http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java new file mode 100644 index 0000000..35870c3 --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbColumnLevelMetaDataOps.java @@ -0,0 +1,374 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.dbprovider; + +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.Statement; + +import org.apache.hive.service.cli.HiveSQLException; +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.apache.sentry.tests.e2e.hive.PrivilegeResultSet; + +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Contains tests for meta data operations with column level privileges + */ +public class TestDbColumnLevelMetaDataOps extends AbstractTestWithStaticConfiguration { + private static final Logger LOGGER = LoggerFactory. + getLogger(TestDbColumnLevelMetaDataOps.class); + + private static final String TEST_COL_METADATA_OPS_DB = "test_col_metadata_ops_db"; + private static final String TEST_COL_METADATA_OPS_TB = "test_col_metadata_ops_tb"; + private static final String TEST_COL_METADATA_OPS_ROLE = "test_col_metadata_ops_role"; + + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception{ + LOGGER.info("TestColumnEndToEnd setupTestStaticConfiguration"); + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + + @Override + @Before + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); + createTestData(); + } + private static Statement statement = null; + private static Connection connection = null; + + private static void establishSession(String user) throws Exception{ + if (statement != null) { + statement.close(); + } + if (connection != null) { + connection.close(); + } + connection = context.createConnection(user); + statement = context.createStatement(connection); + } + + /** + * Create test database, table and role + * and grant column level privilege + * @throws Exception + */ + private void createTestData() throws Exception { + establishSession(ADMIN1); + statement.execute("CREATE DATABASE " + TEST_COL_METADATA_OPS_DB); + statement.execute("USE " + TEST_COL_METADATA_OPS_DB); + statement.execute("CREATE TABLE " + TEST_COL_METADATA_OPS_TB + + " (privileged STRING, unprivileged INT) partitioned by (privileged_par STRING, unprivileged_par INT)"); + statement.execute("INSERT INTO TABLE " + TEST_COL_METADATA_OPS_TB + + " PARTITION(privileged_par = 'privileged_par', unprivileged_par = 1) VALUES ('test1', 1)"); + + statement.execute("CREATE ROLE " + TEST_COL_METADATA_OPS_ROLE); + statement.execute("GRANT SELECT(privileged) ON TABLE " + TEST_COL_METADATA_OPS_TB + " TO ROLE " + TEST_COL_METADATA_OPS_ROLE); + statement.execute("GRANT ROLE " + TEST_COL_METADATA_OPS_ROLE + " TO GROUP " + USERGROUP1); + + PrivilegeResultSet prset = new PrivilegeResultSet(statement, "SHOW GRANT ROLE " + + TEST_COL_METADATA_OPS_ROLE + " ON DATABASE " + TEST_COL_METADATA_OPS_DB); + LOGGER.info("SHOW GRANT : " + prset.toString()); + prset.verifyResultSetColumn("table", TEST_COL_METADATA_OPS_TB); + prset.verifyResultSetColumn("column", "privileged"); + prset.verifyResultSetColumn("privilege", "select"); + } + + private ResultSet executeQueryWithLog(String query) throws Exception { + ResultSet rs; + try { + LOGGER.info("Running " + query); + rs = statement.executeQuery(query); + return rs; + } catch (HiveSQLException ex) { + LOGGER.error("Privilege exception occurs when running : " + query); + throw ex; + } + } + + private void validateFiltersInaccessibleColumns(String query, String colMetaField, String user, + String privileged) throws Exception { + establishSession(user); + statement.execute("USE " + TEST_COL_METADATA_OPS_DB); + ResultSet rs = executeQueryWithLog(query); + int numColumns = 0; + while (rs.next()) { + String val = rs.getString(colMetaField); + numColumns++; + // Relax validation for now: + // user with any select privilege can perform metadata operations, + // even though it might show some columns which he doesn't have privileges + assertTrue("Can access non privileged column", val.equalsIgnoreCase(privileged)); + } + rs.close(); + assertTrue("Looks like we accessed more columns than needed", numColumns == 1); + } + + private void validateShowsAllColumns(String query, String colMetaField, String user, + String privileged, String unprivileged) throws Exception { + establishSession(user); + statement.execute("USE " + TEST_COL_METADATA_OPS_DB); + ResultSet rs = executeQueryWithLog(query); + boolean found = false; + while (rs.next()) { + String val = rs.getString(colMetaField); + // Relax validation for now: + // user with any select privilege can perform metadata operations, + // even though it might show some columns which he doesn't have privileges + //assertFalse("column unprivileged shouldn't be shown in result", + // val.equalsIgnoreCase("unprivileged")); + if (val.equalsIgnoreCase("unprivileged")) { + LOGGER.warn("column unprivileged related metadata info is not disabled from result"); + } + if (val.toLowerCase().contains(privileged)) { + LOGGER.info("detected privileged column information: " + privileged); + found = true; + } else if (val.toLowerCase().contains(unprivileged)) { + LOGGER.warn("detected unexpected column information: " + unprivileged); + } + } + rs.close(); + assertTrue("failed to detect column privileged from result", found); + } + + private void validateShowsAllColumns(String query, String colMetaField, String user) throws Exception { + validateShowsAllColumns(query, colMetaField, user, "privileged", "unprivileged"); + } + + + private void validateSemanticException(String query, String user) throws Exception { + establishSession(user); + try { + LOGGER.info("Running " + query); + statement.execute(query); + fail("failed to throw SemanticException"); + } catch (Exception ex) { + String err = "Exception No valid privileges"; + assertTrue("failed to detect " + err + "\n" + ex.getMessage(), + ex.getMessage().contains("Exception No valid privileges")); + } + } + + /** + * Test with column level privilege + * user can NOT "show table extended" + */ + @Test + public void testShowExtended() throws Exception { + String query = "SHOW TABLE EXTENDED IN " + TEST_COL_METADATA_OPS_DB + + " like '" + TEST_COL_METADATA_OPS_TB + "'"; + // with column level privileges, user can not do show extended + validateSemanticException(query, USER1_1); + // negative test, without any privileges, user can not do it