| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/> |
| <meta http-equiv="X-UA-Compatible" content="IE=9"/> |
| <meta name="generator" content="Doxygen 1.8.6"/> |
| <title>Impala: fe/src/test/java/com/cloudera/impala/analysis/AuthorizationTest.java Source File</title> |
| <link href="tabs.css" rel="stylesheet" type="text/css"/> |
| <script type="text/javascript" src="jquery.js"></script> |
| <script type="text/javascript" src="dynsections.js"></script> |
| <link href="navtree.css" rel="stylesheet" type="text/css"/> |
| <script type="text/javascript" src="resize.js"></script> |
| <script type="text/javascript" src="navtree.js"></script> |
| <script type="text/javascript"> |
| $(document).ready(initResizable); |
| $(window).load(resizeHeight); |
| </script> |
| <link href="search/search.css" rel="stylesheet" type="text/css"/> |
| <script type="text/javascript" src="search/search.js"></script> |
| <script type="text/javascript"> |
| $(document).ready(function() { searchBox.OnSelectItem(0); }); |
| </script> |
| <link href="doxygen.css" rel="stylesheet" type="text/css" /> |
| </head> |
| <body> |
| <div id="top"><!-- do not remove this div, it is closed by doxygen! --> |
| <div id="titlearea"> |
| <table cellspacing="0" cellpadding="0"> |
| <tbody> |
| <tr style="height: 56px;"> |
| <td style="padding-left: 0.5em;"> |
| <div id="projectname">Impala |
| </div> |
| <div id="projectbrief">Impalaistheopensource,nativeanalyticdatabaseforApacheHadoop.</div> |
| </td> |
| </tr> |
| </tbody> |
| </table> |
| </div> |
| <!-- end header part --> |
| <!-- Generated by Doxygen 1.8.6 --> |
| <script type="text/javascript"> |
| var searchBox = new SearchBox("searchBox", "search",false,'Search'); |
| </script> |
| <div id="navrow1" class="tabs"> |
| <ul class="tablist"> |
| <li><a href="index.html"><span>Main Page</span></a></li> |
| <li><a href="namespaces.html"><span>Namespaces</span></a></li> |
| <li><a href="annotated.html"><span>Classes</span></a></li> |
| <li class="current"><a href="files.html"><span>Files</span></a></li> |
| <li> |
| <div id="MSearchBox" class="MSearchBoxInactive"> |
| <span class="left"> |
| <img id="MSearchSelect" src="search/mag_sel.png" |
| onmouseover="return searchBox.OnSearchSelectShow()" |
| onmouseout="return searchBox.OnSearchSelectHide()" |
| alt=""/> |
| <input type="text" id="MSearchField" value="Search" accesskey="S" |
| onfocus="searchBox.OnSearchFieldFocus(true)" |
| onblur="searchBox.OnSearchFieldFocus(false)" |
| onkeyup="searchBox.OnSearchFieldChange(event)"/> |
| </span><span class="right"> |
| <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a> |
| </span> |
| </div> |
| </li> |
| </ul> |
| </div> |
| <div id="navrow2" class="tabs2"> |
| <ul class="tablist"> |
| <li><a href="files.html"><span>File List</span></a></li> |
| <li><a href="globals.html"><span>File Members</span></a></li> |
| </ul> |
| </div> |
| </div><!-- top --> |
| <div id="side-nav" class="ui-resizable side-nav-resizable"> |
| <div id="nav-tree"> |
| <div id="nav-tree-contents"> |
| <div id="nav-sync" class="sync"></div> |
| </div> |
| </div> |
| <div id="splitbar" style="-moz-user-select:none;" |
| class="ui-resizable-handle"> |
| </div> |
| </div> |
| <script type="text/javascript"> |
| $(document).ready(function(){initNavTree('AuthorizationTest_8java_source.html','');}); |
| </script> |
| <div id="doc-content"> |
| <!-- window showing the filter options --> |
| <div id="MSearchSelectWindow" |
| onmouseover="return searchBox.OnSearchSelectShow()" |
| onmouseout="return searchBox.OnSearchSelectHide()" |
| onkeydown="return searchBox.OnSearchSelectKey(event)"> |
| <a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark"> </span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark"> </span>Classes</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark"> </span>Namespaces</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark"> </span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark"> </span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark"> </span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark"> </span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark"> </span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark"> </span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(9)"><span class="SelectionMark"> </span>Friends</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(10)"><span class="SelectionMark"> </span>Macros</a></div> |
| |
| <!-- iframe showing the search results (closed by default) --> |
| <div id="MSearchResultsWindow"> |
| <iframe src="javascript:void(0)" frameborder="0" |
| name="MSearchResults" id="MSearchResults"> |
| </iframe> |
| </div> |
| |
| <div class="header"> |
| <div class="headertitle"> |
| <div class="title">AuthorizationTest.java</div> </div> |
| </div><!--header--> |
| <div class="contents"> |
| <a href="AuthorizationTest_8java.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno"> 1</span> <span class="comment">// Copyright 2013 Cloudera Inc.</span></div> |
| <div class="line"><a name="l00002"></a><span class="lineno"> 2</span> <span class="comment">//</span></div> |
| <div class="line"><a name="l00003"></a><span class="lineno"> 3</span> <span class="comment">// Licensed under the Apache License, Version 2.0 (the "License");</span></div> |
| <div class="line"><a name="l00004"></a><span class="lineno"> 4</span> <span class="comment">// you may not use this file except in compliance with the License.</span></div> |
| <div class="line"><a name="l00005"></a><span class="lineno"> 5</span> <span class="comment">// You may obtain a copy of the License at</span></div> |
| <div class="line"><a name="l00006"></a><span class="lineno"> 6</span> <span class="comment">//</span></div> |
| <div class="line"><a name="l00007"></a><span class="lineno"> 7</span> <span class="comment">// http://www.apache.org/licenses/LICENSE-2.0</span></div> |
| <div class="line"><a name="l00008"></a><span class="lineno"> 8</span> <span class="comment">//</span></div> |
| <div class="line"><a name="l00009"></a><span class="lineno"> 9</span> <span class="comment">// Unless required by applicable law or agreed to in writing, software</span></div> |
| <div class="line"><a name="l00010"></a><span class="lineno"> 10</span> <span class="comment">// distributed under the License is distributed on an "AS IS" BASIS,</span></div> |
| <div class="line"><a name="l00011"></a><span class="lineno"> 11</span> <span class="comment">// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span></div> |
| <div class="line"><a name="l00012"></a><span class="lineno"> 12</span> <span class="comment">// See the License for the specific language governing permissions and</span></div> |
| <div class="line"><a name="l00013"></a><span class="lineno"> 13</span> <span class="comment">// limitations under the License.</span></div> |
| <div class="line"><a name="l00014"></a><span class="lineno"> 14</span> </div> |
| <div class="line"><a name="l00015"></a><span class="lineno"> 15</span> <span class="keyword">package </span>com.cloudera.impala.analysis;</div> |
| <div class="line"><a name="l00016"></a><span class="lineno"> 16</span> </div> |
| <div class="line"><a name="l00017"></a><span class="lineno"> 17</span> <span class="keyword">import</span> <span class="keyword">static</span> org.junit.Assert.assertEquals;</div> |
| <div class="line"><a name="l00018"></a><span class="lineno"> 18</span> <span class="keyword">import</span> <span class="keyword">static</span> org.junit.Assert.fail;</div> |
| <div class="line"><a name="l00019"></a><span class="lineno"> 19</span> </div> |
| <div class="line"><a name="l00020"></a><span class="lineno"> 20</span> <span class="keyword">import</span> java.util.ArrayList;</div> |
| <div class="line"><a name="l00021"></a><span class="lineno"> 21</span> <span class="keyword">import</span> java.util.Arrays;</div> |
| <div class="line"><a name="l00022"></a><span class="lineno"> 22</span> <span class="keyword">import</span> java.util.Collection;</div> |
| <div class="line"><a name="l00023"></a><span class="lineno"> 23</span> <span class="keyword">import</span> java.util.List;</div> |
| <div class="line"><a name="l00024"></a><span class="lineno"> 24</span> <span class="keyword">import</span> java.util.UUID;</div> |
| <div class="line"><a name="l00025"></a><span class="lineno"> 25</span> </div> |
| <div class="line"><a name="l00026"></a><span class="lineno"> 26</span> <span class="keyword">import</span> junit.framework.Assert;</div> |
| <div class="line"><a name="l00027"></a><span class="lineno"> 27</span> </div> |
| <div class="line"><a name="l00028"></a><span class="lineno"> 28</span> <span class="keyword">import</span> org.apache.hive.service.cli.thrift.TGetColumnsReq;</div> |
| <div class="line"><a name="l00029"></a><span class="lineno"> 29</span> <span class="keyword">import</span> org.apache.hive.service.cli.thrift.TGetSchemasReq;</div> |
| <div class="line"><a name="l00030"></a><span class="lineno"> 30</span> <span class="keyword">import</span> org.apache.hive.service.cli.thrift.TGetTablesReq;</div> |
| <div class="line"><a name="l00031"></a><span class="lineno"> 31</span> <span class="keyword">import</span> org.apache.sentry.provider.common.ResourceAuthorizationProvider;</div> |
| <div class="line"><a name="l00032"></a><span class="lineno"> 32</span> <span class="keyword">import</span> org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;</div> |
| <div class="line"><a name="l00033"></a><span class="lineno"> 33</span> <span class="keyword">import</span> org.junit.After;</div> |
| <div class="line"><a name="l00034"></a><span class="lineno"> 34</span> <span class="keyword">import</span> <a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">org.junit.Test</a>;</div> |
| <div class="line"><a name="l00035"></a><span class="lineno"> 35</span> <span class="keyword">import</span> org.junit.runner.RunWith;</div> |
| <div class="line"><a name="l00036"></a><span class="lineno"> 36</span> <span class="keyword">import</span> org.junit.runners.Parameterized;</div> |
| <div class="line"><a name="l00037"></a><span class="lineno"> 37</span> <span class="keyword">import</span> org.junit.runners.Parameterized.Parameters;</div> |
| <div class="line"><a name="l00038"></a><span class="lineno"> 38</span> <span class="keyword">import</span> org.slf4j.Logger;</div> |
| <div class="line"><a name="l00039"></a><span class="lineno"> 39</span> <span class="keyword">import</span> org.slf4j.LoggerFactory;</div> |
| <div class="line"><a name="l00040"></a><span class="lineno"> 40</span> </div> |
| <div class="line"><a name="l00041"></a><span class="lineno"> 41</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">com.cloudera.impala.authorization.AuthorizationConfig</a>;</div> |
| <div class="line"><a name="l00042"></a><span class="lineno"> 42</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableDb.html">com.cloudera.impala.authorization.AuthorizeableDb</a>;</div> |
| <div class="line"><a name="l00043"></a><span class="lineno"> 43</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableTable.html">com.cloudera.impala.authorization.AuthorizeableTable</a>;</div> |
| <div class="line"><a name="l00044"></a><span class="lineno"> 44</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">com.cloudera.impala.authorization.User</a>;</div> |
| <div class="line"><a name="l00045"></a><span class="lineno"> 45</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">com.cloudera.impala.catalog.AuthorizationException</a>;</div> |
| <div class="line"><a name="l00046"></a><span class="lineno"> 46</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html">com.cloudera.impala.catalog.Catalog</a>;</div> |
| <div class="line"><a name="l00047"></a><span class="lineno"> 47</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ImpaladCatalog.html">com.cloudera.impala.catalog.ImpaladCatalog</a>;</div> |
| <div class="line"><a name="l00048"></a><span class="lineno"> 48</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ScalarFunction.html">com.cloudera.impala.catalog.ScalarFunction</a>;</div> |
| <div class="line"><a name="l00049"></a><span class="lineno"> 49</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html">com.cloudera.impala.catalog.Type</a>;</div> |
| <div class="line"><a name="l00050"></a><span class="lineno"> 50</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">com.cloudera.impala.common.AnalysisException</a>;</div> |
| <div class="line"><a name="l00051"></a><span class="lineno"> 51</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">com.cloudera.impala.common.ImpalaException</a>;</div> |
| <div class="line"><a name="l00052"></a><span class="lineno"> 52</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1InternalException.html">com.cloudera.impala.common.InternalException</a>;</div> |
| <div class="line"><a name="l00053"></a><span class="lineno"> 53</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">com.cloudera.impala.service.Frontend</a>;</div> |
| <div class="line"><a name="l00054"></a><span class="lineno"> 54</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">com.cloudera.impala.testutil.ImpaladTestCatalog</a>;</div> |
| <div class="line"><a name="l00055"></a><span class="lineno"> 55</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html">com.cloudera.impala.testutil.TestUtils</a>;</div> |
| <div class="line"><a name="l00056"></a><span class="lineno"> 56</span> <span class="keyword">import</span> com.cloudera.impala.thrift.TMetadataOpRequest;</div> |
| <div class="line"><a name="l00057"></a><span class="lineno"> 57</span> <span class="keyword">import</span> com.cloudera.impala.thrift.TMetadataOpcode;</div> |
| <div class="line"><a name="l00058"></a><span class="lineno"> 58</span> <span class="keyword">import</span> com.cloudera.impala.thrift.TNetworkAddress;</div> |
| <div class="line"><a name="l00059"></a><span class="lineno"> 59</span> <span class="keyword">import</span> com.cloudera.impala.thrift.TPrivilege;</div> |
| <div class="line"><a name="l00060"></a><span class="lineno"> 60</span> <span class="keyword">import</span> com.cloudera.impala.thrift.TPrivilegeLevel;</div> |
| <div class="line"><a name="l00061"></a><span class="lineno"> 61</span> <span class="keyword">import</span> com.cloudera.impala.thrift.TPrivilegeScope;</div> |
| <div class="line"><a name="l00062"></a><span class="lineno"> 62</span> <span class="keyword">import</span> com.cloudera.impala.thrift.TQueryCtx;</div> |
| <div class="line"><a name="l00063"></a><span class="lineno"> 63</span> <span class="keyword">import</span> com.cloudera.impala.thrift.TResultSet;</div> |
| <div class="line"><a name="l00064"></a><span class="lineno"> 64</span> <span class="keyword">import</span> com.cloudera.impala.thrift.TSessionState;</div> |
| <div class="line"><a name="l00065"></a><span class="lineno"> 65</span> <span class="keyword">import</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">com.cloudera.impala.util.SentryPolicyService</a>;</div> |
| <div class="line"><a name="l00066"></a><span class="lineno"> 66</span> <span class="keyword">import</span> com.google.common.base.Preconditions;</div> |
| <div class="line"><a name="l00067"></a><span class="lineno"> 67</span> <span class="keyword">import</span> com.google.common.collect.Lists;</div> |
| <div class="line"><a name="l00068"></a><span class="lineno"> 68</span> </div> |
| <div class="line"><a name="l00069"></a><span class="lineno"> 69</span> @RunWith(Parameterized.class)</div> |
| <div class="line"><a name="l00070"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html"> 70</a></span> public class <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html">AuthorizationTest</a> {</div> |
| <div class="line"><a name="l00071"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a11d7d67582dafd27d7a3e6be43683fbd"> 71</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> <span class="keyword">static</span> Logger LOG =</div> |
| <div class="line"><a name="l00072"></a><span class="lineno"> 72</span>  LoggerFactory.getLogger(AuthorizationTest.class);</div> |
| <div class="line"><a name="l00073"></a><span class="lineno"> 73</span> </div> |
| <div class="line"><a name="l00074"></a><span class="lineno"> 74</span>  <span class="comment">// Policy file has defined current user and 'test_user' have:</span></div> |
| <div class="line"><a name="l00075"></a><span class="lineno"> 75</span>  <span class="comment">// ALL permission on 'tpch' database and 'newdb' database</span></div> |
| <div class="line"><a name="l00076"></a><span class="lineno"> 76</span>  <span class="comment">// ALL permission on 'functional_seq_snap' database</span></div> |
| <div class="line"><a name="l00077"></a><span class="lineno"> 77</span>  <span class="comment">// SELECT permissions on all tables in 'tpcds' database</span></div> |
| <div class="line"><a name="l00078"></a><span class="lineno"> 78</span>  <span class="comment">// SELECT permissions on 'functional.alltypesagg' (no INSERT permissions)</span></div> |
| <div class="line"><a name="l00079"></a><span class="lineno"> 79</span>  <span class="comment">// SELECT permissions on 'functional.complex_view' (no INSERT permissions)</span></div> |
| <div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  <span class="comment">// SELECT permissions on 'functional.view_view' (no INSERT permissions)</span></div> |
| <div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  <span class="comment">// INSERT permissions on 'functional.alltypes' (no SELECT permissions)</span></div> |
| <div class="line"><a name="l00082"></a><span class="lineno"> 82</span>  <span class="comment">// INSERT permissions on all tables in 'functional_parquet' database</span></div> |
| <div class="line"><a name="l00083"></a><span class="lineno"> 83</span>  <span class="comment">// No permissions on database 'functional_rc'</span></div> |
| <div class="line"><a name="l00084"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a48d66affe814bd4668088e33df4b53c9"> 84</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> <span class="keyword">static</span> String AUTHZ_POLICY_FILE = <span class="stringliteral">"/test-warehouse/authz-policy.ini"</span>;</div> |
| <div class="line"><a name="l00085"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ab3d5681d6b7cd3f526e97e24d3c78d1a"> 85</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> <span class="keyword">static</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> USER = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(System.getProperty(<span class="stringliteral">"user.name"</span>));</div> |
| <div class="line"><a name="l00086"></a><span class="lineno"> 86</span> </div> |
| <div class="line"><a name="l00087"></a><span class="lineno"> 87</span>  <span class="comment">// The admin_user has ALL privileges on the server.</span></div> |
| <div class="line"><a name="l00088"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a97af62286baf3fb09779dbb513a8d9ba"> 88</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> <span class="keyword">static</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> ADMIN_USER = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(<span class="stringliteral">"admin_user"</span>);</div> |
