Repository: incubator-sentry Updated Branches: refs/heads/master 437e6c4dc -> 1abc8db22
SENTRY-336: Fix test failures on real cluster (Sravya Tirukkovalur via Jarek Jarcec Cecho) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/1abc8db2 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/1abc8db2 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/1abc8db2 Branch: refs/heads/master Commit: 1abc8db22b55d8c0e090080dda6c70c144b09e59 Parents: 437e6c4 Author: Jarek Jarcec Cecho <[email protected]> Authored: Fri Jul 25 14:42:13 2014 -0700 Committer: Jarek Jarcec Cecho <[email protected]> Committed: Fri Jul 25 14:42:52 2014 -0700 ---------------------------------------------------------------------- .../AbstractTestWithStaticConfiguration.java | 22 ++++++++++- .../e2e/hive/TestExportImportPrivileges.java | 14 +++---- .../sentry/tests/e2e/hive/TestOperations.java | 10 ++++- .../e2e/hive/TestPrivilegesAtFunctionScope.java | 30 ++++++++------- .../sentry/tests/e2e/hive/TestSandboxOps.java | 35 +++++++----------- .../tests/e2e/hive/TestUriPermissions.java | 39 +++++++++++--------- .../e2e/hive/hiveserver/HiveServerFactory.java | 2 +- 7 files changed, 89 insertions(+), 63 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1abc8db2/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java index dbc01f9..31d8172 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java @@ -105,6 +105,7 @@ public abstract class AbstractTestWithStaticConfiguration { protected static final String SERVER_HOST = "localhost"; private static final String EXTERNAL_SENTRY_SERVICE = "sentry.e2etest.external.sentry"; + protected static final String EXTERNAL_HIVE_LIB = "sentry.e2etest.hive.lib"; protected static boolean policy_on_hdfs = false; protected static boolean useSentryService = false; @@ -119,6 +120,7 @@ public abstract class AbstractTestWithStaticConfiguration { protected static File policyFileLocation; protected static HiveServer hiveServer; protected static FileSystem fileSystem; + protected static HiveServerFactory.HiveServer2Type hiveServer2Type; protected static DFS dfs; protected static Map<String, String> properties; protected static SentryService sentryServer; @@ -196,9 +198,12 @@ public abstract class AbstractTestWithStaticConfiguration { fileSystem = dfs.getFileSystem(); String policyURI; + + //TODO: We can probably get rid of this. PolicyFile policyFile = PolicyFile.setAdminOnServer1(ADMIN1) .setUserGroupMapping(StaticUserGroup.getStaticMapping()); policyFile.write(policyFileLocation); + if (policy_on_hdfs) { String dfsUri = fileSystem.getDefaultUri(fileSystem.getConf()).toString(); LOGGER.error("dfsUri " + dfsUri); @@ -213,11 +218,26 @@ public abstract class AbstractTestWithStaticConfiguration { setupSentryService(); } - hiveServer = HiveServerFactory.create(properties, baseDir, confDir, logDir, policyURI, fileSystem); + hiveServer = create(properties, baseDir, confDir, logDir, policyURI, fileSystem); hiveServer.start(); createContext(); } + public static HiveServer create(Map<String, String> properties, + File baseDir, File confDir, File logDir, String policyFile, + FileSystem fileSystem) throws Exception { + String type = properties.get(HiveServerFactory.HIVESERVER2_TYPE); + if(type == null) { + type = System.getProperty(HiveServerFactory.HIVESERVER2_TYPE); + } + if(type == null) { + type = HiveServerFactory.HiveServer2Type.InternalHiveServer2.name(); + } + hiveServer2Type = HiveServerFactory.HiveServer2Type.valueOf(type.trim()); + return HiveServerFactory.create(hiveServer2Type, properties, + baseDir, confDir, logDir, policyFile, fileSystem); + } + protected void writePolicyFile(PolicyFile policyFile) throws Exception{ policyFile.write(context.getPolicyFile()); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1abc8db2/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java index b6c985e..eaf3816 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java @@ -41,6 +41,8 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticConfigurat Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); } @Test @@ -54,7 +56,6 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticConfigurat .addRolesToGroup(USERGROUP2, "db1_read", "db1_write") .addPermissionsToRole("db1_write", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT") .addPermissionsToRole("db1_read", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()) .addPermissionsToRole("data_dump", "server=server1->URI=" + dumpDir); writePolicyFile(policyFile); @@ -93,6 +94,10 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticConfigurat Connection connection = null; Statement statement = null; String exportDir = dfs.getBaseDir() + "/hive_export1"; + dropDb(ADMIN1, DB1); + createDb(ADMIN1, DB1); + createTable(ADMIN1, DB1, dataFile, TBL1); + policyFile .addRolesToGroup(USERGROUP1, "tab1_read", "tab1_write", "db1_all", "data_read", "data_export") .addRolesToGroup(USERGROUP2, "tab1_write", "tab1_read") @@ -100,14 +105,9 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticConfigurat .addPermissionsToRole("tab1_read", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT") .