Repository: sentry Updated Branches: refs/heads/master 5a648880c -> 3dbfe8811 (forced update)
SENTRY-1346: add a test case into hdfs acl e2e suite to test a db.tbl wit out partition, can take more than certain number groups. (Anne Yu, reviewed by Haohao). Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/3dbfe881 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/3dbfe881 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/3dbfe881 Branch: refs/heads/master Commit: 3dbfe881130a81b14ad57d298fc361cd8f5c5d76 Parents: 8b8442b Author: Anne Yu <[email protected]> Authored: Mon Jun 20 17:16:41 2016 -0700 Committer: Anne Yu <[email protected]> Committed: Tue Jun 21 09:33:56 2016 -0700 ---------------------------------------------------------------------- .../sentry/tests/e2e/hdfs/TestDbHdfsBase.java | 28 ++++++++++++++-- .../tests/e2e/hdfs/TestDbHdfsMaxGroups.java | 35 ++++++++++++++++++++ 2 files changed, 61 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/3dbfe881/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestDbHdfsBase.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestDbHdfsBase.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestDbHdfsBase.java index 44ce575..e545c37 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestDbHdfsBase.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestDbHdfsBase.java @@ -44,7 +44,7 @@ import org.junit.BeforeClass; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalToIgnoringCase; -import static org.hamcrest.Matchers.lessThanOrEqualTo; +import static org.hamcrest.Matchers.lessThan; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; @@ -231,7 +231,7 @@ public abstract class TestDbHdfsBase extends AbstractTestWithStaticConfiguration } break; } - assertThat(retry, lessThanOrEqualTo(NUM_RETRIES_FOR_ACLS)); + assertThat(retry, lessThan(NUM_RETRIES_FOR_ACLS)); if (recursive && fileSystem.getFileStatus(path).isDirectory()) { FileStatus[] children = fileSystem.listStatus(path); for (FileStatus fs : children) { @@ -329,6 +329,30 @@ public abstract class TestDbHdfsBase extends AbstractTestWithStaticConfiguration } } + /** + * Create test database and table with location pointing + * to testPathLoc without partitions + * @param db + * @param tbl + * @throws Exception + */ + protected void dropRecreateDbTblNoPar(String db, String tbl) throws Exception { + Connection connection = context.createConnection(ADMIN1); + Statement statement = connection.createStatement(); + exec(statement, "DROP DATABASE IF EXISTS " + db + " CASCADE"); + exec(statement, "CREATE DATABASE " + db); + exec(statement, "USE " + db); + exec(statement, "CREATE TABLE " + tbl + "(number INT, value STRING)"); + exec(statement, "INSERT INTO TABLE " + tbl + " VALUES (1, 'test1')"); + exec(statement, "SELECT * FROM " + tbl); + if (statement != null) { + statement.close(); + } + if (connection != null ) { + connection.close(); + } + } + protected static void kinitFromKeytabFile (String user, String keyTabFile) throws IOException { Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", authenticationType); http://git-wip-us.apache.org/repos/asf/sentry/blob/3dbfe881/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestDbHdfsMaxGroups.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestDbHdfsMaxGroups.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestDbHdfsMaxGroups.java index 623ed5d..6dd03d5 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestDbHdfsMaxGroups.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestDbHdfsMaxGroups.java @@ -194,4 +194,39 @@ public class TestDbHdfsMaxGroups extends TestDbHdfsBase { // column level perm should not syncup acls to any db, tbl and par paths verifyNoAclRecursive(colacls, extDbDir, true); } + + /** + * Test Db and tbl level acls are synced up to db, tbl (no partitions) + * @throws Exception + */ + @Test + public void testIntDbTblMaxAclsWithGroupsNoPar() throws Exception { + final String TEST_DB = "test_hdfs_max_group_int_nopar_db"; + String extDbDir = Path.getPathWithoutSchemeAndAuthority(new Path(metastoreDir)) + + "/" + TEST_DB + ".db"; + LOGGER.info("extDbDir = " + extDbDir); + dropRecreateDbTblNoPar(TEST_DB, TEST_TBL); + + String tblPathLoc = extDbDir + "/" + TEST_TBL; + LOGGER.info("tblPathLoc = " + tblPathLoc); + Connection connection = context.createConnection(ADMIN1); + Statement statement = connection.createStatement(); + exec(statement, "USE " + TEST_DB); + dropRecreateRole(statement, TEST_ROLE1); + exec(statement, "GRANT SELECT ON TABLE " + TEST_TBL + " TO ROLE " + TEST_ROLE1); + + List<AclEntry> dbacls = new ArrayList<>(); + List<AclEntry> tblacls = new ArrayList<>(); + for (int i = 0; i < MAX_NUM_OF_GROUPS; i ++) { + String tblgrp = "tblgrp" + String.valueOf(i); + tblacls.add(AclEntry.parseAclEntry("group:" + tblgrp + ":r-x", true)); + exec(statement, "GRANT ROLE " + TEST_ROLE1 + " TO GROUP " + tblgrp); + } + context.close(); + + // tbl level privileges should sync up acls to tbl and par paths + verifyAclsRecursive(tblacls, tblPathLoc, true); + // tbl level privileges should not sync up acls to db path + verifyNoAclRecursive(tblacls, extDbDir, false); + } }