| <div class="line"><a name="l00089"></a><span class="lineno"> 89</span> </div> |
| <div class="line"><a name="l00090"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a0b00fa6c77583c9f90e5fe550d0089b9"> 90</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a0b00fa6c77583c9f90e5fe550d0089b9">authzConfig_</a>;</div> |
| <div class="line"><a name="l00091"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ae22bf254f471d6c8886faee15b56c36e"> 91</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ImpaladCatalog.html">ImpaladCatalog</a> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ae22bf254f471d6c8886faee15b56c36e">catalog_</a>;</div> |
| <div class="line"><a name="l00092"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a32fdb7d790b1bb4c1c2363079a5c9b14"> 92</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> TQueryCtx <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a32fdb7d790b1bb4c1c2363079a5c9b14">queryCtx_</a>;</div> |
| <div class="line"><a name="l00093"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa912171c42f167bdc34de883137b44c4"> 93</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa912171c42f167bdc34de883137b44c4">analysisContext_</a>;</div> |
| <div class="line"><a name="l00094"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aaf8cb95d5981299f97890ecbf6269357"> 94</a></span>  <span class="keyword">private</span> <span class="keyword">final</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">Frontend</a> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aaf8cb95d5981299f97890ecbf6269357">fe_</a>;</div> |
| <div class="line"><a name="l00095"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ab527e79dcce9a49c2bf01447fe826511"> 95</a></span>  <span class="keyword">protected</span> <span class="keyword">static</span> <span class="keyword">final</span> String SERVER_HOST = <span class="stringliteral">"localhost"</span>;</div> |
| <div class="line"><a name="l00096"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a5eddfe344dc2e53ce9f57990eda32d7b"> 96</a></span>  <span class="keyword">private</span> <span class="keyword">static</span> <span class="keywordtype">boolean</span> isSetup_ = <span class="keyword">false</span>;</div> |
| <div class="line"><a name="l00097"></a><span class="lineno"> 97</span> </div> |
| <div class="line"><a name="l00098"></a><span class="lineno"> 98</span>  <span class="comment">// Parameterize the test suite to run all tests using a file based</span></div> |
| <div class="line"><a name="l00099"></a><span class="lineno"> 99</span>  <span class="comment">// authorization policy policy using metadata pulled from the Sentry Policy</span></div> |
| <div class="line"><a name="l00100"></a><span class="lineno"> 100</span>  <span class="comment">// service.</span></div> |
| <div class="line"><a name="l00101"></a><span class="lineno"> 101</span>  @Parameters</div> |
| <div class="line"><a name="l00102"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#afdb47ee829960cf66c33861369a43ee1"> 102</a></span>  <span class="keyword">public</span> <span class="keyword">static</span> Collection <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#afdb47ee829960cf66c33861369a43ee1">testVectors</a>() {</div> |
| <div class="line"><a name="l00103"></a><span class="lineno"> 103</span>  <span class="keywordflow">return</span> Arrays.asList(<span class="keyword">new</span> Object[][] {{null}, {AUTHZ_POLICY_FILE}});</div> |
| <div class="line"><a name="l00104"></a><span class="lineno"> 104</span>  }</div> |
| <div class="line"><a name="l00105"></a><span class="lineno"> 105</span> </div> |
| <div class="line"><a name="l00106"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a98ed2134b987497ff34193e78c8046ad"> 106</a></span>  <span class="keyword">public</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a98ed2134b987497ff34193e78c8046ad">AuthorizationTest</a>(String policyFile) <span class="keywordflow">throws</span> Exception {</div> |
| <div class="line"><a name="l00107"></a><span class="lineno"> 107</span>  authzConfig_ = AuthorizationConfig.createHadoopGroupAuthConfig(<span class="stringliteral">"server1"</span>, policyFile,</div> |
| <div class="line"><a name="l00108"></a><span class="lineno"> 108</span>  System.getenv(<span class="stringliteral">"IMPALA_HOME"</span>) + <span class="stringliteral">"/fe/src/test/resources/sentry-site.xml"</span>);</div> |
| <div class="line"><a name="l00109"></a><span class="lineno"> 109</span>  authzConfig_.validateConfig();</div> |
| <div class="line"><a name="l00110"></a><span class="lineno"> 110</span>  <span class="keywordflow">if</span> (!isSetup_ && policyFile == null) {</div> |
| <div class="line"><a name="l00111"></a><span class="lineno"> 111</span>  setup();</div> |
| <div class="line"><a name="l00112"></a><span class="lineno"> 112</span>  isSetup_ = <span class="keyword">true</span>;</div> |
| <div class="line"><a name="l00113"></a><span class="lineno"> 113</span>  }</div> |
| <div class="line"><a name="l00114"></a><span class="lineno"> 114</span>  catalog_ = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">ImpaladTestCatalog</a>(authzConfig_);</div> |
| <div class="line"><a name="l00115"></a><span class="lineno"> 115</span>  queryCtx_ = TestUtils.createQueryContext(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html#a9f92d2cb3e8ca769090f3d0478c11734">Catalog.DEFAULT_DB</a>, USER.getName());</div> |
| <div class="line"><a name="l00116"></a><span class="lineno"> 116</span>  analysisContext_ = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a>(catalog_, queryCtx_, authzConfig_);</div> |
| <div class="line"><a name="l00117"></a><span class="lineno"> 117</span>  fe_ = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">Frontend</a>(authzConfig_, catalog_);</div> |
| <div class="line"><a name="l00118"></a><span class="lineno"> 118</span>  }</div> |
| <div class="line"><a name="l00119"></a><span class="lineno"> 119</span> </div> |
| <div class="line"><a name="l00120"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#acdaf11236b97a417c7aae42b3b5da7fb"> 120</a></span>  <span class="keyword">private</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#acdaf11236b97a417c7aae42b3b5da7fb">setup</a>() throws Exception {</div> |
| <div class="line"><a name="l00121"></a><span class="lineno"> 121</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a> sentryService = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a>(</div> |
| <div class="line"><a name="l00122"></a><span class="lineno"> 122</span>  authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5ba958fd6bdecb5c2cac4f4171147c90">getSentryConfig</a>());</div> |
| <div class="line"><a name="l00123"></a><span class="lineno"> 123</span>  <span class="comment">// Server admin. Don't grant to any groups, that is done within</span></div> |
| <div class="line"><a name="l00124"></a><span class="lineno"> 124</span>  <span class="comment">// the test cases.</span></div> |
| <div class="line"><a name="l00125"></a><span class="lineno"> 125</span>  String roleName = <span class="stringliteral">"admin"</span>;</div> |
| <div class="line"><a name="l00126"></a><span class="lineno"> 126</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00127"></a><span class="lineno"> 127</span> </div> |
| <div class="line"><a name="l00128"></a><span class="lineno"> 128</span>  TPrivilege privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.ALL,</div> |
| <div class="line"><a name="l00129"></a><span class="lineno"> 129</span>  TPrivilegeScope.SERVER, <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00130"></a><span class="lineno"> 130</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00131"></a><span class="lineno"> 131</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00132"></a><span class="lineno"> 132</span>  sentryService.revokeRoleFromGroup(USER, <span class="stringliteral">"admin"</span>, USER.getName());</div> |
| <div class="line"><a name="l00133"></a><span class="lineno"> 133</span> </div> |
| <div class="line"><a name="l00134"></a><span class="lineno"> 134</span>  <span class="comment">// insert functional alltypes</span></div> |
| <div class="line"><a name="l00135"></a><span class="lineno"> 135</span>  roleName = <span class="stringliteral">"insert_functional_alltypes"</span>;</div> |
| <div class="line"><a name="l00136"></a><span class="lineno"> 136</span>  roleName = roleName.toLowerCase();</div> |
| <div class="line"><a name="l00137"></a><span class="lineno"> 137</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00138"></a><span class="lineno"> 138</span>  sentryService.grantRoleToGroup(USER, roleName, USER.getName());</div> |
| <div class="line"><a name="l00139"></a><span class="lineno"> 139</span> </div> |
| <div class="line"><a name="l00140"></a><span class="lineno"> 140</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.INSERT, TPrivilegeScope.TABLE,</div> |
| <div class="line"><a name="l00141"></a><span class="lineno"> 141</span>  <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00142"></a><span class="lineno"> 142</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00143"></a><span class="lineno"> 143</span>  privilege.setDb_name(<span class="stringliteral">"functional"</span>);</div> |
| <div class="line"><a name="l00144"></a><span class="lineno"> 144</span>  privilege.setTable_name(<span class="stringliteral">"alltypes"</span>);</div> |
| <div class="line"><a name="l00145"></a><span class="lineno"> 145</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00146"></a><span class="lineno"> 146</span> </div> |
| <div class="line"><a name="l00147"></a><span class="lineno"> 147</span>  <span class="comment">// insert_parquet</span></div> |
| <div class="line"><a name="l00148"></a><span class="lineno"> 148</span>  roleName = <span class="stringliteral">"insert_parquet"</span>;</div> |
| <div class="line"><a name="l00149"></a><span class="lineno"> 149</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00150"></a><span class="lineno"> 150</span>  sentryService.grantRoleToGroup(USER, roleName, USER.getName());</div> |
| <div class="line"><a name="l00151"></a><span class="lineno"> 151</span> </div> |
| <div class="line"><a name="l00152"></a><span class="lineno"> 152</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.INSERT, TPrivilegeScope.TABLE,</div> |
| <div class="line"><a name="l00153"></a><span class="lineno"> 153</span>  <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00154"></a><span class="lineno"> 154</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00155"></a><span class="lineno"> 155</span>  privilege.setDb_name(<span class="stringliteral">"functional_parquet"</span>);</div> |
| <div class="line"><a name="l00156"></a><span class="lineno"> 156</span>  privilege.setTable_name(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableTable.html#a6e8cf91cf9431e070d96214e53c0680a">AuthorizeableTable.ANY_TABLE_NAME</a>);</div> |
| <div class="line"><a name="l00157"></a><span class="lineno"> 157</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00158"></a><span class="lineno"> 158</span> </div> |
| <div class="line"><a name="l00159"></a><span class="lineno"> 159</span>  <span class="comment">// all newdb w/ all on URI</span></div> |
| <div class="line"><a name="l00160"></a><span class="lineno"> 160</span>  roleName = <span class="stringliteral">"all_newdb"</span>;</div> |
| <div class="line"><a name="l00161"></a><span class="lineno"> 161</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00162"></a><span class="lineno"> 162</span>  sentryService.grantRoleToGroup(USER, roleName, USER.getName());</div> |
| <div class="line"><a name="l00163"></a><span class="lineno"> 163</span> </div> |
| <div class="line"><a name="l00164"></a><span class="lineno"> 164</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.ALL, TPrivilegeScope.DATABASE,</div> |
| <div class="line"><a name="l00165"></a><span class="lineno"> 165</span>  <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00166"></a><span class="lineno"> 166</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00167"></a><span class="lineno"> 167</span>  privilege.setDb_name(<span class="stringliteral">"newdb"</span>);</div> |
| <div class="line"><a name="l00168"></a><span class="lineno"> 168</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00169"></a><span class="lineno"> 169</span> </div> |
| <div class="line"><a name="l00170"></a><span class="lineno"> 170</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.ALL, TPrivilegeScope.URI,</div> |
| <div class="line"><a name="l00171"></a><span class="lineno"> 171</span>  <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00172"></a><span class="lineno"> 172</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00173"></a><span class="lineno"> 173</span>  privilege.setUri(<span class="stringliteral">"hdfs://localhost:20500/test-warehouse/new_table"</span>);</div> |
| <div class="line"><a name="l00174"></a><span class="lineno"> 174</span>  privilege.setTable_name(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableTable.html#a6e8cf91cf9431e070d96214e53c0680a">AuthorizeableTable.ANY_TABLE_NAME</a>);</div> |
| <div class="line"><a name="l00175"></a><span class="lineno"> 175</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00176"></a><span class="lineno"> 176</span> </div> |
| <div class="line"><a name="l00177"></a><span class="lineno"> 177</span>  <span class="comment">// all tpch</span></div> |
| <div class="line"><a name="l00178"></a><span class="lineno"> 178</span>  roleName = <span class="stringliteral">"all_tpch"</span>;</div> |
| <div class="line"><a name="l00179"></a><span class="lineno"> 179</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00180"></a><span class="lineno"> 180</span>  sentryService.grantRoleToGroup(USER, roleName, USER.getName());</div> |
| <div class="line"><a name="l00181"></a><span class="lineno"> 181</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.ALL, TPrivilegeScope.URI, <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00182"></a><span class="lineno"> 182</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00183"></a><span class="lineno"> 183</span>  privilege.setUri(<span class="stringliteral">"hdfs://localhost:20500/test-warehouse/tpch.lineitem"</span>);</div> |
| <div class="line"><a name="l00184"></a><span class="lineno"> 184</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00185"></a><span class="lineno"> 185</span> </div> |
| <div class="line"><a name="l00186"></a><span class="lineno"> 186</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.ALL, TPrivilegeScope.DATABASE, <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00187"></a><span class="lineno"> 187</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00188"></a><span class="lineno"> 188</span>  privilege.setDb_name(<span class="stringliteral">"tpch"</span>);</div> |
| <div class="line"><a name="l00189"></a><span class="lineno"> 189</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00190"></a><span class="lineno"> 190</span> </div> |
| <div class="line"><a name="l00191"></a><span class="lineno"> 191</span>  <span class="comment">// select tpcds</span></div> |
| <div class="line"><a name="l00192"></a><span class="lineno"> 192</span>  roleName = <span class="stringliteral">"select_tpcds"</span>;</div> |
| <div class="line"><a name="l00193"></a><span class="lineno"> 193</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00194"></a><span class="lineno"> 194</span>  sentryService.grantRoleToGroup(USER, roleName, USER.getName());</div> |
| <div class="line"><a name="l00195"></a><span class="lineno"> 195</span> </div> |
| <div class="line"><a name="l00196"></a><span class="lineno"> 196</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.SELECT, TPrivilegeScope.TABLE, <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00197"></a><span class="lineno"> 197</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00198"></a><span class="lineno"> 198</span>  privilege.setDb_name(<span class="stringliteral">"tpcds"</span>);</div> |
| <div class="line"><a name="l00199"></a><span class="lineno"> 199</span>  privilege.setTable_name(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableTable.html#a6e8cf91cf9431e070d96214e53c0680a">AuthorizeableTable.ANY_TABLE_NAME</a>);</div> |
| <div class="line"><a name="l00200"></a><span class="lineno"> 200</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00201"></a><span class="lineno"> 201</span> </div> |
| <div class="line"><a name="l00202"></a><span class="lineno"> 202</span>  <span class="comment">// select_functional_alltypesagg</span></div> |
| <div class="line"><a name="l00203"></a><span class="lineno"> 203</span>  roleName = <span class="stringliteral">"select_functional_alltypesagg"</span>;</div> |
| <div class="line"><a name="l00204"></a><span class="lineno"> 204</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00205"></a><span class="lineno"> 205</span>  sentryService.grantRoleToGroup(USER, roleName, USER.getName());</div> |
| <div class="line"><a name="l00206"></a><span class="lineno"> 206</span> </div> |
| <div class="line"><a name="l00207"></a><span class="lineno"> 207</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.SELECT, TPrivilegeScope.TABLE, <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00208"></a><span class="lineno"> 208</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00209"></a><span class="lineno"> 209</span>  privilege.setDb_name(<span class="stringliteral">"functional"</span>);</div> |
| <div class="line"><a name="l00210"></a><span class="lineno"> 210</span>  privilege.setTable_name(<span class="stringliteral">"alltypesagg"</span>);</div> |
| <div class="line"><a name="l00211"></a><span class="lineno"> 211</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00212"></a><span class="lineno"> 212</span> </div> |
| <div class="line"><a name="l00213"></a><span class="lineno"> 213</span>  <span class="comment">// select_functional_complex_view</span></div> |
| <div class="line"><a name="l00214"></a><span class="lineno"> 214</span>  roleName = <span class="stringliteral">"select_functional_complex_view"</span>;</div> |
| <div class="line"><a name="l00215"></a><span class="lineno"> 215</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00216"></a><span class="lineno"> 216</span>  sentryService.grantRoleToGroup(USER, roleName, USER.getName());</div> |
| <div class="line"><a name="l00217"></a><span class="lineno"> 217</span> </div> |
| <div class="line"><a name="l00218"></a><span class="lineno"> 218</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.SELECT, TPrivilegeScope.TABLE, <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00219"></a><span class="lineno"> 219</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00220"></a><span class="lineno"> 220</span>  privilege.setDb_name(<span class="stringliteral">"functional"</span>);</div> |
| <div class="line"><a name="l00221"></a><span class="lineno"> 221</span>  privilege.setTable_name(<span class="stringliteral">"complex_view"</span>);</div> |