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile.getPath()) - .addPermissionsToRole("data_export", "server=server1->URI=" + exportDir) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addPermissionsToRole("data_export", "server=server1->URI=" + exportDir); writePolicyFile(policyFile); - dropDb(ADMIN1, DB1); - createDb(ADMIN1, DB1); - createTable(ADMIN1, DB1, dataFile, TBL1); - // Negative test, user2 doesn't have access to the file being loaded connection = context.createConnection(USER2_1); statement = context.createStatement(connection); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1abc8db2/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java index 23e91f0..ae6b33d 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java @@ -270,6 +270,7 @@ public class TestOperations extends AbstractTestWithStaticConfiguration { statement.execute("ALTER TABLE tb1 CLUSTERED BY (a) SORTED BY (a) INTO 1 BUCKETS"); statement.execute("ALTER TABLE tb1 TOUCH"); statement.execute("ALTER TABLE tb1 ENABLE NO_DROP"); + statement.execute("ALTER TABLE tb1 DISABLE NO_DROP"); statement.execute("ALTER TABLE tb1 DISABLE OFFLINE"); statement.execute("ALTER TABLE tb1 SET FILEFORMAT RCFILE"); @@ -292,7 +293,14 @@ public class TestOperations extends AbstractTestWithStaticConfiguration { statement.execute("CREATE INDEX tb1_index ON TABLE tb1 (a) AS 'COMPACT' WITH DEFERRED REBUILD"); //statement.execute("ALTER INDEX tb1_index ON tb1 REBUILD"); statement.execute("ALTER TABLE tb1 RENAME TO tb2"); - statement.execute("DROP TABLE db1.tb1"); + + //Drop of the new tablename works only when Hive meta store syncs the alters with the sentry privileges. + //This is currently not set for pseudo cluster runs + if( hiveServer2Type.equals(HiveServerFactory.HiveServer2Type.UnmanagedHiveServer2)) { + statement.execute("DROP TABLE db1.tb2"); + } else { + statement.execute("DROP TABLE db1.tb1"); + } statement.close(); connection.close(); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1abc8db2/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java index ccb5550..1e1978d 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java @@ -46,7 +46,8 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticConfigu Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); - + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); } /** @@ -61,22 +62,15 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticConfigu String tableName1 = "tb_1"; String udfClassName = "org.apache.hadoop.hive.ql.udf.generic.GenericUDFPrintf"; CodeSource udfSrc = Class.forName(udfClassName).getProtectionDomain().getCodeSource(); - policyFile - .addRolesToGroup(USERGROUP1, "db1_all", "UDF_JAR") - .addRolesToGroup(USERGROUP2, "db1_tab1", "UDF_JAR") - .addRolesToGroup(USERGROUP3, "db1_tab1") - .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1) - .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1) - .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://" + udfSrc.getLocation().getPath()) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - + String udfLocation = System.getProperty(EXTERNAL_HIVE_LIB); + if(udfLocation == null) { + udfLocation = udfSrc.getLocation().getPath(); + } Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE"); statement.execute("CREATE DATABASE " + dbName1); statement.execute("USE " + dbName1); - statement.execute("DROP TABLE IF EXISTS " + dbName1 + "." + tableName1); statement.execute("create table " + dbName1 + "." + tableName1 + " (under_col int comment 'the under column', value string)"); statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE " @@ -85,6 +79,15 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticConfigu statement.execute("DROP TEMPORARY FUNCTION IF EXISTS printf_test_2"); context.close(); + policyFile + .addRolesToGroup(USERGROUP1, "db1_all", "UDF_JAR") + .addRolesToGroup(USERGROUP2, "db1_tab1", "UDF_JAR") + .addRolesToGroup(USERGROUP3, "db1_tab1") + .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1) + .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1) + .