Repository: incubator-sentry Updated Branches: refs/heads/master 49e682fdd -> b6c62f791
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b6c62f79/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java index e932e8f..4eb1fdf 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java @@ -61,18 +61,17 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur */ @Test public void testShowTables1() throws Exception { - String dbName1 = "db_1"; // tables visible to user1 (not access to tb_4 String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"}; List<String> tableNamesValidation = new ArrayList<String>(); policyFile .addRolesToGroup(USERGROUP1, "tab1_priv,tab2_priv,tab3_priv") - .addPermissionsToRole("tab1_priv", "server=server1->db=" + dbName1 + "->table=" + .addPermissionsToRole("tab1_priv", "server=server1->db=" + DB1 + "->table=" + tableNames[0] + "->action=select") - .addPermissionsToRole("tab2_priv", "server=server1->db=" + dbName1 + "->table=" + .addPermissionsToRole("tab2_priv", "server=server1->db=" + DB1 + "->table=" + tableNames[1] + "->action=insert") - .addPermissionsToRole("tab3_priv", "server=server1->db=" + dbName1 + "->table=" + .addPermissionsToRole("tab3_priv", "server=server1->db=" + DB1 + "->table=" + tableNames[2] + "->action=select") .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -81,24 +80,24 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE"); - statement.execute("CREATE DATABASE " + dbName1); - statement.execute("USE " + dbName1); - createTabs(statement, dbName1, tableNames); + statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + createTabs(statement, DB1, tableNames); // Admin should see all tables ResultSet rs = statement.executeQuery("SHOW TABLES"); tableNamesValidation.addAll(Arrays.asList(tableNames)); - validateTables(rs, dbName1, tableNamesValidation); + validateTables(rs, DB1, tableNamesValidation); statement.close(); connection = context.createConnection(USER1_1); statement = context.createStatement(connection); - statement.execute("USE " + dbName1); + statement.execute("USE " + DB1); // User1 should see tables with any level of access rs = statement.executeQuery("SHOW TABLES"); tableNamesValidation.addAll(Arrays.asList(user1TableNames)); - validateTables(rs, dbName1, tableNamesValidation); + validateTables(rs, DB1, tableNamesValidation); statement.close(); } @@ -109,14 +108,13 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur */ @Test public void testShowTables2() throws Exception { - String dbName1 = "db_1"; // tables visible to user1 (not access to tb_4 String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"}; List<String> tableNamesValidation = new ArrayList<String>(); policyFile .addRolesToGroup(USERGROUP1, "db_priv") - .addPermissionsToRole("db_priv", "server=server1->db=" + dbName1) + .addPermissionsToRole("db_priv", "server=server1->db=" + DB1) .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -124,23 +122,23 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE"); - statement.execute("CREATE DATABASE " + dbName1); - statement.execute("USE " + dbName1); - createTabs(statement, dbName1, tableNames); + statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + createTabs(statement, DB1, tableNames); // Admin should see all tables ResultSet rs = statement.executeQuery("SHOW TABLES"); tableNamesValidation.addAll(Arrays.asList(tableNames)); - validateTables(rs, dbName1, tableNamesValidation); + validateTables(rs, DB1, tableNamesValidation); statement.close(); connection = context.createConnection(USER1_1); statement = context.createStatement(connection); - statement.execute("USE " + dbName1); + statement.execute("USE " + DB1); // User1 should see tables with any level of access rs = statement.executeQuery("SHOW TABLES"); tableNamesValidation.addAll(Arrays.asList(user1TableNames)); - validateTables(rs, dbName1, tableNamesValidation); + validateTables(rs, DB1, tableNamesValidation); statement.close(); } @@ -151,14 +149,13 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur */ @Test public void testShowTables3() throws Exception { - String dbName1 = "db_1"; // tables visible to user1 (not access to tb_4 String tableNames[] = {"tb_1", "tb_2", "tb_3", "newtab_3"}; List<String> tableNamesValidation = new ArrayList<String>(); policyFile .addRolesToGroup(USERGROUP1, "tab_priv") - .addPermissionsToRole("tab_priv", "server=server1->db=" + dbName1 + "->table=" + .addPermissionsToRole("tab_priv", "server=server1->db=" + DB1 + "->table=" + tableNames[3] + "->action=insert") .