Added: hadoop/pig/trunk/contrib/zebra/src/test/org/apache/hadoop/zebra/types/TestColumnSecurity.java URL: http://svn.apache.org/viewvc/hadoop/pig/trunk/contrib/zebra/src/test/org/apache/hadoop/zebra/types/TestColumnSecurity.java?rev=826110&view=auto ============================================================================== --- hadoop/pig/trunk/contrib/zebra/src/test/org/apache/hadoop/zebra/types/TestColumnSecurity.java (added) +++ hadoop/pig/trunk/contrib/zebra/src/test/org/apache/hadoop/zebra/types/TestColumnSecurity.java Fri Oct 16 22:15:59 2009 @@ -0,0 +1,1217 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with this + * work for additional information regarding copyright ownership. The ASF + * licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.hadoop.zebra.types; + +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.security.auth.login.LoginException; + +import junit.framework.Assert; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FileStatus; +import org.apache.hadoop.fs.FileSystem; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.fs.permission.FsPermission; +import org.apache.hadoop.io.BytesWritable; +import org.apache.hadoop.security.UnixUserGroupInformation; +import org.apache.hadoop.zebra.io.BasicTable; +import org.apache.hadoop.zebra.io.TableInserter; +import org.apache.hadoop.zebra.io.TableScanner; +import org.apache.hadoop.zebra.io.BasicTable.Reader.RangeSplit; +import org.apache.hadoop.zebra.schema.Schema; +import org.apache.hadoop.zebra.parser.ParseException; +import org.apache.pig.data.DataBag; +import org.apache.pig.data.DataByteArray; +import org.apache.pig.data.Tuple; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * + * Test projections on complicated column types. + * + */ +public class TestColumnSecurity { + + final private static Configuration conf = new Configuration(); + private static Path path; + private static FileSystem fs; + final private static String GROUP1_NAME = "group1"; + final private static String GROUP2_NAME = "group2"; + final private static String GROUP3_NAME = "group3"; + final private static String GROUP4_NAME = "group4"; + final private static String USER1_NAME = "user1"; + final private static String USER2_NAME = "user2"; + final private static String USER3_NAME = "user3"; + + private static UnixUserGroupInformation SUPERUSER; + private static UnixUserGroupInformation USER1; + private static UnixUserGroupInformation USER2; + private static UnixUserGroupInformation USER3; + private static String user; + static { + try { + + conf.setInt("table.output.tfile.minBlock.size", 64 * 1024); + conf.setInt("table.input.split.minSize", 64 * 1024); + conf.set("table.output.tfile.compression", "none"); + + // Initiate all four users + SUPERUSER = UnixUserGroupInformation.login(conf); + USER1 = new UnixUserGroupInformation(USER1_NAME, new String[] { + GROUP1_NAME, GROUP2_NAME }); + USER2 = new UnixUserGroupInformation(USER2_NAME, new String[] { + GROUP2_NAME, GROUP3_NAME }); + USER3 = new UnixUserGroupInformation(USER3_NAME, new String[] { + GROUP3_NAME, GROUP4_NAME }); + System.out.println("SUPERUSER NAME: " + SUPERUSER.getUserName()); + + } catch (LoginException e) { + throw new RuntimeException(e); + } + if (System.getProperty("user") == null) { + System.setProperty("user", "jing1234"); + } + user = System.getProperty("user"); + if (System.getProperty("group") == null) { + System.setProperty("group", "users"); + } + System.getProperty("group"); + } + + @BeforeClass + public static void setUpOnce() throws IOException, LoginException { + path = new Path("/user/" + user); + fs = path.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + + } + + @AfterClass + public static void tearDownOnce() throws IOException { + } + + /* log into dfs as the given user */ + private static void login(UnixUserGroupInformation ugi) throws IOException { + if (fs != null) { + fs.close(); + } + UnixUserGroupInformation.saveToConf(conf, + UnixUserGroupInformation.UGI_PROPERTY_NAME, ugi); + fs = FileSystem.get(conf); // login as ugi + } + + @Test + public void test1() throws IOException, ParseException { + /* + * Test permission 777, everyone can read, write and delete + */ + System.out.println("In test1..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2 ] secure by user:user1 group:group1 perm:777"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest1"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER2); + load(USER2.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + load(USER3.getUserName(), path1, "s1,s2", false, false); + + login(USER1); + BasicTable.dropColumnGroup(path1, conf, "CG0"); + try { + load(USER1.getUserName(), path1, "s1,s2", true, true); + } catch (Exception e) { + Assert.fail(USER1.getUserName() + " should not be able to read"); + } + + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", true, true); + } catch (Exception e) { + Assert.fail(USER1.getUserName() + " should not be able to read"); + } + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", true, true); + } catch (Exception e) { + Assert.fail(USER1.getUserName() + " should not be able to read"); + } + + } + + @Test + public void test2() throws IOException, ParseException { + /* + * Test group has no read permission, but has write permission + */ + System.out.println("In test2..