| <div class="line"><a name="l00222"></a><span class="lineno"> 222</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00223"></a><span class="lineno"> 223</span> </div> |
| <div class="line"><a name="l00224"></a><span class="lineno"> 224</span>  <span class="comment">// select_functional_view_view</span></div> |
| <div class="line"><a name="l00225"></a><span class="lineno"> 225</span>  roleName = <span class="stringliteral">"select_functional_view_view"</span>;</div> |
| <div class="line"><a name="l00226"></a><span class="lineno"> 226</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00227"></a><span class="lineno"> 227</span>  sentryService.grantRoleToGroup(USER, roleName, USER.getName());</div> |
| <div class="line"><a name="l00228"></a><span class="lineno"> 228</span> </div> |
| <div class="line"><a name="l00229"></a><span class="lineno"> 229</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.SELECT, TPrivilegeScope.TABLE, <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00230"></a><span class="lineno"> 230</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00231"></a><span class="lineno"> 231</span>  privilege.setDb_name(<span class="stringliteral">"functional"</span>);</div> |
| <div class="line"><a name="l00232"></a><span class="lineno"> 232</span>  privilege.setTable_name(<span class="stringliteral">"view_view"</span>);</div> |
| <div class="line"><a name="l00233"></a><span class="lineno"> 233</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00234"></a><span class="lineno"> 234</span> </div> |
| <div class="line"><a name="l00235"></a><span class="lineno"> 235</span>  <span class="comment">// all_functional_seq_snap</span></div> |
| <div class="line"><a name="l00236"></a><span class="lineno"> 236</span>  roleName = <span class="stringliteral">"all_functional_seq_snap"</span>;</div> |
| <div class="line"><a name="l00237"></a><span class="lineno"> 237</span>  <span class="comment">// Verify we are able to drop a role.</span></div> |
| <div class="line"><a name="l00238"></a><span class="lineno"> 238</span>  sentryService.dropRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00239"></a><span class="lineno"> 239</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00240"></a><span class="lineno"> 240</span>  sentryService.grantRoleToGroup(USER, roleName, USER.getName());</div> |
| <div class="line"><a name="l00241"></a><span class="lineno"> 241</span> </div> |
| <div class="line"><a name="l00242"></a><span class="lineno"> 242</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.ALL, TPrivilegeScope.DATABASE, <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00243"></a><span class="lineno"> 243</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00244"></a><span class="lineno"> 244</span>  privilege.setDb_name(<span class="stringliteral">"functional_seq_snap"</span>);</div> |
| <div class="line"><a name="l00245"></a><span class="lineno"> 245</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00246"></a><span class="lineno"> 246</span>  }</div> |
| <div class="line"><a name="l00247"></a><span class="lineno"> 247</span> </div> |
| <div class="line"><a name="l00248"></a><span class="lineno"> 248</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00249"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ad47e151437d01c57bfa4375434d267fe"> 249</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ad47e151437d01c57bfa4375434d267fe">TestFix</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l00250"></a><span class="lineno"> 250</span>  AuthzError(<span class="stringliteral">"select * from functional.complex_view_sub"</span>,</div> |
| <div class="line"><a name="l00251"></a><span class="lineno"> 251</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00252"></a><span class="lineno"> 252</span>  <span class="stringliteral">"functional.complex_view_sub"</span>);</div> |
| <div class="line"><a name="l00253"></a><span class="lineno"> 253</span>  }</div> |
| <div class="line"><a name="l00254"></a><span class="lineno"> 254</span> </div> |
| <div class="line"><a name="l00255"></a><span class="lineno"> 255</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00256"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#adf7f1f20aa5ddffae0dfcf1c21afb28d"> 256</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#adf7f1f20aa5ddffae0dfcf1c21afb28d">TestSentryService</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">ImpalaException</a> {</div> |
| <div class="line"><a name="l00257"></a><span class="lineno"> 257</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a> sentryService =</div> |
| <div class="line"><a name="l00258"></a><span class="lineno"> 258</span>  <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a>(authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5ba958fd6bdecb5c2cac4f4171147c90">getSentryConfig</a>());</div> |
| <div class="line"><a name="l00259"></a><span class="lineno"> 259</span>  String roleName = <span class="stringliteral">"testRoleName"</span>;</div> |
| <div class="line"><a name="l00260"></a><span class="lineno"> 260</span>  roleName = roleName.toLowerCase();</div> |
| <div class="line"><a name="l00261"></a><span class="lineno"> 261</span> </div> |
| <div class="line"><a name="l00262"></a><span class="lineno"> 262</span>  sentryService.createRole(USER, roleName, <span class="keyword">true</span>);</div> |
| <div class="line"><a name="l00263"></a><span class="lineno"> 263</span>  String dbName = UUID.randomUUID().toString();</div> |
| <div class="line"><a name="l00264"></a><span class="lineno"> 264</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableDb.html">AuthorizeableDb</a> db = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableDb.html">AuthorizeableDb</a>(dbName);</div> |
| <div class="line"><a name="l00265"></a><span class="lineno"> 265</span>  TPrivilege privilege =</div> |
| <div class="line"><a name="l00266"></a><span class="lineno"> 266</span>  <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.ALL, TPrivilegeScope.DATABASE, <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00267"></a><span class="lineno"> 267</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00268"></a><span class="lineno"> 268</span>  privilege.setDb_name(dbName);</div> |
| <div class="line"><a name="l00269"></a><span class="lineno"> 269</span>  sentryService.grantRoleToGroup(USER, roleName, USER.getName());</div> |
| <div class="line"><a name="l00270"></a><span class="lineno"> 270</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00271"></a><span class="lineno"> 271</span> </div> |
| <div class="line"><a name="l00272"></a><span class="lineno"> 272</span>  <span class="keywordflow">for</span> (<span class="keywordtype">int</span> i = 0; i < 2; ++i) {</div> |
| <div class="line"><a name="l00273"></a><span class="lineno"> 273</span>  privilege = <span class="keyword">new</span> TPrivilege(<span class="stringliteral">""</span>, TPrivilegeLevel.SELECT, TPrivilegeScope.TABLE,</div> |
| <div class="line"><a name="l00274"></a><span class="lineno"> 274</span>  <span class="keyword">false</span>);</div> |
| <div class="line"><a name="l00275"></a><span class="lineno"> 275</span>  privilege.setServer_name(<span class="stringliteral">"server1"</span>);</div> |
| <div class="line"><a name="l00276"></a><span class="lineno"> 276</span>  privilege.setDb_name(dbName);</div> |
| <div class="line"><a name="l00277"></a><span class="lineno"> 277</span>  privilege.setTable_name(<span class="stringliteral">"test_tbl_"</span> + String.valueOf(i));</div> |
| <div class="line"><a name="l00278"></a><span class="lineno"> 278</span>  sentryService.grantRolePrivilege(USER, roleName, privilege);</div> |
| <div class="line"><a name="l00279"></a><span class="lineno"> 279</span>  }</div> |
| <div class="line"><a name="l00280"></a><span class="lineno"> 280</span>  }</div> |
| <div class="line"><a name="l00281"></a><span class="lineno"> 281</span> </div> |
| <div class="line"><a name="l00282"></a><span class="lineno"> 282</span>  @After</div> |
| <div class="line"><a name="l00283"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aad11feb4455462d81af07e793723d444"> 283</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aad11feb4455462d81af07e793723d444">TestTPCHCleanup</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l00284"></a><span class="lineno"> 284</span>  <span class="comment">// Failure to cleanup TPCH can cause:</span></div> |
| <div class="line"><a name="l00285"></a><span class="lineno"> 285</span>  <span class="comment">// TestDropDatabase(com.cloudera.impala.analysis.AuthorizationTest):</span></div> |
| <div class="line"><a name="l00286"></a><span class="lineno"> 286</span>  <span class="comment">// Cannot drop non-empty database: tpch</span></div> |
| <div class="line"><a name="l00287"></a><span class="lineno"> 287</span>  <span class="keywordflow">if</span> (catalog_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html#a5658ea435839f2c30e9c25f045be3270">getDb</a>(<span class="stringliteral">"tpch"</span>).numFunctions() != 0) {</div> |
| <div class="line"><a name="l00288"></a><span class="lineno"> 288</span>  fail(<span class="stringliteral">"Failed to clean up functions in tpch."</span>);</div> |
| <div class="line"><a name="l00289"></a><span class="lineno"> 289</span>  }</div> |
| <div class="line"><a name="l00290"></a><span class="lineno"> 290</span>  }</div> |
| <div class="line"><a name="l00291"></a><span class="lineno"> 291</span> </div> |
| <div class="line"><a name="l00292"></a><span class="lineno"> 292</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00293"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a96a4d7a3e149df9912cc7e7694cb2920"> 293</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a96a4d7a3e149df9912cc7e7694cb2920">TestSelect</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l00294"></a><span class="lineno"> 294</span>  <span class="comment">// Can select from table that user has privileges on.</span></div> |
| <div class="line"><a name="l00295"></a><span class="lineno"> 295</span>  AuthzOk(<span class="stringliteral">"select * from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00296"></a><span class="lineno"> 296</span> </div> |
| <div class="line"><a name="l00297"></a><span class="lineno"> 297</span>  AuthzOk(<span class="stringliteral">"select * from functional_seq_snap.alltypes"</span>);</div> |
| <div class="line"><a name="l00298"></a><span class="lineno"> 298</span> </div> |
| <div class="line"><a name="l00299"></a><span class="lineno"> 299</span>  <span class="comment">// Can select from view that user has privileges on even though he/she doesn't</span></div> |
| <div class="line"><a name="l00300"></a><span class="lineno"> 300</span>  <span class="comment">// have privileges on underlying tables.</span></div> |
| <div class="line"><a name="l00301"></a><span class="lineno"> 301</span>  AuthzOk(<span class="stringliteral">"select * from functional.complex_view"</span>);</div> |
| <div class="line"><a name="l00302"></a><span class="lineno"> 302</span> </div> |
| <div class="line"><a name="l00303"></a><span class="lineno"> 303</span>  <span class="comment">// User has permission to select the view but not on the view (alltypes_view)</span></div> |
| <div class="line"><a name="l00304"></a><span class="lineno"> 304</span>  <span class="comment">// referenced in its view definition.</span></div> |
| <div class="line"><a name="l00305"></a><span class="lineno"> 305</span>  AuthzOk(<span class="stringliteral">"select * from functional.view_view"</span>);</div> |
| <div class="line"><a name="l00306"></a><span class="lineno"> 306</span> </div> |
| <div class="line"><a name="l00307"></a><span class="lineno"> 307</span>  <span class="comment">// User does not have SELECT privileges on this view.</span></div> |
| <div class="line"><a name="l00308"></a><span class="lineno"> 308</span>  AuthzError(<span class="stringliteral">"select * from functional.complex_view_sub"</span>,</div> |
| <div class="line"><a name="l00309"></a><span class="lineno"> 309</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00310"></a><span class="lineno"> 310</span>  <span class="stringliteral">"functional.complex_view_sub"</span>);</div> |
| <div class="line"><a name="l00311"></a><span class="lineno"> 311</span> </div> |
| <div class="line"><a name="l00312"></a><span class="lineno"> 312</span>  <span class="comment">// User has SELECT privileges on the view and the join table.</span></div> |
| <div class="line"><a name="l00313"></a><span class="lineno"> 313</span>  AuthzOk(<span class="stringliteral">"select a.id from functional.view_view a "</span></div> |
| <div class="line"><a name="l00314"></a><span class="lineno"> 314</span>  + <span class="stringliteral">"join functional.alltypesagg b ON (a.id = b.id)"</span>);</div> |
| <div class="line"><a name="l00315"></a><span class="lineno"> 315</span> </div> |
| <div class="line"><a name="l00316"></a><span class="lineno"> 316</span>  <span class="comment">// User has SELECT privileges on the view, but does not have privileges</span></div> |
| <div class="line"><a name="l00317"></a><span class="lineno"> 317</span>  <span class="comment">// to select join table.</span></div> |
| <div class="line"><a name="l00318"></a><span class="lineno"> 318</span>  AuthzError(<span class="stringliteral">"select a.id from functional.view_view a "</span></div> |
| <div class="line"><a name="l00319"></a><span class="lineno"> 319</span>  + <span class="stringliteral">"join functional.alltypes b ON (a.id = b.id)"</span>,</div> |
| <div class="line"><a name="l00320"></a><span class="lineno"> 320</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00321"></a><span class="lineno"> 321</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00322"></a><span class="lineno"> 322</span> </div> |
| <div class="line"><a name="l00323"></a><span class="lineno"> 323</span>  <span class="comment">// Constant select.</span></div> |
| <div class="line"><a name="l00324"></a><span class="lineno"> 324</span>  AuthzOk(<span class="stringliteral">"select 1"</span>);</div> |
| <div class="line"><a name="l00325"></a><span class="lineno"> 325</span> </div> |
| <div class="line"><a name="l00326"></a><span class="lineno"> 326</span>  <span class="comment">// Unqualified table name.</span></div> |
| <div class="line"><a name="l00327"></a><span class="lineno"> 327</span>  AuthzError(<span class="stringliteral">"select * from alltypes"</span>,</div> |
| <div class="line"><a name="l00328"></a><span class="lineno"> 328</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: default.alltypes"</span>);</div> |
| <div class="line"><a name="l00329"></a><span class="lineno"> 329</span> </div> |
| <div class="line"><a name="l00330"></a><span class="lineno"> 330</span>  <span class="comment">// Select with no privileges on table.</span></div> |
| <div class="line"><a name="l00331"></a><span class="lineno"> 331</span>  AuthzError(<span class="stringliteral">"select * from functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00332"></a><span class="lineno"> 332</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00333"></a><span class="lineno"> 333</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00334"></a><span class="lineno"> 334</span> </div> |
| <div class="line"><a name="l00335"></a><span class="lineno"> 335</span>  <span class="comment">// Select with no privileges on view.</span></div> |
| <div class="line"><a name="l00336"></a><span class="lineno"> 336</span>  AuthzError(<span class="stringliteral">"select * from functional.complex_view_sub"</span>,</div> |
| <div class="line"><a name="l00337"></a><span class="lineno"> 337</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00338"></a><span class="lineno"> 338</span>  <span class="stringliteral">"functional.complex_view_sub"</span>);</div> |
| <div class="line"><a name="l00339"></a><span class="lineno"> 339</span> </div> |
| <div class="line"><a name="l00340"></a><span class="lineno"> 340</span>  <span class="comment">// Select without referencing a column.</span></div> |
| <div class="line"><a name="l00341"></a><span class="lineno"> 341</span>  AuthzError(<span class="stringliteral">"select 1 from functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00342"></a><span class="lineno"> 342</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00343"></a><span class="lineno"> 343</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00344"></a><span class="lineno"> 344</span> </div> |
| <div class="line"><a name="l00345"></a><span class="lineno"> 345</span>  <span class="comment">// Select from non-existent table.</span></div> |
| <div class="line"><a name="l00346"></a><span class="lineno"> 346</span>  AuthzError(<span class="stringliteral">"select 1 from functional.notbl"</span>,</div> |
| <div class="line"><a name="l00347"></a><span class="lineno"> 347</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: functional.notbl"</span>);</div> |
| <div class="line"><a name="l00348"></a><span class="lineno"> 348</span> </div> |
| <div class="line"><a name="l00349"></a><span class="lineno"> 349</span>  <span class="comment">// Select from non-existent db.</span></div> |
| <div class="line"><a name="l00350"></a><span class="lineno"> 350</span>  AuthzError(<span class="stringliteral">"select 1 from nodb.alltypes"</span>,</div> |
| <div class="line"><a name="l00351"></a><span class="lineno"> 351</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l00352"></a><span class="lineno"> 352</span> </div> |
| <div class="line"><a name="l00353"></a><span class="lineno"> 353</span>  <span class="comment">// Table within inline view is authorized properly.</span></div> |
| <div class="line"><a name="l00354"></a><span class="lineno"> 354</span>  AuthzError(<span class="stringliteral">"select a.* from (select * from functional.alltypes) a"</span>,</div> |
| <div class="line"><a name="l00355"></a><span class="lineno"> 355</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00356"></a><span class="lineno"> 356</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00357"></a><span class="lineno"> 357</span>  <span class="comment">// Table within inline view is authorized properly (user has permission).</span></div> |
| <div class="line"><a name="l00358"></a><span class="lineno"> 358</span>  AuthzOk(<span class="stringliteral">"select a.* from (select * from functional.alltypesagg) a"</span>);</div> |
| <div class="line"><a name="l00359"></a><span class="lineno"> 359</span>  }</div> |
| <div class="line"><a name="l00360"></a><span class="lineno"> 360</span> </div> |
| <div class="line"><a name="l00361"></a><span class="lineno"> 361</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00362"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a2087b002116bc408323ad493ff0a0011"> 362</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a2087b002116bc408323ad493ff0a0011">TestUnion</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l00363"></a><span class="lineno"> 363</span>  AuthzOk(<span class="stringliteral">"select * from functional.alltypesagg union all "</span> +</div> |
