-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22240/#review45171
-----------------------------------------------------------
We should only allow "use default" for any user as long as the user has some
privileges on the server. But we should still restrict the data objects in the
default data base. For example: This test case should fail (but passes with the
patch):
@Test
public void defaultNegativeTest() throws Exception{
policyFile
.addRolesToGroup(USERGROUP1, "all_db1", "load_data")
.addPermissionsToRole("all_db1", "server=server1->db=DB_1")
.setUserGroupMapping(StaticUserGroup.getStaticMapping());
writePolicyFile(policyFile);
Connection connection = context.createConnection(ADMIN1);
Statement statement = context.createStatement(connection);
statement.execute("create table tab1(a int)");
// setup db objects needed by the test
connection = context.createConnection(USER1_1);
statement = context.createStatement(connection);
statement.execute("select * from tab1");
}
and this should pass:
@Test
public void defaultTest() throws Exception{
policyFile
.addRolesToGroup(USERGROUP1, "all_db1", "load_data")
.addPermissionsToRole("all_db1", "server=server1->db=DB_1")
.setUserGroupMapping(StaticUserGroup.getStaticMapping());
writePolicyFile(policyFile);
// setup db objects needed by the test
Connection connection = context.createConnection(USER1_1);
Statement statement = context.createStatement(connection);
statement.execute("use default");
}
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSandboxOps.java
<https://reviews.apache.org/r/22240/#comment79879>
This is fine, or you could also just ignore this test with @Ignore, so that
it would be skipped.
- Sravya Tirukkovalur
On June 6, 2014, 11:52 p.m., Arun Suresh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22240/
> -----------------------------------------------------------
>
> (Updated June 6, 2014, 11:52 p.m.)
>
>
> Review request for sentry, Jarek Cecho, Prasad Mujumdar, and Sravya
> Tirukkovalur.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Couple of Test case fixes to get the filter push down patch to work.
>
> NOTE : I have placed some TODOs where I make a few assumptions.. kindly review
>
>
> Diffs
> -----
>
>
> sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBModelAuthorizables.java
> f4b32e1
>
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
> 3a993b0
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/SimpleDBProviderBackend.java
> 326b91d
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
> a959b13
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
> 322e90e
>
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java
> 9c0c8b5
>
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbSandboxOps.java
> 5eef792
>
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegeAtTransform.java
> 732632b
>
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java
> 10c7b82
>
> Diff: https://reviews.apache.org/r/22240/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Arun Suresh
>
>
