.execute("create table table_2 (name string)"); + adminStmt.execute("load data local inpath '" + dataFile.getPath() + "' into table table_2"); + adminStmt.execute("create view v1 AS select * from table_1"); + adminStmt.execute("create table table_part_1 (name string) PARTITIONED BY (year INT)"); + adminStmt.execute("ALTER TABLE table_part_1 ADD PARTITION (year = 2012)"); + adminStmt.execute("ALTER TABLE table_1 SET TBLPROPERTIES (\"createTime\"=\"1375824555\")"); + adminStmt.close(); + adminCon.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "db1_all") + .addRolesToGroup(USERGROUP2, "db1_tab1_select") + .addPermissionsToRole("db1_tab1_select", "server=server1->db="+ DB1 + "->table=table_1->action=select") + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1); + writePolicyFile(policyFile); + + Connection userConn = context.createConnection(USER2_1); + Statement userStmt = context.createStatement(userConn); + userStmt.execute("use " + DB1); + + context.assertAuthzException(userStmt, "alter table table_2 add columns (id int)"); + context.assertAuthzException(userStmt, "drop database " + DB1); + context.assertAuthzException(userStmt, "CREATE INDEX x ON TABLE table_1(name) AS 'org.apache.hadoop.hive.ql.index.compact.CompactIndexHandler'"); + context.assertAuthzException(userStmt, "CREATE TEMPORARY FUNCTION strip AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFPrintf'"); + context.assertAuthzException(userStmt, "create table foo(id int)"); + context.assertAuthzException(userStmt, "create table c_tab_2 as select * from table_2"); // no select or create privilege + context.assertAuthzException(userStmt, "create table c_tab_1 as select * from table_1"); // no create privilege + context.assertAuthzException(userStmt, "ALTER DATABASE " + DB1 + " SET DBPROPERTIES ('foo' = 'bar')"); + context.assertAuthzException(userStmt, "ALTER VIEW v1 SET TBLPROPERTIES ('foo' = 'bar')"); + context.assertAuthzException(userStmt, "DROP VIEW IF EXISTS v1"); + context.assertAuthzException(userStmt, "create table table_5 (name string)"); + context.assertAuthzException(userStmt, "ALTER TABLE table_1 RENAME TO table_99"); + context.assertAuthzException(userStmt, "insert overwrite table table_2 select * from table_1"); + context.assertAuthzException(userStmt, "ALTER TABLE table_part_1 ADD IF NOT EXISTS PARTITION (year = 2012)"); + context.assertAuthzException(userStmt, "ALTER TABLE table_part_1 PARTITION (year = 2012) SET LOCATION '" + baseDir.getPath() + "'"); + context.assertAuthzException(userStmt, "ALTER TABLE table_1 SET TBLPROPERTIES (\"createTime\"=\"1375824555\")"); + } + + /** + * Steps: + * 1. admin user create databases, DB_1 and DB_2, no table or other + * object in database + * 2. admin grant all to user1's group on DB_1 and DB_2 + * positive test case: + * a)user1 has the privilege to create table, load data, + * drop table, create view, insert more data on both databases + * b) user1 can switch between DB_1 and DB_2 without + * exception negative test case: + * c) user1 cannot drop database + * 3. admin remove all to group1 on DB_2 + * positive test case: + * d) user1 has the privilege to create view on tables in DB_1 + * negative test case: + * e) user1 cannot create view on tables in DB_1 that select + * from tables in DB_2 + * 4. admin grant select to group1 on DB_2.ta_2 + * positive test case: + * f) user1 has the privilege to create view to select from + * DB_1.tb_1 and DB_2.tb_2 + * negative test case: + * g) user1 cannot create view to select from DB_1.tb_1 + * and DB_2.tb_3 + * @throws Exception + */ + @Test + public void testSandboxOpt9() throws Exception { + createDb(ADMIN1, DB1, DB2); + + policyFile + .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData) + .addRolesToGroup(USERGROUP1, GROUP1_ROLE); + writePolicyFile(policyFile); + + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + + // a + statement.execute("USE " + DB1); + createTable(USER1_1, DB1, dataFile, TBL1); + statement.execute("DROP VIEW IF EXISTS " + VIEW1); + statement.execute("CREATE VIEW " + VIEW1 + " (value) AS SELECT value from " + TBL1 + " LIMIT 10"); + + createTable(USER1_1, DB2, dataFile, TBL2, TBL3); + // d + statement.execute("USE " + DB1); + policyFile.removePermissionsFromRole(GROUP1_ROLE, ALL_DB2); + writePolicyFile(policyFile); + // e + // create db1.view1 as select from db2.tbl2 + statement.execute("DROP VIEW IF EXISTS " + VIEW2); + context.assertAuthzException(statement, "CREATE VIEW " + VIEW2 + + " (value) AS SELECT value from " + DB2 + "." + TBL2 + " LIMIT 10"); + // create db1.tbl2 as select from db2.tbl2 + statement.execute("DROP TABLE IF EXISTS " + TBL2); + context.assertAuthzException(statement, "CREATE TABLE " + TBL2 + + " AS SELECT value from " + DB2 + "." + TBL2 + " LIMIT 10"); + context.assertAuthzException(statement, "CREATE TABLE " + DB2 + "." + TBL2 + + " AS SELECT value from " + DB2 + "." + TBL2 + " LIMIT 10"); + + // f + policyFile.addPermissionsToRole(GROUP1_ROLE, SELECT_DB2_TBL2); + writePolicyFile(policyFile); + statement.execute("DROP VIEW IF EXISTS " + VIEW2); + statement.execute("CREATE VIEW " + VIEW2 + + " (value) AS SELECT value from " + DB2 + "." + TBL2 + " LIMIT 10"); + + // g + statement.execute("DROP VIEW IF EXISTS " + VIEW3); + context.assertAuthzException(statement, "CREATE VIEW " + VIEW3 + + " (value) AS SELECT value from " + DB2 + "." + TBL3 + " LIMIT 10"); + statement.close(); + connection.close(); + } + + /** + * Tests select on table with index. + * + * Steps: + * 1. admin user create a new database DB_1 + * 2. admin create TABLE_1 in DB_1 + * 3. admin create INDEX_1 for COLUMN_1 in TABLE_1 in DB_1 + * 4. admin user grant INSERT and SELECT to user1's group on TABLE_1 + * + * negative test case: + * a) user1 try to SELECT * FROM TABLE_1 WHERE COLUMN_1 == ... + * should NOT work + * b) user1 should not be able to check the list of view or + * index in DB_1 + * @throws Exception + */ + @Test + public void testSandboxOpt13() throws Exception { + createDb(ADMIN1, DB1); + createTable(ADMIN1, DB1, dataFile, TBL1); + createTable(ADMIN1, DB1, dataFile, TBL2); + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + statement.execute("DROP INDEX IF EXISTS " + INDEX1 + " ON " + TBL1); + statement.execute("CREATE INDEX " + INDEX1 + " ON TABLE " + TBL1 + + " (under_col) as 'COMPACT' WITH DEFERRED REBUILD"); + statement.close(); + connection.close(); + + // unrelated permission to allow user1 to connect to db1 + policyFile + .addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_TBL2) + .addRolesToGroup(USERGROUP1, GROUP1_ROLE); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + context.assertAuthzException(statement, "SELECT * FROM " + TBL1 + " WHERE under_col == 5"); + context.assertAuthzException(statement, "SHOW INDEXES ON " + TBL1); + policyFile.addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_TBL1, INSERT_DB1_TBL1, loadData); + writePolicyFile(policyFile); + statement.execute("USE " + DB1); + assertTrue(statement.execute("SELECT * FROM " + TBL1 + " WHERE under_col == 5")); + assertTrue(statement.execute("SHOW INDEXES ON " + TBL1)); + } + + /** + * Steps: + * 1. Admin user creates a new database DB_1 + * 2. Admin user grants ALL on DB_1 to group GROUP_1 + * 3. User from GROUP_1 creates table TAB_1, TAB_2 in DB_1 + * 4. Admin user grants SELECT/INSERT on TAB_1 to group GROUP_2 + * a) verify users from GROUP_2 have only SELECT/INSERT + * privileges on TAB_1. They shouldn't be able to perform + * any operation other than those listed as + * requiring SELECT in the privilege model. + * b) verify users from GROUP_2 can't perform queries + * involving join between TAB_1 and TAB_2. + * c) verify users from GROUP_1 can't perform operations + * requiring ALL @SERVER scope: + * *) create database + * *) drop database + * *) show databases + * *) show locks + * *) execute ALTER TABLE .. SET LOCATION on a table in DB_1 + * *) execute ALTER PARTITION ... SET LOCATION on a table in DB_1 + * *) execute CREATE EXTERNAL TABLE ... in DB_1 + * *) execute ADD JAR + * *) execute a query with TRANSOFORM + * @throws Exception + */ + @Test + public void testSandboxOpt17() throws Exception { + createDb(ADMIN1, DB1); + createTable(ADMIN1, DB1, dataFile, TBL1, TBL2); + + policyFile + .addRolesToGroup(USERGROUP1, "all_db1", "load_data") + .addRolesToGroup(USERGROUP2, "select_tb1") + .addPermissionsToRole("select_tb1", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=select") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) + .