| <div class="line"><a name="l00364"></a><span class="lineno"> 364</span>  <span class="stringliteral">"select * from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00365"></a><span class="lineno"> 365</span> </div> |
| <div class="line"><a name="l00366"></a><span class="lineno"> 366</span>  AuthzError(<span class="stringliteral">"select * from functional.alltypesagg union all "</span> +</div> |
| <div class="line"><a name="l00367"></a><span class="lineno"> 367</span>  <span class="stringliteral">"select * from functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00368"></a><span class="lineno"> 368</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00369"></a><span class="lineno"> 369</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00370"></a><span class="lineno"> 370</span>  }</div> |
| <div class="line"><a name="l00371"></a><span class="lineno"> 371</span> </div> |
| <div class="line"><a name="l00372"></a><span class="lineno"> 372</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00373"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a776a081a9a0497c4136ca3385aa8c29d"> 373</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a776a081a9a0497c4136ca3385aa8c29d">TestInsert</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l00374"></a><span class="lineno"> 374</span>  AuthzOk(<span class="stringliteral">"insert into functional_parquet.alltypes "</span> +</div> |
| <div class="line"><a name="l00375"></a><span class="lineno"> 375</span>  <span class="stringliteral">"partition(month,year) select * from functional_seq_snap.alltypes"</span>);</div> |
| <div class="line"><a name="l00376"></a><span class="lineno"> 376</span> </div> |
| <div class="line"><a name="l00377"></a><span class="lineno"> 377</span>  <span class="comment">// Insert + inline view (user has permissions).</span></div> |
| <div class="line"><a name="l00378"></a><span class="lineno"> 378</span>  AuthzOk(<span class="stringliteral">"insert into functional.alltypes partition(month,year) "</span> +</div> |
| <div class="line"><a name="l00379"></a><span class="lineno"> 379</span>  <span class="stringliteral">"select b.* from functional.alltypesagg a join (select * from "</span> +</div> |
| <div class="line"><a name="l00380"></a><span class="lineno"> 380</span>  <span class="stringliteral">"functional_seq_snap.alltypes) b on (a.int_col = b.int_col)"</span>);</div> |
| <div class="line"><a name="l00381"></a><span class="lineno"> 381</span> </div> |
| <div class="line"><a name="l00382"></a><span class="lineno"> 382</span>  <span class="comment">// User doesn't have INSERT permissions in the target table.</span></div> |
| <div class="line"><a name="l00383"></a><span class="lineno"> 383</span>  AuthzError(<span class="stringliteral">"insert into functional.alltypesagg select 1"</span>,</div> |
| <div class="line"><a name="l00384"></a><span class="lineno"> 384</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'INSERT' on: "</span> +</div> |
| <div class="line"><a name="l00385"></a><span class="lineno"> 385</span>  <span class="stringliteral">"functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00386"></a><span class="lineno"> 386</span> </div> |
| <div class="line"><a name="l00387"></a><span class="lineno"> 387</span>  <span class="comment">// User doesn't have INSERT permissions in the target view.</span></div> |
| <div class="line"><a name="l00388"></a><span class="lineno"> 388</span>  <span class="comment">// Inserting into a view is not allowed.</span></div> |
| <div class="line"><a name="l00389"></a><span class="lineno"> 389</span>  AuthzError(<span class="stringliteral">"insert into functional.alltypes_view select 1"</span>,</div> |
| <div class="line"><a name="l00390"></a><span class="lineno"> 390</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'INSERT' on: "</span> +</div> |
| <div class="line"><a name="l00391"></a><span class="lineno"> 391</span>  <span class="stringliteral">"functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00392"></a><span class="lineno"> 392</span> </div> |
| <div class="line"><a name="l00393"></a><span class="lineno"> 393</span>  <span class="comment">// User doesn't have SELECT permissions on source table.</span></div> |
| <div class="line"><a name="l00394"></a><span class="lineno"> 394</span>  AuthzError(<span class="stringliteral">"insert into functional.alltypes "</span> +</div> |
| <div class="line"><a name="l00395"></a><span class="lineno"> 395</span>  <span class="stringliteral">"select * from functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00396"></a><span class="lineno"> 396</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00397"></a><span class="lineno"> 397</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00398"></a><span class="lineno"> 398</span> </div> |
| <div class="line"><a name="l00399"></a><span class="lineno"> 399</span>  <span class="comment">// User doesn't have permissions on source table within inline view.</span></div> |
| <div class="line"><a name="l00400"></a><span class="lineno"> 400</span>  AuthzError(<span class="stringliteral">"insert into functional.alltypes "</span> +</div> |
| <div class="line"><a name="l00401"></a><span class="lineno"> 401</span>  <span class="stringliteral">"select * from functional.alltypesagg a join (select * from "</span> +</div> |
| <div class="line"><a name="l00402"></a><span class="lineno"> 402</span>  <span class="stringliteral">"functional_seq.alltypes) b on (a.int_col = b.int_col)"</span>,</div> |
| <div class="line"><a name="l00403"></a><span class="lineno"> 403</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00404"></a><span class="lineno"> 404</span>  <span class="stringliteral">"functional_seq.alltypes"</span>);</div> |
| <div class="line"><a name="l00405"></a><span class="lineno"> 405</span>  }</div> |
| <div class="line"><a name="l00406"></a><span class="lineno"> 406</span> </div> |
| <div class="line"><a name="l00407"></a><span class="lineno"> 407</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00408"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#af5a9d771b69086e3a3bdffb3add668da"> 408</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#af5a9d771b69086e3a3bdffb3add668da">TestWithClause</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l00409"></a><span class="lineno"> 409</span>  <span class="comment">// User has SELECT privileges on table in WITH-clause view.</span></div> |
| <div class="line"><a name="l00410"></a><span class="lineno"> 410</span>  AuthzOk(<span class="stringliteral">"with t as (select * from functional.alltypesagg) select * from t"</span>);</div> |
| <div class="line"><a name="l00411"></a><span class="lineno"> 411</span>  <span class="comment">// User doesn't have SELECT privileges on table in WITH-clause view.</span></div> |
| <div class="line"><a name="l00412"></a><span class="lineno"> 412</span>  AuthzError(<span class="stringliteral">"with t as (select * from functional.alltypes) select * from t"</span>,</div> |
| <div class="line"><a name="l00413"></a><span class="lineno"> 413</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00414"></a><span class="lineno"> 414</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00415"></a><span class="lineno"> 415</span>  <span class="comment">// User has SELECT privileges on view in WITH-clause view.</span></div> |
| <div class="line"><a name="l00416"></a><span class="lineno"> 416</span>  AuthzOk(<span class="stringliteral">"with t as (select * from functional.complex_view) select * from t"</span>);</div> |
| <div class="line"><a name="l00417"></a><span class="lineno"> 417</span> </div> |
| <div class="line"><a name="l00418"></a><span class="lineno"> 418</span>  <span class="comment">// User has SELECT privileges on table in WITH-clause view in INSERT.</span></div> |
| <div class="line"><a name="l00419"></a><span class="lineno"> 419</span>  AuthzOk(<span class="stringliteral">"with t as (select * from functional_seq_snap.alltypes) "</span> +</div> |
| <div class="line"><a name="l00420"></a><span class="lineno"> 420</span>  <span class="stringliteral">"insert into functional_parquet.alltypes partition(month,year) select * from t"</span>);</div> |
| <div class="line"><a name="l00421"></a><span class="lineno"> 421</span>  <span class="comment">// User doesn't have SELECT privileges on table in WITH-clause view in INSERT.</span></div> |
| <div class="line"><a name="l00422"></a><span class="lineno"> 422</span>  AuthzError(<span class="stringliteral">"with t as (select * from functional_parquet.alltypes) "</span> +</div> |
| <div class="line"><a name="l00423"></a><span class="lineno"> 423</span>  <span class="stringliteral">"insert into functional_parquet.alltypes partition(month,year) select * from t"</span>,</div> |
| <div class="line"><a name="l00424"></a><span class="lineno"> 424</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00425"></a><span class="lineno"> 425</span>  <span class="stringliteral">"functional_parquet.alltypes"</span>);</div> |
| <div class="line"><a name="l00426"></a><span class="lineno"> 426</span>  <span class="comment">// User doesn't have SELECT privileges on view in WITH-clause view in INSERT.</span></div> |
| <div class="line"><a name="l00427"></a><span class="lineno"> 427</span>  AuthzError(<span class="stringliteral">"with t as (select * from functional.alltypes_view) "</span> +</div> |
| <div class="line"><a name="l00428"></a><span class="lineno"> 428</span>  <span class="stringliteral">"insert into functional_parquet.alltypes partition(month,year) select * from t"</span>,</div> |
| <div class="line"><a name="l00429"></a><span class="lineno"> 429</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00430"></a><span class="lineno"> 430</span>  <span class="stringliteral">"functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00431"></a><span class="lineno"> 431</span>  }</div> |
| <div class="line"><a name="l00432"></a><span class="lineno"> 432</span> </div> |
| <div class="line"><a name="l00433"></a><span class="lineno"> 433</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00434"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa8df20dc8bea0ef17adadcd85713ba95"> 434</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa8df20dc8bea0ef17adadcd85713ba95">TestExplain</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l00435"></a><span class="lineno"> 435</span>  AuthzOk(<span class="stringliteral">"explain select * from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00436"></a><span class="lineno"> 436</span>  AuthzOk(<span class="stringliteral">"explain insert into functional_parquet.alltypes "</span> +</div> |
| <div class="line"><a name="l00437"></a><span class="lineno"> 437</span>  <span class="stringliteral">"partition(month,year) select * from functional_seq_snap.alltypes"</span>);</div> |
| <div class="line"><a name="l00438"></a><span class="lineno"> 438</span> </div> |
| <div class="line"><a name="l00439"></a><span class="lineno"> 439</span>  <span class="comment">// Select without permissions.</span></div> |
| <div class="line"><a name="l00440"></a><span class="lineno"> 440</span>  AuthzError(<span class="stringliteral">"explain select * from functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00441"></a><span class="lineno"> 441</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00442"></a><span class="lineno"> 442</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00443"></a><span class="lineno"> 443</span> </div> |
| <div class="line"><a name="l00444"></a><span class="lineno"> 444</span>  <span class="comment">// Insert with no select permissions on source table.</span></div> |
| <div class="line"><a name="l00445"></a><span class="lineno"> 445</span>  AuthzError(<span class="stringliteral">"explain insert into functional_parquet.alltypes "</span> +</div> |
| <div class="line"><a name="l00446"></a><span class="lineno"> 446</span>  <span class="stringliteral">"partition(month,year) select * from functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00447"></a><span class="lineno"> 447</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00448"></a><span class="lineno"> 448</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00449"></a><span class="lineno"> 449</span>  <span class="comment">// Insert, user doesn't have permissions on source table.</span></div> |
| <div class="line"><a name="l00450"></a><span class="lineno"> 450</span>  AuthzError(<span class="stringliteral">"explain insert into functional.alltypes "</span> +</div> |
| <div class="line"><a name="l00451"></a><span class="lineno"> 451</span>  <span class="stringliteral">"select * from functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00452"></a><span class="lineno"> 452</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00453"></a><span class="lineno"> 453</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00454"></a><span class="lineno"> 454</span> </div> |
| <div class="line"><a name="l00455"></a><span class="lineno"> 455</span>  <span class="comment">// Test explain on views. User has permissions on all the underlying tables.</span></div> |
| <div class="line"><a name="l00456"></a><span class="lineno"> 456</span>  AuthzOk(<span class="stringliteral">"explain select * from functional_seq_snap.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00457"></a><span class="lineno"> 457</span>  AuthzOk(<span class="stringliteral">"explain insert into functional_parquet.alltypes "</span> +</div> |
| <div class="line"><a name="l00458"></a><span class="lineno"> 458</span>  <span class="stringliteral">"partition(month,year) select * from functional_seq_snap.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00459"></a><span class="lineno"> 459</span> </div> |
| <div class="line"><a name="l00460"></a><span class="lineno"> 460</span>  <span class="comment">// Select on view without permissions on view.</span></div> |
| <div class="line"><a name="l00461"></a><span class="lineno"> 461</span>  AuthzError(<span class="stringliteral">"explain select * from functional.alltypes_view"</span>,</div> |
| <div class="line"><a name="l00462"></a><span class="lineno"> 462</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00463"></a><span class="lineno"> 463</span>  <span class="stringliteral">"functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00464"></a><span class="lineno"> 464</span>  <span class="comment">// Insert into view without permissions on view.</span></div> |
| <div class="line"><a name="l00465"></a><span class="lineno"> 465</span>  AuthzError(<span class="stringliteral">"explain insert into functional.alltypes_view "</span> +</div> |
| <div class="line"><a name="l00466"></a><span class="lineno"> 466</span>  <span class="stringliteral">"select * from functional_seq_snap.alltypes "</span>,</div> |
| <div class="line"><a name="l00467"></a><span class="lineno"> 467</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'INSERT' on: "</span> +</div> |
| <div class="line"><a name="l00468"></a><span class="lineno"> 468</span>  <span class="stringliteral">"functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00469"></a><span class="lineno"> 469</span> </div> |
| <div class="line"><a name="l00470"></a><span class="lineno"> 470</span>  <span class="comment">// User has permission on view, but not on underlying tables.</span></div> |
| <div class="line"><a name="l00471"></a><span class="lineno"> 471</span>  AuthzError(<span class="stringliteral">"explain select * from functional.complex_view"</span>,</div> |
| <div class="line"><a name="l00472"></a><span class="lineno"> 472</span>  <span class="stringliteral">"User '%s' does not have privileges to EXPLAIN this statement."</span>);</div> |
| <div class="line"><a name="l00473"></a><span class="lineno"> 473</span>  <span class="comment">// User has permission on view in WITH clause, but not on underlying tables.</span></div> |
| <div class="line"><a name="l00474"></a><span class="lineno"> 474</span>  AuthzError(<span class="stringliteral">"explain with t as (select * from functional.complex_view) "</span> +</div> |
| <div class="line"><a name="l00475"></a><span class="lineno"> 475</span>  <span class="stringliteral">"select * from t"</span>,</div> |
| <div class="line"><a name="l00476"></a><span class="lineno"> 476</span>  <span class="stringliteral">"User '%s' does not have privileges to EXPLAIN this statement."</span>);</div> |
| <div class="line"><a name="l00477"></a><span class="lineno"> 477</span> </div> |
| <div class="line"><a name="l00478"></a><span class="lineno"> 478</span>  <span class="comment">// User has permission on view in WITH clause, but not on underlying tables.</span></div> |
| <div class="line"><a name="l00479"></a><span class="lineno"> 479</span>  AuthzError(<span class="stringliteral">"explain with t as (select * from functional.complex_view) "</span> +</div> |
| <div class="line"><a name="l00480"></a><span class="lineno"> 480</span>  <span class="stringliteral">"select * from t"</span>,</div> |
| <div class="line"><a name="l00481"></a><span class="lineno"> 481</span>  <span class="stringliteral">"User '%s' does not have privileges to EXPLAIN this statement."</span>);</div> |
| <div class="line"><a name="l00482"></a><span class="lineno"> 482</span>  <span class="comment">// User has permission on view and on view inside view,</span></div> |
| <div class="line"><a name="l00483"></a><span class="lineno"> 483</span>  <span class="comment">// but not on tables in view inside view.</span></div> |
| <div class="line"><a name="l00484"></a><span class="lineno"> 484</span>  AuthzError(<span class="stringliteral">"explain select * from functional.view_view"</span>,</div> |
| <div class="line"><a name="l00485"></a><span class="lineno"> 485</span>  <span class="stringliteral">"User '%s' does not have privileges to EXPLAIN this statement."</span>);</div> |
| <div class="line"><a name="l00486"></a><span class="lineno"> 486</span>  <span class="comment">// User doesn't have permission on tables in view inside view.</span></div> |
| <div class="line"><a name="l00487"></a><span class="lineno"> 487</span>  AuthzError(<span class="stringliteral">"explain insert into functional_seq_snap.alltypes "</span> +</div> |
| <div class="line"><a name="l00488"></a><span class="lineno"> 488</span>  <span class="stringliteral">"partition(month,year) select * from functional.view_view"</span>,</div> |
| <div class="line"><a name="l00489"></a><span class="lineno"> 489</span>  <span class="stringliteral">"User '%s' does not have privileges to EXPLAIN this statement."</span>);</div> |
| <div class="line"><a name="l00490"></a><span class="lineno"> 490</span> </div> |
| <div class="line"><a name="l00491"></a><span class="lineno"> 491</span>  <span class="comment">// User has SELECT privileges on the view, but does not have privileges</span></div> |
| <div class="line"><a name="l00492"></a><span class="lineno"> 492</span>  <span class="comment">// to select join table. Should get standard auth message back.</span></div> |
| <div class="line"><a name="l00493"></a><span class="lineno"> 493</span>  AuthzError(<span class="stringliteral">"explain select a.id from functional.view_view a "</span></div> |