also + validateSemanticException(query, USER2_1); + } + + /** + * Test with column level privileges, + * user can list all columns for now + */ + @Test + public void testShowColumns() throws Exception { + String query = "SHOW COLUMNS IN " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + // with column level privileges, user can show columns + validateFiltersInaccessibleColumns(query, "field", USER1_1, "privileged"); + // without column/table level privileges, any user can NOT show columns + validateSemanticException(query, USER2_1); + } + + /** + * Test SHOW TBLPROPERTIES requires table level privileges + * @throws Exception + */ + @Test + public void testShowProperties() throws Exception { + String query = "SHOW TBLPROPERTIES " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + validateSemanticException(query, USER1_1); + validateSemanticException(query, USER2_1); + } + + /** + * Test with column level select privilege, + * user can do "describe table" + */ + @Test + public void testDescribeTable() throws Exception { + String query = "DESCRIBE " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + // with column level privilege, user can describe table, but columns are not filtered for now + validateShowsAllColumns(query, "col_name", USER1_1); + // without column/table level privileges, any user can NOT describe table + validateSemanticException(query, USER2_1); + + // only with table level privileges user can describe extended/formatted + query = "DESCRIBE EXTENDED " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + validateSemanticException(query, USER1_1); + validateSemanticException(query, USER2_1); + + query = "DESCRIBE EXTENDED " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB + " s"; + validateSemanticException(query, USER1_1); + validateSemanticException(query, USER2_1); + + query = "DESCRIBE FORMATTED " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + validateSemanticException(query, USER1_1); + validateSemanticException(query, USER2_1); + + query = "DESCRIBE FORMATTED " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB + " s"; + validateSemanticException(query, USER1_1); + validateSemanticException(query, USER2_1); + } + + /** + * Test with column level select privilege, + * user can only do "explain select column"; + * any other select requires table level privileges + * @throws Exception + */ + @Ignore("After fix SENTRY-849, should enable this test") + @Test + public void testExplainSelect() throws Exception { + String query = "EXPLAIN SELECT privileged FROM " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + // With column level privilege, user can explain select column + validateShowsAllColumns(query, "Explain", USER1_1); + // Without column/table level privilege, user can NOT explain select column + validateSemanticException(query, USER2_1); + + // user can NOT explain select unprivileged column + query = "EXPLAIN SELECT unprivileged FROM " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + validateSemanticException(query, USER1_1); + validateSemanticException(query, USER2_1); + + query = "EXPLAIN SELECT * FROM " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + validateSemanticException(query, USER1_1); + validateSemanticException(query, USER2_1); + + query = "EXPLAIN SELECT count(*) FROM " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + validateSemanticException(query, USER1_1); + validateSemanticException(query, USER2_1); + + query = "EXPLAIN SELECT * FROM (SELECT privileged AS c FROM " + + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB + " union all select unprivileged as c from " + + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB + ") subq1 order by c"; + validateSemanticException(query, USER1_1); + validateSemanticException(query, USER2_1); + } + + /** + * Test if add a new column and grant privilege, + * user1 needs explicit grant on new column to access this column + */ + @Test + public void testShowNewColumn() throws Exception { + String colName = "newcol"; + establishSession(ADMIN1); + statement.execute("USE " + TEST_COL_METADATA_OPS_DB); + statement.execute("ALTER TABLE " + TEST_COL_METADATA_OPS_TB + " ADD COLUMNS (" + colName + " STRING)"); + + String query = "SHOW COLUMNS IN " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + establishSession(USER1_1); + statement.execute("USE " + TEST_COL_METADATA_OPS_DB); + ResultSet rs = executeQueryWithLog(query); + boolean found = false; + while (rs.next() && !found) { + String val = rs.getString("field"); + LOGGER.info("found " + val); + if (val.equalsIgnoreCase(colName)) { + found = true; + } + } + assertTrue("Should not have implicit access to new column " + colName, !found); + rs.close(); + + establishSession(ADMIN1); + statement.execute("USE " + TEST_COL_METADATA_OPS_DB); + statement.execute("GRANT SELECT(" + colName + ") ON TABLE " + TEST_COL_METADATA_OPS_TB + " TO ROLE " + TEST_COL_METADATA_OPS_ROLE); + + establishSession(USER1_1); + statement.execute("USE " + TEST_COL_METADATA_OPS_DB); + rs = executeQueryWithLog(query); + found = false; + while (rs.next() && !found) { + String val = rs.getString("field"); + LOGGER.info("found " + val); + if (val.equalsIgnoreCase(colName)) { + found = true; + } + } + assertTrue("Should have implicit access to new column " + colName, found); + rs.close(); + validateSemanticException(query, USER2_1); + } + + /** + * Grant user column level privileges, show partitions + * should list user's granted columns + * @throws Exception + */ + @Ignore("After fix SENTRY-898, turn on this test") + @Test + public void testShowPartitions() throws Exception { + final String PAR_ROLE_NAME = TEST_COL_METADATA_OPS_ROLE + "_2"; + + establishSession(ADMIN1); + statement.execute("USE " + TEST_COL_METADATA_OPS_DB); + statement.execute("CREATE ROLE " + PAR_ROLE_NAME); + statement.execute("GRANT SELECT(privileged_par) ON TABLE " + TEST_COL_METADATA_OPS_TB + " TO ROLE " + PAR_ROLE_NAME); + statement.execute("GRANT ROLE " + PAR_ROLE_NAME + " TO GROUP " + USERGROUP1); + + String query = "SHOW PARTITIONS " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + validateFiltersInaccessibleColumns(query, "partition", USER1_1, "privileged_par"); + } + + /** + * Requires table level privileges + */ + @Test + public void testShowTblProperties() throws Exception { + String query = "SHOW TBLPROPERTIES " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + validateSemanticException(query, USER1_1); + } + + /** + * Requires table level privileges + */ + @Test + public void testShowCreateTable() throws Exception { + String query = "SHOW CREATE TABLE " + TEST_COL_METADATA_OPS_DB + "." + TEST_COL_METADATA_OPS_TB; + validateSemanticException(query, USER1_1); + } + + /** + * Requires table level privileges + */ + @Test + public void testTableExtendLike() throws Exception { + String query = "SHOW TABLE EXTENDED IN " + TEST_COL_METADATA_OPS_DB + " LIKE " + TEST_COL_METADATA_OPS_TB; + validateSemanticException(query, USER1_1); + } +}
