SENTRY-850: Fix dbprovider test failures when run on a real cluster or setMetastoreListener = true, when db/tab gets recreated their associated privileges will be deleted. ( Anne Yu, Reviewed By: Sravya Tirukkovalur)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/e11062d3 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/e11062d3 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/e11062d3 Branch: refs/heads/hive_plugin_v2 Commit: e11062d3fc9f2cce0d706f575f98b1c5e3a17f9b Parents: 5303089 Author: Sravya Tirukkovalur <sra...@cloudera.com> Authored: Tue Aug 18 13:38:12 2015 -0700 Committer: Sravya Tirukkovalur <sra...@cloudera.com> Committed: Tue Aug 18 13:38:12 2015 -0700 ---------------------------------------------------------------------- .../e2e/dbprovider/TestColumnEndToEnd.java | 8 +- .../tests/e2e/dbprovider/TestDbCrossDbOps.java | 3 - .../TestDbExportImportPrivileges.java | 2 - .../e2e/dbprovider/TestDbJDBCInterface.java | 2 - .../TestDbMetadataObjectRetrieval.java | 2 - .../TestDbPrivilegeCleanupOnDrop.java | 21 ++- .../TestDbPrivilegesAtDatabaseScope.java | 8 +- .../TestDbPrivilegesAtTableScope.java | 2 +- .../TestDbRuntimeMetadataRetrieval.java | 7 + .../TestDbSentryOnFailureHookLoading.java | 5 + .../e2e/dbprovider/TestDbUriPermissions.java | 8 ++ .../AbstractTestWithStaticConfiguration.java | 18 ++- .../sentry/tests/e2e/hive/TestCrossDbOps.java | 14 +- .../e2e/hive/TestExportImportPrivileges.java | 11 +- .../tests/e2e/hive/TestJDBCInterface.java | 12 +- .../e2e/hive/TestMetadataObjectRetrieval.java | 12 +- .../tests/e2e/hive/TestPerDBConfiguration.java | 9 +- .../e2e/hive/TestPrivilegesAtColumnScope.java | 15 +-- .../e2e/hive/TestPrivilegesAtDatabaseScope.java | 133 ++++++++----------- .../e2e/hive/TestPrivilegesAtTableScope.java | 21 +-- .../e2e/hive/TestRuntimeMetadataRetrieval.java | 117 ++++++++-------- .../sentry/tests/e2e/hive/TestSandboxOps.java | 131 +++++++----------- .../tests/e2e/hive/TestUriPermissions.java | 67 +++++----- .../tests/e2e/hive/TestUserManagement.java | 5 +- ...actMetastoreTestWithStaticConfiguration.java | 2 +- .../metastore/TestAuthorizingObjectStore.java | 68 +++++----- .../e2e/metastore/TestMetastoreEndToEnd.java | 51 ++++--- 27 files changed, 362 insertions(+), 392 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java index 9ed38ae..159b9d9 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java @@ -33,14 +33,20 @@ import org.junit.BeforeClass; import org.junit.Test; import com.google.common.io.Resources; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class TestColumnEndToEnd extends AbstractTestWithStaticConfiguration { + private static final Logger LOGGER = LoggerFactory. + getLogger(TestColumnEndToEnd.class); + private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat"; private File dataFile; private PolicyFile policyFile; @BeforeClass public static void setupTestStaticConfiguration() throws Exception{ + LOGGER.info("TestColumnEndToEnd setupTestStaticConfiguration"); useSentryService = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } @@ -50,11 +56,11 @@ public class TestColumnEndToEnd extends AbstractTestWithStaticConfiguration { public void setup() throws Exception { super.setupAdmin(); super.setup(); + policyFile = super.setupPolicy(); dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); FileOutputStream to = new FileOutputStream(dataFile); Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); } @Test http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbCrossDbOps.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbCrossDbOps.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbCrossDbOps.java index 8d23ea6..0aa166c 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbCrossDbOps.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbCrossDbOps.java @@ -31,13 +31,10 @@ public class TestDbCrossDbOps extends TestCrossDbOps { public void setup() throws Exception { super.setupAdmin(); super.setup(); - clearAll(true); } @BeforeClass public static void setupTestStaticConfiguration() throws Exception{ useSentryService = true; - clearDbAfterPerTest = true; - clearDbBeforePerTest = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbExportImportPrivileges.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbExportImportPrivileges.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbExportImportPrivileges.java index e60225c..43064ee 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbExportImportPrivileges.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbExportImportPrivileges.java @@ -38,8 +38,6 @@ public class TestDbExportImportPrivileges extends TestExportImportPrivileges { public static void setupTestStaticConfiguration() throws Exception { LOGGER.info("TestDbExportImportPrivileges setupTestStaticConfiguration"); useSentryService = true; - clearDbAfterPerTest = true; - clearDbBeforePerTest = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbJDBCInterface.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbJDBCInterface.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbJDBCInterface.java index f98caa9..a26e90a 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbJDBCInterface.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbJDBCInterface.java @@ -39,8 +39,6 @@ public class TestDbJDBCInterface extends TestJDBCInterface { public static void setupTestStaticConfiguration() throws Exception { LOGGER.info("TestDbJDBCInterface setupTestStaticConfiguration"); useSentryService = true; - clearDbAfterPerTest = true; - clearDbBeforePerTest = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataObjectRetrieval.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataObjectRetrieval.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataObjectRetrieval.java index 9606b41..ec99b30 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataObjectRetrieval.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbMetadataObjectRetrieval.java @@ -38,8 +38,6 @@ public class TestDbMetadataObjectRetrieval extends TestMetadataObjectRetrieval { public static void setupTestStaticConfiguration() throws Exception { LOGGER.info("TestDbMetadataObjectRetrieval setupTestStaticConfiguration"); useSentryService = true; - clearDbAfterPerTest = true; - clearDbBeforePerTest = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java index a35cf21..39b67f6 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java @@ -33,15 +33,20 @@ import java.util.List; import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; import org.junit.After; +import org.junit.Assume; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import com.google.common.collect.Lists; import com.google.common.io.Resources; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class TestDbPrivilegeCleanupOnDrop extends AbstractTestWithStaticConfiguration { + private static final Logger LOGGER = LoggerFactory + .getLogger(TestDbPrivilegeCleanupOnDrop.class); private final static int SHOW_GRANT_TABLE_POSITION = 2; private final static int SHOW_GRANT_DB_POSITION = 1; @@ -57,15 +62,19 @@ public class TestDbPrivilegeCleanupOnDrop extends @BeforeClass public static void setupTestStaticConfiguration() throws Exception { useSentryService = true; - setMetastoreListener = true; + if (!setMetastoreListener) { + setMetastoreListener = true; + } AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } + @Override @Before - public void setUp() throws Exception { + public void setup() throws Exception { + super.setupAdmin(); + super.setup(); // context = createContext(); File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); - setupAdmin(); FileOutputStream to = new FileOutputStream(dataFile); Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); @@ -181,8 +190,6 @@ public class TestDbPrivilegeCleanupOnDrop extends */ @Test public void testDropAndRenameWithMultiAction() throws Exception { - super.setupAdmin(); - Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); statement.execute("CREATE ROLE user_role"); @@ -322,7 +329,9 @@ public class TestDbPrivilegeCleanupOnDrop extends ResultSet resultSet = statement.executeQuery("SHOW GRANT ROLE " + roleName); while (resultSet.next()) { - assertFalse(objectName.equalsIgnoreCase(resultSet.getString(resultPos))); + String returned = resultSet.getString(resultPos); + assertFalse("value " + objectName + " shouldn't be detected, but actually " + returned + " is found from resultSet", + objectName.equalsIgnoreCase(returned)); } resultSet.close(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegesAtDatabaseScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegesAtDatabaseScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegesAtDatabaseScope.java index e1cda29..883bedd 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegesAtDatabaseScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegesAtDatabaseScope.java @@ -21,20 +21,26 @@ import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; import org.apache.sentry.tests.e2e.hive.TestPrivilegesAtDatabaseScope; import org.junit.Before; import org.junit.BeforeClass; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class TestDbPrivilegesAtDatabaseScope extends TestPrivilegesAtDatabaseScope { + private static final Logger LOGGER = LoggerFactory. + getLogger(TestDbPrivilegesAtDatabaseScope.class); + @Override @Before public void setup() throws Exception { + LOGGER.info("TestDbPrivilegesAtDatabaseScope setup"); super.setupAdmin(); super.setup(); } @BeforeClass public static void setupTestStaticConfiguration() throws Exception { + LOGGER.info("TestDbPrivilegesAtDatabaseScope setupTestStaticConfiguration"); useSentryService = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); - } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegesAtTableScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegesAtTableScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegesAtTableScope.java index 9fb6f7f..a4f07df 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegesAtTableScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegesAtTableScope.java @@ -28,12 +28,12 @@ public class TestDbPrivilegesAtTableScope extends TestPrivilegesAtTableScope { public void setup() throws Exception { super.setupAdmin(); super.setup(); + prepareDBDataForTest(); } @BeforeClass public static void setupTestStaticConfiguration() throws Exception { useSentryService = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); - prepareDBDataForTest(); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbRuntimeMetadataRetrieval.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbRuntimeMetadataRetrieval.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbRuntimeMetadataRetrieval.java index 5324656..8d98179 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbRuntimeMetadataRetrieval.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbRuntimeMetadataRetrieval.java @@ -20,17 +20,24 @@ import org.apache.sentry.tests.e2e.hive.AbstractTestWithStaticConfiguration; import org.apache.sentry.tests.e2e.hive.TestRuntimeMetadataRetrieval; import org.junit.Before; import org.junit.BeforeClass; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class TestDbRuntimeMetadataRetrieval extends TestRuntimeMetadataRetrieval { + private static final Logger LOGGER = LoggerFactory. + getLogger(TestDbRuntimeMetadataRetrieval.class); + @Override @Before public void setup() throws Exception { + LOGGER.info("TestDbRuntimeMetadataRetrieval setup"); super.setupAdmin(); super.setup(); } @BeforeClass public static void setupTestStaticConfiguration() throws Exception { + LOGGER.info("TestDbRuntimeMetadataRetrieval setupTestStaticConfiguration"); useSentryService = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java index 66e81a8..b06cf59 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java @@ -94,6 +94,11 @@ public class TestDbSentryOnFailureHookLoading extends AbstractTestWithDbProvider // setup db objects needed by the test Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); + try { + statement.execute("DROP ROLE admin_role"); + } catch (Exception ex) { + //It is ok if admin_role already exists + } statement.execute("CREATE ROLE admin_role"); statement.execute("GRANT ALL ON SERVER " + HiveServerFactory.DEFAULT_AUTHZ_SERVER_NAME + " TO ROLE admin_role"); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbUriPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbUriPermissions.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbUriPermissions.java index 43a310f..1a90e06 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbUriPermissions.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbUriPermissions.java @@ -21,15 +21,23 @@ import org.apache.sentry.tests.e2e.hive.TestUriPermissions; import org.junit.Before; import org.junit.BeforeClass; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + public class TestDbUriPermissions extends TestUriPermissions { + private static final Logger LOGGER = LoggerFactory. + getLogger(TestDbUriPermissions.class); + @Override @Before public void setup() throws Exception { + LOGGER.info("TestDbUriPermissions setup"); super.setupAdmin(); super.setup(); } @BeforeClass public static void setupTestStaticConfiguration() throws Exception { + LOGGER.info("TestDbUriPermissions setupTestStaticConfiguration"); useSentryService = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java index f0d8ac4..cc5daef 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java @@ -115,12 +115,11 @@ public abstract class AbstractTestWithStaticConfiguration { protected static boolean policyOnHdfs = false; protected static boolean useSentryService = false; - protected static boolean setMetastoreListener = false; + protected static boolean setMetastoreListener = true; protected static String testServerType = null; protected static boolean enableHiveConcurrency = false; // indicate if the database need to be clear for every test case in one test class - protected static boolean clearDbAfterPerTest = true; - protected static boolean clearDbBeforePerTest = false; + protected static boolean clearDbPerTest = true; protected static File baseDir; protected static File logDir; @@ -450,7 +449,7 @@ public abstract class AbstractTestWithStaticConfiguration { public void setup() throws Exception{ LOGGER.info("AbstractTestStaticConfiguration setup"); dfs.createBaseDir(); - if (clearDbBeforePerTest) { + if (clearDbPerTest) { LOGGER.info("Before per test run clean up"); clearAll(true); } @@ -459,7 +458,7 @@ public abstract class AbstractTestWithStaticConfiguration { @After public void clearAfterPerTest() throws Exception { LOGGER.info("AbstractTestStaticConfiguration clearAfterPerTest"); - if (clearDbAfterPerTest) { + if (clearDbPerTest) { LOGGER.info("After per test run clean up"); clearAll(true); } @@ -513,6 +512,7 @@ public abstract class AbstractTestWithStaticConfiguration { protected static void setupAdmin() throws Exception { if(useSentryService) { + LOGGER.info("setupAdmin to create admin_role"); Connection connection = context.createConnection(ADMIN1); Statement statement = connection.createStatement(); try { @@ -528,6 +528,14 @@ public abstract class AbstractTestWithStaticConfiguration { } } + protected PolicyFile setupPolicy() throws Exception { + LOGGER.info("Pre create policy file with admin group mapping"); + PolicyFile policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + return policyFile; + } + @AfterClass public static void tearDownTestStaticConfiguration() throws Exception { if(hiveServer != null) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java index 659d820..2e4be8a 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java @@ -53,28 +53,24 @@ public class TestCrossDbOps extends AbstractTestWithStaticConfiguration { @BeforeClass public static void setupTestStaticConfiguration() throws Exception{ + LOGGER.info("TestCrossDbOps setupTestStaticConfiguration"); policyOnHdfs = true; - clearDbAfterPerTest = true; - clearDbBeforePerTest = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } @Before public void setup() throws Exception { + LOGGER.info("TestCrossDbOps setup"); + policyFile = super.setupPolicy(); + super.setup(); File dataDir = context.getDataDir(); // copy data file to test dir dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); FileOutputStream to = new FileOutputStream(dataFile); Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); - // Precreate policy file - policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); loadData = "server=server1->uri=file://" + dataFile.getPath(); - // debug - LOGGER.info("setMetastoreListener = " + String.valueOf(setMetastoreListener)); - clearAll(true); } /* http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java index 58a27a6..5242bb1 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java @@ -42,25 +42,18 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticConfigurat @BeforeClass public static void setupTestStaticConfiguration () throws Exception { LOGGER.info("TestExportImportPrivileges setupTestStaticConfiguration"); - clearDbAfterPerTest = true; - clearDbBeforePerTest = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } @Before public void setup() throws Exception { LOGGER.info("TestExportImportPrivileges setup"); + policyFile = super.setupPolicy(); + super.setup(); dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); FileOutputStream to = new FileOutputStream(dataFile); Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); - policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - if (clearDbBeforePerTest) { - LOGGER.info("Before per test run clean up"); - clearAll(true); - } } @Test http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestJDBCInterface.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestJDBCInterface.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestJDBCInterface.java index 194fe63..bc5c08b 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestJDBCInterface.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestJDBCInterface.java @@ -44,22 +44,14 @@ public class TestJDBCInterface extends AbstractTestWithStaticConfiguration { public static void setupTestStaticConfiguration() throws Exception { LOGGER.info("TestJDBCInterface setupTestStaticConfiguration"); policyOnHdfs = true; - clearDbAfterPerTest = true; - clearDbBeforePerTest = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } @Before public void setup() throws Exception { LOGGER.info("TestJDBCInterface setup"); - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); - if (clearDbBeforePerTest) { - // Precreate policy file - policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - LOGGER.info("Before per test run clean up"); - clearAll(true); - } + policyFile = super.setupPolicy(); + super.setup(); } /* http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java index 3a718e8..7dd0f01 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java @@ -44,26 +44,18 @@ public class TestMetadataObjectRetrieval extends AbstractTestWithStaticConfigura @BeforeClass public static void setupTestStaticConfiguration () throws Exception { LOGGER.info("TestMetadataObjectRetrieval setupTestStaticConfiguration"); - clearDbAfterPerTest = true; - clearDbBeforePerTest = true; AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } @Before public void setup() throws Exception { LOGGER.info("TestMetadataObjectRetrieval setup"); - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); + policyFile = super.setupPolicy(); + super.setup(); dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); FileOutputStream to = new FileOutputStream(dataFile); Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); - if (clearDbBeforePerTest) { - // Precreate policy file - policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - LOGGER.info("Before per test run clean up"); - clearAll(true); - } } /** http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java index 30541d9..985f969 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java @@ -50,7 +50,6 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticConfiguration @BeforeClass public static void setupTestStaticConfiguration() throws Exception { AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); - prepareDBDataForTest(); } @Before @@ -64,14 +63,12 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticConfiguration prefix = "file://" + context.getPolicyFile().getParent() + "/"; } - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); + policyFile = super.setupPolicy(); + super.setup(); + prepareDBDataForTest(); } protected static void prepareDBDataForTest() throws Exception { - clearDbAfterPerTest = false; - PolicyFile policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP).setUserGroupMapping( - StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); // copy data file to test dir dataDir = context.getDataDir(); dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtColumnScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtColumnScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtColumnScope.java index 8adc5bb..ecf1117 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtColumnScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtColumnScope.java @@ -47,26 +47,17 @@ public class TestPrivilegesAtColumnScope extends AbstractTestWithStaticConfigura @Before public void setup() throws Exception { - if (useSentryService) { - policyFile = new PolicyFile(); - } else { - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); - } + policyFile = super.setupPolicy(); + super.setup(); + prepareDBDataForTest(); } @BeforeClass public static void setupTestStaticConfiguration() throws Exception { AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); - prepareDBDataForTest(); } private static void prepareDBDataForTest() throws Exception { - clearDbAfterPerTest = false; - // if use sentry service, need setup admin role first - setupAdmin(); - PolicyFile policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP).setUserGroupMapping( - StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); // copy data file to test dir File dataDir = context.getDataDir(); File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java index 7c9a66d..3f6f246 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java @@ -33,44 +33,53 @@ import java.util.Map; import junit.framework.Assert; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import com.google.common.io.Resources; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /* Tests privileges at table scope within a single database. */ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithStaticConfiguration { + private static final Logger LOGGER = LoggerFactory. + getLogger(TestPrivilegesAtDatabaseScope.class); private PolicyFile policyFile; Map <String, String >testProperties; private static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat"; + @BeforeClass + public static void setupTestStaticConfiguration () throws Exception { + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + @Override @Before public void setup() throws Exception { + policyFile = super.setupPolicy(); + super.setup(); testProperties = new HashMap<String, String>(); - - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); } // SENTRY-285 test @Test public void testAllOnDb() throws Exception { - - policyFile - .addRolesToGroup(USERGROUP1, "all_db1") - .addPermissionsToRole("all_db1", "server=server1->db=" + DB1 + "->action=all") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - // setup db objects needed by the test Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); statement.execute("create database " + DB1); statement.execute("create table " + DB1 + ".tab1(a int)"); + policyFile + .addRolesToGroup(USERGROUP1, "all_db1") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1 + "->action=all") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("use " + DB1); @@ -97,25 +106,23 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithStaticConfigu Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); - policyFile - .addRolesToGroup(USERGROUP1, "all_db1", "load_data") - .addRolesToGroup(USERGROUP2, "all_db2") - .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) - .addPermissionsToRole("all_db2", "server=server1->db=" + DB2) - .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath()) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - // setup db objects needed by the test Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); - statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE"); statement.execute("CREATE DATABASE " + DB1); statement.execute("CREATE DATABASE " + DB2); statement.close(); connection.close(); + policyFile + .addRolesToGroup(USERGROUP1, "all_db1", "load_data") + .addRolesToGroup(USERGROUP2, "all_db2") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) + .addPermissionsToRole("all_db2", "server=server1->db=" + DB2) + .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath()) + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + // test execution connection = context.createConnection(USER1_1); statement = context.createStatement(connection); @@ -182,14 +189,6 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithStaticConfigu statement.close(); connection.close(); - - //test cleanup - connection = context.createConnection(ADMIN1); - statement = context.createStatement(connection); - statement.execute("DROP DATABASE " + DB2 + " CASCADE"); - statement.close(); - connection.close(); - context.close(); } /* Admin creates database DB_1, creates table TAB_1, loads data into it @@ -206,21 +205,9 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithStaticConfigu Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); - policyFile - .addRolesToGroup(USERGROUP1, "all_db1", "load_data", "exttab") - .addRolesToGroup(USERGROUP2, "all_db2") - .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) - .addPermissionsToRole("all_db2", "server=server1->db=" + DB2) - .addPermissionsToRole("exttab", "server=server1->uri=file://" + dataDir.getPath()) - .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath()) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - // setup db objects needed by the test Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); - statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE"); statement.execute("CREATE DATABASE " + DB1); statement.execute("CREATE DATABASE " + DB2); statement.execute("USE " + DB1); @@ -232,6 +219,16 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithStaticConfigu statement.close(); connection.close(); + policyFile + .addRolesToGroup(USERGROUP1, "all_db1", "load_data", "exttab") + .addRolesToGroup(USERGROUP2, "all_db2") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) + .addPermissionsToRole("all_db2", "server=server1->db=" + DB2) + .addPermissionsToRole("exttab", "server=server1->uri=file://" + dataDir.getPath()) + .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath()) + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + // test execution connection = context.createConnection(USER1_1); statement = context.createStatement(connection); @@ -289,15 +286,6 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithStaticConfigu statement.close(); connection.close(); - - //test cleanup - connection = context.createConnection(ADMIN1); - statement = context.createStatement(connection); - statement.execute("DROP DATABASE " + DB1 + " CASCADE"); - statement.execute("DROP DATABASE " + DB2 + " CASCADE"); - statement.close(); - connection.close(); - context.close(); } /** @@ -310,32 +298,27 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithStaticConfigu */ @Test public void testUseDbPrivilege() throws Exception { - - policyFile - .addRolesToGroup(USERGROUP1, "all_db1") - .addRolesToGroup(USERGROUP2, "select_db2") - .addRolesToGroup(USERGROUP3, "all_db3") - .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) - .addPermissionsToRole("select_db2", "server=server1->db=" + DB2 + "->table=tab_2->action=select") - .addPermissionsToRole("all_db3", "server=server1->db=DB_3") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - - - // setup db objects needed by the test Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); statement.execute("CREATE DATABASE " + DB1); statement.execute("use " + DB1); statement.execute("CREATE TABLE TAB_1(A STRING)"); - statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE"); statement.execute("CREATE DATABASE " + DB2); statement.execute("use " + DB1); statement.execute("CREATE TABLE TAB_2(A STRING)"); context.close(); + policyFile + .addRolesToGroup(USERGROUP1, "all_db1") + .addRolesToGroup(USERGROUP2, "select_db2") + .addRolesToGroup(USERGROUP3, "all_db3") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) + .addPermissionsToRole("select_db2", "server=server1->db=" + DB2 + "->table=tab_2->action=select") + .addPermissionsToRole("all_db3", "server=server1->db=DB_3") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + // user1 should be able to connect db_1 connection = context.createConnection(USER1_1); statement = context.createStatement(connection); @@ -374,24 +357,22 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithStaticConfigu */ @Test public void testDefaultDbPrivilege() throws Exception { - - policyFile - .addRolesToGroup(USERGROUP1, "all_db1") - .addRolesToGroup(USERGROUP2, "select_db2") - .addRolesToGroup(USERGROUP3, "all_default") - .