| <div class="line"><a name="l00494"></a><span class="lineno"> 494</span>  + <span class="stringliteral">"join functional.alltypes b ON (a.id = b.id)"</span>,</div> |
| <div class="line"><a name="l00495"></a><span class="lineno"> 495</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00496"></a><span class="lineno"> 496</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00497"></a><span class="lineno"> 497</span> </div> |
| <div class="line"><a name="l00498"></a><span class="lineno"> 498</span>  <span class="comment">// User has privileges on tables inside the first view, but not the second</span></div> |
| <div class="line"><a name="l00499"></a><span class="lineno"> 499</span>  <span class="comment">// view. Should get masked auth error back.</span></div> |
| <div class="line"><a name="l00500"></a><span class="lineno"> 500</span>  AuthzError(<span class="stringliteral">"explain select a.id from functional.view_view a "</span></div> |
| <div class="line"><a name="l00501"></a><span class="lineno"> 501</span>  + <span class="stringliteral">"join functional.complex_view b ON (a.id = b.id)"</span>,</div> |
| <div class="line"><a name="l00502"></a><span class="lineno"> 502</span>  <span class="stringliteral">"User '%s' does not have privileges to EXPLAIN this statement."</span>);</div> |
| <div class="line"><a name="l00503"></a><span class="lineno"> 503</span>  }</div> |
| <div class="line"><a name="l00504"></a><span class="lineno"> 504</span> </div> |
| <div class="line"><a name="l00505"></a><span class="lineno"> 505</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00506"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a3c93574a7f6bec59974c53e5220e759d"> 506</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a3c93574a7f6bec59974c53e5220e759d">TestUseDb</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l00507"></a><span class="lineno"> 507</span>  <span class="comment">// Positive cases (user has privileges on these tables).</span></div> |
| <div class="line"><a name="l00508"></a><span class="lineno"> 508</span>  AuthzOk(<span class="stringliteral">"use functional"</span>);</div> |
| <div class="line"><a name="l00509"></a><span class="lineno"> 509</span>  AuthzOk(<span class="stringliteral">"use tpcds"</span>);</div> |
| <div class="line"><a name="l00510"></a><span class="lineno"> 510</span>  AuthzOk(<span class="stringliteral">"use tpch"</span>);</div> |
| <div class="line"><a name="l00511"></a><span class="lineno"> 511</span> </div> |
| <div class="line"><a name="l00512"></a><span class="lineno"> 512</span>  <span class="comment">// Should always be able to use default, even if privilege was not explicitly</span></div> |
| <div class="line"><a name="l00513"></a><span class="lineno"> 513</span>  <span class="comment">// granted.</span></div> |
| <div class="line"><a name="l00514"></a><span class="lineno"> 514</span>  AuthzOk(<span class="stringliteral">"use default"</span>);</div> |
| <div class="line"><a name="l00515"></a><span class="lineno"> 515</span> </div> |
| <div class="line"><a name="l00516"></a><span class="lineno"> 516</span>  AuthzError(<span class="stringliteral">"use functional_seq"</span>,</div> |
| <div class="line"><a name="l00517"></a><span class="lineno"> 517</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional_seq.*"</span>);</div> |
| <div class="line"><a name="l00518"></a><span class="lineno"> 518</span> </div> |
| <div class="line"><a name="l00519"></a><span class="lineno"> 519</span>  <span class="comment">// Database does not exist, user does not have access.</span></div> |
| <div class="line"><a name="l00520"></a><span class="lineno"> 520</span>  AuthzError(<span class="stringliteral">"use nodb"</span>,</div> |
| <div class="line"><a name="l00521"></a><span class="lineno"> 521</span>  <span class="stringliteral">"User '%s' does not have privileges to access: nodb.*"</span>);</div> |
| <div class="line"><a name="l00522"></a><span class="lineno"> 522</span> </div> |
| <div class="line"><a name="l00523"></a><span class="lineno"> 523</span>  <span class="comment">// Database does not exist, user has access:</span></div> |
| <div class="line"><a name="l00524"></a><span class="lineno"> 524</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l00525"></a><span class="lineno"> 525</span>  AuthzOk(<span class="stringliteral">"use newdb"</span>);</div> |
| <div class="line"><a name="l00526"></a><span class="lineno"> 526</span>  fail(<span class="stringliteral">"Expected AnalysisException"</span>);</div> |
| <div class="line"><a name="l00527"></a><span class="lineno"> 527</span>  } <span class="keywordflow">catch</span> (AnalysisException e) {</div> |
| <div class="line"><a name="l00528"></a><span class="lineno"> 528</span>  Assert.assertEquals(e.getMessage(), <span class="stringliteral">"Database does not exist: newdb"</span>);</div> |
| <div class="line"><a name="l00529"></a><span class="lineno"> 529</span>  }</div> |
| <div class="line"><a name="l00530"></a><span class="lineno"> 530</span> </div> |
| <div class="line"><a name="l00531"></a><span class="lineno"> 531</span>  <span class="comment">// All users should be able to use the system db.</span></div> |
| <div class="line"><a name="l00532"></a><span class="lineno"> 532</span>  AuthzOk(<span class="stringliteral">"use _impala_builtins"</span>);</div> |
| <div class="line"><a name="l00533"></a><span class="lineno"> 533</span>  }</div> |
| <div class="line"><a name="l00534"></a><span class="lineno"> 534</span> </div> |
| <div class="line"><a name="l00535"></a><span class="lineno"> 535</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00536"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a957b40be9afbf089bc16032ddfcf9200"> 536</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a957b40be9afbf089bc16032ddfcf9200">TestResetMetadata</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">ImpalaException</a> {</div> |
| <div class="line"><a name="l00537"></a><span class="lineno"> 537</span>  <span class="comment">// Positive cases (user has privileges on these tables/views).</span></div> |
| <div class="line"><a name="l00538"></a><span class="lineno"> 538</span>  AuthzOk(<span class="stringliteral">"invalidate metadata functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00539"></a><span class="lineno"> 539</span>  AuthzOk(<span class="stringliteral">"refresh functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00540"></a><span class="lineno"> 540</span>  AuthzOk(<span class="stringliteral">"invalidate metadata functional.view_view"</span>);</div> |
| <div class="line"><a name="l00541"></a><span class="lineno"> 541</span>  AuthzOk(<span class="stringliteral">"refresh functional.view_view"</span>);</div> |
| <div class="line"><a name="l00542"></a><span class="lineno"> 542</span> </div> |
| <div class="line"><a name="l00543"></a><span class="lineno"> 543</span>  AuthzError(<span class="stringliteral">"invalidate metadata unknown_db.alltypessmall"</span>,</div> |
| <div class="line"><a name="l00544"></a><span class="lineno"> 544</span>  <span class="stringliteral">"User '%s' does not have privileges to access: unknown_db.alltypessmall"</span>);</div> |
| <div class="line"><a name="l00545"></a><span class="lineno"> 545</span>  AuthzError(<span class="stringliteral">"invalidate metadata functional_seq.alltypessmall"</span>,</div> |
| <div class="line"><a name="l00546"></a><span class="lineno"> 546</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional_seq.alltypessmall"</span>);</div> |
| <div class="line"><a name="l00547"></a><span class="lineno"> 547</span>  AuthzError(<span class="stringliteral">"invalidate metadata functional.alltypes_view"</span>,</div> |
| <div class="line"><a name="l00548"></a><span class="lineno"> 548</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00549"></a><span class="lineno"> 549</span>  AuthzError(<span class="stringliteral">"invalidate metadata functional.unknown_table"</span>,</div> |
| <div class="line"><a name="l00550"></a><span class="lineno"> 550</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.unknown_table"</span>);</div> |
| <div class="line"><a name="l00551"></a><span class="lineno"> 551</span>  AuthzError(<span class="stringliteral">"invalidate metadata functional.alltypessmall"</span>,</div> |
| <div class="line"><a name="l00552"></a><span class="lineno"> 552</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.alltypessmall"</span>);</div> |
| <div class="line"><a name="l00553"></a><span class="lineno"> 553</span>  AuthzError(<span class="stringliteral">"refresh functional.alltypessmall"</span>,</div> |
| <div class="line"><a name="l00554"></a><span class="lineno"> 554</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.alltypessmall"</span>);</div> |
| <div class="line"><a name="l00555"></a><span class="lineno"> 555</span>  AuthzError(<span class="stringliteral">"refresh functional.alltypes_view"</span>,</div> |
| <div class="line"><a name="l00556"></a><span class="lineno"> 556</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00557"></a><span class="lineno"> 557</span> </div> |
| <div class="line"><a name="l00558"></a><span class="lineno"> 558</span>  AuthzError(<span class="stringliteral">"invalidate metadata"</span>,</div> |
| <div class="line"><a name="l00559"></a><span class="lineno"> 559</span>  <span class="stringliteral">"User '%s' does not have privileges to access: server"</span>);</div> |
| <div class="line"><a name="l00560"></a><span class="lineno"> 560</span> </div> |
| <div class="line"><a name="l00561"></a><span class="lineno"> 561</span>  <span class="comment">// TODO: Add test support for dynamically changing privileges for</span></div> |
| <div class="line"><a name="l00562"></a><span class="lineno"> 562</span>  <span class="comment">// file-based policy.</span></div> |
| <div class="line"><a name="l00563"></a><span class="lineno"> 563</span>  <span class="keywordflow">if</span> (authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5768546a8fc8db18eb1a9256c1d80f76">isFileBasedPolicy</a>()) <span class="keywordflow">return</span>;</div> |
| <div class="line"><a name="l00564"></a><span class="lineno"> 564</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a> sentryService = createSentryService();</div> |
| <div class="line"><a name="l00565"></a><span class="lineno"> 565</span> </div> |
| <div class="line"><a name="l00566"></a><span class="lineno"> 566</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l00567"></a><span class="lineno"> 567</span>  sentryService.grantRoleToGroup(USER, <span class="stringliteral">"admin"</span>, USER.getName());</div> |
| <div class="line"><a name="l00568"></a><span class="lineno"> 568</span>  ((<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">ImpaladTestCatalog</a>) catalog_).reset();</div> |
| <div class="line"><a name="l00569"></a><span class="lineno"> 569</span>  AuthzOk(<span class="stringliteral">"invalidate metadata"</span>);</div> |
| <div class="line"><a name="l00570"></a><span class="lineno"> 570</span>  } <span class="keywordflow">finally</span> {</div> |
| <div class="line"><a name="l00571"></a><span class="lineno"> 571</span>  sentryService.revokeRoleFromGroup(USER, <span class="stringliteral">"admin"</span>, USER.getName());</div> |
| <div class="line"><a name="l00572"></a><span class="lineno"> 572</span>  ((<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">ImpaladTestCatalog</a>) catalog_).reset();</div> |
| <div class="line"><a name="l00573"></a><span class="lineno"> 573</span>  }</div> |
| <div class="line"><a name="l00574"></a><span class="lineno"> 574</span>  }</div> |
| <div class="line"><a name="l00575"></a><span class="lineno"> 575</span> </div> |
| <div class="line"><a name="l00576"></a><span class="lineno"> 576</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00577"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa71a79fca040b11dccf0bbc1299fb605"> 577</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa71a79fca040b11dccf0bbc1299fb605">TestCreateTable</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l00578"></a><span class="lineno"> 578</span>  AuthzOk(<span class="stringliteral">"create table tpch.new_table (i int)"</span>);</div> |
| <div class="line"><a name="l00579"></a><span class="lineno"> 579</span>  AuthzOk(<span class="stringliteral">"create table tpch.new_lineitem like tpch.lineitem"</span>);</div> |
| <div class="line"><a name="l00580"></a><span class="lineno"> 580</span>  <span class="comment">// Create table IF NOT EXISTS, user has permission and table exists.</span></div> |
| <div class="line"><a name="l00581"></a><span class="lineno"> 581</span>  AuthzOk(<span class="stringliteral">"create table if not exists tpch.lineitem (i int)"</span>);</div> |
| <div class="line"><a name="l00582"></a><span class="lineno"> 582</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l00583"></a><span class="lineno"> 583</span>  AuthzOk(<span class="stringliteral">"create table tpch.lineitem (i int)"</span>);</div> |
| <div class="line"><a name="l00584"></a><span class="lineno"> 584</span>  fail(<span class="stringliteral">"Expected analysis error."</span>);</div> |
| <div class="line"><a name="l00585"></a><span class="lineno"> 585</span>  } <span class="keywordflow">catch</span> (AnalysisException e) {</div> |
| <div class="line"><a name="l00586"></a><span class="lineno"> 586</span>  Assert.assertEquals(e.getMessage(), <span class="stringliteral">"Table already exists: tpch.lineitem"</span>);</div> |
| <div class="line"><a name="l00587"></a><span class="lineno"> 587</span>  }</div> |
| <div class="line"><a name="l00588"></a><span class="lineno"> 588</span> </div> |
| <div class="line"><a name="l00589"></a><span class="lineno"> 589</span>  <span class="comment">// Create table AS SELECT positive and negative cases for SELECT privilege.</span></div> |
| <div class="line"><a name="l00590"></a><span class="lineno"> 590</span>  AuthzOk(<span class="stringliteral">"create table tpch.new_table as select * from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00591"></a><span class="lineno"> 591</span>  AuthzError(<span class="stringliteral">"create table tpch.new_table as select * from functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00592"></a><span class="lineno"> 592</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00593"></a><span class="lineno"> 593</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00594"></a><span class="lineno"> 594</span> </div> |
| <div class="line"><a name="l00595"></a><span class="lineno"> 595</span>  AuthzError(<span class="stringliteral">"create table functional.tbl tblproperties('a'='b')"</span> +</div> |
| <div class="line"><a name="l00596"></a><span class="lineno"> 596</span>  <span class="stringliteral">" as select 1"</span>,</div> |
| <div class="line"><a name="l00597"></a><span class="lineno"> 597</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00598"></a><span class="lineno"> 598</span>  <span class="stringliteral">"functional.tbl"</span>);</div> |
| <div class="line"><a name="l00599"></a><span class="lineno"> 599</span> </div> |
| <div class="line"><a name="l00600"></a><span class="lineno"> 600</span>  <span class="comment">// Create table IF NOT EXISTS, user does not have permission and table exists.</span></div> |
| <div class="line"><a name="l00601"></a><span class="lineno"> 601</span>  AuthzError(<span class="stringliteral">"create table if not exists functional_seq.alltypes (i int)"</span>,</div> |
| <div class="line"><a name="l00602"></a><span class="lineno"> 602</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00603"></a><span class="lineno"> 603</span>  <span class="stringliteral">"functional_seq.alltypes"</span>);</div> |
| <div class="line"><a name="l00604"></a><span class="lineno"> 604</span> </div> |
| <div class="line"><a name="l00605"></a><span class="lineno"> 605</span>  <span class="comment">// User has permission to create at given location.</span></div> |
| <div class="line"><a name="l00606"></a><span class="lineno"> 606</span>  AuthzOk(<span class="stringliteral">"create table tpch.new_table (i int) location "</span> +</div> |
| <div class="line"><a name="l00607"></a><span class="lineno"> 607</span>  <span class="stringliteral">"'hdfs://localhost:20500/test-warehouse/new_table'"</span>);</div> |
| <div class="line"><a name="l00608"></a><span class="lineno"> 608</span> </div> |
| <div class="line"><a name="l00609"></a><span class="lineno"> 609</span>  <span class="comment">// No permissions on source table.</span></div> |
| <div class="line"><a name="l00610"></a><span class="lineno"> 610</span>  AuthzError(<span class="stringliteral">"create table tpch.new_lineitem like tpch_seq.lineitem"</span>,</div> |
| <div class="line"><a name="l00611"></a><span class="lineno"> 611</span>  <span class="stringliteral">"User '%s' does not have privileges to access: tpch_seq.lineitem"</span>);</div> |
| <div class="line"><a name="l00612"></a><span class="lineno"> 612</span> </div> |
| <div class="line"><a name="l00613"></a><span class="lineno"> 613</span>  <span class="comment">// No permissions on target table.</span></div> |
| <div class="line"><a name="l00614"></a><span class="lineno"> 614</span>  AuthzError(<span class="stringliteral">"create table tpch_rc.new like tpch.lineitem"</span>,</div> |
| <div class="line"><a name="l00615"></a><span class="lineno"> 615</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: tpch_rc.new"</span>);</div> |
| <div class="line"><a name="l00616"></a><span class="lineno"> 616</span> </div> |
| <div class="line"><a name="l00617"></a><span class="lineno"> 617</span>  <span class="comment">// Unqualified table name.</span></div> |
| <div class="line"><a name="l00618"></a><span class="lineno"> 618</span>  AuthzError(<span class="stringliteral">"create table new_table (i int)"</span>,</div> |
| <div class="line"><a name="l00619"></a><span class="lineno"> 619</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: default.new_table"</span>);</div> |
| <div class="line"><a name="l00620"></a><span class="lineno"> 620</span> </div> |
| <div class="line"><a name="l00621"></a><span class="lineno"> 621</span>  <span class="comment">// Table already exists (user does not have permission).</span></div> |
| <div class="line"><a name="l00622"></a><span class="lineno"> 622</span>  AuthzError(<span class="stringliteral">"create table functional.alltypes (i int)"</span>,</div> |
| <div class="line"><a name="l00623"></a><span class="lineno"> 623</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00624"></a><span class="lineno"> 624</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00625"></a><span class="lineno"> 625</span> </div> |
| <div class="line"><a name="l00626"></a><span class="lineno"> 626</span>  <span class="comment">// Database does not exist, user does not have access.</span></div> |
| <div class="line"><a name="l00627"></a><span class="lineno"> 627</span>  AuthzError(<span class="stringliteral">"create table nodb.alltypes (i int)"</span>,</div> |
| <div class="line"><a name="l00628"></a><span class="lineno"> 628</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00629"></a><span class="lineno"> 629</span>  <span class="stringliteral">"nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l00630"></a><span class="lineno"> 630</span> </div> |