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -168,23 +165,23 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE"); - statement.execute("CREATE DATABASE " + dbName1); - statement.execute("USE " + dbName1); - createTabs(statement, dbName1, tableNames); + statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + createTabs(statement, DB1, tableNames); // Admin should see all tables ResultSet rs = statement.executeQuery("SHOW TABLES"); tableNamesValidation.addAll(Arrays.asList(adminTableNames)); - validateTables(rs, dbName1, tableNamesValidation); + validateTables(rs, DB1, tableNamesValidation); statement.close(); connection = context.createConnection(USER1_1); statement = context.createStatement(connection); - statement.execute("USE " + dbName1); + statement.execute("USE " + DB1); // User1 should see tables with any level of access rs = statement.executeQuery("SHOW TABLES"); tableNamesValidation.addAll(Arrays.asList(user1TableNames)); - validateTables(rs, dbName1, tableNamesValidation); + validateTables(rs, DB1, tableNamesValidation); statement.close(); } @@ -195,13 +192,12 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur */ @Test public void testShowTables4() throws Exception { - String dbName1 = "db_1"; String tableNames[] = {"tb_1", "tb_2", "tb_3", "newtab_3"}; List<String> tableNamesValidation = new ArrayList<String>(); policyFile .addRolesToGroup(USERGROUP1, "tab_priv") - .addPermissionsToRole("tab_priv", "server=server1->db=" + dbName1) + .addPermissionsToRole("tab_priv", "server=server1->db=" + DB1) .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -210,23 +206,23 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE"); - statement.execute("CREATE DATABASE " + dbName1); - statement.execute("USE " + dbName1); - createTabs(statement, dbName1, tableNames); + statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + createTabs(statement, DB1, tableNames); // Admin should be able to see all tables ResultSet rs = statement.executeQuery("SHOW TABLES"); tableNamesValidation.addAll(Arrays.asList(adminTableNames)); - validateTables(rs, dbName1, tableNamesValidation); + validateTables(rs, DB1, tableNamesValidation); statement.close(); connection = context.createConnection(USER1_1); statement = context.createStatement(connection); - statement.execute("USE " + dbName1); + statement.execute("USE " + DB1); // User1 should see tables with any level of access rs = statement.executeQuery("SHOW TABLES"); tableNamesValidation.addAll(Arrays.asList(user1TableNames)); - validateTables(rs, dbName1, tableNamesValidation); + validateTables(rs, DB1, tableNamesValidation); statement.close(); } @@ -262,24 +258,22 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur @Test public void testShowDatabases1() throws Exception { List<String> dbNamesValidation = new ArrayList<String>(); - String[] dbNames = {"db_1", "db_2", "db_3"}; - String[] user1DbNames = {"db_1"}; + String[] dbNames = {DB1, DB2, DB3}; + String[] user1DbNames = {DB1}; policyFile .addRolesToGroup(USERGROUP1, "db1_all") - .addPermissionsToRole("db1_all", "server=server1->db=db_1") + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); + createDb(ADMIN1, dbNames); + dbNamesValidation.addAll(Arrays.asList(dbNames)); + dbNamesValidation.add("default"); Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - // create all dbs - createDBs(statement, dbNames); ResultSet rs = statement.executeQuery("SHOW DATABASES"); - dbNamesValidation.addAll(Arrays.asList(dbNames)); - dbNamesValidation.add("default"); - // admin should see all dbs - validateDBs(rs, dbNamesValidation); + validateDBs(rs, dbNamesValidation); // admin should see all dbs rs.close(); connection = context.createConnection(USER1_1); @@ -300,28 +294,28 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur */ @Test public void testShowDatabases2() throws Exception { - String[] dbNames = {"db_1", "db_2", "db_3"}; + String[] dbNames = {DB1, DB2, DB3}; List<String> dbNamesValidation = new ArrayList<String>(); - String[] user1DbNames = {"db_1", "db_2"}; - - policyFile - .addRolesToGroup(USERGROUP1, "db1_tab,db2_tab") - .addPermissionsToRole("db1_tab", "server=server1->db=db_1->table=tb_1->action=select") - .addPermissionsToRole("db2_tab", "server=server1->db=db_2->table=tb_1->action=insert") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); + String[] user1DbNames = {DB1, DB2}; // verify by SQL // 1, 2 + createDb(ADMIN1, dbNames); + dbNamesValidation.addAll(Arrays.asList(dbNames)); + dbNamesValidation.add("default"); Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - createDBs(statement, dbNames); // create all dbs ResultSet rs = statement.executeQuery("SHOW DATABASES"); - dbNamesValidation.addAll(Arrays.asList(dbNames)); - dbNamesValidation.add("default"); validateDBs(rs, dbNamesValidation); // admin should see all dbs rs.close(); + policyFile + .addRolesToGroup(USERGROUP1, "db1_tab,db2_tab") + .addPermissionsToRole("db1_tab", "server=server1->db=" + DB1 + "->table=tb_1->action=select") + .addPermissionsToRole("db2_tab", "server=server1->db=" + DB2 + "->table=tb_1->action=insert") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); rs = statement.executeQuery("SHOW DATABASES"); @@ -332,40 +326,15 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur rs.close(); } - private ArrayList<String> getAllDbs(Statement stmt) throws SQLException{ - ArrayList<String> dbs = new ArrayList<String>(); - ResultSet res = stmt.executeQuery("SHOW DATABASES"); - while(res.next()) { - String db = res.getString(1); - dbs.add(db); - } - return dbs; - } - private void dropDBs(Statement stmt, ArrayList<String> dbs) throws SQLException{ - for(String db:dbs) { - if(!db.equalsIgnoreCase("default")) { - stmt.execute("DROP DATABASE IF EXISTS " + db + " CASCADE"); - } - } - } - - // create given dbs - private void createDBs(Statement statement, String dbNames[]) - throws SQLException { - //Clean up rest of the dbs TODO:We should really be cleaning up after each test - dropDBs(statement, getAllDbs(statement)); - - for (String dbName : dbNames) { - statement.execute("CREATE DATABASE " + dbName); - } - } - // compare the table resultset with given array of table names private void validateDBs(ResultSet rs, List<String> dbNames) throws SQLException { while (rs.next()) { String dbName = rs.getString(1); - Assert.assertTrue(dbName, dbNames.remove(dbName.toLowerCase())); + //There might be non test related dbs in the system + if(dbNames.contains(dbName.toLowerCase())) { + dbNames.remove(dbName.toLowerCase()); + } } Assert.assertTrue(dbNames.toString(), dbNames.isEmpty()); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b6c62f79/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java index 8710cd3..626fd40 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java @@ -55,8 +55,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { private PolicyFile addTwoUsersWithAllDb() throws Exception { policyFile - .addPermissionsToRole("db1_all", "server=server1->db=db1") - .addPermissionsToRole("db2_all", "server=server1->db=db2") + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) + .addPermissionsToRole("db2_all", "server=server1->db=" + DB2) .addRolesToGroup(USERGROUP1, "db1_all", "db2_all"); return policyFile; } @@ -68,13 +68,13 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { public void testDbPrivileges() throws Exception { addTwoUsersWithAllDb(); writePolicyFile(policyFile); - String[] dbs = new String[] { "db1", "db2" }; + String[] dbs = new String[] { DB1, DB2 }; for (String dbName : dbs) { dropDb(ADMIN1, dbName); createDb(ADMIN1, dbName); } for (String user : new String[] { USER1_1, USER1_2 }) { - for (String dbName : new String[] { "db1", "db2" }) { + for (String dbName : dbs) { Connection userConn = context.createConnection(user); String tabName = user + "_tab1"; Statement userStmt = context.createStatement(userConn); @@ -85,7 +85,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { context.assertAuthzException(userStmt, "load data local inpath '" + dataFile + "' into table " + tabName); assertTrue(userStmt.execute("select * from " + tabName)); // negative users cannot create databases - context.assertAuthzException(userStmt, "CREATE DATABASE " + user + "_db"); + context.assertAuthzException(userStmt, "CREATE DATABASE " + DB3); userStmt.close(); userConn.close(); } @@ -104,13 +104,12 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { public void testAdminDbPrivileges() throws Exception { Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); - String dbName = "db1"; adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE"); - adminStmt.execute("CREATE DATABASE " + dbName); + adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + adminStmt.execute("CREATE DATABASE " + DB1); // access the new databases - adminStmt.execute("use " + dbName); + adminStmt.execute("use " + DB1); String tabName = "admin_tab1"; adminStmt.execute("create table " + tabName + "(c1 string)"); adminStmt.execute("load data local inpath '" + dataFile.getPath() + "' into table " @@ -119,7 +118,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { // cleanup adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE " + dbName + " CASCADE"); + adminStmt.execute("DROP DATABASE " + DB1 + " CASCADE"); adminStmt.close(); adminCon.close(); } @@ -133,23 +132,22 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { @Test public void testNegativeUserDMLPrivileges() throws Exception { policyFile - .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2") + .addPermissionsToRole("db1_tab2_all", "server=server1->db=" + DB1 + "->table=table_2") .addRolesToGroup(USERGROUP1, "db1_tab2_all"); writePolicyFile(policyFile); Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); - String dbName = "db1"; adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE"); - adminStmt.execute("CREATE DATABASE " + dbName); - adminStmt.execute("use " + dbName); + adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + adminStmt.execute("CREATE DATABASE " + DB1); + adminStmt.execute("use " + DB1); adminStmt.execute("create table table_1 (id int)"); adminStmt.execute("create table table_2 (id int)"); adminStmt.close(); adminCon.close(); Connection userConn = context.createConnection(USER1_1); Statement userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); // user1 doesn't have select privilege on table_1, so insert/select should fail context.assertAuthzException(userStmt, "insert overwrite table table_2 select * from table_1"); context.assertAuthzException(userStmt, "insert overwrite directory '" + baseDir.getPath() + "' select * from table_1"); @@ -178,17 +176,16 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { policyFile .addRolesToGroup(USERGROUP1, "db1_all") .addRolesToGroup(USERGROUP2, "db1_tab1_select") - .addPermissionsToRole("db1_tab1_select", "server=server1->db=db1->table=table_1->action=select") - .addPermissionsToRole("db1_all", "server=server1->db=db1"); + .addPermissionsToRole("db1_tab1_select", "server=server1->db="+ DB1 + "->table=table_1->action=select") + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1); writePolicyFile(policyFile); // create dbs Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); - String dbName = "db1"; adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE"); - adminStmt.execute("CREATE DATABASE " + dbName); - adminStmt.execute("use " + dbName); + adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + adminStmt.execute("CREATE DATABASE " + DB1); + adminStmt.execute("use " + DB1); adminStmt.execute("create table table_1 (name string)"); adminStmt.execute("load data local inpath '" + dataFile.getPath() + "' into table table_1"); adminStmt.execute("create table table_2 (name string)"); @@ -202,16 +199,16 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { Connection userConn = context.createConnection(USER2_1); Statement userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); context.assertAuthzException(userStmt, "alter table table_2 add columns (id int)"); - context.assertAuthzException(userStmt, "drop database " + dbName); + context.assertAuthzException(userStmt, "drop database " + DB1); context.assertAuthzException(userStmt, "CREATE INDEX x ON TABLE table_1(name) AS 'org.apache.hadoop.hive.ql.index.compact.CompactIndexHandler'"); context.assertAuthzException(userStmt, "CREATE TEMPORARY FUNCTION strip AS 'org.apache.hadoop.hive.ql.udf.generic.GenericUDFPrintf'"); context.assertAuthzException(userStmt, "create table foo(id int)"); context.assertAuthzException(userStmt, "create table c_tab_2 as select * from table_2"); // no select or create privilege