IMPALA-6301: Fix test failures when username or group name contains dots Some tests use the local user's group name to construct SQLs, which may lead to syntax errors when group name contains dots. We need to quote the group names in SQL to avoid this error. Besides, a test in test_admission_controller uses '\w+' to match the local user name. This expression cannot match usernames with dots, which causes test failure as well. Instead, we should use '\S+'.
Change-Id: Ib8ae15bb6a929dc48d3ad2176c8b3fafff87f32b Reviewed-on: http://gerrit.cloudera.org:8080/8807 Reviewed-by: Thomas Tauber-Marshall <tmarsh...@cloudera.com> Reviewed-by: Michael Ho <k...@cloudera.com> Tested-by: Impala Public Jenkins Project: http://git-wip-us.apache.org/repos/asf/impala/repo Commit: http://git-wip-us.apache.org/repos/asf/impala/commit/5c593be5 Tree: http://git-wip-us.apache.org/repos/asf/impala/tree/5c593be5 Diff: http://git-wip-us.apache.org/repos/asf/impala/diff/5c593be5 Branch: refs/heads/master Commit: 5c593be59c725f004ead81af94931852410e3a1c Parents: 2fcbf36 Author: stiga-huang <huangquanl...@gmail.com> Authored: Sat Dec 9 17:50:22 2017 -0800 Committer: Impala Public Jenkins <impala-public-jenk...@gerrit.cloudera.org> Committed: Wed Dec 13 23:06:45 2017 +0000 ---------------------------------------------------------------------- .../queries/QueryTest/grant_revoke.test | 38 ++++++++++---------- .../queries/QueryTest/grant_revoke_kudu.test | 14 ++++---- tests/authorization/test_grant_revoke.py | 6 ++-- .../custom_cluster/test_admission_controller.py | 4 +-- 4 files changed, 31 insertions(+), 31 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/impala/blob/5c593be5/testdata/workloads/functional-query/queries/QueryTest/grant_revoke.test ---------------------------------------------------------------------- diff --git a/testdata/workloads/functional-query/queries/QueryTest/grant_revoke.test b/testdata/workloads/functional-query/queries/QueryTest/grant_revoke.test index f78f1f5..a69a93f 100644 --- a/testdata/workloads/functional-query/queries/QueryTest/grant_revoke.test +++ b/testdata/workloads/functional-query/queries/QueryTest/grant_revoke.test @@ -37,7 +37,7 @@ grant all on server to grant_revoke_test_ALL_SERVER ---- QUERY # Group name will be replaced with the actual user's group in the test # framework. -grant role grant_revoke_test_ALL_SERVER to group $GROUP_NAME +grant role grant_revoke_test_ALL_SERVER to group `$GROUP_NAME` ==== ---- QUERY show current roles @@ -152,7 +152,7 @@ show create function grant_rev_db.fn STRING ==== ---- QUERY -revoke role grant_revoke_test_ALL_SERVER from group $GROUP_NAME +revoke role grant_revoke_test_ALL_SERVER from group `$GROUP_NAME` ==== ---- QUERY create database grant_rev_db location '$FILESYSTEM_PREFIX/test-warehouse/grant_rev_db.db' @@ -186,7 +186,7 @@ show create function _impala_builtins.sin STRING ==== ---- QUERY -grant role grant_revoke_test_ALL_TEST_DB to group $GROUP_NAME +grant role grant_revoke_test_ALL_TEST_DB to group `$GROUP_NAME` ==== ---- QUERY # Should now have all privileges on the test db @@ -207,7 +207,7 @@ create table grant_rev_db.test_tbl2(i int) location '$FILESYSTEM_PREFIX/test-war does not have privileges to access: $NAMENODE/test-warehouse/grant_rev_test_tbl2 ==== ---- QUERY -grant role grant_revoke_test_ALL_URI to group $GROUP_NAME +grant role grant_revoke_test_ALL_URI to group `$GROUP_NAME` ==== ---- QUERY grant all on uri '$FILESYSTEM_PREFIX/test-warehouse/grant_rev_test_tbl2' to grant_revoke_test_ALL_URI @@ -286,7 +286,7 @@ show tables in grant_rev_db does not have privileges to access: grant_rev_db.