| <div class="line"><a name="l00631"></a><span class="lineno"> 631</span>  <span class="comment">// User does not have permission to create table at the specified location..</span></div> |
| <div class="line"><a name="l00632"></a><span class="lineno"> 632</span>  AuthzError(<span class="stringliteral">"create table tpch.new_table (i int) location "</span> +</div> |
| <div class="line"><a name="l00633"></a><span class="lineno"> 633</span>  <span class="stringliteral">"'hdfs://localhost:20500/test-warehouse/alltypes'"</span>,</div> |
| <div class="line"><a name="l00634"></a><span class="lineno"> 634</span>  <span class="stringliteral">"User '%s' does not have privileges to access: "</span> +</div> |
| <div class="line"><a name="l00635"></a><span class="lineno"> 635</span>  <span class="stringliteral">"hdfs://localhost:20500/test-warehouse/alltypes"</span>);</div> |
| <div class="line"><a name="l00636"></a><span class="lineno"> 636</span> </div> |
| <div class="line"><a name="l00637"></a><span class="lineno"> 637</span>  AuthzError(<span class="stringliteral">"create table _impala_builtins.tbl(i int)"</span>,</div> |
| <div class="line"><a name="l00638"></a><span class="lineno"> 638</span>  <span class="stringliteral">"Cannot modify system database."</span>);</div> |
| <div class="line"><a name="l00639"></a><span class="lineno"> 639</span> </div> |
| <div class="line"><a name="l00640"></a><span class="lineno"> 640</span>  <span class="comment">// Check that create like file follows authorization rules for HDFS files</span></div> |
| <div class="line"><a name="l00641"></a><span class="lineno"> 641</span>  AuthzError(<span class="stringliteral">"create table tpch.table_DNE like parquet "</span></div> |
| <div class="line"><a name="l00642"></a><span class="lineno"> 642</span>  + <span class="stringliteral">"'hdfs://localhost:20500/test-warehouse/alltypes'"</span>,</div> |
| <div class="line"><a name="l00643"></a><span class="lineno"> 643</span>  <span class="stringliteral">"User '%s' does not have privileges to access: "</span></div> |
| <div class="line"><a name="l00644"></a><span class="lineno"> 644</span>  + <span class="stringliteral">"hdfs://localhost:20500/test-warehouse/alltypes"</span>);</div> |
| <div class="line"><a name="l00645"></a><span class="lineno"> 645</span>  }</div> |
| <div class="line"><a name="l00646"></a><span class="lineno"> 646</span> </div> |
| <div class="line"><a name="l00647"></a><span class="lineno"> 647</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00648"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ae85ff09595e027387de33e00650326a7"> 648</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ae85ff09595e027387de33e00650326a7">TestCreateView</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l00649"></a><span class="lineno"> 649</span>  AuthzOk(<span class="stringliteral">"create view tpch.new_view as select * from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00650"></a><span class="lineno"> 650</span>  AuthzOk(<span class="stringliteral">"create view tpch.new_view (a, b, c) as "</span> +</div> |
| <div class="line"><a name="l00651"></a><span class="lineno"> 651</span>  <span class="stringliteral">"select int_col, string_col, timestamp_col from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00652"></a><span class="lineno"> 652</span>  <span class="comment">// Create view IF NOT EXISTS, user has permission and table exists.</span></div> |
| <div class="line"><a name="l00653"></a><span class="lineno"> 653</span>  AuthzOk(<span class="stringliteral">"create view if not exists tpch.lineitem as "</span> +</div> |
| <div class="line"><a name="l00654"></a><span class="lineno"> 654</span>  <span class="stringliteral">"select * from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00655"></a><span class="lineno"> 655</span>  <span class="comment">// Create view IF NOT EXISTS, user has permission and table/view exists.</span></div> |
| <div class="line"><a name="l00656"></a><span class="lineno"> 656</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l00657"></a><span class="lineno"> 657</span>  AuthzOk(<span class="stringliteral">"create view tpch.lineitem as select * from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l00658"></a><span class="lineno"> 658</span>  fail(<span class="stringliteral">"Expected analysis error."</span>);</div> |
| <div class="line"><a name="l00659"></a><span class="lineno"> 659</span>  } <span class="keywordflow">catch</span> (AnalysisException e) {</div> |
| <div class="line"><a name="l00660"></a><span class="lineno"> 660</span>  Assert.assertEquals(e.getMessage(), <span class="stringliteral">"Table already exists: tpch.lineitem"</span>);</div> |
| <div class="line"><a name="l00661"></a><span class="lineno"> 661</span>  }</div> |
| <div class="line"><a name="l00662"></a><span class="lineno"> 662</span> </div> |
| <div class="line"><a name="l00663"></a><span class="lineno"> 663</span>  <span class="comment">// Create view IF NOT EXISTS, user does not have permission and table/view exists.</span></div> |
| <div class="line"><a name="l00664"></a><span class="lineno"> 664</span>  AuthzError(<span class="stringliteral">"create view if not exists functional_seq.alltypes as "</span> +</div> |
| <div class="line"><a name="l00665"></a><span class="lineno"> 665</span>  <span class="stringliteral">"select * from functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l00666"></a><span class="lineno"> 666</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00667"></a><span class="lineno"> 667</span>  <span class="stringliteral">"functional_seq.alltypes"</span>);</div> |
| <div class="line"><a name="l00668"></a><span class="lineno"> 668</span> </div> |
| <div class="line"><a name="l00669"></a><span class="lineno"> 669</span>  <span class="comment">// No permissions on source table.</span></div> |
| <div class="line"><a name="l00670"></a><span class="lineno"> 670</span>  AuthzError(<span class="stringliteral">"create view tpch.new_view as select * from functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00671"></a><span class="lineno"> 671</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l00672"></a><span class="lineno"> 672</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00673"></a><span class="lineno"> 673</span> </div> |
| <div class="line"><a name="l00674"></a><span class="lineno"> 674</span>  <span class="comment">// No permissions on target table.</span></div> |
| <div class="line"><a name="l00675"></a><span class="lineno"> 675</span>  AuthzError(<span class="stringliteral">"create view tpch_rc.new as select * from functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l00676"></a><span class="lineno"> 676</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: tpch_rc.new"</span>);</div> |
| <div class="line"><a name="l00677"></a><span class="lineno"> 677</span> </div> |
| <div class="line"><a name="l00678"></a><span class="lineno"> 678</span>  <span class="comment">// Unqualified view name.</span></div> |
| <div class="line"><a name="l00679"></a><span class="lineno"> 679</span>  AuthzError(<span class="stringliteral">"create view new_view as select * from functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l00680"></a><span class="lineno"> 680</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: default.new_view"</span>);</div> |
| <div class="line"><a name="l00681"></a><span class="lineno"> 681</span> </div> |
| <div class="line"><a name="l00682"></a><span class="lineno"> 682</span>  <span class="comment">// Table already exists (user does not have permission).</span></div> |
| <div class="line"><a name="l00683"></a><span class="lineno"> 683</span>  AuthzError(<span class="stringliteral">"create view functional.alltypes_view as "</span> +</div> |
| <div class="line"><a name="l00684"></a><span class="lineno"> 684</span>  <span class="stringliteral">"select * from functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l00685"></a><span class="lineno"> 685</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00686"></a><span class="lineno"> 686</span>  <span class="stringliteral">"functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00687"></a><span class="lineno"> 687</span> </div> |
| <div class="line"><a name="l00688"></a><span class="lineno"> 688</span>  <span class="comment">// Database does not exist, user does not have access.</span></div> |
| <div class="line"><a name="l00689"></a><span class="lineno"> 689</span>  AuthzError(<span class="stringliteral">"create view nodb.alltypes as select * from functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l00690"></a><span class="lineno"> 690</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00691"></a><span class="lineno"> 691</span>  <span class="stringliteral">"nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l00692"></a><span class="lineno"> 692</span> </div> |
| <div class="line"><a name="l00693"></a><span class="lineno"> 693</span>  AuthzError(<span class="stringliteral">"create view _impala_builtins.new_view as "</span></div> |
| <div class="line"><a name="l00694"></a><span class="lineno"> 694</span>  + <span class="stringliteral">"select * from functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l00695"></a><span class="lineno"> 695</span>  <span class="stringliteral">"Cannot modify system database."</span>);</div> |
| <div class="line"><a name="l00696"></a><span class="lineno"> 696</span>  }</div> |
| <div class="line"><a name="l00697"></a><span class="lineno"> 697</span> </div> |
| <div class="line"><a name="l00698"></a><span class="lineno"> 698</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00699"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ab1e78e3702d8224c6391b7613d856124"> 699</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ab1e78e3702d8224c6391b7613d856124">TestCreateDatabase</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">ImpalaException</a> {</div> |
| <div class="line"><a name="l00700"></a><span class="lineno"> 700</span>  <span class="comment">// Database already exists (no permissions).</span></div> |
| <div class="line"><a name="l00701"></a><span class="lineno"> 701</span>  AuthzError(<span class="stringliteral">"create database functional"</span>,</div> |
| <div class="line"><a name="l00702"></a><span class="lineno"> 702</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: functional"</span>);</div> |
| <div class="line"><a name="l00703"></a><span class="lineno"> 703</span> </div> |
| <div class="line"><a name="l00704"></a><span class="lineno"> 704</span>  <span class="comment">// Non existent db (no permissions).</span></div> |
| <div class="line"><a name="l00705"></a><span class="lineno"> 705</span>  AuthzError(<span class="stringliteral">"create database nodb"</span>,</div> |
| <div class="line"><a name="l00706"></a><span class="lineno"> 706</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: nodb"</span>);</div> |
| <div class="line"><a name="l00707"></a><span class="lineno"> 707</span> </div> |
| <div class="line"><a name="l00708"></a><span class="lineno"> 708</span>  <span class="comment">// Non existent db (no permissions).</span></div> |
| <div class="line"><a name="l00709"></a><span class="lineno"> 709</span>  AuthzError(<span class="stringliteral">"create database if not exists _impala_builtins"</span>,</div> |
| <div class="line"><a name="l00710"></a><span class="lineno"> 710</span>  <span class="stringliteral">"Cannot modify system database."</span>);</div> |
| <div class="line"><a name="l00711"></a><span class="lineno"> 711</span> </div> |
| <div class="line"><a name="l00712"></a><span class="lineno"> 712</span>  <span class="comment">// TODO: Add test support for dynamically changing privileges for</span></div> |
| <div class="line"><a name="l00713"></a><span class="lineno"> 713</span>  <span class="comment">// file-based policy.</span></div> |
| <div class="line"><a name="l00714"></a><span class="lineno"> 714</span>  <span class="keywordflow">if</span> (authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5768546a8fc8db18eb1a9256c1d80f76">isFileBasedPolicy</a>()) <span class="keywordflow">return</span>;</div> |
| <div class="line"><a name="l00715"></a><span class="lineno"> 715</span> </div> |
| <div class="line"><a name="l00716"></a><span class="lineno"> 716</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a> sentryService =</div> |
| <div class="line"><a name="l00717"></a><span class="lineno"> 717</span>  <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a>(authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5ba958fd6bdecb5c2cac4f4171147c90">getSentryConfig</a>());</div> |
| <div class="line"><a name="l00718"></a><span class="lineno"> 718</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l00719"></a><span class="lineno"> 719</span>  sentryService.grantRoleToGroup(USER, <span class="stringliteral">"admin"</span>, USER.getName());</div> |
| <div class="line"><a name="l00720"></a><span class="lineno"> 720</span>  ((<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">ImpaladTestCatalog</a>) catalog_).reset();</div> |
| <div class="line"><a name="l00721"></a><span class="lineno"> 721</span> </div> |
| <div class="line"><a name="l00722"></a><span class="lineno"> 722</span>  <span class="comment">// User has permissions to create database.</span></div> |
| <div class="line"><a name="l00723"></a><span class="lineno"> 723</span>  AuthzOk(<span class="stringliteral">"create database newdb"</span>);</div> |
| <div class="line"><a name="l00724"></a><span class="lineno"> 724</span> </div> |
| <div class="line"><a name="l00725"></a><span class="lineno"> 725</span>  <span class="comment">// Create database with location specified explicitly (user has permission).</span></div> |
| <div class="line"><a name="l00726"></a><span class="lineno"> 726</span>  <span class="comment">// Since create database requires server-level privileges there should never</span></div> |
| <div class="line"><a name="l00727"></a><span class="lineno"> 727</span>  <span class="comment">// be a case where the user has privileges to create a database does not have</span></div> |
| <div class="line"><a name="l00728"></a><span class="lineno"> 728</span>  <span class="comment">// privileges on the URI.</span></div> |
| <div class="line"><a name="l00729"></a><span class="lineno"> 729</span>  AuthzOk(<span class="stringliteral">"create database newdb location "</span> +</div> |
| <div class="line"><a name="l00730"></a><span class="lineno"> 730</span>  <span class="stringliteral">"'hdfs://localhost:20500/test-warehouse/new_table'"</span>);</div> |
| <div class="line"><a name="l00731"></a><span class="lineno"> 731</span>  } <span class="keywordflow">finally</span> {</div> |
| <div class="line"><a name="l00732"></a><span class="lineno"> 732</span>  sentryService.revokeRoleFromGroup(USER, <span class="stringliteral">"admin"</span>, USER.getName());</div> |
| <div class="line"><a name="l00733"></a><span class="lineno"> 733</span>  ((<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">ImpaladTestCatalog</a>) catalog_).reset();</div> |
| <div class="line"><a name="l00734"></a><span class="lineno"> 734</span>  }</div> |
| <div class="line"><a name="l00735"></a><span class="lineno"> 735</span>  }</div> |
| <div class="line"><a name="l00736"></a><span class="lineno"> 736</span> </div> |
| <div class="line"><a name="l00737"></a><span class="lineno"> 737</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00738"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a8351cebb13f843f5c442d30d85cbc11a"> 738</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a8351cebb13f843f5c442d30d85cbc11a">TestDropDatabase</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l00739"></a><span class="lineno"> 739</span>  <span class="comment">// User has permissions.</span></div> |
| <div class="line"><a name="l00740"></a><span class="lineno"> 740</span>  AuthzOk(<span class="stringliteral">"drop database tpch"</span>);</div> |
| <div class="line"><a name="l00741"></a><span class="lineno"> 741</span>  <span class="comment">// User has permissions, database does not exists and IF EXISTS specified</span></div> |
| <div class="line"><a name="l00742"></a><span class="lineno"> 742</span>  AuthzOk(<span class="stringliteral">"drop database if exists newdb"</span>);</div> |
| <div class="line"><a name="l00743"></a><span class="lineno"> 743</span>  <span class="comment">// User has permission, database does not exists, IF EXISTS not specified.</span></div> |
| <div class="line"><a name="l00744"></a><span class="lineno"> 744</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l00745"></a><span class="lineno"> 745</span>  AuthzOk(<span class="stringliteral">"drop database newdb"</span>);</div> |
| <div class="line"><a name="l00746"></a><span class="lineno"> 746</span>  fail(<span class="stringliteral">"Expected analysis error"</span>);</div> |
| <div class="line"><a name="l00747"></a><span class="lineno"> 747</span>  } <span class="keywordflow">catch</span> (AnalysisException e) {</div> |
| <div class="line"><a name="l00748"></a><span class="lineno"> 748</span>  Assert.assertEquals(e.getMessage(), <span class="stringliteral">"Database does not exist: newdb"</span>);</div> |
| <div class="line"><a name="l00749"></a><span class="lineno"> 749</span>  }</div> |
| <div class="line"><a name="l00750"></a><span class="lineno"> 750</span> </div> |
| <div class="line"><a name="l00751"></a><span class="lineno"> 751</span>  <span class="comment">// Database exists, user doesn't have permission to drop.</span></div> |
| <div class="line"><a name="l00752"></a><span class="lineno"> 752</span>  AuthzError(<span class="stringliteral">"drop database functional"</span>,</div> |
| <div class="line"><a name="l00753"></a><span class="lineno"> 753</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: functional"</span>);</div> |
| <div class="line"><a name="l00754"></a><span class="lineno"> 754</span>  AuthzError(<span class="stringliteral">"drop database if exists functional"</span>,</div> |
| <div class="line"><a name="l00755"></a><span class="lineno"> 755</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: functional"</span>);</div> |
| <div class="line"><a name="l00756"></a><span class="lineno"> 756</span> </div> |
| <div class="line"><a name="l00757"></a><span class="lineno"> 757</span>  <span class="comment">// Database does not exist, user doesn't have permission to drop.</span></div> |
| <div class="line"><a name="l00758"></a><span class="lineno"> 758</span>  AuthzError(<span class="stringliteral">"drop database nodb"</span>,</div> |
| <div class="line"><a name="l00759"></a><span class="lineno"> 759</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: nodb"</span>);</div> |
| <div class="line"><a name="l00760"></a><span class="lineno"> 760</span>  AuthzError(<span class="stringliteral">"drop database if exists nodb"</span>,</div> |
| <div class="line"><a name="l00761"></a><span class="lineno"> 761</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: nodb"</span>);</div> |