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:group2 perm:730"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest2"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER3.getUserName() + " should not be able to read"); + } catch (IOException e) { + } + + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER2.getUserName() + " should not be able to read"); + } catch (IOException e) { + } + + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER2.getUserName() + + " should not be able to delete, can not open directory"); + + } catch (IOException e) { + + } + + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER2.getUserName() + " should not be able to read"); + } catch (IOException e) { + + } + + login(USER1); + BasicTable.dropColumnGroup(path1, conf, "CG0"); + try { + load(USER1.getUserName(), path1, "s1,s2", true, true); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should be able to read"); + + } + + } + + @Test + public void test3() throws IOException, ParseException { + /* + * Group has NO read permission, has NO write permission OTHERS has NO read + * No write permission + */ + System.out.println("In test3..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:group2 perm:700"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest3"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER3.getUserName() + " should not be able to read"); + } catch (IOException e) { + // e.printStackTrace(); + } + + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER3.getUserName() + " should not be able to write"); + } catch (IOException e) { + } + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER2.getUserName() + " should not be able to read"); + } catch (IOException e) { + // e.printStackTrace(); + } + + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER2.getUserName() + " should not be able to write"); + } catch (IOException e) { + // e.printStackTrace(); + } + + login(USER1); + BasicTable.dropColumnGroup(path1, conf, "CG0"); + try { + load(USER1.getUserName(), path1, "s1,s2", true, true); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should not be able to read"); + } + + } + + @Test + public void test4() throws IOException, ParseException { + /* + * GROUP has NO write permission, but has read permission + */ + System.out.println("In test4..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:group2 perm:740"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest4"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER3.getUserName() + " should be able to read"); + } catch (IOException e) { + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER3.getUserName() + " should not be able to write"); + } catch (IOException e) { + // e.printStackTrace(); + } + + /* + * should not be able to read, since there is no execute permission + */ + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER2.getUserName() + " should not be able to read"); + } catch (IOException e) { + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER2.getUserName() + " should not be able to write"); + } catch (IOException e) { + // e.printStackTrace(); + } + + login(USER1); + BasicTable.dropColumnGroup(path1, conf, "CG0"); + try { + load(USER1.getUserName(), path1, "s1,s2", true, true); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should not be able to read"); + } + + } + + @Test + public void test5() throws IOException, ParseException { + /* + * OTHERS has NO read permission, has write permission + */ + System.out.println("In test5..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:group1 perm:702"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest5"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER3.getUserName() + " should be able to read"); + } catch (IOException e) { + } + + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER3.getUserName() + " should not be able to write"); + } catch (IOException e) { + // e.printStackTrace(); + } + + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER2.getUserName() + " should be able to read"); + } catch (IOException e) { + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER2.getUserName() + " should not be able to write"); + } catch (IOException e) { + // e.printStackTrace(); + } + + login(USER1); + BasicTable.dropColumnGroup(path1, conf, "CG0"); + try { + load(USER1.getUserName(), path1, "s1,s2", true, true); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should not be able to read"); + } + + } + + @Test + public void test6() throws IOException, ParseException { + /* + * OTHERS has NO write permission, but has read permission + */ + System.out.println("In test6..."); + String schema = "s1:string, s2:string"; + String storage = "[s1,s2] secure by user:user1 group:group1 perm:705;"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest6"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER3.getUserName() + " should be able to read"); + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER3.getUserName() + " should not be able to write"); + } catch (IOException e) { + } + + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should not be able to read"); + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER2.getUserName() + " should not be able to write"); + } catch (IOException e) { + // e.printStackTrace(); + } + + login(USER1); + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should be able to read"); + } + try { + load(USER1.getUserName(), path1, "s1,s2", true, true); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should be able to read"); + } + + } + + @Test + public void test7() throws IOException, ParseException { + /* + * USER has NO read permission, but has write permission + */ + System.out.println("In test7..