* ==== ---- QUERY -grant role grant_revoke_test_SELECT_INSERT_TEST_TBL to group $GROUP_NAME +grant role grant_revoke_test_SELECT_INSERT_TEST_TBL to group `$GROUP_NAME` ==== ---- QUERY GRANT SELECT ON TABLE grant_rev_db.test_tbl1 TO grant_revoke_test_SELECT_INSERT_TEST_TBL @@ -349,14 +349,14 @@ User 'test_user' does not have privileges to execute: DROP_ROLE ---- USER test_user ---- QUERY -grant role grant_revoke_test_ALL_SERVER to group $GROUP_NAME +grant role grant_revoke_test_ALL_SERVER to group `$GROUP_NAME` ---- CATCH User 'test_user' does not have privileges to execute: GRANT_ROLE ==== ---- USER test_user ---- QUERY -revoke role grant_revoke_test_ALL_SERVER from group $GROUP_NAME +revoke role grant_revoke_test_ALL_SERVER from group `$GROUP_NAME` ---- CATCH User 'test_user' does not have privileges to execute: REVOKE_ROLE ==== @@ -486,12 +486,12 @@ STRING, STRING, STRING, STRING, STRING, STRING, BOOLEAN, STRING root ==== ---- QUERY -REVOKE ROLE grant_revoke_test_ALL_URI FROM GROUP $GROUP_NAME; -REVOKE ROLE grant_revoke_test_SELECT_INSERT_TEST_TBL FROM GROUP $GROUP_NAME; +REVOKE ROLE grant_revoke_test_ALL_URI FROM GROUP `$GROUP_NAME`; +REVOKE ROLE grant_revoke_test_SELECT_INSERT_TEST_TBL FROM GROUP `$GROUP_NAME`; ---- RESULTS ==== ---- QUERY -GRANT ROLE grant_revoke_test_ALL_SERVER TO GROUP $GROUP_NAME +GRANT ROLE grant_revoke_test_ALL_SERVER TO GROUP `$GROUP_NAME` ---- RESULTS ==== ---- QUERY @@ -693,7 +693,7 @@ scope, database, table, column, uri, privilege, grant_option, create_time STRING, STRING, STRING, STRING, STRING, STRING, BOOLEAN, STRING ==== ---- QUERY -revoke role grant_revoke_test_ALL_SERVER from group $GROUP_NAME +revoke role grant_revoke_test_ALL_SERVER from group `$GROUP_NAME` ==== ---- QUERY # Test 'grant all on server' with explicit server name specified. @@ -704,7 +704,7 @@ create role grant_revoke_test_ALL_SERVER1 grant all on server server1 to grant_revoke_test_ALL_SERVER1 ==== ---- QUERY -grant role grant_revoke_test_ALL_SERVER1 to group $GROUP_NAME +grant role grant_revoke_test_ALL_SERVER1 to group `$GROUP_NAME` ==== ---- QUERY drop database grant_rev_db cascade @@ -713,7 +713,7 @@ drop database grant_rev_db cascade create database grant_rev_db location '$FILESYSTEM_PREFIX/test-warehouse/grant_rev_db.db' ==== ---- QUERY -revoke role grant_revoke_test_ALL_SERVER1 from group $GROUP_NAME +revoke role grant_revoke_test_ALL_SERVER1 from group `$GROUP_NAME` ==== ---- QUERY create database grant_rev_db location '$FILESYSTEM_PREFIX/test-warehouse/grant_rev_db.db' @@ -743,14 +743,14 @@ STRING, STRING, STRING, STRING, STRING, STRING, BOOLEAN, STRING ---- QUERY # IMPALA-4951: make sure database is visible to a user having only column level access # to a table in the database -grant role grant_revoke_test_ALL_SERVER to group $GROUP_NAME +grant role grant_revoke_test_ALL_SERVER to