http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java new file mode 100644 index 0000000..8ee93cc --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java @@ -0,0 +1,314 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.dbprovider; + +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; + +import java.util.ArrayList; +import java.util.List; + +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertFalse; + +import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; + +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class TestDbComplexView extends AbstractTestWithStaticConfiguration { + + private static final Logger LOGGER = LoggerFactory + .getLogger(TestDbComplexView.class); + + private static final String TEST_VIEW_DB = "test_complex_view_database"; + private static final String TEST_VIEW_TB = "test_complex_view_table"; + private static final String TEST_VIEW_TB2 = "test_complex_view_table_2"; + private static final String TEST_VIEW = "test_complex_view"; + private static final String TEST_VIEW_ROLE = "test_complex_view_role"; + + /** + * Run query and validate one column with given column name + * @param user + * @param sql + * @param db + * @param colName + * @param colVal + * @return + * @throws Exception + */ + private static boolean execValidate(String user, String sql, String db, + String colName, String colVal) throws Exception { + boolean status = false; + Connection conn = null; + Statement stmt = null; + try { + conn = context.createConnection(user); + stmt = context.createStatement(conn); + LOGGER.info("Running [USE " + db + ";" + sql + "] to validate column " + colName + " = " + colVal); + stmt.execute("USE " + db); + ResultSet rset = stmt.executeQuery(sql); + while (rset.next()) { + String val = rset.getString(colName); + if (val.equalsIgnoreCase(colVal)) { + LOGGER.info("found [" + colName + "] = " + colVal); + status = true; + break; + } else { + LOGGER.warn("[" + colName + "] = " + val + " not equal to " + colVal); + } + } + rset.close(); + } catch (SQLException ex) { + LOGGER.error("SQLException: ", ex); + } catch (Exception ex) { + LOGGER.error("Exception: ", ex); + } finally { + try { + if (stmt != null) { + stmt.close(); + } + if (conn != null) { + conn.close(); + } + } catch (Exception ex) { + LOGGER.error("failed to close connection and statement: " + ex); + } + } + return status; + } + + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + + @Override + @Before + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); + PolicyFile.setAdminOnServer1(ADMINGROUP); + + // prepare test db and base table + List<String> sqls = new ArrayList<String>(); + sqls.add("USE DEFAULT"); + sqls.add("DROP DATABASE IF EXISTS " + TEST_VIEW_DB + " CASCADE"); + sqls.add("CREATE DATABASE IF NOT EXISTS " + TEST_VIEW_DB); + sqls.add("USE " + TEST_VIEW_DB); + sqls.add("CREATE TABLE " + TEST_VIEW_TB + " (userid VARCHAR(64), link STRING, source STRING) " + + "PARTITIONED BY (datestamp STRING) CLUSTERED BY (userid) INTO 256 BUCKETS STORED AS ORC"); + sqls.add("INSERT INTO TABLE " + TEST_VIEW_TB + " PARTITION (datestamp = '2014-09-23') VALUES " + + "('tlee', " + "'mail.com', 'sports.com'), ('jdoe', 'mail.com', null)"); + sqls.add("SELECT userid FROM " + TEST_VIEW_TB); + sqls.add("CREATE TABLE " + TEST_VIEW_TB2 + " (userid VARCHAR(64), name VARCHAR(64), age INT, " + + "gpa DECIMAL(3, 2)) CLUSTERED BY (age) INTO 2 BUCKETS STORED AS ORC"); + sqls.add("INSERT INTO TABLE " + TEST_VIEW_TB2 + " VALUES ('rgates', 'Robert Gates', 35, 1.28), " + + "('tlee', 'Tod Lee', 32, 2.32)"); + sqls.add("SELECT * FROM " + TEST_VIEW_TB2); + execBatch(ADMIN1, sqls); + } + + private void createTestRole(String user, String roleName) throws Exception { + Connection conn = context.createConnection(user); + Statement stmt = conn.createStatement(); + try { + exec(stmt, "DROP ROLE " + roleName); + } catch (Exception ex) { + LOGGER.info("test role doesn't exist, but it's ok"); + } finally { + exec(stmt, "CREATE ROLE " + roleName); + } + if (stmt != null) { + stmt.close(); + } + if (conn != null) { + conn.close(); + } + } + + private void grantAndValidatePrivilege(String testView, String testRole, String testGroup, + String user, boolean revoke) throws Exception { + createTestRole(ADMIN1, testRole); + List<String> sqls = new ArrayList<String>(); + + // grant privilege + sqls.add("USE " + TEST_VIEW_DB); + sqls.add("GRANT SELECT ON TABLE " + testView + " TO ROLE " + testRole); + sqls.add("GRANT ROLE " + testRole + " TO GROUP " + testGroup); + execBatch(ADMIN1, sqls); + + // show grant should pass and could list view + assertTrue("can not find select privilege from " + testRole, + execValidate(ADMIN1, "SHOW GRANT ROLE " + testRole + " ON TABLE " + testView, + TEST_VIEW_DB, "privilege", "select")); + assertTrue("can not find " + testView, + execValidate(user, "SHOW TABLES", TEST_VIEW_DB, "tab_name", testView)); + + // select from view should pass + sqls.clear(); + sqls.add("USE " + TEST_VIEW_DB); + sqls.add("SELECT * FROM " + testView); + execBatch(user, sqls); + + if (revoke) { + // revoke privilege + sqls.clear(); + sqls.add("USE " + TEST_VIEW_DB); + sqls.add("REVOKE SELECT ON TABLE " + testView + " FROM ROLE " + testRole); + execBatch(ADMIN1, sqls); + + // shouldn't be able to show grant + assertFalse("should not find select from " + testRole, + execValidate(ADMIN1, "SHOW GRANT ROLE " + testRole + " ON TABLE " + testView, + TEST_VIEW_DB, "privilege", "select")); + + // select from view should fail + sqls.clear(); + sqls.add("USE " + TEST_VIEW_DB); + sqls.add("SELECT * FROM " + testView); + try { + execBatch(user, sqls); + } catch (SQLException ex) { + LOGGER.info("Expected SQLException here", ex); + } + } + } + + private void