Repository: sentry Updated Branches: refs/heads/sentry-ha-redesign 6d8214e70 -> 9652979cf
SENTRY-1134: Add user defined udf test case (Ke Jia, reviewed Dapeng Sun, Anne Yu) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/9652979c Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/9652979c Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/9652979c Branch: refs/heads/sentry-ha-redesign Commit: 9652979cfa3d25b491cc168f109395f7e8ab9527 Parents: 6d8214e Author: Alexander Kolbasov <[email protected]> Authored: Mon Jan 23 10:24:46 2017 -0800 Committer: Alexander Kolbasov <[email protected]> Committed: Tue Jan 24 21:55:26 2017 -0800 ---------------------------------------------------------------------- .../e2e/hive/TestPrivilegesAtFunctionScope.java | 32 +++++++++++++++++++- .../apache/sentry/tests/e2e/hive/TestUDF.java | 29 ++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/9652979c/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java index ef7a86c..61fecc7 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java @@ -83,6 +83,9 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticConfigu if(udfLocation == null) { udfLocation = udfSrc.getLocation().getPath(); } + String udf1ClassName = "org.apache.sentry.tests.e2e.hive.TestUDF"; + CodeSource udf1Src = Class.forName(udf1ClassName).getProtectionDomain().getCodeSource(); + String udf1Location = udf1Src.getLocation().getPath(); Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); @@ -96,17 +99,44 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticConfigu context.close(); policyFile - .addRolesToGroup(USERGROUP1, "db1_all", "UDF_JAR", "data_read") + .addRolesToGroup(USERGROUP1, "db1_all", "UDF1_JAR", "UDF_JAR", "data_read") .addRolesToGroup(USERGROUP2, "db1_tab1", "UDF_JAR") .addRolesToGroup(USERGROUP3, "db1_tab1") .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) .addPermissionsToRole("db1_tab1", "server=server1->db=" + DB1 + "->table=" + tableName1) .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://" + udfLocation) + .addPermissionsToRole("UDF1_JAR", "server=server1->uri=file://" + udf1Location) .addPermissionsToRole("data_read", "server=server1->URI=" + "file:///tmp"); writePolicyFile(policyFile); } @Test + public void testCreateUdf() throws Exception { + setUpContext(); + // user1 should be able create/drop temp functions + Connection connection = context.createConnection(USER1_1); + Statement statement = context.createStatement(connection); + statement.execute("USE " + DB1); + + statement.execute("CREATE TEMPORARY FUNCTION test_1 AS 'org.apache.sentry.tests.e2e.hive.TestUDF'"); + statement.close(); + connection.close(); + + // user3 shouldn't be able to create/drop temp functions since it doesn't have permission for jar + connection = context.createConnection(USER3_1); + statement = context.createStatement(connection); + statement.execute("USE " + DB1); + try { + statement.execute("CREATE TEMPORARY FUNCTION test_2 AS 'org.apache.sentry.tests.e2e.hive.TestUDF'"); + assertFalse("CREATE TEMPORARY FUNCTION should fail for user3", true); + } catch (SQLException e) { + context.verifyAuthzException(e); + } + statement.close(); + connection.close(); + } + + @Test public void testAndVerifyFuncPrivilegesPart1() throws Exception { setUpContext(); // user1 should be able create/drop temp functions http://git-wip-us.apache.org/repos/asf/sentry/blob/9652979c/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUDF.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUDF.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUDF.java new file mode 100644 index 0000000..0cd0cf5 --- /dev/null +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUDF.java @@ -0,0 +1,29 @@ +/* +* Licensed to the Apache Software Foundation (ASF) under one or more +* contributor license agreements. See the NOTICE file distributed with +* this work for additional information regarding copyright ownership. +* The ASF licenses this file to You under the Apache License, Version 2.0 +* (the "License"); you may not use this file except in compliance with +* the License. You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package org.apache.sentry.tests.e2e.hive; + +import org.apache.hadoop.hive.ql.exec.UDF; +import org.apache.hadoop.io.Text; + + +public final class TestUDF extends UDF { + + public Text evaluate(final Text s) { + if (s == null) { return null; } + return new Text(s.toString().toUpperCase()); + } +}