group `$GROUP_NAME` ---- RESULTS ==== ---- QUERY create role grant_revoke_test_COLUMN_PRIV ==== ---- QUERY -grant role grant_revoke_test_COLUMN_PRIV to group $GROUP_NAME; +grant role grant_revoke_test_COLUMN_PRIV to group `$GROUP_NAME`; ==== ---- QUERY create database if not exists grant_rev_db; @@ -759,7 +759,7 @@ create database if not exists grant_rev_db; create table grant_rev_db.test_tbl4 (col1 int, col2 int); ==== ---- QUERY -revoke role grant_revoke_test_ALL_SERVER from group $GROUP_NAME +revoke role grant_revoke_test_ALL_SERVER from group `$GROUP_NAME` ==== ---- QUERY show grant role grant_revoke_test_COLUMN_PRIV @@ -798,17 +798,17 @@ show databases STRING,STRING ==== ---- QUERY -grant role grant_revoke_test_ALL_SERVER to group $GROUP_NAME +grant role grant_revoke_test_ALL_SERVER to group `$GROUP_NAME` ---- RESULTS ==== ---- QUERY drop database if exists grant_rev_db cascade ==== ---- QUERY -revoke role grant_revoke_test_ALL_SERVER from group $GROUP_NAME +revoke role grant_revoke_test_ALL_SERVER from group `$GROUP_NAME` ==== ---- QUERY -revoke role grant_revoke_test_COLUMN_PRIV from group $GROUP_NAME +revoke role grant_revoke_test_COLUMN_PRIV from group `$GROUP_NAME` ==== ---- QUERY # Cleanup test roles http://git-wip-us.apache.org/repos/asf/impala/blob/5c593be5/testdata/workloads/functional-query/queries/QueryTest/grant_revoke_kudu.test ---------------------------------------------------------------------- diff --git a/testdata/workloads/functional-query/queries/QueryTest/grant_revoke_kudu.test b/testdata/workloads/functional-query/queries/QueryTest/grant_revoke_kudu.test index c552773..a3b9354 100644 --- a/testdata/workloads/functional-query/queries/QueryTest/grant_revoke_kudu.test +++ b/testdata/workloads/functional-query/queries/QueryTest/grant_revoke_kudu.test @@ -16,7 +16,7 @@ show roles STRING ==== ---- QUERY -grant role grant_revoke_test_ALL_SERVER to group $GROUP_NAME +grant role grant_revoke_test_ALL_SERVER to group `$GROUP_NAME` ==== ---- QUERY grant all on server to grant_revoke_test_ALL_SERVER @@ -25,14 +25,14 @@ grant all on server to grant_revoke_test_ALL_SERVER create database grant_rev_db ==== ---- QUERY -grant role grant_revoke_test_ALL_TEST_DB to group $GROUP_NAME +grant role grant_revoke_test_ALL_TEST_DB to group `$GROUP_NAME` ==== ---- QUERY # Should now have all privileges on the test db grant all on database grant_rev_db to grant_revoke_test_ALL_TEST_DB ==== ---- QUERY -revoke role grant_revoke_test_ALL_SERVER from group $GROUP_NAME +revoke role grant_revoke_test_ALL_SERVER from group `$GROUP_NAME` ==== ---- QUERY show current roles @@ -88,7 +88,7 @@ alter table grant_rev_db.kudu_tbl set tblproperties('external'='true'); does not have privileges to access: ==== ---- QUERY -grant role grant_revoke_test_ALL_SERVER to group $GROUP_NAME +grant role grant_revoke_test_ALL_SERVER to group `$GROUP_NAME` ==== ---- QUERY # Now the alter table succeeds @@ -102,13 +102,13 @@ alter table grant_rev_db.kudu_tbl set tblproperties('EXTERNAL'='FALSE'); create role grant_revoke_test_KUDU ==== ---- QUERY -grant role grant_revoke_test_KUDU to group $GROUP_NAME; +grant role grant_revoke_test_KUDU to group `$GROUP_NAME`; ==== ---- QUERY -revoke role