grantAndValidatePrivilege(String testView, String testRole, + String testGroup, String user) throws Exception { + grantAndValidatePrivilege(testView, testRole, testGroup, user, true); + } + /** + * Create view1 and view2 from view1 + * Grant and validate select privileges to both views + * @throws Exception + */ + @Test + public void testDbViewFromView() throws Exception { + List<String> sqls = new ArrayList<String>(); + // create a simple view + sqls.add("USE " + TEST_VIEW_DB); + sqls.add("CREATE VIEW " + TEST_VIEW + + "(userid,link) AS SELECT userid,link from " + TEST_VIEW_TB); + + // create another view from the previous view + String testView2 = "view1_from_" + TEST_VIEW; + //String testRole2 = testView2 + "_test_role"; + sqls.add(String.format("CREATE VIEW %s AS SELECT userid,link from %s", + testView2, TEST_VIEW)); + + String testView3 = "view2_from_" + TEST_VIEW; + sqls.add(String.format("CREATE VIEW %s(userid,link) AS SELECT userid,link from %s", + testView3, TEST_VIEW)); + + execBatch(ADMIN1, sqls); + + // validate privileges + grantAndValidatePrivilege(TEST_VIEW, TEST_VIEW_ROLE, USERGROUP1, USER1_1); + //grantAndValidatePrivilege(testView2, testRole2, USERGROUP2, USER2_1); + + // Disabled because of SENTRY-745, also need to backport HIVE-10875 + //grantAndValidatePrivilege(testView3, testRole3, USERGROUP3, USER3_1); + } + + /** + * Create a view by join two tables + * Grant and verify select privilege + * @throws Exception + */ + @Test + public void TestDbViewWithJoin() throws Exception { + List<String> sqls = new ArrayList<String>(); + // create a joint view + sqls.add("USE " + TEST_VIEW_DB); + sqls.add(String.format("create view %s as select name,age,gpa from %s join %s on " + + "(%s.userid=%s.userid) where name='Tod Lee'", TEST_VIEW, TEST_VIEW_TB2, + TEST_VIEW_TB, TEST_VIEW_TB2, TEST_VIEW_TB)); + execBatch(ADMIN1, sqls); + + // validate privileges + grantAndValidatePrivilege(TEST_VIEW, TEST_VIEW_ROLE, USERGROUP1, USER1_1); + } + + /** + * Create a view with nested query + * Grant and verify select privilege + * @throws Exception + * SENTRY-716: Hive plugin does not correctly enforce + * privileges for new in case of nested queries + * Once backport HIVE-10875 to Sentry repo, will enable this test. + */ + @Ignore ("After SENTRY-716 is fixed, turn on this test") + @Test + public void TestDbViewWithNestedQuery() throws Exception { + List<String> sqls = new ArrayList<String>(); + // create a joint view + sqls.add("USE " + TEST_VIEW_DB); + sqls.add("CREATE VIEW " + TEST_VIEW + " AS SELECT * FROM " + TEST_VIEW_TB); + execBatch(ADMIN1, sqls); + grantAndValidatePrivilege(TEST_VIEW, TEST_VIEW_ROLE, USERGROUP1, USER1_1, false); + + sqls.clear(); + sqls.add("USE " + TEST_VIEW_DB); + sqls.add("SELECT * FROM (SELECT * FROM " + TEST_VIEW + ") v2"); + execBatch(USER1_1, sqls); + } + + /** + * Create a view with union two tables + * Grant and verify select privilege + * @throws Exception + * SENTRY-747: Create a view by union tables, grant select + * then select from view encounter errors + * Once backport HIVE-10875 to Sentry repo, will enable this test. + */ + @Ignore ("After SENTRY-747 is fixed, turn on this test") + @Test + public void TestDbViewWithUnion() throws Exception { + List<String> sqls = new ArrayList<String>(); + String testTable = "test_user_info"; + sqls.add("USE " + TEST_VIEW_DB); + sqls.add("DROP TABLE IF EXISTS " + testTable); + sqls.add("CREATE TABLE " + testTable + " (userid VARCHAR(64), name STRING, address STRING, tel STRING) "); + sqls.add("INSERT INTO TABLE " + testTable + " VALUES " + + "('tlee', " + "'Tod Lee', '1234 23nd Ave SFO, CA', '123-456-7890')"); + sqls.add("SELECT * FROM " + testTable); + sqls.add(String.format("CREATE VIEW " + TEST_VIEW + " AS " + + "SELECT u.userid, u.name, u.address, res.uid " + + "FROM (" + + "SELECT t1.userid AS uid " + + "FROM %s t1 " + + "UNION ALL " + + "SELECT t2.userid AS uid " + + "FROM %s t2 " + + ") res JOIN %s u ON (u.userid = res.uid)", + TEST_VIEW_TB, TEST_VIEW_TB2, testTable)); + execBatch(ADMIN1, sqls); + grantAndValidatePrivilege(TEST_VIEW, TEST_VIEW_ROLE, USERGROUP1, USER1_1); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java new file mode 100644 index 0000000..65103fc --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbConnections.java @@ -0,0 +1,150 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.tests.e2e.dbprovider; + +import static org.junit.Assert.*; + +import java.sql.Connection; +import java.sql.Statement; + +import org.apache.sentry.provider.db.SentryAccessDeniedException; +import org.apache.sentry.provider.db.SentryAlreadyExistsException; +import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +public class TestDbConnections extends AbstractTestWithStaticConfiguration { + + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + + @Override + @Before + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); + PolicyFile.setAdminOnServer1(ADMINGROUP); + } + + /** + * Currently the hive binding opens a new server connection for each + * statement. This test verifies that the client connection is closed properly + * at the end. Test Queries, DDLs, Auth DDLs and metadata filtering (eg show + * tables/databases) + * @throws Exception + */ + @Test + public void testClientConnections() throws Exception { + String roleName = "connectionTest"; + long preConnectionClientId; + // Connect through user admin1. + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + + assertEquals(0, getSentrySrv().getNumActiveClients()); + + preConnectionClientId = getSentrySrv().getTotalClients(); + statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE"); + statement.execute("CREATE DATABASE DB_1"); + statement.execute("USE DB_1"); + assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + // Verify that client connection is closed after DDLs. + preConnectionClientId = getSentrySrv().getTotalClients(); + statement.execute("CREATE TABLE t1 (c1 string)"); + assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + // Verify that client connection is closed after queries. + preConnectionClientId = getSentrySrv().getTotalClients(); + statement.execute("SELECT * FROM t1"); + assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + // Verify client invocation via metastore filter. + preConnectionClientId = getSentrySrv().getTotalClients(); + statement.executeQuery("show