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.toString()); + writePolicyFile(policyFile); + + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + // c + statement.execute("USE " + DB1); + context.assertAuthzException(statement, "CREATE DATABASE " + DB3); + ResultSet rs = statement.executeQuery("SHOW DATABASES"); + assertTrue(rs.next()); + assertEquals(DB1, rs.getString(1)); + context.assertAuthzException(statement, "ALTER TABLE " + TBL1 + + " ADD PARTITION (value = 10) LOCATION '" + dataDir.getPath() + "'"); + context.assertAuthzException(statement, "ALTER TABLE " + TBL1 + + " PARTITION (value = 10) SET LOCATION '" + dataDir.getPath() + "'"); + context.assertAuthzException(statement, "CREATE EXTERNAL TABLE " + TBL3 + + " (under_col int, value string) LOCATION '" + dataDir.getPath() + "'"); + statement.close(); + connection.close(); + + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + + // a + statement.execute("USE " + DB1); + context.assertAuthzException(statement, "SELECT * FROM TABLE " + TBL2 + " LIMIT 10"); + context.assertAuthzException(statement, "EXPLAIN SELECT * FROM TABLE " + TBL2 + " WHERE under_col > 5 LIMIT 10"); + context.assertAuthzException(statement, "DESCRIBE " + TBL2); + context.assertAuthzException(statement, "LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE " + TBL2); + context.assertAuthzException(statement, "analyze table " + TBL2 + " compute statistics for columns under_col, value"); + // b + context.assertAuthzException(statement, "SELECT " + TBL1 + ".* FROM " + TBL1 + " JOIN " + TBL2 + + " ON (" + TBL1 + ".value = " + TBL2 + ".value)"); + statement.close(); + connection.close(); + } + + /** + * Positive and negative tests for INSERT OVERWRITE [LOCAL] DIRECTORY and + * LOAD DATA [LOCAL] INPATH. EXPORT/IMPORT are handled in separate junit class. + * Formerly testSandboxOpt18 + */ + @Test + public void testInsertOverwriteAndLoadData() throws Exception { + long counter = System.currentTimeMillis(); + File allowedDir = assertCreateDir(new File(baseDir, + "test-" + (counter++))); + File restrictedDir = assertCreateDir(new File(baseDir, + "test-" + (counter++))); + Path allowedDfsDir = dfs.assertCreateDir("test-" + (counter++)); + Path restrictedDfsDir = dfs.assertCreateDir("test-" + (counter++)); + //Hive needs write permissions on this local directory + baseDir.setWritable(true, false); + + createDb(ADMIN1, DB1); + createTable(ADMIN1, DB1, dataFile, TBL1); + + policyFile + .addRolesToGroup(USERGROUP1, "all_db1", "load_data") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) + .addPermissionsToRole("load_data", "server=server1->uri=file://" + allowedDir.getPath() + + ", server=server1->uri=file://" + allowedDir.getPath() + + ", server=server1->uri=" + allowedDfsDir.toString()); + writePolicyFile(policyFile); + + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + statement.execute("INSERT OVERWRITE LOCAL DIRECTORY 'file://" + allowedDir.getPath() + "' SELECT * FROM " + TBL1); + statement.execute("INSERT OVERWRITE DIRECTORY '" + allowedDfsDir + "' SELECT * FROM " + TBL1); + statement.execute("LOAD DATA LOCAL INPATH 'file://" + allowedDir.getPath() + "' INTO TABLE " + TBL1); + statement.execute("LOAD DATA INPATH '" + allowedDfsDir + "' INTO TABLE " + TBL1); + context.assertAuthzException(statement, "INSERT OVERWRITE LOCAL DIRECTORY 'file://" + restrictedDir.getPath() + "' SELECT * FROM " + TBL1); + context.assertAuthzException(statement, "INSERT OVERWRITE DIRECTORY '" + restrictedDfsDir + "' SELECT * FROM " + TBL1); + context.assertAuthzException(statement, "LOAD DATA INPATH 'file://" + restrictedDir.getPath() + "' INTO TABLE " + TBL1); + context.assertAuthzException(statement, "LOAD DATA LOCAL INPATH 'file://" + restrictedDir.getPath() + "' INTO TABLE " + TBL1); + statement.close(); + connection.close(); + } + + /** + * test create table as with cross database ref + * @throws Exception + */ + @Test + public void testSandboxOpt10() throws Exception { + String rTab1 = "rtab_1"; + String rTab2 = "rtab_2"; + + createDb(ADMIN1, DB1, DB2); + createTable(ADMIN1, DB1, dataFile, TBL1); + createTable(ADMIN1, DB2, dataFile, TBL2, TBL3); + + policyFile + .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, SELECT_DB2_TBL2, loadData) + .addRolesToGroup(USERGROUP1, GROUP1_ROLE); + writePolicyFile(policyFile); + + // a + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + statement.execute("CREATE TABLE " + rTab1 + " AS SELECT * FROM " + DB2 + "." + TBL2); + // user1 doesn't have access to db2, so following create table as should fail + context.assertAuthzException(statement, "CREATE TABLE " + rTab2 + " AS SELECT * FROM " + DB2 + "." + TBL3); + + statement.close(); + connection.close(); + } + + // Create per-db policy file on hdfs and global policy on local. + @Test + public void testPerDbPolicyOnDFS() throws Exception { + File db2PolicyFileHandle = new File(baseDir.getPath(), DB2_POLICY_FILE); + + PolicyFile db2PolicyFile = new PolicyFile(); + db2PolicyFile + .addRolesToGroup(USERGROUP2, "select_tbl2") + .addPermissionsToRole("select_tbl2", "server=server1->db=" + DB2 + "->table=tbl2->action=select") + .write(db2PolicyFileHandle); + PolicyFiles.copyFilesToDir(fileSystem, dfs.getBaseDir(), db2PolicyFileHandle); + + // setup db objects needed by the test + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + statement.execute("CREATE TABLE tbl1(B INT, A STRING) " + + " row format delimited fields terminated by '|' stored as textfile"); + statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl1"); + statement.execute("CREATE DATABASE " + DB2); + statement.execute("USE " + DB2); + statement.execute("CREATE TABLE tbl2(B INT, A STRING) " + + " row format delimited fields terminated by '|' stored as textfile"); + statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl2"); + statement.close(); + connection.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "select_tbl1") + .addRolesToGroup(USERGROUP2, "select_tbl2") + .addPermissionsToRole("select_tbl1", "server=server1->db=" + DB1 + "->table=tbl1->action=select") + .addDatabase(DB2, dfs.getBaseDir().toUri().toString() + "/" + DB2_POLICY_FILE); + writePolicyFile(policyFile); + + // test per-db file for db2 + + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + // test user2 can use db2 + statement.execute("USE " + DB2); + statement.execute("select * from tbl2"); + + statement.close(); + connection.close(); + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestSentryOnFailureHookLoading.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestSentryOnFailureHookLoading.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestSentryOnFailureHookLoading.java new file mode 100644 index 0000000..f1fd15e --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestSentryOnFailureHookLoading.java @@ -0,0 +1,134 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.hive; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.FileOutputStream; +import java.sql.Connection; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.HashMap; +import java.util.Map; + +import org.junit.Assert; + +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.sentry.binding.hive.conf.HiveAuthzConf; +import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +import com.google.common.io.Resources; + +public class TestSentryOnFailureHookLoading extends AbstractTestWithHiveServer { + + private Context context; + private PolicyFile policyFile; + + Map<String, String > testProperties; + private static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat"; + + @Before + public void setup() throws Exception { + testProperties = new HashMap<String, String>(); + testProperties.put(HiveAuthzConf.AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(), + DummySentryOnFailureHook.class.getName()); + testProperties.put(HiveConf.ConfVars.METASTORE_AUTO_CREATE_ALL.varname, "true"); + policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); + } + + @After + public void teardown() throws Exception { + if (context != null) { + context.close(); + } + } + + /* Admin creates database DB_2 + * user1 tries to drop DB_2, but it has permissions for DB_1. + */ + @Test + public void testOnFailureHookLoading() throws Exception { + + // Do not run this test if run with external HiveServer2 + // This test checks for a static member, which will not + // be set if HiveServer2 and the test run in different JVMs + String hiveServer2Type = System.getProperty( + HiveServerFactory.HIVESERVER2_TYPE); + if (hiveServer2Type != null && + !HiveServerFactory.isInternalServer(HiveServerFactory.HiveServer2Type + .valueOf(hiveServer2Type.trim()))) { + return; + } + + context = createContext(testProperties); + + File dataDir = context.getDataDir(); + //copy data file to test dir + File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); + FileOutputStream to = new FileOutputStream(dataFile); + Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); + to.close(); + + policyFile + .addRolesToGroup(USERGROUP1, "all_db1", "load_data") + .addPermissionsToRole("all_db1", "server=server1->db=DB_1") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()) + .write(context.getPolicyFile()); + + // setup db objects needed by the test + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE"); + statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE"); + statement.execute("CREATE DATABASE DB_1"); + statement.execute("CREATE DATABASE DB_2"); + statement.close(); + connection.close(); + + // test execution + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + + //negative test case: user can't drop another user's database + assertFalse(DummySentryOnFailureHook.invoked); + try { + statement.execute("DROP DATABASE DB_2 CASCADE"); + Assert.fail("Expected SQL exception"); + } catch (SQLException e) { + assertTrue(DummySentryOnFailureHook.invoked); + } + + statement.close(); + connection.close(); + + //test cleanup + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("DROP DATABASE DB_1 CASCADE"); + statement.execute("DROP DATABASE DB_2 CASCADE"); + statement.close(); + connection.close(); + context.close(); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java new file mode 100644 index 0000000..f489b63 --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestServerConfiguration.java @@ -0,0 +1,265 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.hive; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.FileOutputStream; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.Map; + +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.conf.HiveConf.ConfVars; +import org.apache.sentry.binding.hive.conf.HiveAuthzConf; +import org.apache.sentry.binding.hive.v2.HiveAuthzBindingSessionHookV2; +import org.apache.sentry.binding.hive.v2.SentryAuthorizerFactory; +import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +import com.google.common.base.Charsets; +import com.google.common.collect.Maps; + +public class TestServerConfiguration extends AbstractTestWithHiveServer { + + // Context is created inside individual test cases, because the + // test cases for server configuration are properties based. + private static Context context; + private static Map<String, String> properties; + private PolicyFile policyFile; + + @Before + public void setupPolicyFile() throws Exception { + properties = Maps.newHashMap(); + properties.put(HiveConf.ConfVars.METASTORE_AUTO_CREATE_ALL.varname, "true"); + policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); + } + + @After + public void tearDown() throws Exception { + if(context != null) { + context.close(); + } + + if(hiveServer != null) { + hiveServer.shutdown(); + hiveServer = null; + } + } + + /** + * hive.server2.enable.impersonation must be disabled + */ + @Test + public void testImpersonationIsDisabled() throws Exception { + properties.put(HiveServerFactory.ACCESS_TESTING_MODE, "false"); + properties.put("hive.server2.enable.impersonation", "true"); + verifyInvalidConfigurationException(properties); + } + + /** + * hive.server2.authentication must be set to LDAP or KERBEROS + */ + @Test + public void testAuthenticationIsStrong() throws Exception { + properties.put(HiveServerFactory.ACCESS_TESTING_MODE, "false"); + properties.put("hive.server2.authentication", "NONE"); + verifyInvalidConfigurationException(properties); + } + + private void verifyInvalidConfigurationException(Map<String, String> properties) throws Exception{ + context = createContext(properties); + policyFile + .setUserGroupMapping(StaticUserGroup.getStaticMapping()) + .write(context.getPolicyFile()); + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + try { + statement.execute("create table test (a string)"); + Assert.fail("Expected SQLException"); + } catch (SQLException e) { + context.verifyInvalidConfigurationException(e); + } finally { + if (context != null) { + context.close(); + } + } + } + + /** + * Test removal of policy file + */ + @Test + public void testRemovalOfPolicyFile() throws Exception { + context = createContext(properties); + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + try { + statement.execute("DROP TABLE IF EXISTS test CASCADE"); + statement.execute("create table test (a string)"); + Assert.fail("Expected SQLException"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + } + + /** + * Test corruption of policy file + */ + @Test + public void testCorruptionOfPolicyFile() throws Exception { + context = createContext(properties); + File policyFile = context.getPolicyFile(); + FileOutputStream out = new FileOutputStream(policyFile); + out.write("this is not valid".getBytes(Charsets.UTF_8)); + out.close(); + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + try { + statement.execute("DROP TABLE IF EXISTS test CASCADE"); + statement.execute("create table test (a string)"); + Assert.fail("Expected SQLException"); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + } + + @Test + public void testAddDeleteDFSRestriction() throws Exception { + context = createContext(properties); + policyFile + .addRolesToGroup(USERGROUP1, "all_db1") + .addRolesToGroup(USERGROUP2, "select_tb1") + .addPermissionsToRole("select_tb1", "server=server1->db=db_1->table=tbl_1->action=select") + .addPermissionsToRole("all_db1", "server=server1->db=db_1") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()) + .write(context.getPolicyFile()); + + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + + // disallow external executables. The external.exec is set to false by session hooks + context.assertAuthzException(statement, "ADD JAR /usr/lib/hive/lib/hbase.jar"); + context.assertAuthzException(statement, "ADD FILE /tmp/tt.py"); + context.assertAuthzException(statement, "DFS -ls"); + context.assertAuthzException(statement, "DELETE JAR /usr/lib/hive/lib/hbase.jar"); + context.assertAuthzException(statement, "DELETE FILE /tmp/tt.py"); + statement.close(); + connection.close(); + } + + /** + * Test that the required access configs are set by session hook + */ + @Test + public void testAccessConfigRestrictions() throws Exception { + context = createContext(properties); + policyFile + .setUserGroupMapping(StaticUserGroup.getStaticMapping()) + .write(context.getPolicyFile()); + + String testUser = USER1_1; + // verify the config is set correctly by session hook + verifyConfig(testUser, ConfVars.HIVE_AUTHORIZATION_ENABLED.varname, "true"); + verifyConfig(testUser, ConfVars.HIVE_SERVER2_ENABLE_DOAS.varname, "false"); + verifyConfig(testUser, ConfVars.HIVE_AUTHENTICATOR_MANAGER.varname, + "org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator"); + verifyConfig(testUser, ConfVars.HIVE_AUTHORIZATION_MANAGER.varname, + SentryAuthorizerFactory.class.getName()); + verifyConfig(testUser, ConfVars.HIVE_CAPTURE_TRANSFORM_ENTITY.varname, "true"); + verifyConfig(testUser, ConfVars.HIVE_SECURITY_COMMAND_WHITELIST.varname, "set"); + verifyConfig(testUser, ConfVars.SCRATCHDIRPERMISSION.varname, + HiveAuthzBindingSessionHookV2.SCRATCH_DIR_PERMISSIONS); + verifyConfig(testUser, HiveConf.ConfVars.HIVE_CONF_RESTRICTED_LIST.varname, + HiveAuthzBindingSessionHookV2.ACCESS_RESTRICT_LIST); + verifyConfig(testUser, HiveAuthzConf.HIVE_ACCESS_SUBJECT_NAME, testUser); + } + + private void verifyConfig(String userName, String confVar, String expectedValue) throws Exception { + Connection connection = context.createConnection(userName); + Statement statement = context.createStatement(connection); + statement.execute("set " + confVar); + ResultSet res = statement.getResultSet(); + assertTrue(res.next()); + String configValue = res.getString(1); + assertNotNull(configValue); + String restrictListValues = (configValue.split("="))[1]; + assertFalse(restrictListValues.isEmpty()); + for (String restrictConfig: expectedValue.split(",")) { + assertTrue(restrictListValues.toLowerCase().contains(restrictConfig.toLowerCase())); + } + + } + + /** + * Test access to default DB with explicit privilege requirement + * Admin should be able to run use default with server level access + * User with db level access should be able to run use default + * User with table level access should be able to run use default + * User with no access to default db objects, should NOT be able run use default + * @throws Exception + */ + @Test + public void testDefaultDbRestrictivePrivilege() throws Exception { + properties.put(HiveAuthzConf.AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "true"); + context = createContext(properties); + + policyFile + .addRolesToGroup(USERGROUP1, "all_default") + .addRolesToGroup(USERGROUP2, "select_default") + .addRolesToGroup(USERGROUP3, "all_db1") + .addPermissionsToRole("all_default", "server=server1->db=default") + .addPermissionsToRole("select_default", "server=server1->db=default->table=tab_2->action=select") + .addPermissionsToRole("all_db1", "server=server1->db=DB_1") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()) + .write(context.getPolicyFile()); + + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("use default"); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("use default"); + + connection = context.createConnection(USER2_1); + statement = context.createStatement(connection); + statement.execute("use default"); + + connection = context.createConnection(USER3_1); + statement = context.createStatement(connection); + try { + // user3 doesn't have any implicit permission for default + statement.execute("use default"); + assertFalse("user3 shouldn't be able switch to default", true); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + context.close(); + } + +}
