sentry git commit: SENTRY-2235: Add hive tests to verify column privileges for views. (Kalyan Kumar Kalvagadda reviewed by Sergio Pena)

Mon, 25 Jun 2018 07:35:34 -0700 

Repository: sentry
Updated Branches:
  refs/heads/master 3278c714c -> 748420809


SENTRY-2235: Add hive tests to verify column privileges for views. (Kalyan 
Kumar Kalvagadda reviewed by Sergio Pena)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/74842080
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/74842080
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/74842080

Branch: refs/heads/master
Commit: 74842080936b93a8ef9b874774fd841764adc42c
Parents: 3278c71
Author: Kalyan Kumar Kalvagadda <kkal...@cloudera.com>
Authored: Mon Jun 25 09:32:24 2018 -0500
Committer: Kalyan Kumar Kalvagadda <kkal...@cloudera.com>
Committed: Mon Jun 25 09:32:24 2018 -0500

----------------------------------------------------------------------
 .../tests/e2e/dbprovider/TestDbComplexView.java | 68 ++++++++++++++++++++
 1 file changed, 68 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/74842080/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java
----------------------------------------------------------------------
diff --git 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java
 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java
index 35f41c6..bb7ccfe 100644
--- 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java
+++ 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbComplexView.java
@@ -199,6 +199,54 @@ public class TestDbComplexView extends 
AbstractTestWithStaticConfiguration {
         }
     }
 
+    private void grantAndValidateColumnPrivilege(String testView, String 
column, String testRole, String testGroup,
+                                           String user, boolean revoke) throws 
Exception {
+        createTestRole(ADMIN1, testRole);
+        List<String> sqls = new ArrayList<String>();
+
+        // grant privilege
+        sqls.add("USE " + TEST_VIEW_DB);
+        sqls.add("GRANT SELECT(" + column + ")" + " ON TABLE " + testView + " 
TO ROLE " + testRole);
+        sqls.add("GRANT ROLE " + testRole + " TO GROUP " + testGroup);
+        execBatch(ADMIN1, sqls);
+
+        // show grant should pass and could list view
+        assertTrue("can not find select privilege from " + testRole,
+                execValidate(ADMIN1, "SHOW GRANT ROLE " + testRole + " ON 
TABLE " + testView,
+                        TEST_VIEW_DB, "privilege", "select"));
+        assertTrue("can not find " + testView,
+                execValidate(user, "SHOW TABLES", TEST_VIEW_DB, "tab_name", 
testView));
+
+        // select from view should pass
+        sqls.clear();
+        sqls.add("USE " + TEST_VIEW_DB);
+        sqls.add("SELECT "+ column +" FROM " + testView);
+        execBatch(user, sqls);
+
+        if (revoke) {
+            // revoke privilege
+            sqls.clear();
+            sqls.add("USE " + TEST_VIEW_DB);
+            sqls.add("REVOKE SELECT(" + column + ")" + " ON TABLE " + testView 
+ " FROM ROLE " + testRole);
+            execBatch(ADMIN1, sqls);
+
+            // shouldn't be able to show grant
+            assertFalse("should not find select from " + testRole,
+                    execValidate(ADMIN1, "SHOW GRANT ROLE " + testRole + " ON 
TABLE " + testView,
+                            TEST_VIEW_DB, "privilege", "select"));
+
+            // select from view should fail
+            sqls.clear();
+            sqls.add("USE " + TEST_VIEW_DB);
+            sqls.add("SELECT * FROM " + testView);
+            try {
+                execBatch(user, sqls);
+            } catch (SQLException ex) {
+                LOGGER.info("Expected SQLException here", ex);
+            }
+        }
+    }
+
     private void grantAndValidatePrivilege(String testView, String testRole,
                                            String testGroup, String user) 
throws Exception {
         grantAndValidatePrivilege(testView, testRole, testGroup, user, true);
@@ -237,6 +285,26 @@ public class TestDbComplexView extends 
AbstractTestWithStaticConfiguration {
     }
 
     /**
+     * Create view1 and view2 from view1
+     * Grant and validate select privileges to both views
+     * @throws Exception
+     */
+    @Test
+    public void testColumnPrivilegeOnView() throws Exception {
+        List<String> sqls = new ArrayList<String>();
+        // create a simple view
+        sqls.add("USE " + TEST_VIEW_DB);
+        sqls.add("CREATE VIEW " + TEST_VIEW +
+                "(userid,link) AS SELECT userid,link from " + TEST_VIEW_TB);
+
+        execBatch(ADMIN1, sqls);
+
+        // validate privileges
+        grantAndValidateColumnPrivilege(TEST_VIEW, "userid", TEST_VIEW_ROLE, 
USERGROUP1, USER1_1, true);
+    }
+
+
+    /**
      * Create a view by join two tables
      * Grant and verify select privilege
      * @throws Exception

Reply via email to