tables"); + assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + // Verify that client connection is closed after drop table. + preConnectionClientId = getSentrySrv().getTotalClients(); + statement.execute("DROP TABLE t1"); + assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + // Verify that client connection is closed after auth DDL. + preConnectionClientId = getSentrySrv().getTotalClients(); + statement.execute("CREATE ROLE " + roleName); + assertEquals(0, getSentrySrv().getNumActiveClients()); + assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + + context.assertSentryException(statement, "CREATE ROLE " + roleName, + SentryAlreadyExistsException.class.getSimpleName()); + assertEquals(0, getSentrySrv().getNumActiveClients()); + statement.execute("DROP ROLE " + roleName); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + // Verify client invocation via metastore filter + preConnectionClientId = getSentrySrv().getTotalClients(); + statement.executeQuery("show tables"); + // There are no tables, so auth check does not happen + // sentry will create connection to get privileges for cache + assertTrue(preConnectionClientId <= getSentrySrv().getTotalClients()); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + statement.close(); + connection.close(); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + // Connect through user user1_1. + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + // Verify that client connection is closed after statement auth error. + preConnectionClientId = getSentrySrv().getTotalClients(); + context.assertAuthzException(statement, "USE DB_1"); + assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + // Verify that client connection is closed after auth DDL error. + preConnectionClientId = getSentrySrv().getTotalClients(); + context.assertSentryException(statement, "CREATE ROLE " + roleName, + SentryAccessDeniedException.class.getSimpleName()); + assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + // Verify that client invocation via metastore filter. + preConnectionClientId = getSentrySrv().getTotalClients(); + statement.executeQuery("show databases"); + assertTrue(preConnectionClientId < getSentrySrv().getTotalClients()); + assertEquals(0, getSentrySrv().getNumActiveClients()); + + statement.close(); + connection.close(); + assertEquals(0, getSentrySrv().getNumActiveClients()); + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbCrossDbOps.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbCrossDbOps.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbCrossDbOps.java new file mode 100644 index 0000000..0aa166c --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbCrossDbOps.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.dbprovider; + +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.apache.sentry.tests.e2e.hive.TestCrossDbOps; +import org.junit.Before; +import org.junit.BeforeClass; + +/* Tests privileges at table scope with cross database access */ + +public class TestDbCrossDbOps extends TestCrossDbOps { + + @Override + @Before + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); + } + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception{ + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java new file mode 100644 index 0000000..ffc37c4 --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbDDLAuditLog.java @@ -0,0 +1,293 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.dbprovider; + +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import java.sql.Connection; +import java.sql.Statement; +import java.util.HashMap; +import java.util.Map; + +import org.apache.log4j.Level; +import org.apache.log4j.Logger; +import org.apache.sentry.provider.db.log.appender.AuditLoggerTestAppender; +import org.apache.sentry.provider.db.log.util.CommandUtil; +import org.apache.sentry.provider.db.log.util.Constants; +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.codehaus.jettison.json.JSONObject; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; + +public class TestDbDDLAuditLog extends AbstractTestWithStaticConfiguration { + + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + Logger logger = Logger.getLogger("sentry.hive.authorization.ddl.logger"); + AuditLoggerTestAppender testAppender = new AuditLoggerTestAppender(); + logger.addAppender(testAppender); + logger.setLevel(Level.INFO); + } + + @Override + @Before + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); + } + + @Test + @Ignore + public void testBasic() throws Exception { + String roleName = "testRole"; + String groupName = "testGroup"; + String dbName = "dbTest"; + String tableName = "tableTest"; + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + Map<String, String> fieldValueMap = new HashMap<String, String>(); + + // for success audit log + statement.execute("CREATE ROLE " + roleName); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_CREATE_ROLE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "CREATE ROLE " + roleName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + + statement.execute("GRANT ROLE " + roleName + " TO GROUP " + groupName); + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_ADD_ROLE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT ROLE " + roleName + " TO GROUP " + + groupName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + + statement.execute("create database " + dbName); + statement.execute("use " + dbName); + statement.execute("CREATE TABLE " + tableName + " (c1 string)"); + statement.execute("GRANT ALL ON DATABASE " + dbName + " TO ROLE " + roleName); + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT ALL ON DATABASE " + dbName + + " TO ROLE " + roleName); + fieldValueMap.put(Constants.LOG_FIELD_DATABASE_NAME, dbName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + + statement.execute("GRANT SELECT ON TABLE " + tableName + " TO ROLE " + roleName + + " WITH GRANT OPTION"); + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT SELECT ON TABLE " + tableName + + " TO ROLE " + roleName + " WITH GRANT OPTION"); + fieldValueMap.put(Constants.LOG_FIELD_TABLE_NAME, tableName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + + // for error audit log + try { + statement.execute("CREATE ROLE " + roleName); + fail("Exception should have been thrown"); + } catch (Exception e) { + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_CREATE_ROLE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "CREATE ROLE " + roleName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + } + try { + statement.execute("GRANT ROLE errorROLE TO GROUP " + groupName); + fail("Exception should have been thrown"); + } catch (Exception e) { + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_ADD_ROLE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT ROLE errorROLE TO GROUP " + + groupName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + } + try { + statement.execute("GRANT ALL ON DATABASE " + dbName + " TO ROLE errorRole"); + fail("Exception should have been thrown"); + } catch (Exception e) { + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT ALL ON DATABASE " + dbName + + " TO ROLE errorRole"); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + } + try { + statement.execute("GRANT INSERT ON DATABASE " + dbName + " TO ROLE errorRole"); + fail("Exception should have been thrown"); + } catch (Exception e) { + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT INSERT ON DATABASE " + dbName + + " TO ROLE errorRole"); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + } + try { + statement.execute("GRANT SELECT ON DATABASE " + dbName + " TO ROLE errorRole"); + fail("Exception should have been thrown"); + } catch (Exception e) { + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT SELECT ON DATABASE " + dbName + + " TO ROLE errorRole"); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + } + try { + statement.execute("GRANT SELECT ON TABLE " + tableName + " TO ROLE errorRole"); + fail("Exception should have been thrown"); + } catch (Exception e) { + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT SELECT ON TABLE " + tableName + + " TO ROLE errorRole"); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + } + + statement.execute("REVOKE SELECT ON TABLE " + tableName + " FROM ROLE " + roleName); + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "REVOKE SELECT ON TABLE " + tableName + + " FROM ROLE " + roleName); + fieldValueMap.put(Constants.LOG_FIELD_TABLE_NAME, tableName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + + statement.execute("REVOKE ALL ON DATABASE " + dbName + " FROM ROLE " + roleName); + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "REVOKE ALL ON DATABASE " + dbName + + " FROM ROLE " + roleName); + fieldValueMap.put(Constants.LOG_FIELD_DATABASE_NAME, dbName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + + statement.execute("REVOKE ROLE " + roleName + " FROM GROUP " + groupName); + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DELETE_ROLE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "REVOKE ROLE " + roleName + + " FROM GROUP " + groupName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + + statement.execute("DROP ROLE " + roleName); + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DROP_ROLE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "DROP ROLE " + roleName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + + // for error audit log + try { + statement.execute("REVOKE SELECT ON TABLE " + tableName + " FROM ROLE errorRole"); + fail("Exception should have been thrown"); + } catch (Exception e) { + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "REVOKE SELECT ON TABLE " + tableName + + " FROM ROLE errorRole"); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + } + + try { + statement.execute("REVOKE ALL ON DATABASE " + dbName + " FROM ROLE errorRole"); + fail("Exception should have been thrown"); + } catch (Exception e) { + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "REVOKE ALL ON DATABASE " + dbName + + " FROM ROLE errorRole"); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + } + + try { + statement.execute("REVOKE ROLE errorRole FROM GROUP " + groupName); + fail("Exception should have been thrown"); + } catch (Exception e) { + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DELETE_ROLE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "REVOKE ROLE errorRole FROM GROUP " + + groupName); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + } + + try { + statement.execute("DROP ROLE errorRole"); + fail("Exception should have been thrown"); + } catch (Exception e) { + fieldValueMap.clear(); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DROP_ROLE); + fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "DROP ROLE errorRole"); + fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); + fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); + assertAuditLog(fieldValueMap); + } + + statement.close(); + connection.close(); + } + + private void assertAuditLog(Map<String, String> fieldValueMap) throws Exception { + assertThat(AuditLoggerTestAppender.getLastLogLevel(), is(Level.INFO)); + JSONObject jsonObject = new JSONObject(AuditLoggerTestAppender.getLastLogEvent()); + if (fieldValueMap != null) { + for (Map.Entry<String, String> entry : fieldValueMap.entrySet()) { + String entryKey = entry.getKey(); + if (Constants.LOG_FIELD_IP_ADDRESS.equals(entryKey)) { + assertTrue(CommandUtil.assertIPInAuditLog(jsonObject.get(entryKey).toString())); + } else { + assertTrue(entry.getValue().equalsIgnoreCase(jsonObject.get(entryKey).toString())); + } + } + } + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java new file mode 100644 index 0000000..d9f30e0 --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java @@ -0,0 +1,251 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.dbprovider; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.FileOutputStream; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.Statement; + +import org.apache.sentry.provider.db.SentryAccessDeniedException; +import org.apache.sentry.provider.file.PolicyFile; +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +import com.google.common.io.Resources; + +public class TestDbEndToEnd extends AbstractTestWithStaticConfiguration { + private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat"; + private File dataFile; + + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception{ + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + + @Override + @Before + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); + dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); + FileOutputStream to = new FileOutputStream(dataFile); + Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); + to.close(); + PolicyFile.setAdminOnServer1(ADMINGROUP); + } + + @Test + public void testBasic() throws Exception { + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("DROP TABLE IF EXISTS t1"); + statement.execute("CREATE TABLE t1 (c1 string)"); + statement.execute("CREATE ROLE user_role"); + statement.execute("GRANT SELECT ON TABLE t1 TO ROLE user_role"); + statement.execute("GRANT ROLE user_role TO GROUP " + USERGROUP1); + statement.close(); + connection.close(); + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + context.assertSentryException(statement, "CREATE ROLE r2", + SentryAccessDeniedException.class.getSimpleName()); + // test default of ALL + statement.execute("SELECT * FROM t1"); + // test a specific role + statement.execute("SET ROLE user_role"); + statement.execute("SELECT * FROM t1"); + + /** Dissabling test : see https://issues.apache.org/jira/browse/HIVE-6629 + // test NONE + statement.execute("SET ROLE NONE"); + context.assertAuthzException(statement, "SELECT * FROM t1"); + */ + + // test ALL + statement.execute("SET ROLE ALL"); + statement.execute("SELECT * FROM t1"); + statement.close(); + connection.close(); + } + + @Test + public void testNonDefault() throws Exception { + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + statement.execute("CREATE database " + DB1); + statement.execute("USE " + DB1); + statement.execute("CREATE TABLE t1 (c1 string)"); + statement.execute("CREATE ROLE user_role"); + statement.execute("GRANT SELECT ON TABLE t1 TO ROLE user_role"); + statement.execute("GRANT ROLE user_role TO GROUP " + USERGROUP1); + statement.close(); + connection.close(); + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + + statement.execute("SELECT * FROM " + DB1 + ".t1"); + statement.close(); + connection.close(); + } + + @Test + public void testUPrivileges() throws Exception { + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("DROP TABLE IF EXISTS t1"); + statement.execute("CREATE TABLE t1 (c1 string)"); + statement.execute("CREATE ROLE user_role"); + statement.execute("CREATE ROLE uri_role"); + statement.execute("GRANT SELECT ON URI 'file://" + dataDir.getPath() + + "' TO ROLE uri_role"); + statement.execute("GRANT INSERT ON TABLE t1 TO ROLE user_role"); + + statement.execute("GRANT ROLE user_role TO GROUP " + USERGROUP1); + statement.execute("GRANT ROLE uri_role TO GROUP " + USERGROUP1); + + ResultSet resultSet = statement.executeQuery("SHOW GRANT ROLE uri_role"); + assertTrue(resultSet.next()); + assertEquals("file://" + dataDir.getPath(), resultSet.getString(1)); + resultSet.close(); + + resultSet = statement.executeQuery("SHOW GRANT ROLE user_role"); + assertTrue(resultSet.next()); + assertEquals("default", resultSet.getString(1)); + assertEquals("t1", resultSet.getString(2)); + resultSet.close(); + + statement.close(); + connection.close(); + + } + + + +/** + * Steps: + * 1. admin create a new experimental database + * 2. admin create a new production database, create table, load data + * 3. admin grant privilege all@'experimental database' to usergroup1 + * 4. user create table, load data in experimental DB + * 5. user create view based on table in experimental DB + * 6. admin create table (same name) in production DB + * 7. admin grant [email protected] to group + * admin grant [email protected] to group + * 8. user load data from experimental table to production table + */ + @Test + public void testEndToEnd1() throws Exception { + + String tableName1 = "tb_1"; + String tableName2 = "tb_2"; + String viewName1 = "view_1"; + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + // 1 + statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + statement.execute("CREATE DATABASE " + DB1); + // 2 + statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE"); + statement.execute("CREATE DATABASE " + DB2); + statement.execute("USE " + DB2); + statement.execute("DROP TABLE IF EXISTS " + DB2 + "." + tableName1); + statement.execute("DROP TABLE IF EXISTS " + DB2 + "." + tableName2); + statement.execute("create table " + DB2 + "." + tableName1 + + " (under_col int comment 'the under column', value string)"); + statement.execute("create table " + DB2 + "." + tableName2 + + " (under_col int comment 'the under column', value string)"); + statement.execute("load data local inpath '" + dataFile.getPath() + + "' into table " + tableName2); + + // 3 + statement.execute("CREATE ROLE all_db1"); + statement.execute("GRANT ALL ON DATABASE " + DB1 + " TO ROLE all_db1"); + + statement.execute("CREATE ROLE select_tb1"); + statement.execute("CREATE ROLE insert_tb1"); + statement.execute("CREATE ROLE insert_tb2"); + statement.execute("CREATE ROLE data_uri"); + + statement.execute("USE " + DB2); + statement.execute("GRANT INSERT ON TABLE " + tableName1 + + " TO ROLE insert_tb1"); + statement.execute("GRANT INSERT ON TABLE " + tableName2 + + " TO ROLE insert_tb2"); + statement.execute("GRANT ALL ON URI 'file://" + dataDir.getPath() + + "' TO ROLE data_uri"); + + statement.execute("USE " + DB1); + statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + tableName1); + statement.execute("create table " + DB1 + "." + tableName1 + + " (under_col int comment 'the under column', value string)"); + statement.execute("GRANT SELECT ON TABLE " + tableName1 + + " TO ROLE select_tb1"); + + statement + .execute("GRANT ROLE all_db1, select_tb1, insert_tb1, insert_tb2, data_uri TO GROUP " + + USERGROUP1); + + statement.close(); + connection.close(); + + // 4 + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + tableName1); + statement.execute("create table " + DB1 + "." + tableName1 + + " (under_col int comment 'the under column', value string)"); + statement.execute("load data local inpath '" + dataFile.getPath() + + "' into table " + tableName1); + + // 5 + statement.execute("CREATE VIEW " + viewName1 + " (value) AS SELECT value from " + tableName1 + " LIMIT 10"); + statement.close(); + connection.close(); + + // 7 + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + tableName1); + statement.execute("create table " + DB1 + "." + tableName1 + + " (under_col int comment 'the under column', value string)"); + statement.close(); + connection.close(); + + // 8 + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB2); + + statement.execute("INSERT OVERWRITE TABLE " + + DB2 + "." + tableName2 + " SELECT * FROM " + DB1 + + "." + tableName1); + statement.close(); + connection.close(); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbExportImportPrivileges.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbExportImportPrivileges.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbExportImportPrivileges.java new file mode 100644 index 0000000..43064ee --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbExportImportPrivileges.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.dbprovider; + +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.apache.sentry.tests.e2e.hive.TestExportImportPrivileges; +import org.junit.Before; +import org.junit.BeforeClass; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class TestDbExportImportPrivileges extends TestExportImportPrivileges { + private static final Logger LOGGER = LoggerFactory. + getLogger(TestDbExportImportPrivileges.class); + @Override + @Before + public void setup() throws Exception { + LOGGER.info("TestDbExportImportPrivileges setup"); + super.setupAdmin(); + super.setup(); + } + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + LOGGER.info("TestDbExportImportPrivileges setupTestStaticConfiguration"); + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbJDBCInterface.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbJDBCInterface.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbJDBCInterface.java new file mode 100644 index 0000000..a26e90a --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbJDBCInterface.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.dbprovider; + +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.apache.sentry.tests.e2e.hive.TestJDBCInterface; +import org.junit.Before; +import org.junit.BeforeClass; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class TestDbJDBCInterface extends TestJDBCInterface { + private static final Logger LOGGER = LoggerFactory. + getLogger(TestDbJDBCInterface.class); + @Override + @Before + public void setup() throws Exception { + LOGGER.info("TestDbJDBCInterface setup"); + super.setupAdmin(); + super.setup(); + } + + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + LOGGER.info("TestDbJDBCInterface setupTestStaticConfiguration"); + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataObjectRetrieval.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataObjectRetrieval.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataObjectRetrieval.java new file mode 100644 index 0000000..ec99b30 --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataObjectRetrieval.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.dbprovider; + +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.apache.sentry.tests.e2e.hive.TestMetadataObjectRetrieval; +import org.junit.Before; +import org.junit.BeforeClass; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class TestDbMetadataObjectRetrieval extends TestMetadataObjectRetrieval { + private static final Logger LOGGER = LoggerFactory + .getLogger(TestDbMetadataObjectRetrieval.class); + @Override + @Before + public void setup() throws Exception { + LOGGER.info("TestDbMetadataObjectRetrieval setup"); + super.setupAdmin(); + super.setup(); + } + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + LOGGER.info("TestDbMetadataObjectRetrieval setupTestStaticConfiguration"); + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataPermissions.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataPermissions.java new file mode 100644 index 0000000..97b0e06 --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataPermissions.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.dbprovider; + +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.apache.sentry.tests.e2e.hive.TestMetadataPermissions; +import org.junit.Before; +import org.junit.BeforeClass; + +public class TestDbMetadataPermissions extends TestMetadataPermissions { + @Override + @Before + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); + } + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMovingToProduction.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMovingToProduction.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMovingToProduction.java new file mode 100644 index 0000000..cd27a4f --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMovingToProduction.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.tests.e2e.dbprovider; + +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.apache.sentry.tests.e2e.hive.TestMovingToProduction; +import org.junit.Before; +import org.junit.BeforeClass; + +public class TestDbMovingToProduction extends TestMovingToProduction { + @Override + @Before + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); + } + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbOperations.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbOperations.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbOperations.java new file mode 100644 index 0000000..3fab344 --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbOperations.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.tests.e2e.dbprovider; + +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.apache.sentry.tests.e2e.hive.TestOperations; +import org.junit.Before; +import org.junit.BeforeClass; + +public class TestDbOperations extends TestOperations{ + @Override + @Before + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); + } + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/bfb354f2/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeAtTransform.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeAtTransform.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeAtTransform.java new file mode 100644 index 0000000..1bb82ed --- /dev/null +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeAtTransform.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.tests.e2e.dbprovider; + +import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; +import org.apache.sentry.tests.e2e.hive.TestPrivilegeAtTransform; +import org.junit.Before; +import org.junit.BeforeClass; + +public class TestDbPrivilegeAtTransform extends TestPrivilegeAtTransform { + @Override + @Before + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); + } + @BeforeClass + public static void setupTestStaticConfiguration() throws Exception { + useSentryService = true; + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + + } +}