| <div class="line"><a name="l00762"></a><span class="lineno"> 762</span> </div> |
| <div class="line"><a name="l00763"></a><span class="lineno"> 763</span>  AuthzError(<span class="stringliteral">"drop database _impala_builtins"</span>,</div> |
| <div class="line"><a name="l00764"></a><span class="lineno"> 764</span>  <span class="stringliteral">"Cannot modify system database."</span>);</div> |
| <div class="line"><a name="l00765"></a><span class="lineno"> 765</span>  }</div> |
| <div class="line"><a name="l00766"></a><span class="lineno"> 766</span> </div> |
| <div class="line"><a name="l00767"></a><span class="lineno"> 767</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00768"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a60442b9127a348c1d28281f05d4534b4"> 768</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a60442b9127a348c1d28281f05d4534b4">TestDropTable</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l00769"></a><span class="lineno"> 769</span>  <span class="comment">// Drop table (user has permission).</span></div> |
| <div class="line"><a name="l00770"></a><span class="lineno"> 770</span>  AuthzOk(<span class="stringliteral">"drop table tpch.lineitem"</span>);</div> |
| <div class="line"><a name="l00771"></a><span class="lineno"> 771</span>  AuthzOk(<span class="stringliteral">"drop table if exists tpch.lineitem"</span>);</div> |
| <div class="line"><a name="l00772"></a><span class="lineno"> 772</span> </div> |
| <div class="line"><a name="l00773"></a><span class="lineno"> 773</span>  <span class="comment">// Drop table (user does not have permission).</span></div> |
| <div class="line"><a name="l00774"></a><span class="lineno"> 774</span>  AuthzError(<span class="stringliteral">"drop table functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00775"></a><span class="lineno"> 775</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00776"></a><span class="lineno"> 776</span>  AuthzError(<span class="stringliteral">"drop table if exists functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00777"></a><span class="lineno"> 777</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00778"></a><span class="lineno"> 778</span> </div> |
| <div class="line"><a name="l00779"></a><span class="lineno"> 779</span>  <span class="comment">// Drop table with unqualified table name.</span></div> |
| <div class="line"><a name="l00780"></a><span class="lineno"> 780</span>  AuthzError(<span class="stringliteral">"drop table alltypes"</span>,</div> |
| <div class="line"><a name="l00781"></a><span class="lineno"> 781</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: default.alltypes"</span>);</div> |
| <div class="line"><a name="l00782"></a><span class="lineno"> 782</span> </div> |
| <div class="line"><a name="l00783"></a><span class="lineno"> 783</span>  <span class="comment">// Drop table with non-existent database.</span></div> |
| <div class="line"><a name="l00784"></a><span class="lineno"> 784</span>  AuthzError(<span class="stringliteral">"drop table nodb.alltypes"</span>,</div> |
| <div class="line"><a name="l00785"></a><span class="lineno"> 785</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l00786"></a><span class="lineno"> 786</span> </div> |
| <div class="line"><a name="l00787"></a><span class="lineno"> 787</span>  <span class="comment">// Drop table with non-existent table.</span></div> |
| <div class="line"><a name="l00788"></a><span class="lineno"> 788</span>  AuthzError(<span class="stringliteral">"drop table functional.notbl"</span>,</div> |
| <div class="line"><a name="l00789"></a><span class="lineno"> 789</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: functional.notbl"</span>);</div> |
| <div class="line"><a name="l00790"></a><span class="lineno"> 790</span> </div> |
| <div class="line"><a name="l00791"></a><span class="lineno"> 791</span>  <span class="comment">// Using DROP TABLE on a view does not reveal privileged information.</span></div> |
| <div class="line"><a name="l00792"></a><span class="lineno"> 792</span>  AuthzError(<span class="stringliteral">"drop table functional.view_view"</span>,</div> |
| <div class="line"><a name="l00793"></a><span class="lineno"> 793</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: functional.view_view"</span>);</div> |
| <div class="line"><a name="l00794"></a><span class="lineno"> 794</span> </div> |
| <div class="line"><a name="l00795"></a><span class="lineno"> 795</span>  <span class="comment">// Using DROP TABLE on a view does not reveal privileged information.</span></div> |
| <div class="line"><a name="l00796"></a><span class="lineno"> 796</span>  AuthzError(<span class="stringliteral">"drop table if exists _impala_builtins.tbl"</span>,</div> |
| <div class="line"><a name="l00797"></a><span class="lineno"> 797</span>  <span class="stringliteral">"Cannot modify system database."</span>);</div> |
| <div class="line"><a name="l00798"></a><span class="lineno"> 798</span>  }</div> |
| <div class="line"><a name="l00799"></a><span class="lineno"> 799</span> </div> |
| <div class="line"><a name="l00800"></a><span class="lineno"> 800</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00801"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a942e579460060b80fadc3cc37521e0d1"> 801</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a942e579460060b80fadc3cc37521e0d1">TestDropView</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l00802"></a><span class="lineno"> 802</span>  <span class="comment">// Drop view (user has permission).</span></div> |
| <div class="line"><a name="l00803"></a><span class="lineno"> 803</span>  AuthzOk(<span class="stringliteral">"drop view functional_seq_snap.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00804"></a><span class="lineno"> 804</span>  AuthzOk(<span class="stringliteral">"drop view if exists functional_seq_snap.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00805"></a><span class="lineno"> 805</span> </div> |
| <div class="line"><a name="l00806"></a><span class="lineno"> 806</span>  <span class="comment">// Drop view (user does not have permission).</span></div> |
| <div class="line"><a name="l00807"></a><span class="lineno"> 807</span>  AuthzError(<span class="stringliteral">"drop view functional.alltypes_view"</span>,</div> |
| <div class="line"><a name="l00808"></a><span class="lineno"> 808</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00809"></a><span class="lineno"> 809</span>  AuthzError(<span class="stringliteral">"drop view if exists functional.alltypes_view"</span>,</div> |
| <div class="line"><a name="l00810"></a><span class="lineno"> 810</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00811"></a><span class="lineno"> 811</span> </div> |
| <div class="line"><a name="l00812"></a><span class="lineno"> 812</span>  <span class="comment">// Drop view with unqualified table name.</span></div> |
| <div class="line"><a name="l00813"></a><span class="lineno"> 813</span>  AuthzError(<span class="stringliteral">"drop view alltypes"</span>,</div> |
| <div class="line"><a name="l00814"></a><span class="lineno"> 814</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: default.alltypes"</span>);</div> |
| <div class="line"><a name="l00815"></a><span class="lineno"> 815</span> </div> |
| <div class="line"><a name="l00816"></a><span class="lineno"> 816</span>  <span class="comment">// Drop view with non-existent database.</span></div> |
| <div class="line"><a name="l00817"></a><span class="lineno"> 817</span>  AuthzError(<span class="stringliteral">"drop view nodb.alltypes"</span>,</div> |
| <div class="line"><a name="l00818"></a><span class="lineno"> 818</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l00819"></a><span class="lineno"> 819</span> </div> |
| <div class="line"><a name="l00820"></a><span class="lineno"> 820</span>  <span class="comment">// Drop view with non-existent table.</span></div> |
| <div class="line"><a name="l00821"></a><span class="lineno"> 821</span>  AuthzError(<span class="stringliteral">"drop view functional.notbl"</span>,</div> |
| <div class="line"><a name="l00822"></a><span class="lineno"> 822</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: functional.notbl"</span>);</div> |
| <div class="line"><a name="l00823"></a><span class="lineno"> 823</span> </div> |
| <div class="line"><a name="l00824"></a><span class="lineno"> 824</span>  <span class="comment">// Using DROP VIEW on a table does not reveal privileged information.</span></div> |
| <div class="line"><a name="l00825"></a><span class="lineno"> 825</span>  AuthzError(<span class="stringliteral">"drop view functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00826"></a><span class="lineno"> 826</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00827"></a><span class="lineno"> 827</span> </div> |
| <div class="line"><a name="l00828"></a><span class="lineno"> 828</span>  <span class="comment">// Using DROP VIEW on a table does not reveal privileged information.</span></div> |
| <div class="line"><a name="l00829"></a><span class="lineno"> 829</span>  AuthzError(<span class="stringliteral">"drop view _impala_builtins.my_view"</span>,</div> |
| <div class="line"><a name="l00830"></a><span class="lineno"> 830</span>  <span class="stringliteral">"Cannot modify system database."</span>);</div> |
| <div class="line"><a name="l00831"></a><span class="lineno"> 831</span>  }</div> |
| <div class="line"><a name="l00832"></a><span class="lineno"> 832</span> </div> |
| <div class="line"><a name="l00833"></a><span class="lineno"> 833</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00834"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a6dd6148e3254e38229e72a597ac7f2e8"> 834</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a6dd6148e3254e38229e72a597ac7f2e8">TestAlterTable</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l00835"></a><span class="lineno"> 835</span>  <span class="comment">// User has permissions to modify tables.</span></div> |
| <div class="line"><a name="l00836"></a><span class="lineno"> 836</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes ADD COLUMNS (c1 int)"</span>);</div> |
| <div class="line"><a name="l00837"></a><span class="lineno"> 837</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes REPLACE COLUMNS (c1 int)"</span>);</div> |
| <div class="line"><a name="l00838"></a><span class="lineno"> 838</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes CHANGE int_col c1 int"</span>);</div> |
| <div class="line"><a name="l00839"></a><span class="lineno"> 839</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes DROP int_col"</span>);</div> |
| <div class="line"><a name="l00840"></a><span class="lineno"> 840</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes RENAME TO functional_seq_snap.t1"</span>);</div> |
| <div class="line"><a name="l00841"></a><span class="lineno"> 841</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes SET FILEFORMAT PARQUET"</span>);</div> |
| <div class="line"><a name="l00842"></a><span class="lineno"> 842</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes SET LOCATION "</span> +</div> |
| <div class="line"><a name="l00843"></a><span class="lineno"> 843</span>  <span class="stringliteral">"'/test-warehouse/new_table'"</span>);</div> |
| <div class="line"><a name="l00844"></a><span class="lineno"> 844</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes SET TBLPROPERTIES "</span> +</div> |
| <div class="line"><a name="l00845"></a><span class="lineno"> 845</span>  <span class="stringliteral">"('a'='b', 'c'='d')"</span>);</div> |
| <div class="line"><a name="l00846"></a><span class="lineno"> 846</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes SET LOCATION "</span> +</div> |
| <div class="line"><a name="l00847"></a><span class="lineno"> 847</span>  <span class="stringliteral">"'hdfs://localhost:20500/test-warehouse/new_table'"</span>);</div> |
| <div class="line"><a name="l00848"></a><span class="lineno"> 848</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes PARTITION(year=2009, month=1) "</span> +</div> |
| <div class="line"><a name="l00849"></a><span class="lineno"> 849</span>  <span class="stringliteral">"SET LOCATION 'hdfs://localhost:20500/test-warehouse/new_table'"</span>);</div> |
| <div class="line"><a name="l00850"></a><span class="lineno"> 850</span> </div> |
| <div class="line"><a name="l00851"></a><span class="lineno"> 851</span>  AuthzOk(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes SET CACHED IN 'testPool'"</span>);</div> |
| <div class="line"><a name="l00852"></a><span class="lineno"> 852</span> </div> |
| <div class="line"><a name="l00853"></a><span class="lineno"> 853</span> </div> |
| <div class="line"><a name="l00854"></a><span class="lineno"> 854</span>  <span class="comment">// Alter table and set location to a path the user does not have access to.</span></div> |
| <div class="line"><a name="l00855"></a><span class="lineno"> 855</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes SET LOCATION "</span> +</div> |
| <div class="line"><a name="l00856"></a><span class="lineno"> 856</span>  <span class="stringliteral">"'hdfs://localhost:20500/test-warehouse/no_access'"</span>,</div> |
| <div class="line"><a name="l00857"></a><span class="lineno"> 857</span>  <span class="stringliteral">"User '%s' does not have privileges to access: "</span> +</div> |
| <div class="line"><a name="l00858"></a><span class="lineno"> 858</span>  <span class="stringliteral">"hdfs://localhost:20500/test-warehouse/no_access"</span>);</div> |
| <div class="line"><a name="l00859"></a><span class="lineno"> 859</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes SET LOCATION "</span> +</div> |
| <div class="line"><a name="l00860"></a><span class="lineno"> 860</span>  <span class="stringliteral">"'/test-warehouse/no_access'"</span>,</div> |
| <div class="line"><a name="l00861"></a><span class="lineno"> 861</span>  <span class="stringliteral">"User '%s' does not have privileges to access: "</span> +</div> |
| <div class="line"><a name="l00862"></a><span class="lineno"> 862</span>  <span class="stringliteral">"hdfs://localhost:20500/test-warehouse/no_access"</span>);</div> |
| <div class="line"><a name="l00863"></a><span class="lineno"> 863</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes PARTITION(year=2009, month=1) "</span> +</div> |
| <div class="line"><a name="l00864"></a><span class="lineno"> 864</span>  <span class="stringliteral">"SET LOCATION '/test-warehouse/no_access'"</span>,</div> |
| <div class="line"><a name="l00865"></a><span class="lineno"> 865</span>  <span class="stringliteral">"User '%s' does not have privileges to access: "</span> +</div> |
| <div class="line"><a name="l00866"></a><span class="lineno"> 866</span>  <span class="stringliteral">"hdfs://localhost:20500/test-warehouse/no_access"</span>);</div> |
| <div class="line"><a name="l00867"></a><span class="lineno"> 867</span> </div> |
| <div class="line"><a name="l00868"></a><span class="lineno"> 868</span>  <span class="comment">// Different filesystem, user has permission to base path.</span></div> |
| <div class="line"><a name="l00869"></a><span class="lineno"> 869</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes SET LOCATION "</span> +</div> |
| <div class="line"><a name="l00870"></a><span class="lineno"> 870</span>  <span class="stringliteral">"'hdfs://localhost:20510/test-warehouse/new_table'"</span>,</div> |
| <div class="line"><a name="l00871"></a><span class="lineno"> 871</span>  <span class="stringliteral">"User '%s' does not have privileges to access: "</span> +</div> |
| <div class="line"><a name="l00872"></a><span class="lineno"> 872</span>  <span class="stringliteral">"hdfs://localhost:20510/test-warehouse/new_table"</span>);</div> |
| <div class="line"><a name="l00873"></a><span class="lineno"> 873</span> </div> |
| <div class="line"><a name="l00874"></a><span class="lineno"> 874</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.alltypes SET FILEFORMAT PARQUET"</span>,</div> |
| <div class="line"><a name="l00875"></a><span class="lineno"> 875</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00876"></a><span class="lineno"> 876</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.alltypes ADD COLUMNS (c1 int)"</span>,</div> |
| <div class="line"><a name="l00877"></a><span class="lineno"> 877</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00878"></a><span class="lineno"> 878</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.alltypes REPLACE COLUMNS (c1 int)"</span>,</div> |
| <div class="line"><a name="l00879"></a><span class="lineno"> 879</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00880"></a><span class="lineno"> 880</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.alltypes CHANGE int_col c1 int"</span>,</div> |
| <div class="line"><a name="l00881"></a><span class="lineno"> 881</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00882"></a><span class="lineno"> 882</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.alltypes DROP int_col"</span>,</div> |
| <div class="line"><a name="l00883"></a><span class="lineno"> 883</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00884"></a><span class="lineno"> 884</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.alltypes rename to functional_seq_snap.t1"</span>,</div> |
| <div class="line"><a name="l00885"></a><span class="lineno"> 885</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00886"></a><span class="lineno"> 886</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.alltypes add partition (year=1, month=1)"</span>,</div> |
| <div class="line"><a name="l00887"></a><span class="lineno"> 887</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00888"></a><span class="lineno"> 888</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.alltypes set cached in 'testPool'"</span>,</div> |
| <div class="line"><a name="l00889"></a><span class="lineno"> 889</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00890"></a><span class="lineno"> 890</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.alltypes set uncached"</span>,</div> |
| <div class="line"><a name="l00891"></a><span class="lineno"> 891</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00892"></a><span class="lineno"> 892</span> </div> |
| <div class="line"><a name="l00893"></a><span class="lineno"> 893</span>  <span class="comment">// Trying to ALTER TABLE a view does not reveal any privileged information.</span></div> |
| <div class="line"><a name="l00894"></a><span class="lineno"> 894</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.view_view SET FILEFORMAT PARQUET"</span>,</div> |
| <div class="line"><a name="l00895"></a><span class="lineno"> 895</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.view_view"</span>);</div> |
| <div class="line"><a name="l00896"></a><span class="lineno"> 896</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.view_view ADD COLUMNS (c1 int)"</span>,</div> |
| <div class="line"><a name="l00897"></a><span class="lineno"> 897</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.view_view"</span>);</div> |