context.assertAuthzException(userStmt, "create table c_tab_1 as select * from table_1"); // no create privilege - context.assertAuthzException(userStmt, "ALTER DATABASE " + dbName + " SET DBPROPERTIES ('foo' = 'bar')"); + context.assertAuthzException(userStmt, "ALTER DATABASE " + DB1 + " SET DBPROPERTIES ('foo' = 'bar')"); context.assertAuthzException(userStmt, "ALTER VIEW v1 SET TBLPROPERTIES ('foo' = 'bar')"); context.assertAuthzException(userStmt, "DROP VIEW IF EXISTS v1"); context.assertAuthzException(userStmt, "create table table_5 (name string)"); @@ -382,8 +379,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { policyFile .addRolesToGroup(USERGROUP1, "all_db1", "load_data") .addRolesToGroup(USERGROUP2, "select_tb1") - .addPermissionsToRole("select_tb1", "server=server1->db=db_1->table=tbl_1->action=select") - .addPermissionsToRole("all_db1", "server=server1->db=db_1") + .addPermissionsToRole("select_tb1", "server=server1->db=" + DB1 + "->table=tbl_1->action=select") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.toString()); writePolicyFile(policyFile); @@ -441,7 +438,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { policyFile .addRolesToGroup(USERGROUP1, "all_db1", "load_data") - .addPermissionsToRole("all_db1", "server=server1->db=db_1") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) .addPermissionsToRole("load_data", "server=server1->uri=file://" + allowedDir.getPath() + ", server=server1->uri=file://" + allowedDir.getPath() + ", server=server1->uri=" + allowedDfsDir.toString()); @@ -505,8 +502,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { policyFile .addRolesToGroup(USERGROUP1, "select_tbl1") .addRolesToGroup(USERGROUP2, "select_tbl2") - .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select") - .addDatabase("db2", dfs.getBaseDir().toUri().toString() + "/" + DB2_POLICY_FILE); + .addPermissionsToRole("select_tbl1", "server=server1->db=" + DB1 + "->table=tbl1->action=select") + .addDatabase(DB2, dfs.getBaseDir().toUri().toString() + "/" + DB2_POLICY_FILE); writePolicyFile(policyFile); File db2PolicyFileHandle = new File(baseDir.getPath(), DB2_POLICY_FILE); @@ -514,7 +511,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { PolicyFile db2PolicyFile = new PolicyFile(); db2PolicyFile .addRolesToGroup(USERGROUP2, "select_tbl2") - .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select") + .addPermissionsToRole("select_tbl2", "server=server1->db=" + DB2 + "->table=tbl2->action=select") .write(db2PolicyFileHandle); PolicyFiles.copyFilesToDir(fileSystem, dfs.getBaseDir(), db2PolicyFileHandle); @@ -522,16 +519,16 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS db1 CASCADE"); - statement.execute("DROP DATABASE IF EXISTS db2 CASCADE"); - statement.execute("CREATE DATABASE db1"); - statement.execute("USE db1"); + statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE"); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); statement.execute("CREATE TABLE tbl1(B INT, A STRING) " + " row format delimited fields terminated by '|' stored as textfile"); statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl1"); - statement.execute("DROP DATABASE IF EXISTS db2 CASCADE"); - statement.execute("CREATE DATABASE db2"); - statement.execute("USE db2"); + statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE"); + statement.execute("CREATE DATABASE " + DB2); + statement.execute("USE " + DB2); statement.execute("CREATE TABLE tbl2(B INT, A STRING) " + " row format delimited fields terminated by '|' stored as textfile"); statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl2"); @@ -543,7 +540,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { connection = context.createConnection(USER2_1); statement = context.createStatement(connection); // test user2 can use db2 - statement.execute("USE db2"); + statement.execute("USE " + DB2); statement.execute("select * from tbl2"); statement.close(); @@ -552,8 +549,9 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { //test cleanup connection = context.createConnection(ADMIN1); statement = context.createStatement(connection); - statement.execute("DROP DATABASE db1 CASCADE"); - statement.execute("DROP DATABASE db2 CASCADE"); + statement.execute("DROP DATABASE " + DB1 + " CASCADE"); + + statement.execute("DROP