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) - .addPermissionsToRole("select_db2", "server=server1->db=" + DB2 + "->table=tab_2->action=select") - .addPermissionsToRole("all_default", "server=server1->db=default") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - - Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); statement.execute("use default"); statement.execute("create table tab1(a int)"); context.close(); + policyFile + .addRolesToGroup(USERGROUP1, "all_db1") + .addRolesToGroup(USERGROUP2, "select_db2") + .addRolesToGroup(USERGROUP3, "all_default") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) + .addPermissionsToRole("select_db2", "server=server1->db=" + DB2 + "->table=tab_2->action=select") + .addPermissionsToRole("all_default", "server=server1->db=default") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("use default"); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java index 46c6cbb..6272752 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java @@ -45,19 +45,19 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat private static PolicyFile policyFile; private final static String MULTI_TYPE_DATA_FILE_NAME = "emp.dat"; + @Before + public void setup() throws Exception { + policyFile = super.setupPolicy(); + super.setup(); + prepareDBDataForTest(); + } + @BeforeClass public static void setupTestStaticConfiguration() throws Exception { AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); - prepareDBDataForTest(); } protected static void prepareDBDataForTest() throws Exception { - clearDbAfterPerTest = false; - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP).setUserGroupMapping( - StaticUserGroup.getStaticMapping()); - // The setupAdmin is for TestDbPrivilegesAtTableScope to add role admin_role - setupAdmin(); - writePolicyFile(policyFile); // copy data file to test dir File dataDir = context.getDataDir(); File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME); @@ -85,13 +85,6 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat connection.close(); } - @Before - public void setup() throws Exception { - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - } - /* * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, loads data into * TAB_1, TAB_2 Admin grants SELECT on TAB_1, TAB_2, INSERT on TAB_1 to http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java index c47686b..0f27a7e 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java @@ -29,6 +29,7 @@ import java.util.List; import org.apache.sentry.provider.file.PolicyFile; import org.junit.Assert; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import com.google.common.io.Resources; @@ -44,16 +45,20 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur private File dataDir; private File dataFile; + @BeforeClass + public static void setupTestStaticConfiguration () throws Exception { + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + @Before public void setup() throws Exception { + policyFile = super.setupPolicy(); + super.setup(); dataDir = context.getDataDir(); dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); FileOutputStream to = new FileOutputStream(dataFile); Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); } /** @@ -67,22 +72,10 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"}; List<String> tableNamesValidation = new ArrayList<String>(); - policyFile - .addRolesToGroup(USERGROUP1, "tab1_priv,tab2_priv,tab3_priv") - .addPermissionsToRole("tab1_priv", "server=server1->db=" + DB1 + "->table=" - + tableNames[0] + "->action=select") - .addPermissionsToRole("tab2_priv", "server=server1->db=" + DB1 + "->table=" - + tableNames[1] + "->action=insert") - .addPermissionsToRole("tab3_priv", "server=server1->db=" + DB1 + "->table=" - + tableNames[2] + "->action=select") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - String user1TableNames[] = {"tb_1", "tb_2", "tb_3"}; Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); statement.execute("CREATE DATABASE " + DB1); statement.execute("USE " + DB1); createTabs(statement, DB1, tableNames); @@ -93,6 +86,17 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur validateTables(rs, DB1, tableNamesValidation); statement.close(); + policyFile + .addRolesToGroup(USERGROUP1, "tab1_priv,tab2_priv,tab3_priv") + .addPermissionsToRole("tab1_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[0] + "->action=select") + .addPermissionsToRole("tab2_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[1] + "->action=insert") + .addPermissionsToRole("tab3_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[2] + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("USE " + DB1); @@ -114,17 +118,10 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"}; List<String> tableNamesValidation = new ArrayList<String>(); - policyFile - .addRolesToGroup(USERGROUP1, "db_priv") - .addPermissionsToRole("db_priv", "server=server1->db=" + DB1) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - String user1TableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"}; Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); statement.execute("CREATE DATABASE " + DB1); statement.execute("USE " + DB1); createTabs(statement, DB1, tableNames); @@ -134,6 +131,12 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur validateTables(rs, DB1, tableNamesValidation); statement.close(); + policyFile + .addRolesToGroup(USERGROUP1, "db_priv") + .addPermissionsToRole("db_priv", "server=server1->db=" + DB1) + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("USE " + DB1); @@ -155,19 +158,11 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur String tableNames[] = {"tb_1", "tb_2", "tb_3", "newtab_3"}; List<String> tableNamesValidation = new ArrayList<String>(); - policyFile - .addRolesToGroup(USERGROUP1, "tab_priv") - .addPermissionsToRole("tab_priv", "server=server1->db=" + DB1 + "->table=" - + tableNames[3] + "->action=insert") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - String adminTableNames[] = {"tb_3", "newtab_3", "tb_2", "tb_1"}; String user1TableNames[] = {"newtab_3"}; Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); statement.execute("CREATE DATABASE " + DB1); statement.execute("USE " + DB1); createTabs(statement, DB1, tableNames); @@ -177,6 +172,13 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur validateTables(rs, DB1, tableNamesValidation); statement.close(); + policyFile + .addRolesToGroup(USERGROUP1, "tab_priv") + .addPermissionsToRole("tab_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[3] + "->action=insert") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("USE " + DB1); @@ -197,18 +199,11 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur String tableNames[] = {"tb_1", "tb_2", "tb_3", "newtab_3"}; List<String> tableNamesValidation = new ArrayList<String>(); - policyFile - .addRolesToGroup(USERGROUP1, "tab_priv") - .addPermissionsToRole("tab_priv", "server=server1->db=" + DB1) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - String adminTableNames[] = {"tb_3", "newtab_3", "tb_1", "tb_2"}; String user1TableNames[] = {"tb_3", "newtab_3", "tb_1", "tb_2"}; Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); statement.execute("CREATE DATABASE " + DB1); statement.execute("USE " + DB1); createTabs(statement, DB1, tableNames); @@ -218,6 +213,12 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur validateTables(rs, DB1, tableNamesValidation); statement.close(); + policyFile + .addRolesToGroup(USERGROUP1, "tab_priv") + .addPermissionsToRole("tab_priv", "server=server1->db=" + DB1) + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("USE " + DB1); @@ -236,13 +237,14 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur public void