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:group1 perm:200"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest7"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + + try { + new BasicTable.Writer(path1, schema, storage, false, conf); + Assert.fail("write should fail"); + } catch (IOException e) { + } + + } + + @Test + public void test8() throws IOException, ParseException { + /* + * GROUP has both read and write permission + */ + System.out.println("In test8..."); + String schema = "s1:string, s2:string"; + String storage = "[s1] secure by user:user1 group:group2 perm:770; [s2]"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest8"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER3.getUserName() + " should NOT be able to read"); + } catch (IOException e) { + + } + + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER3.getUserName() + " should not be able to write"); + } catch (IOException e) { + // e.printStackTrace(); + } + + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + e.printStackTrace(); + Assert.fail(USER2.getUserName() + " should be able to read"); + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should not be able to write"); + } + try { + load(USER2.getUserName(), path1, "s1,s2", true, false); + } catch (IOException e) { + e.printStackTrace(); + Assert.fail(USER2.getUserName() + " should be able to read"); + } + + /* + * USER1 drop the same CG0 again, should pass, take as no-op + */ + login(USER1); + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should be able to delete again"); + } + + try { + load(USER1.getUserName(), path1, "s1,s2", true, false); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should not be able to read"); + + } + + } + + @Test + public void test9() throws IOException, ParseException { + /* + * OTHERS has BOTH read and write permission + */ + System.out.println("In test9..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:group2 perm:707"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest9"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + writer.close(); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER3.getUserName() + " should be able to read"); + + } + + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER2.getUserName() + " should not be able to read"); + } catch (IOException e) { + } + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER3.getUserName() + " should be able to read"); + + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + } catch (IOException e) { + Assert.fail(USER3.getUserName() + " should be able to write"); + } + + login(USER1); + try { + load(USER1.getUserName(), path1, "s1,s2", true, true); + } catch (IOException e) { + Assert.fail(USER3.getUserName() + " should not be able to read"); + + } + } + + @Test + public void test10() throws IOException, ParseException { + /* + * Negative test case on table.write. user has no write permission + */ + System.out.println("In test10..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:group1 perm:400"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest10"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + + try { + new BasicTable.Writer(path1, schema, storage, false, conf); + Assert.fail("write should fail"); + } catch (IOException e) { + } + + } + + @Test + public void test11() throws IOException, ParseException { + /* + * stitch 2 CGs, user has read permission on both + */ + System.out.println("In test11..."); + String schema = "s1:string, s2:string"; + String storage = "[s1] secure by user:user1 group:group2 perm:770;[s2] secure by user:user1 group:group2 perm:770"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest11"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + writer.close(); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER3.getUserName() + " should not be able to read"); + } catch (IOException e) { + + } + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should not be able to read"); + } + + } + + @Test + public void test12() throws IOException, ParseException { + /* + * stitch 2 CGs, user has read permission one one but not the other + */ + System.out.println("In test12..."); + String schema = "s1:string, s2:string"; + String storage = "[s1] secure by user:user1 group:group2 perm:770;[s2] secure by user:user1 group:group2 perm:700"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest12"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + writer.close(); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER3.getUserName() + " should not be able to read"); + } catch (IOException e) { + + } + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER2.getUserName() + " should not be able to read"); + } catch (IOException e) { + + } + + } + + @Test + public void test13() throws IOException, ParseException { + /* + * stitch 2 CGs, user has read permission on the second CG, but not the + * FIRST one + */ + System.out.println("In test13..."); + String schema = "s1:string, s2:string"; + String storage = "[s1] secure by user:user1 group:group2 perm:700;[s2] secure by user:user1 group:group2 perm:770"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest13"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + writer.close(); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER3.getUserName() + " should not be able to read"); + } catch (IOException e) { + + } + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER2.getUserName() + " should not be able to read"); + } catch (IOException e) { + + } + + } + + @Test + public void test14() throws IOException, ParseException { + /* + * stitch 2CGs where user only has write permission on those + */ + System.out.println("In test14..."); + String schema = "s1:string, s2:string"; + String storage = "[s1] secure by user:user1 group:group2 perm:730;[s2] secure by user:user1 group:group2 perm:730"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest14"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + writer.close(); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER3.getUserName() + " should not be able to read"); + } catch (IOException e) { + + } + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER2.getUserName() + " should not be able to read"); + } catch (IOException e) { + + } + + } + + @Test + public void test15() throws IOException, ParseException { + /* + * Test stitch after CGs is dropped + */ + System.out.println("In test15..."); + String schema = "s1:string, s2:string"; + String storage = "[s1] secure by user:user1 group:group2 perm:770;[s2] secure by user:user1 group:group2 perm:770"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest15"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + writer.close(); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + Assert.fail(USER3.getUserName() + " should not be able to read"); + } catch (IOException e) { + + } + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should be able to read"); + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should be able to write"); + } + try { + load(USER2.getUserName(), path1, "s1,s2", true, false); + + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should be able to read"); + } + } + + @Test + public void test16() throws IOException, ParseException { + /* + * stitch on non-secured CGs should not be affected + */ + System.out.println("In test16..."); + String schema = "s1:string, s2:string"; + String storage = "[s1];[s2]"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest16"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + + Schema schema1 = writer.getSchema(); + insertData(USER1.getUserName(), schema1, path1); + writer.close(); + load(USER1.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER3.getUserName() + " should be able to read"); + } + + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should be able to read"); + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER2.getUserName() + " should not be able to write"); + } catch (IOException e) { + } + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should be able to read"); + } + + login(USER1); + try { + load(USER1.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should be able to read"); + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should not be able to write"); + + } + try { + load(USER1.getUserName(), path1, "s1,s2", true, false); + } catch (IOException e) { + Assert.fail(USER1.getUserName() + " should be able to read"); + + } + } + + @Test + public void test17() throws IOException, ParseException { + /* + * Negative test case on table.writer.Nobody has write permission + */ + System.out.println("In test17..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:group1 perm:000"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest17"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + + try { + new BasicTable.Writer(path1, schema, storage, false, conf); + Assert.fail("write should fail"); + } catch (IOException e) { + } + + } + + @Test + public void test18() throws IOException, ParseException { + /* + * Negative test case on table.write. Group does not exists + */ + System.out.println("In test18..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:nonexisting perm:000"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest18"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + + try { + new BasicTable.Writer(path1, schema, storage, false, conf); + Assert.fail("write should fail"); + } catch (IOException e) { + } + + } + + @Test + public void test19() throws IOException, ParseException { + /* + * Negative test case on table.write. Permission setting is wrong + */ + System.out.println("In test19..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:group2 perm:880"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest19"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + try { + new BasicTable.Writer(path1, schema, storage, false, conf); + Assert.fail("write should fail"); + } catch (IOException e) { + } + + } + + @Test + public void test20() throws IOException, ParseException { + /* + * Negative test case on table.write. Permission setting is wrong + */ + System.out.println("In test120..."); + String schema = "s1:string, s2:string"; + String storage = "[s1, s2] secure by user:user1 group:group2 perm:7777"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest20"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + login(USER1); + + try { + new BasicTable.Writer(path1, schema, storage, false, conf); + Assert.fail("write should fail"); + } catch (IOException e) { + } + + } + + @Test + public void test21() throws IOException, ParseException { + /* + * test on SUPERGROUP + */ + System.out.println("In test21..."); + String schema = "s1:string, s2:string"; + String storage = "[s1] secure by user:" + + SUPERUSER.getUserName() + + " group:supergroup perm:755;[s2] secure by user:user1 group:group2 perm:755"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest21"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + + login(SUPERUSER); + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + + Schema schema1 = writer.getSchema(); + insertData(SUPERUSER.getUserName(), schema1, path1); + writer.close(); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER3.getUserName() + " should be able to read"); + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER3.getUserName() + " should not be able to write"); + } catch (IOException e) { + } + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER3.getUserName() + " should be able to read"); + } + + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should be able to read"); + } + + login(USER1); + try { + load(USER1.