DATABASE " + DB2 + " CASCADE"); statement.close(); connection.close(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b6c62f79/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java index 8a857e0..c55278c 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java @@ -53,7 +53,6 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { to.close(); loadData = "server=server1->uri=file://" + dataFile.getPath(); - String dbName = "db1"; String tabName = "tab1"; Connection userConn = null; Statement userStmt = null; @@ -61,8 +60,8 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { policyFile .addRolesToGroup(USERGROUP1, "db1_read", "db1_write", "data_read") .addRolesToGroup(USERGROUP2, "db1_write") - .addPermissionsToRole("db1_write", "server=server1->db=" + dbName + "->table=" + tabName + "->action=INSERT") - .addPermissionsToRole("db1_read", "server=server1->db=" + dbName + "->table=" + tabName + "->action=SELECT") + .addPermissionsToRole("db1_write", "server=server1->db=" + DB1 + "->table=" + tabName + "->action=INSERT") + .addPermissionsToRole("db1_read", "server=server1->db=" + DB1 + "->table=" + tabName + "->action=SELECT") .addPermissionsToRole("data_read", loadData); writePolicyFile(policyFile); @@ -70,16 +69,16 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE"); - adminStmt.execute("CREATE DATABASE " + dbName); - adminStmt.execute("use " + dbName); + adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + adminStmt.execute("CREATE DATABASE " + DB1); + adminStmt.execute("use " + DB1); adminStmt.execute("CREATE TABLE " + tabName + "(id int)"); context.close(); // positive test, user1 has access to file being loaded userConn = context.createConnection(USER1_1); userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); userStmt.execute("load data local inpath 'file://" + dataFile.getPath() + "' into table " + tabName); userStmt.execute("select * from " + tabName + " limit 1"); @@ -91,7 +90,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { // Negative test, user2 doesn't have access to the file being loaded userConn = context.createConnection(USER2_1); userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); context.assertAuthzException(userStmt, "load data local inpath 'file://" + dataFile.getPath() + "' into table " + tabName); userStmt.close(); @@ -101,7 +100,6 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { // Test alter partition location @Test public void testAlterPartitionLocationPrivileges() throws Exception { - String dbName = "db1"; String tabName = "tab1"; String newPartitionDir = "foo"; String tabDir = hiveServer.getProperty(HiveServerFactory.WAREHOUSE_DIR) + @@ -113,9 +111,9 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE"); - adminStmt.execute("CREATE DATABASE " + dbName); - adminStmt.execute("use " + dbName); + adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + adminStmt.execute("CREATE DATABASE " + DB1); + adminStmt.execute("use " + DB1); adminStmt.execute("CREATE TABLE " + tabName + " (id int) PARTITIONED BY (dt string)"); adminCon.close(); @@ -123,8 +121,8 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { .addRolesToGroup(USERGROUP1, "db1_all", "data_read") .addRolesToGroup(USERGROUP2, "db1_all") .addRolesToGroup(USERGROUP3, "db1_tab1_all", "data_read") - .addPermissionsToRole("db1_all", "server=server1->db=" + dbName) - .addPermissionsToRole("db1_tab1_all", "server=server1->db=" + dbName + "->table=" + tabName) + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) + .addPermissionsToRole("db1_tab1_all", "server=server1->db=" + DB1 + "->table=" + tabName) .addPermissionsToRole("data_read", "server=server1->uri=" + tabDir); writePolicyFile(policyFile); @@ -132,7 +130,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { // positive test: user1 has privilege to alter table add partition but not set location userConn = context.createConnection(USER1_1); userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); userStmt.execute("ALTER TABLE " + tabName + " ADD IF NOT EXISTS PARTITION (dt = '21-Dec-2012') " + " LOCATION '" + tabDir + "'"); userStmt.execute("ALTER TABLE " + tabName + " DROP PARTITION (dt = '21-Dec-2012')"); @@ -145,7 +143,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { // negative test: user2 doesn't have privilege to