testShowTables5() throws Exception { String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"}; - policyFile - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); createTabs(statement, "default", tableNames); + policyFile + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); // User1 should see tables with any level of access @@ -263,22 +265,10 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4", "table_5"}; List<String> tableNamesValidation = new ArrayList<String>(); - policyFile - .addRolesToGroup(USERGROUP1, "tab1_priv,tab2_priv,tab3_priv") - .addPermissionsToRole("tab1_priv", "server=server1->db=" + DB1 + "->table=" - + tableNames[0] + "->action=select") - .addPermissionsToRole("tab2_priv", "server=server1->db=" + DB1 + "->table=" - + tableNames[1] + "->action=insert") - .addPermissionsToRole("tab3_priv", "server=server1->db=" + DB1 + "->table=" - + tableNames[2] + "->action=select") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - String user1TableNames[] = {"tb_1", "tb_2", "tb_3"}; Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); statement.execute("CREATE DATABASE " + DB1); statement.execute("USE " + DB1); createTabs(statement, DB1, tableNames); @@ -288,6 +278,17 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur validateTablesInRs(rs, DB1, tableNamesValidation); statement.close(); + policyFile + .addRolesToGroup(USERGROUP1, "tab1_priv,tab2_priv,tab3_priv") + .addPermissionsToRole("tab1_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[0] + "->action=select") + .addPermissionsToRole("tab2_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[1] + "->action=insert") + .addPermissionsToRole("tab3_priv", "server=server1->db=" + DB1 + "->table=" + + tableNames[2] + "->action=select") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("USE " + DB1); @@ -309,12 +310,6 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur String[] dbNames = {DB1, DB2, DB3}; String[] user1DbNames = {DB1}; - policyFile - .addRolesToGroup(USERGROUP1, "db1_all") - .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - createDb(ADMIN1, dbNames); dbNamesValidation.addAll(Arrays.asList(dbNames)); dbNamesValidation.add("default"); @@ -324,6 +319,12 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur validateDBs(rs, dbNamesValidation); // admin should see all dbs rs.close(); + policyFile + .addRolesToGroup(USERGROUP1, "db1_all") + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); rs = statement.executeQuery("SHOW DATABASES"); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java index 626fd40..fe837e4 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java @@ -43,13 +43,12 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { @Before public void setup() throws Exception { + policyFile = super.setupPolicy(); + super.setup(); dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); FileOutputStream to = new FileOutputStream(dataFile); Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); to.close(); - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); - policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); loadData = "server=server1->uri=file://" + dataFile.getPath(); } @@ -66,13 +65,14 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { */ @Test public void testDbPrivileges() throws Exception { - addTwoUsersWithAllDb(); - writePolicyFile(policyFile); String[] dbs = new String[] { DB1, DB2 }; for (String dbName : dbs) { - dropDb(ADMIN1, dbName); createDb(ADMIN1, dbName); } + + addTwoUsersWithAllDb(); + writePolicyFile(policyFile); + for (String user : new String[] { USER1_1, USER1_2 }) { for (String dbName : dbs) { Connection userConn = context.createConnection(user); @@ -90,12 +90,8 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { userConn.close(); } } - - for (String dbName : dbs) { - dropDb(ADMIN1, dbName); - } - } + /** * Test Case 2.11 admin user create a new database DB_1 and grant ALL to * himself on DB_1 should work @@ -105,7 +101,6 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); adminStmt.execute("CREATE DATABASE " + DB1); // access the new databases @@ -115,12 +110,6 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { adminStmt.execute("load data local inpath '" + dataFile.getPath() + "' into table " + tabName); adminStmt.execute("select * from " + tabName); - - // cleanup - adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE " + DB1 + " CASCADE"); - adminStmt.close(); - adminCon.close(); } /** @@ -131,20 +120,21 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { */ @Test public void testNegativeUserDMLPrivileges() throws Exception { - policyFile - .addPermissionsToRole("db1_tab2_all", "server=server1->db=" + DB1 + "->table=table_2") - .addRolesToGroup(USERGROUP1, "db1_tab2_all"); - writePolicyFile(policyFile); Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); adminStmt.execute("CREATE DATABASE " + DB1); adminStmt.execute("use " + DB1); adminStmt.execute("create table table_1 (id int)"); adminStmt.execute("create table table_2 (id int)"); adminStmt.close(); adminCon.close(); + + policyFile + .addPermissionsToRole("db1_tab2_all", "server=server1->db=" + DB1 + "->table=table_2") + .addRolesToGroup(USERGROUP1, "db1_tab2_all"); + writePolicyFile(policyFile); + Connection userConn = context.createConnection(USER1_1); Statement userStmt = context.createStatement(userConn); userStmt.execute("use " + DB1); @@ -173,17 +163,10 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { */ @Test public void testNegUserPrivilegesAll() throws Exception { - policyFile - .addRolesToGroup(USERGROUP1, "db1_all") - .addRolesToGroup(USERGROUP2, "db1_tab1_select") - .addPermissionsToRole("db1_tab1_select", "server=server1->db="+ DB1 + "->table=table_1->action=select") - .addPermissionsToRole("db1_all", "server=server1->db=" + DB1); - writePolicyFile(policyFile); // create dbs Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); adminStmt.execute("CREATE DATABASE " + DB1); adminStmt.execute("use " + DB1); adminStmt.execute("create table table_1 (name string)"); @@ -197,6 +180,13 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { adminStmt.close(); adminCon.close(); + policyFile + .addRolesToGroup(USERGROUP1, "db1_all") + .addRolesToGroup(USERGROUP2, "db1_tab1_select") + .addPermissionsToRole("db1_tab1_select", "server=server1->db="+ DB1 + "->table=table_1->action=select") + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1); + writePolicyFile(policyFile); + Connection userConn = context.createConnection(USER2_1); Statement userStmt = context.createStatement(userConn); userStmt.execute("use " + DB1); @@ -247,15 +237,13 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { */ @Test public void testSandboxOpt9() throws Exception { + createDb(ADMIN1, DB1, DB2); policyFile - .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData) - .addRolesToGroup(USERGROUP1, GROUP1_ROLE); + .