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should be able to read"); + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER3.getUserName() + " should not be able to write"); + } catch (IOException e) { + } + + login(SUPERUSER); + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + } catch (IOException e) { + Assert.fail(SUPERUSER.getUserName() + " shoul be able to write"); + } + try { + load(SUPERUSER.getUserName(), path1, "s1,s2", true, false); + } catch (IOException e) { + Assert.fail(SUPERUSER.getUserName() + " should not be able to read"); + + } + } + + @Test + public void test22() throws IOException, ParseException { + /* + * test on SUPERGROUP + */ + System.out.println("In test22..."); + String schema = "s1:string, s2:string"; + String storage = "[s1] secure by user:" + + SUPERUSER.getUserName() + + " group:supergroup perm:775;[s2] secure by user:user1 group:group2 perm:775"; + Path path1 = new Path(path.toString() + "/TestColumnStorageTest22"); + login(SUPERUSER); + fs = path1.getFileSystem(conf); + fs.setPermission(path, new FsPermission((short) 0777)); + + BasicTable.Writer writer = new BasicTable.Writer(path1, schema, storage, + false, conf); + writer.finish(); + + Schema schema1 = writer.getSchema(); + insertData(SUPERUSER.getUserName(), schema1, path1); + writer.close(); + load(SUPERUSER.getUserName(), path1, "s1,s2", false, false); + + login(USER3); + try { + load(USER3.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER3.getUserName() + " should be able to read"); + } + + login(USER2); + try { + load(USER2.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should be able to read"); + } + + login(USER1); + try { + load(USER1.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER2.getUserName() + " should be able to read"); + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + Assert.fail(USER3.getUserName() + " should not be able to write"); + } catch (IOException e) { + } + try { + load(USER1.getUserName(), path1, "s1,s2", false, false); + } catch (IOException e) { + Assert.fail(USER3.getUserName() + " should not be able to write"); + } + + login(SUPERUSER); + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + } catch (IOException e) { + Assert.fail(SUPERUSER.getUserName() + " shoul be able to delete "); + } + try { + BasicTable.dropColumnGroup(path1, conf, "CG0"); + } catch (IOException e) { + Assert.fail(SUPERUSER.getUserName() + " shoul be able to delete agains"); + } + try { + load(SUPERUSER.getUserName(), path1, "s1,s2", true, false); + } catch (IOException e) { + Assert.fail(SUPERUSER.getUserName() + " should not be able to read"); + + } + } + + // set date for schema like "s1:string, s2:string" + void insertData(String myuser, Schema schema, Path path) throws IOException { + System.out.println(myuser + " is inserting table..."); + Tuple tuple = TypesUtils.createTuple(schema); + BasicTable.Writer writer1 = new BasicTable.Writer(path, conf); + int part = 0; + TableInserter inserter = writer1.getInserter("part" + part, true); + TypesUtils.resetTuple(tuple); + + // row 1 + tuple.set(0, "column1_1"); + tuple.set(1, "column2_1"); + int row = 0; + inserter.insert(new BytesWritable(String.format("k%d%d", part + 1, row + 1) + .getBytes()), tuple); + + // row 2 + row++; + TypesUtils.resetTuple(tuple); + tuple.set(0, "column1_2"); + tuple.set(1, "column2_2"); + inserter.insert(new BytesWritable(String.format("k%d%d", part + 1, row + 1) + .getBytes()), tuple); + inserter.close(); + writer1.finish(); + } + + // load projection "s1:string, s2:string" + public void load(String myuser, Path path, String projection, + boolean s1dropped, boolean s2dropped) throws IOException, ParseException { + System.out.println(myuser + "is reading...."); + BasicTable.Reader reader = new BasicTable.Reader(path, conf); + reader.setProjection(projection); + List<RangeSplit> splits = reader.rangeSplit(1); + TableScanner scanner = reader.getScanner(splits.get(0), true); + BytesWritable key = new BytesWritable(); + Tuple RowValue = TypesUtils.createTuple(scanner.getSchema()); + + scanner.getKey(key); + // Assert.assertEquals(key, new BytesWritable("k11".getBytes())); + scanner.getValue(RowValue); + if (s1dropped == true) { + Assert.assertEquals(null, RowValue.get(0)); + } else { + Assert.assertEquals("column1_1", RowValue.get(0)); + } + if (s2dropped == true) { + Assert.assertEquals(null, RowValue.get(1)); + } else { + Assert.assertEquals("column2_1", RowValue.get(1)); + } + scanner.advance(); + scanner.getKey(key); + // Assert.assertEquals(key, new BytesWritable("k12".getBytes())); + scanner.getValue(RowValue); + if (s1dropped == true) { + Assert.assertEquals(null, RowValue.get(0)); + } else { + Assert.assertEquals("column1_2", RowValue.get(0)); + } + if (s2dropped == true) { + Assert.assertEquals(null, RowValue.get(1)); + } else { + Assert.assertEquals("column2_2", RowValue.get(1)); + } + + } +}
