> On June 7, 2014, 12:50 a.m., Jarek Cecho wrote: > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java, > > line 407 > > <https://reviews.apache.org/r/22322/diff/4/?file=605131#file605131line407> > > > > Can we just add assert verifying that we've removed privilege?
This is a no op, so checking that the state did not change. > On June 7, 2014, 12:50 a.m., Jarek Cecho wrote: > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java, > > lines 414-416 > > <https://reviews.apache.org/r/22322/diff/4/?file=605131#file605131line414> > > > > Can we add asserts here to ensure that the operations are doing what > > they should be doing? This is a no op, so checking that the state did not change. - Sravya ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/22322/#review44991 ----------------------------------------------------------- On June 7, 2014, 12:09 a.m., Sravya Tirukkovalur wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/22322/ > ----------------------------------------------------------- > > (Updated June 7, 2014, 12:09 a.m.) > > > Review request for sentry, Arun Suresh, Jarek Cecho, and Prasad Mujumdar. > > > Bugs: sentry-238 and sentry-261 > https://issues.apache.org/jira/browse/sentry-238 > https://issues.apache.org/jira/browse/sentry-261 > > > Repository: sentry > > > Description > ------- > > This patch adds the following test cases for Sentry Grant/Revoke feature > through Hive end to end tests(a few of them are already there). > Apart from these test cases it does: > - Fix sentry-238, denied show roles/show grant/show role grant throws > SentryAccessDeniedException instead of Thrift exception. > - Adds a test case for SENTRY-264 ( although, it is not fixed in this patch) > > 1. Grant/Revoke privileges test cases: > 1.1. All on server > 1.2. All on database > 1.3. All on URI > 1.4. All on table > 1.5. Insert on table > 1.6. Select on table > 1.7. Partial privileges on table > 1.7.1. Grant all, revoke insert leads to select on table > 1.7.2. Grant all, revoke select leads to select on table > > 2.Create/Drop role > > 3. Show roles > 3.1. When there are no roles, returns empty list > 3.2. When there are roles, returns correct list with correct schema. > > 4. Show role grant > 4.1. When there are no roles and group, throws SentryNoSuchObjectException > 4.2. When there are roles, returns correct list with correct schema. > > 5. Show privileges > 5.1. When there are no privileges granted to a role, returns an empty list > 5.2. When there are privileges, returns correct list with correct schema. > 5.3. Given privileges on table, show grant on table should return table > privilege. > 5.4. Privileges on database > 5.4.1. Show grant on database should return correct priv > 5.4.2. Show grant on table should return correct priv > 5.5. Privileges on server > 5.5.1. Show grant on database should return correct priv > 5.5.2. Show grant on table should return correct priv > 5.5.3. Show grant on server should return correct priv (sql not supported yet > in hive) > 5.6. Show grant on uri (sql not supported yet in hive) > > 6. Show current role > > 7. Corner test cases: > 7.1. Drop role which doesn't exist, throws SentryNoSuchObjectException > 7.2. Create role which already exists, throws SentryAlreadyExitsException > 7.3. Drop role when privileges mapping exists and create role with same name, > old mappings should not exist > 7.4. Grant role, when role doesn't exist, throws SentryNoSuchObjectException > 7.5. Grant role when mapping exists, silently allows > 7.6. Grant multiple roles to a group > 7.7. Revoke role after role has been dropped, SentryNoSuchObjectException > 7.8. Revoke role from a group when mapping doesn't exist, silently allows > 7.9. Grant privilege to a role, privilege already exists, silently allows > 7.10. Grant privilege to a role, mapping already exists, silently allows > 7.11. Multiple privileges to a role > 7.12. Revoke privilege when privilege doesn't exist, silently allows > 7.13. Revoke privilege, when role doesn't exist, SentryNoSuchObjectException > 7.14. Revoke privilege when mapping doesn't exist, silently allows > > 8. Sentry Auth DDL by non admin user tests, should fire SentryOnFailureHook > and should throw SentryAccessDeniedException > 8.1. Create role > 8.2. Drop role > 8.3. Grant role > 8.4. Revoke role > 8.5. Grant privilege > 8.6. Revoke privilege > 8.7. Show roles > 8.8. Show role grant > 8.9. Show grant > 8.10. Grant Revoke on data objects, do not expose database/table entities > 8.10.1. table > 8.10.1. database > > 9. Denied non auth DDLs and Queries, should invoke SentryOnFailureHook > 9.1. Denied create table, when table exists: Exposes only db object > 9.2. Denied create table, when table does not exist: exposes only db object > 9.3. select when table exist: doesn't expose database and table > 9.4. alter table, doesn't invoke failure hook. (this test fails) > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java > 6ea1ca0027c35bfd1eec1f9028f031b7178fe35d > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java > 62113c89607a7194fef79a3f9d89e89a5a96c51c > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java > 322e90e5785d20d250be19e75fd2ed4c1c9b817a > > sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift > 5d584c0a856fbf2bc563481c99dcb69a36a2b507 > > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java > 1089390dc6b2bd709591093b583f1cd5bc32e787 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/PolicyProviderForTest.java > 79ca38774818f5cc812a9810bb84784f8429001a > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java > 84223a941e8072683681ef41e265d0c8e3570f82 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java > 9c0c8b5b65de1db4fbb50357258a982c1b8a2a10 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSentryOnFailureHookLoading.java > 8beedd7ba837b132a39da5b794118ab919fc203f > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/Context.java > 39d411e3c9138d50b6dc3ead5cd0a45653f4873f > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/DummySentryOnFailureHook.java > 079f273f20753c4de90f448f1de47c56b810e18d > > Diff: https://reviews.apache.org/r/22322/diff/ > > > Testing > ------- > > Yes. > > > Thanks, > > Sravya Tirukkovalur > >