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData) + .addRolesToGroup(USERGROUP1, GROUP1_ROLE); writePolicyFile(policyFile); - dropDb(ADMIN1, DB1, DB2); - createDb(ADMIN1, DB1, DB2); - Connection connection = context.createConnection(USER1_1); Statement statement = context.createStatement(connection); @@ -295,7 +283,6 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { + " (value) AS SELECT value from " + DB2 + "." + TBL3 + " LIMIT 10"); statement.close(); connection.close(); - dropDb(ADMIN1, DB1, DB2); } /** @@ -316,12 +303,6 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { */ @Test public void testSandboxOpt13() throws Exception { - // unrelated permission to allow user1 to connect to db1 - policyFile - .addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_TBL2) - .addRolesToGroup(USERGROUP1, GROUP1_ROLE); - writePolicyFile(policyFile); - dropDb(ADMIN1, DB1); createDb(ADMIN1, DB1); createTable(ADMIN1, DB1, dataFile, TBL1); Connection connection = context.createConnection(ADMIN1); @@ -332,6 +313,13 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { + " (under_col) as 'COMPACT' WITH DEFERRED REBUILD"); statement.close(); connection.close(); + + // unrelated permission to allow user1 to connect to db1 + policyFile + .addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_TBL2) + .addRolesToGroup(USERGROUP1, GROUP1_ROLE); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("USE " + DB1); @@ -342,7 +330,6 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { statement.execute("USE " + DB1); assertTrue(statement.execute("SELECT * FROM " + TBL1 + " WHERE under_col == 5")); assertTrue(statement.execute("SHOW INDEXES ON " + TBL1)); - dropDb(ADMIN1, DB1, DB2); } /** @@ -372,8 +359,6 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { */ @Test public void testSandboxOpt17() throws Exception { - - dropDb(ADMIN1, DB1); createDb(ADMIN1, DB1); policyFile @@ -436,17 +421,17 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { //Hive needs write permissions on this local directory baseDir.setWritable(true, false); + createDb(ADMIN1, DB1); + createTable(ADMIN1, DB1, dataFile, TBL1); + policyFile - .addRolesToGroup(USERGROUP1, "all_db1", "load_data") - .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) - .addPermissionsToRole("load_data", "server=server1->uri=file://" + allowedDir.getPath() + - ", server=server1->uri=file://" + allowedDir.getPath() + - ", server=server1->uri=" + allowedDfsDir.toString()); + .addRolesToGroup(USERGROUP1, "all_db1", "load_data") + .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) + .addPermissionsToRole("load_data", "server=server1->uri=file://" + allowedDir.getPath() + + ", server=server1->uri=file://" + allowedDir.getPath() + + ", server=server1->uri=" + allowedDfsDir.toString()); writePolicyFile(policyFile); - dropDb(ADMIN1, DB1); - createDb(ADMIN1, DB1); - createTable(ADMIN1, DB1, dataFile, TBL1); Connection connection = context.createConnection(USER1_1); Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); @@ -468,20 +453,18 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { */ @Test public void testSandboxOpt10() throws Exception { - String rTab1 = "rtab_1"; String rTab2 = "rtab_2"; - policyFile - .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, SELECT_DB2_TBL2, loadData) - .addRolesToGroup(USERGROUP1, GROUP1_ROLE); - writePolicyFile(policyFile); - - dropDb(ADMIN1, DB1, DB2); createDb(ADMIN1, DB1, DB2); createTable(ADMIN1, DB1, dataFile, TBL1); createTable(ADMIN1, DB2, dataFile, TBL2, TBL3); + policyFile + .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, SELECT_DB2_TBL2, loadData) + .addRolesToGroup(USERGROUP1, GROUP1_ROLE); + writePolicyFile(policyFile); + // a Connection connection = context.createConnection(USER1_1); Statement statement = context.createStatement(connection); @@ -492,20 +475,11 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { statement.close(); connection.close(); - dropDb(ADMIN1, DB1, DB2); } // Create per-db policy file on hdfs and global policy on local. @Test public void testPerDbPolicyOnDFS() throws Exception { - - policyFile - .addRolesToGroup(USERGROUP1, "select_tbl1") - .addRolesToGroup(USERGROUP2, "select_tbl2") - .addPermissionsToRole("select_tbl1", "server=server1->db=" + DB1 + "->table=tbl1->action=select") - .addDatabase(DB2, dfs.getBaseDir().toUri().toString() + "/" + DB2_POLICY_FILE); - writePolicyFile(policyFile); - File db2PolicyFileHandle = new File(baseDir.getPath(), DB2_POLICY_FILE); PolicyFile db2PolicyFile = new PolicyFile(); @@ -519,14 +493,11 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); - statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); - statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE"); statement.execute("CREATE DATABASE " + DB1); statement.execute("USE " + DB1); statement.execute("CREATE TABLE tbl1(B INT, A STRING) " + " row format delimited fields terminated by '|' stored as textfile"); statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl1"); - statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE"); statement.execute("CREATE DATABASE " + DB2); statement.execute("USE " + DB2); statement.execute("CREATE TABLE tbl2(B INT, A STRING) " + @@ -535,6 +506,13 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { statement.close(); connection.close(); + policyFile + .addRolesToGroup(USERGROUP1, "select_tbl1") + .addRolesToGroup(USERGROUP2, "select_tbl2") + .addPermissionsToRole("select_tbl1", "server=server1->db=" + DB1 + "->table=tbl1->action=select") + .addDatabase(DB2, dfs.getBaseDir().toUri().toString() + "/" + DB2_POLICY_FILE); + writePolicyFile(policyFile); + // test per-db file for db2 connection = context.createConnection(USER2_1); @@ -545,15 +523,6 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { statement.close(); connection.close(); - - //test cleanup - connection = context.createConnection(ADMIN1); - statement = context.createStatement(connection); - statement.execute("DROP DATABASE " + DB1 + " CASCADE"); - - statement.execute("DROP DATABASE " + DB2 + " CASCADE"); - statement.close(); - connection.close(); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java index 7c7c63e..911608a 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUriPermissions.java @@ -29,19 +29,28 @@ import junit.framework.Assert; import org.apache.sentry.provider.file.PolicyFile; import org.apache.sentry.tests.e2e.hive.hiveserver.HiveServerFactory; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class TestUriPermissions extends AbstractTestWithStaticConfiguration { + private static final Logger LOGGER = LoggerFactory. + getLogger(TestUriPermissions.class); + private PolicyFile policyFile; private File dataFile; private String loadData; + @BeforeClass + public static void setupTestStaticConfiguration () throws Exception { + AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + @Before public void setup() throws Exception { - policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); - policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); - writePolicyFile(policyFile); - + policyFile = super.setupPolicy(); + super.setup(); } // test load data into table @@ -57,24 +66,23 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { Connection userConn = null; Statement userStmt = null; - policyFile - .addRolesToGroup(USERGROUP1, "db1_read", "db1_write", "data_read") - .addRolesToGroup(USERGROUP2, "db1_write") - .addPermissionsToRole("db1_write", "server=server1->db=" + DB1 + "->table=" + tabName + "->action=INSERT") - .addPermissionsToRole("db1_read", "server=server1->db=" + DB1 + "->table=" + tabName + "->action=SELECT") - .addPermissionsToRole("data_read", loadData); - writePolicyFile(policyFile); - // create dbs Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); adminStmt.execute("CREATE DATABASE " + DB1); adminStmt.execute("use " + DB1); adminStmt.execute("CREATE TABLE " + tabName + "(id int)"); context.close(); + policyFile + .addRolesToGroup(USERGROUP1, "db1_read", "db1_write", "data_read") + .addRolesToGroup(USERGROUP2, "db1_write") + .addPermissionsToRole("db1_write", "server=server1->db=" + DB1 + "->table=" + tabName + "->action=INSERT") + .addPermissionsToRole("db1_read", "server=server1->db=" + DB1 + "->table=" + tabName + "->action=SELECT") + .addPermissionsToRole("data_read", loadData); + writePolicyFile(policyFile); + // positive test, user1 has access to file being loaded userConn = context.createConnection(USER1_1); userStmt = context.createStatement(userConn); @@ -111,7 +119,6 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); adminStmt.execute("CREATE DATABASE " + DB1); adminStmt.execute("use " + DB1); adminStmt.execute("CREATE TABLE " + tabName + " (id int) PARTITIONED BY (dt string)"); @@ -176,24 +183,23 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { Connection userConn = null; Statement userStmt = null; - policyFile - .addRolesToGroup(USERGROUP1, "server1_all") - .addRolesToGroup(USERGROUP2, "db1_all, data_read") - .