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://" + udfLocation); + writePolicyFile(policyFile); + // user1 should be able create/drop temp functions connection = context.createConnection(USER1_1); statement = context.createStatement(connection); @@ -144,8 +147,7 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticConfigu .addRolesToGroup(USERGROUP3, "db1_tab1") .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1) .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1) - .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2"); writePolicyFile(policyFile); Connection connection = context.createConnection(ADMIN1); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1abc8db2/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java index 021f5d2..8710cd3 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java @@ -48,6 +48,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); loadData = "server=server1->uri=file://" + dataFile.getPath(); } @@ -55,8 +57,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { policyFile .addPermissionsToRole("db1_all", "server=server1->db=db1") .addPermissionsToRole("db2_all", "server=server1->db=db2") - .addRolesToGroup(USERGROUP1, "db1_all", "db2_all") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addRolesToGroup(USERGROUP1, "db1_all", "db2_all"); return policyFile; } /** @@ -101,9 +102,6 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { */ @Test public void testAdminDbPrivileges() throws Exception { - policyFile - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); String dbName = "db1"; @@ -136,8 +134,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { public void testNegativeUserDMLPrivileges() throws Exception { policyFile .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2") - .addRolesToGroup(USERGROUP1, "db1_tab2_all") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addRolesToGroup(USERGROUP1, "db1_tab2_all"); writePolicyFile(policyFile); Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); @@ -182,8 +179,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { .addRolesToGroup(USERGROUP1, "db1_all") .addRolesToGroup(USERGROUP2, "db1_tab1_select") .addPermissionsToRole("db1_tab1_select", "server=server1->db=db1->table=table_1->action=select") - .addPermissionsToRole("db1_all", "server=server1->db=db1") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addPermissionsToRole("db1_all", "server=server1->db=db1"); writePolicyFile(policyFile); // create dbs Connection adminCon = context.createConnection(ADMIN1); @@ -257,8 +253,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { policyFile .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData) - .addRolesToGroup(USERGROUP1, GROUP1_ROLE) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addRolesToGroup(USERGROUP1, GROUP1_ROLE); writePolicyFile(policyFile); dropDb(ADMIN1, DB1, DB2); @@ -327,8 +322,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { // unrelated permission to allow user1 to connect to db1 policyFile .addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_TBL2) - .addRolesToGroup(USERGROUP1, GROUP1_ROLE) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addRolesToGroup(USERGROUP1, GROUP1_ROLE); writePolicyFile(policyFile); dropDb(ADMIN1, DB1); createDb(ADMIN1, DB1); @@ -382,16 +376,16 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { @Test public void testSandboxOpt17() throws Exception { + dropDb(ADMIN1, DB1); + createDb(ADMIN1, DB1); + policyFile .addRolesToGroup(USERGROUP1, "all_db1", "load_data") .addRolesToGroup(USERGROUP2, "select_tb1") .addPermissionsToRole("select_tb1", "server=server1->db=db_1->table=tbl_1->action=select") .addPermissionsToRole("all_db1", "server=server1->db=db_1") - .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.toString()) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.toString()); writePolicyFile(policyFile); - dropDb(ADMIN1, DB1); - createDb(ADMIN1, DB1); createTable(USER1_1, DB1, dataFile, TBL1, TBL2); Connection connection = context.createConnection(USER1_1); @@ -450,8 +444,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { .addPermissionsToRole("all_db1", "server=server1->db=db_1") .addPermissionsToRole("load_data", "server=server1->uri=file://" + allowedDir.getPath() + ", server=server1->uri=file://" + allowedDir.getPath() + - ", server=server1->uri=" + allowedDfsDir.toString()) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + ", server=server1->uri=" + allowedDfsDir.toString()); writePolicyFile(policyFile); dropDb(ADMIN1, DB1); @@ -484,8 +477,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { policyFile .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, SELECT_DB2_TBL2, loadData) - .addRolesToGroup(USERGROUP1, GROUP1_ROLE) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addRolesToGroup(USERGROUP1, GROUP1_ROLE); writePolicyFile(policyFile); dropDb(ADMIN1, DB1, DB2); @@ -514,7 +506,6 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { .addRolesToGroup(USERGROUP1, "select_tbl1") .addRolesToGroup(USERGROUP2, "select_tbl2") .