grant_revoke_test_ALL_SERVER from group $GROUP_NAME +revoke role grant_revoke_test_ALL_SERVER from group `$GROUP_NAME` ==== ---- QUERY -revoke role grant_revoke_test_ALL_TEST_DB from group $GROUP_NAME +revoke role grant_revoke_test_ALL_TEST_DB from group `$GROUP_NAME` ==== ---- QUERY insert into grant_rev_db.kudu_tbl values (1, "foo"); http://git-wip-us.apache.org/repos/asf/impala/blob/5c593be5/tests/authorization/test_grant_revoke.py ---------------------------------------------------------------------- diff --git a/tests/authorization/test_grant_revoke.py b/tests/authorization/test_grant_revoke.py index 9430350..34ee513 100644 --- a/tests/authorization/test_grant_revoke.py +++ b/tests/authorization/test_grant_revoke.py @@ -69,7 +69,7 @@ class TestGrantRevoke(CustomClusterTestSuite, ImpalaTestSuite): self.client.execute("create role grant_revoke_test_admin") try: self.client.execute("grant all on server to grant_revoke_test_admin") - self.client.execute("grant role grant_revoke_test_admin to group %s" % group_name) + self.client.execute("grant role grant_revoke_test_admin to group `%s`" % group_name) self.cleanup_db('grant_rev_db', sync_ddl=0) finally: self.client.execute("drop role grant_revoke_test_admin") @@ -117,7 +117,7 @@ class TestGrantRevoke(CustomClusterTestSuite, ImpalaTestSuite): self.client.execute("create role {0}".format(role_name)) self.client.execute("grant all on server to {0}".format(role_name)) self.client.execute( - "grant role {0} to group {1}".format( + "grant role {0} to group `{1}`".format( role_name, grp.getgrnam(getuser()).gr_name)) self.client.execute("create database " + db_name) @@ -180,7 +180,7 @@ class TestGrantRevoke(CustomClusterTestSuite, ImpalaTestSuite): # Wait a few seconds to make sure the update propagates to the statestore. sleep(3) # Update the role, increasing its catalog verion. - self.client.execute("grant role {0} to group {1}".format( + self.client.execute("grant role {0} to group `{1}`".format( role_name, grp.getgrnam(getuser()).gr_name)) result = self.client.execute("show tables in functional") assert 'alltypes' in result.data http://git-wip-us.apache.org/repos/asf/impala/blob/5c593be5/tests/custom_cluster/test_admission_controller.py ---------------------------------------------------------------------- diff --git a/tests/custom_cluster/test_admission_controller.py b/tests/custom_cluster/test_admission_controller.py index 020bb67..ccbbd32 100644 --- a/tests/custom_cluster/test_admission_controller.py +++ b/tests/custom_cluster/test_admission_controller.py @@ -255,12 +255,12 @@ class TestAdmissionController(TestAdmissionControllerBase, HS2TestSuite): try: for pool in ['', 'not_a_pool_name']: expected_error =\ - "No mapping found for request from user '\w+' with requested pool '%s'"\ + "No mapping found for request from user '\S+' with requested pool '%s'"\ % (pool) self.__check_pool_rejected(client, pool, expected_error) # Check rejected if user does not have access. - expected_error = "Request from user '\w+' with requested pool 'root.queueC' "\ + expected_error = "Request from user '\S+' with requested pool 'root.queueC' "\ "denied access to assigned pool 'root.queueC'" self.__check_pool_rejected(client, 'root.queueC', expected_error)