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) - .addPermissionsToRole("data_read", "server=server1->URI=" + tabDir) - .addPermissionsToRole("server1_all", "server=server1"); - writePolicyFile(policyFile); - // create dbs Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); adminStmt.execute("CREATE DATABASE " + DB1); adminStmt.execute("use " + DB1); adminStmt.execute("CREATE TABLE " + tabName + " (id int) PARTITIONED BY (dt string)"); adminCon.close(); + policyFile + .addRolesToGroup(USERGROUP1, "server1_all") + .addRolesToGroup(USERGROUP2, "db1_all, data_read") + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) + .addPermissionsToRole("data_read", "server=server1->URI=" + tabDir) + .addPermissionsToRole("server1_all", "server=server1"); + writePolicyFile(policyFile); + // positive test: user2 has privilege to alter table set partition userConn = context.createConnection(USER2_1); userStmt = context.createStatement(userConn); @@ -223,22 +229,21 @@ public class TestUriPermissions extends AbstractTestWithStaticConfiguration { baseDir.setWritable(true, false); dataDir.setWritable(true, false); - policyFile - .addRolesToGroup(USERGROUP1, "db1_all", "data_read") - .addRolesToGroup(USERGROUP2, "db1_all") - .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) - .addPermissionsToRole("data_read", "server=server1->URI=" + dataDirPath); - writePolicyFile(policyFile); - // create dbs Connection adminCon = context.createConnection(ADMIN1); Statement adminStmt = context.createStatement(adminCon); adminStmt.execute("use default"); - adminStmt.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); adminStmt.execute("CREATE DATABASE " + DB1); adminStmt.close(); adminCon.close(); + policyFile + .addRolesToGroup(USERGROUP1, "db1_all", "data_read") + .addRolesToGroup(USERGROUP2, "db1_all") + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) + .addPermissionsToRole("data_read", "server=server1->URI=" + dataDirPath); + writePolicyFile(policyFile); + // negative test: user2 doesn't have privilege to create external table in given path userConn = context.createConnection(USER2_1); userStmt = context.createStatement(userConn); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java index be9f601..471af1a 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java @@ -42,8 +42,11 @@ public class TestUserManagement extends AbstractTestWithStaticConfiguration { private File dataFile; private PolicyFile policyFile; + @Override @Before - public void setUp() throws Exception { + public void setup() throws Exception { + policyFile = super.setupPolicy(); + super.setup(); dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME); FileOutputStream to = new FileOutputStream(dataFile); Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java index 2c14c82..2c16cd6 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/AbstractMetastoreTestWithStaticConfiguration.java @@ -54,7 +54,7 @@ public abstract class AbstractMetastoreTestWithStaticConfiguration extends @BeforeClass public static void setupTestStaticConfiguration() throws Exception { useSentryService = true; - clearDbAfterPerTest = false; + clearDbPerTest = false; testServerType = HiveServer2Type.InternalMetastore.name(); AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/e11062d3/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java index 30041c5..44ed096 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java @@ -33,6 +33,7 @@ import org.apache.sentry.provider.file.PolicyFile; import org.apache.sentry.tests.e2e.hive.StaticUserGroup; import org.apache.thrift.TException; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import com.google.common.collect.Lists; @@ -53,42 +54,19 @@ public class TestAuthorizingObjectStore extends // this user is configured for sentry.metastore.service.users, // for this test, the value is set when creating the HiveServer. private static final String userWithoutAccess = "accessAllMetaUser"; - private boolean isSetup = false; + @BeforeClass + public static void setupTestStaticConfiguration () throws Exception { + AbstractMetastoreTestWithStaticConfiguration.setupTestStaticConfiguration(); + } + + @Override @Before public void setup() throws Exception { - if (isSetup) { - return; - } - isSetup = true; policyFile = setAdminOnServer1(ADMINGROUP); - policyFile - .addRolesToGroup(USERGROUP1, all_role) - .addRolesToGroup(USERGROUP2, db1_t1_role) - .addPermissionsToRole(all_role, "server=server1->db=" + dbName1) - .addPermissionsToRole(all_role, "server=server1->db=" + dbName2) - .addPermissionsToRole( - all_role, - "server=server1->db=" + dbName1 + "->table=" + tabName1 - + "->action=SELECT") - .addPermissionsToRole( - all_role, - "server=server1->db=" + dbName1 + "->table=" + tabName2 - + "->action=SELECT") - .addPermissionsToRole( - all_role, - "server=server1->db=" + dbName2 + "->table=" + tabName3 - + "->action=SELECT") - .addPermissionsToRole( - all_role, - "server=server1->db=" + dbName2 + "->table=" + tabName4 - + "->action=SELECT") - .addPermissionsToRole( - db1_t1_role, - "server=server1->db=" + dbName1 + "->table=" + tabName1 - + "->action=SELECT") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); + super.setup(); HiveMetaStoreClient client = context.getMetaStoreClient(ADMIN1); client.dropDatabase(dbName1, true, true, true); @@ -117,6 +95,34 @@ public class TestAuthorizingObjectStore extends addPartition(client, dbName2, tabName4, Lists.newArrayList(partitionVal), tbl4); client.close(); + + policyFile + .addRolesToGroup(USERGROUP1, all_role) + .addRolesToGroup(USERGROUP2, db1_t1_role) + .addPermissionsToRole(all_role, "server=server1->db=" + dbName1) + .addPermissionsToRole(all_role, "server=server1->db=" + dbName2) + .addPermissionsToRole( + all_role, + "server=server1->db=" + dbName1 + "->table=" + tabName1 + + "->action=SELECT") + .addPermissionsToRole( + all_role, + "server=server1->db=" + dbName1 + "->table=" + tabName2 + + "->action=SELECT") + .addPermissionsToRole( + all_role, + "server=server1->db=" + dbName2 + "->table=" + tabName3 + + "->action=SELECT") + .addPermissionsToRole( + all_role, + "server=server1->db=" + dbName2 + "->table=" + tabName4 + + "->action=SELECT") + .addPermissionsToRole( + db1_t1_role, + "server=server1->db=" + dbName1 + "->table=" + tabName1 + + "->action=SELECT") + .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + writePolicyFile(policyFile); } /**