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()) .addDatabase("db2", dfs.getBaseDir().toUri().toString() + "/" + DB2_POLICY_FILE); writePolicyFile(policyFile); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1abc8db2/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java index c633cc2..8a857e0 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java @@ -39,6 +39,8 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { @Before public void setup() throws Exception { policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); } @@ -61,8 +63,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { .addRolesToGroup(USERGROUP2, "db1_write") .addPermissionsToRole("db1_write", "server=server1->db=" + dbName + "->table=" + tabName + "->action=INSERT") .addPermissionsToRole("db1_read", "server=server1->db=" + dbName + "->table=" + tabName + "->action=SELECT") - .addPermissionsToRole("data_read", loadData) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addPermissionsToRole("data_read", loadData); writePolicyFile(policyFile); // create dbs @@ -108,16 +109,6 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { Connection userConn = null; Statement userStmt = null; - policyFile - .addRolesToGroup(USERGROUP1, "db1_all", "data_read") - .addRolesToGroup(USERGROUP2, "db1_all") - .addRolesToGroup(USERGROUP3, "db1_tab1_all", "data_read") - .addPermissionsToRole("db1_all", "server=server1->db=" + dbName) - .addPermissionsToRole("db1_tab1_all", "server=server1->db=" + dbName + "->table=" + tabName) - .addPermissionsToRole("data_read", "server=server1->uri=" + tabDir) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - // create dbs Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); @@ -128,6 +119,16 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { adminStmt.execute("CREATE TABLE " + tabName + " (id int) PARTITIONED BY (dt string)"); adminCon.close(); + policyFile + .addRolesToGroup(USERGROUP1, "db1_all", "data_read") + .addRolesToGroup(USERGROUP2, "db1_all") + .addRolesToGroup(USERGROUP3, "db1_tab1_all", "data_read") + .addPermissionsToRole("db1_all", "server=server1->db=" + dbName) + .addPermissionsToRole("db1_tab1_all", "server=server1->db=" + dbName + "->table=" + tabName) + .addPermissionsToRole("data_read", "server=server1->uri=" + tabDir); + writePolicyFile(policyFile); + + // positive test: user1 has privilege to alter table add partition but not set location userConn = context.createConnection(USER1_1); userStmt = context.createStatement(userConn); @@ -183,8 +184,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { .addRolesToGroup(USERGROUP2, "db1_all, data_read") .addPermissionsToRole("db1_all", "server=server1->db=" + dbName) .addPermissionsToRole("data_read", "server=server1->URI=" + tabDir) - .addPermissionsToRole("server1_all", "server=server1") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addPermissionsToRole("server1_all", "server=server1"); writePolicyFile(policyFile); // create dbs @@ -219,14 +219,19 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { String dbName = "db1"; Connection userConn = null; Statement userStmt = null; - String tableDir = "file://" + context.getDataDir() + "/" + Math.random(); + + String dataDirPath = "file://" + dataDir; + String tableDir = dataDirPath + "/" + Math.random(); + + //Hive needs write permissions on this local directory + baseDir.setWritable(true, false); + dataDir.setWritable(true, false); policyFile .addRolesToGroup(USERGROUP1, "db1_all", "data_read") .addRolesToGroup(USERGROUP2, "db1_all") .addPermissionsToRole("db1_all", "server=server1->db=" + dbName) - .addPermissionsToRole("data_read", "server=server1->URI=" + tableDir) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + .addPermissionsToRole("data_read", "server=server1->URI=" + dataDirPath); writePolicyFile(policyFile); // create dbs http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1abc8db2/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java index 44331f6..5ebe4d7 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java @@ -89,7 +89,7 @@ public class HiveServerFactory { return create(HiveServer2Type.valueOf(type.trim()), properties, baseDir, confDir, logDir, policyFile, fileSystem); } - private static HiveServer create(HiveServer2Type type, + public static HiveServer create(HiveServer2Type type, Map<String, String> properties, File baseDir, File confDir, File logDir, String policyFile, FileSystem fileSystem) throws Exception {