alter table add partition userConn = context.createConnection(USER2_1); userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); context.assertAuthzException(userStmt, "ALTER TABLE " + tabName + " ADD PARTITION (dt = '22-Dec-2012') " + " LOCATION '" + tabDir + "/foo'"); @@ -159,7 +157,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { // positive test: user3 has privilege to add/drop partitions userConn = context.createConnection(USER3_1); userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); userStmt.execute( "ALTER TABLE " + tabName + " ADD PARTITION (dt = '22-Dec-2012') " + " LOCATION '" + tabDir + "/foo'"); @@ -173,7 +171,6 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { // test alter table set location @Test public void testAlterTableLocationPrivileges() throws Exception { - String dbName = "db1"; String tabName = "tab1"; String tabDir = "file://" + hiveServer.getProperty(HiveServerFactory.WAREHOUSE_DIR) + "/" + tabName; Connection userConn = null; @@ -182,7 +179,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { policyFile .addRolesToGroup(USERGROUP1, "server1_all") .addRolesToGroup(USERGROUP2, "db1_all, data_read") - .addPermissionsToRole("db1_all", "server=server1->db=" + dbName) + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) .addPermissionsToRole("data_read", "server=server1->URI=" + tabDir) .addPermissionsToRole("server1_all", "server=server1"); writePolicyFile(policyFile); @@ -191,16 +188,16 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE"); - adminStmt.execute("CREATE DATABASE " + dbName); - adminStmt.execute("use " + dbName); + adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + adminStmt.execute("CREATE DATABASE " + DB1); + adminStmt.execute("use " + DB1); adminStmt.execute("CREATE TABLE " + tabName + " (id int) PARTITIONED BY (dt string)"); adminCon.close(); // positive test: user2 has privilege to alter table set partition userConn = context.createConnection(USER2_1); userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); userStmt.execute( "ALTER TABLE " + tabName + " SET LOCATION '" + tabDir + "'"); userConn.close(); @@ -208,7 +205,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { // positive test: user1 has privilege to alter table set partition userConn = context.createConnection(USER1_1); userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); userStmt.execute("ALTER TABLE " + tabName + " SET LOCATION '" + tabDir + "'"); userConn.close(); } @@ -216,7 +213,6 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { // Test external table @Test public void testExternalTablePrivileges() throws Exception { - String dbName = "db1"; Connection userConn = null; Statement userStmt = null; @@ -230,7 +226,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { policyFile .addRolesToGroup(USERGROUP1, "db1_all", "data_read") .addRolesToGroup(USERGROUP2, "db1_all") - .addPermissionsToRole("db1_all", "server=server1->db=" + dbName) + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) .addPermissionsToRole("data_read", "server=server1->URI=" + dataDirPath); writePolicyFile(policyFile); @@ -238,15 +234,15 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE"); - adminStmt.execute("CREATE DATABASE " + dbName); + adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + adminStmt.execute("CREATE DATABASE " + DB1); adminStmt.close(); adminCon.close(); // negative test: user2 doesn't have privilege to create external table in given path userConn = context.createConnection(USER2_1); userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); context.assertAuthzException(userStmt, "CREATE EXTERNAL TABLE extab1(id INT) LOCATION '" + tableDir + "'"); context.assertAuthzException(userStmt, "CREATE TABLE extab1(id INT) LOCATION '" + tableDir + "'"); @@ -256,7 +252,7 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { // positive test: user1 has privilege to create external table in given path userConn = context.createConnection(USER1_1); userStmt = context.createStatement(userConn); - userStmt.execute("use " + dbName); + userStmt.execute("use " + DB1); userStmt.execute("CREATE EXTERNAL TABLE extab1(id INT) LOCATION '" + tableDir + "'"); userStmt.execute("DROP TABLE extab1"); userStmt.execute("CREATE TABLE extab1(id INT) LOCATION '" + tableDir + "'");