| <div class="line"><a name="l00898"></a><span class="lineno"> 898</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.view_view REPLACE COLUMNS (c1 int)"</span>,</div> |
| <div class="line"><a name="l00899"></a><span class="lineno"> 899</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.view_view"</span>);</div> |
| <div class="line"><a name="l00900"></a><span class="lineno"> 900</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.view_view CHANGE int_col c1 int"</span>,</div> |
| <div class="line"><a name="l00901"></a><span class="lineno"> 901</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.view_view"</span>);</div> |
| <div class="line"><a name="l00902"></a><span class="lineno"> 902</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.view_view DROP int_col"</span>,</div> |
| <div class="line"><a name="l00903"></a><span class="lineno"> 903</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.view_view"</span>);</div> |
| <div class="line"><a name="l00904"></a><span class="lineno"> 904</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.view_views rename to functional_seq_snap.t1"</span>,</div> |
| <div class="line"><a name="l00905"></a><span class="lineno"> 905</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.view_view"</span>);</div> |
| <div class="line"><a name="l00906"></a><span class="lineno"> 906</span> </div> |
| <div class="line"><a name="l00907"></a><span class="lineno"> 907</span>  <span class="comment">// No privileges on target (existing table).</span></div> |
| <div class="line"><a name="l00908"></a><span class="lineno"> 908</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes rename to functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00909"></a><span class="lineno"> 909</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00910"></a><span class="lineno"> 910</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00911"></a><span class="lineno"> 911</span> </div> |
| <div class="line"><a name="l00912"></a><span class="lineno"> 912</span>  <span class="comment">// No privileges on target (existing view).</span></div> |
| <div class="line"><a name="l00913"></a><span class="lineno"> 913</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes rename to "</span> +</div> |
| <div class="line"><a name="l00914"></a><span class="lineno"> 914</span>  <span class="stringliteral">"functional.alltypes_view"</span>,</div> |
| <div class="line"><a name="l00915"></a><span class="lineno"> 915</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00916"></a><span class="lineno"> 916</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00917"></a><span class="lineno"> 917</span> </div> |
| <div class="line"><a name="l00918"></a><span class="lineno"> 918</span>  <span class="comment">// ALTER TABLE on a view does not reveal privileged information.</span></div> |
| <div class="line"><a name="l00919"></a><span class="lineno"> 919</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.alltypes_view rename to "</span> +</div> |
| <div class="line"><a name="l00920"></a><span class="lineno"> 920</span>  <span class="stringliteral">"functional_seq_snap.new_view"</span>,</div> |
| <div class="line"><a name="l00921"></a><span class="lineno"> 921</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: "</span> +</div> |
| <div class="line"><a name="l00922"></a><span class="lineno"> 922</span>  <span class="stringliteral">"functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00923"></a><span class="lineno"> 923</span> </div> |
| <div class="line"><a name="l00924"></a><span class="lineno"> 924</span>  <span class="comment">// Rename table that does not exist (no permissions).</span></div> |
| <div class="line"><a name="l00925"></a><span class="lineno"> 925</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.notbl rename to functional_seq_snap.newtbl"</span>,</div> |
| <div class="line"><a name="l00926"></a><span class="lineno"> 926</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.notbl"</span>);</div> |
| <div class="line"><a name="l00927"></a><span class="lineno"> 927</span> </div> |
| <div class="line"><a name="l00928"></a><span class="lineno"> 928</span>  <span class="comment">// Rename table in db that does not exist (no permissions).</span></div> |
| <div class="line"><a name="l00929"></a><span class="lineno"> 929</span>  AuthzError(<span class="stringliteral">"ALTER TABLE nodb.alltypes rename to functional_seq_snap.newtbl"</span>,</div> |
| <div class="line"><a name="l00930"></a><span class="lineno"> 930</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l00931"></a><span class="lineno"> 931</span> </div> |
| <div class="line"><a name="l00932"></a><span class="lineno"> 932</span>  <span class="comment">// Alter table that does not exist (no permissions).</span></div> |
| <div class="line"><a name="l00933"></a><span class="lineno"> 933</span>  AuthzError(<span class="stringliteral">"ALTER TABLE functional.notbl ADD COLUMNS (c1 int)"</span>,</div> |
| <div class="line"><a name="l00934"></a><span class="lineno"> 934</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.notbl"</span>);</div> |
| <div class="line"><a name="l00935"></a><span class="lineno"> 935</span> </div> |
| <div class="line"><a name="l00936"></a><span class="lineno"> 936</span>  <span class="comment">// Alter table in db that does not exist (no permissions).</span></div> |
| <div class="line"><a name="l00937"></a><span class="lineno"> 937</span>  AuthzError(<span class="stringliteral">"ALTER TABLE nodb.alltypes ADD COLUMNS (c1 int)"</span>,</div> |
| <div class="line"><a name="l00938"></a><span class="lineno"> 938</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l00939"></a><span class="lineno"> 939</span> </div> |
| <div class="line"><a name="l00940"></a><span class="lineno"> 940</span>  <span class="comment">// Unqualified table name.</span></div> |
| <div class="line"><a name="l00941"></a><span class="lineno"> 941</span>  AuthzError(<span class="stringliteral">"ALTER TABLE alltypes ADD COLUMNS (c1 int)"</span>,</div> |
| <div class="line"><a name="l00942"></a><span class="lineno"> 942</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: default.alltypes"</span>);</div> |
| <div class="line"><a name="l00943"></a><span class="lineno"> 943</span> </div> |
| <div class="line"><a name="l00944"></a><span class="lineno"> 944</span>  AuthzError(<span class="stringliteral">"ALTER TABLE alltypes SET TBLPROPERTIES ('a'='b', 'c'='d')"</span>,</div> |
| <div class="line"><a name="l00945"></a><span class="lineno"> 945</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: default.alltypes"</span>);</div> |
| <div class="line"><a name="l00946"></a><span class="lineno"> 946</span>  }</div> |
| <div class="line"><a name="l00947"></a><span class="lineno"> 947</span> </div> |
| <div class="line"><a name="l00948"></a><span class="lineno"> 948</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l00949"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#abfeda252c0de28457d99214325aca7d8"> 949</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#abfeda252c0de28457d99214325aca7d8">TestAlterView</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l00950"></a><span class="lineno"> 950</span>  AuthzOk(<span class="stringliteral">"ALTER VIEW functional_seq_snap.alltypes_view rename to "</span> +</div> |
| <div class="line"><a name="l00951"></a><span class="lineno"> 951</span>  <span class="stringliteral">"functional_seq_snap.v1"</span>);</div> |
| <div class="line"><a name="l00952"></a><span class="lineno"> 952</span> </div> |
| <div class="line"><a name="l00953"></a><span class="lineno"> 953</span>  <span class="comment">// No privileges on target (existing table).</span></div> |
| <div class="line"><a name="l00954"></a><span class="lineno"> 954</span>  AuthzError(<span class="stringliteral">"ALTER VIEW functional_seq_snap.alltypes_view rename to "</span> +</div> |
| <div class="line"><a name="l00955"></a><span class="lineno"> 955</span>  <span class="stringliteral">"functional.alltypes"</span>,</div> |
| <div class="line"><a name="l00956"></a><span class="lineno"> 956</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00957"></a><span class="lineno"> 957</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00958"></a><span class="lineno"> 958</span> </div> |
| <div class="line"><a name="l00959"></a><span class="lineno"> 959</span>  <span class="comment">// No privileges on target (existing view).</span></div> |
| <div class="line"><a name="l00960"></a><span class="lineno"> 960</span>  AuthzError(<span class="stringliteral">"ALTER VIEW functional_seq_snap.alltypes_view rename to "</span> +</div> |
| <div class="line"><a name="l00961"></a><span class="lineno"> 961</span>  <span class="stringliteral">"functional.alltypes_view"</span>,</div> |
| <div class="line"><a name="l00962"></a><span class="lineno"> 962</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'CREATE' on: "</span> +</div> |
| <div class="line"><a name="l00963"></a><span class="lineno"> 963</span>  <span class="stringliteral">"functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00964"></a><span class="lineno"> 964</span> </div> |
| <div class="line"><a name="l00965"></a><span class="lineno"> 965</span>  <span class="comment">// ALTER VIEW on a table does not reveal privileged information.</span></div> |
| <div class="line"><a name="l00966"></a><span class="lineno"> 966</span>  AuthzError(<span class="stringliteral">"ALTER VIEW functional.alltypes rename to "</span> +</div> |
| <div class="line"><a name="l00967"></a><span class="lineno"> 967</span>  <span class="stringliteral">"functional_seq_snap.new_view"</span>,</div> |
| <div class="line"><a name="l00968"></a><span class="lineno"> 968</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: "</span> +</div> |
| <div class="line"><a name="l00969"></a><span class="lineno"> 969</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l00970"></a><span class="lineno"> 970</span> </div> |
| <div class="line"><a name="l00971"></a><span class="lineno"> 971</span>  <span class="comment">// Rename view that does not exist (no permissions).</span></div> |
| <div class="line"><a name="l00972"></a><span class="lineno"> 972</span>  AuthzError(<span class="stringliteral">"ALTER VIEW functional.notbl rename to functional_seq_snap.newtbl"</span>,</div> |
| <div class="line"><a name="l00973"></a><span class="lineno"> 973</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.notbl"</span>);</div> |
| <div class="line"><a name="l00974"></a><span class="lineno"> 974</span> </div> |
| <div class="line"><a name="l00975"></a><span class="lineno"> 975</span>  <span class="comment">// Rename view in db that does not exist (no permissions).</span></div> |
| <div class="line"><a name="l00976"></a><span class="lineno"> 976</span>  AuthzError(<span class="stringliteral">"ALTER VIEW nodb.alltypes rename to functional_seq_snap.newtbl"</span>,</div> |
| <div class="line"><a name="l00977"></a><span class="lineno"> 977</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l00978"></a><span class="lineno"> 978</span> </div> |
| <div class="line"><a name="l00979"></a><span class="lineno"> 979</span>  <span class="comment">// Alter view that does not exist (no permissions).</span></div> |
| <div class="line"><a name="l00980"></a><span class="lineno"> 980</span>  AuthzError(<span class="stringliteral">"ALTER VIEW functional.notbl rename to functional_seq_snap.new_view"</span>,</div> |
| <div class="line"><a name="l00981"></a><span class="lineno"> 981</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.notbl"</span>);</div> |
| <div class="line"><a name="l00982"></a><span class="lineno"> 982</span> </div> |
| <div class="line"><a name="l00983"></a><span class="lineno"> 983</span>  <span class="comment">// Alter view in db that does not exist (no permissions).</span></div> |
| <div class="line"><a name="l00984"></a><span class="lineno"> 984</span>  AuthzError(<span class="stringliteral">"ALTER VIEW nodb.alltypes rename to functional_seq_snap.new_view"</span>,</div> |
| <div class="line"><a name="l00985"></a><span class="lineno"> 985</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l00986"></a><span class="lineno"> 986</span> </div> |
| <div class="line"><a name="l00987"></a><span class="lineno"> 987</span>  <span class="comment">// Unqualified view name.</span></div> |
| <div class="line"><a name="l00988"></a><span class="lineno"> 988</span>  AuthzError(<span class="stringliteral">"ALTER VIEW alltypes rename to functional_seq_snap.new_view"</span>,</div> |
| <div class="line"><a name="l00989"></a><span class="lineno"> 989</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: default.alltypes"</span>);</div> |
| <div class="line"><a name="l00990"></a><span class="lineno"> 990</span> </div> |
| <div class="line"><a name="l00991"></a><span class="lineno"> 991</span>  <span class="comment">// No permissions on target view.</span></div> |
| <div class="line"><a name="l00992"></a><span class="lineno"> 992</span>  AuthzError(<span class="stringliteral">"alter view functional.alltypes_view as "</span> +</div> |
| <div class="line"><a name="l00993"></a><span class="lineno"> 993</span>  <span class="stringliteral">"select * from functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l00994"></a><span class="lineno"> 994</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: "</span> +</div> |
| <div class="line"><a name="l00995"></a><span class="lineno"> 995</span>  <span class="stringliteral">"functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l00996"></a><span class="lineno"> 996</span> </div> |
| <div class="line"><a name="l00997"></a><span class="lineno"> 997</span>  <span class="comment">// No permissions on source view.</span></div> |
| <div class="line"><a name="l00998"></a><span class="lineno"> 998</span>  AuthzError(<span class="stringliteral">"alter view functional_seq_snap.alltypes_view "</span> +</div> |
| <div class="line"><a name="l00999"></a><span class="lineno"> 999</span>  <span class="stringliteral">"as select * from functional.alltypes_view"</span>,</div> |
| <div class="line"><a name="l01000"></a><span class="lineno"> 1000</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l01001"></a><span class="lineno"> 1001</span>  <span class="stringliteral">"functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l01002"></a><span class="lineno"> 1002</span>  }</div> |
| <div class="line"><a name="l01003"></a><span class="lineno"> 1003</span> </div> |
| <div class="line"><a name="l01004"></a><span class="lineno"> 1004</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01005"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a9793d51ed0c03f2198629c7017ed0001"> 1005</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a9793d51ed0c03f2198629c7017ed0001">TestComputeStatsTable</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l01006"></a><span class="lineno"> 1006</span>  AuthzOk(<span class="stringliteral">"compute stats functional_seq_snap.alltypes"</span>);</div> |
| <div class="line"><a name="l01007"></a><span class="lineno"> 1007</span> </div> |
| <div class="line"><a name="l01008"></a><span class="lineno"> 1008</span>  AuthzError(<span class="stringliteral">"compute stats functional.alltypes"</span>,</div> |
| <div class="line"><a name="l01009"></a><span class="lineno"> 1009</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l01010"></a><span class="lineno"> 1010</span>  AuthzError(<span class="stringliteral">"compute stats functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l01011"></a><span class="lineno"> 1011</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: "</span> +</div> |
| <div class="line"><a name="l01012"></a><span class="lineno"> 1012</span>  <span class="stringliteral">"functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l01013"></a><span class="lineno"> 1013</span>  }</div> |
| <div class="line"><a name="l01014"></a><span class="lineno"> 1014</span> </div> |
| <div class="line"><a name="l01015"></a><span class="lineno"> 1015</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01016"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a6aae43733fd25f6593a629438c0d8e08"> 1016</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a6aae43733fd25f6593a629438c0d8e08">TestDropStats</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l01017"></a><span class="lineno"> 1017</span>  AuthzOk(<span class="stringliteral">"drop stats functional_seq_snap.alltypes"</span>);</div> |
| <div class="line"><a name="l01018"></a><span class="lineno"> 1018</span> </div> |
| <div class="line"><a name="l01019"></a><span class="lineno"> 1019</span>  AuthzError(<span class="stringliteral">"drop stats functional.alltypes"</span>,</div> |
| <div class="line"><a name="l01020"></a><span class="lineno"> 1020</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: functional.alltypes"</span>);</div> |
| <div class="line"><a name="l01021"></a><span class="lineno"> 1021</span>  AuthzError(<span class="stringliteral">"drop stats functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l01022"></a><span class="lineno"> 1022</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: "</span> +</div> |
| <div class="line"><a name="l01023"></a><span class="lineno"> 1023</span>  <span class="stringliteral">"functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l01024"></a><span class="lineno"> 1024</span>  }</div> |
| <div class="line"><a name="l01025"></a><span class="lineno"> 1025</span> </div> |
| <div class="line"><a name="l01026"></a><span class="lineno"> 1026</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01027"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ab5b15c3fa7a6700ba7d5fc3cf8208657"> 1027</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ab5b15c3fa7a6700ba7d5fc3cf8208657">TestDescribe</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01028"></a><span class="lineno"> 1028</span>  AuthzOk(<span class="stringliteral">"describe functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l01029"></a><span class="lineno"> 1029</span>  AuthzOk(<span class="stringliteral">"describe functional.alltypes"</span>);</div> |
| <div class="line"><a name="l01030"></a><span class="lineno"> 1030</span>  AuthzOk(<span class="stringliteral">"describe functional.complex_view"</span>);</div> |
| <div class="line"><a name="l01031"></a><span class="lineno"> 1031</span> </div> |
| <div class="line"><a name="l01032"></a><span class="lineno"> 1032</span>  <span class="comment">// Unqualified table name.</span></div> |
| <div class="line"><a name="l01033"></a><span class="lineno"> 1033</span>  AuthzError(<span class="stringliteral">"describe alltypes"</span>,</div> |
| <div class="line"><a name="l01034"></a><span class="lineno"> 1034</span>  <span class="stringliteral">"User '%s' does not have privileges to access: default.alltypes"</span>);</div> |
| <div class="line"><a name="l01035"></a><span class="lineno"> 1035</span>  <span class="comment">// Database doesn't exist.</span></div> |
| <div class="line"><a name="l01036"></a><span class="lineno"> 1036</span>  AuthzError(<span class="stringliteral">"describe nodb.alltypes"</span>,</div> |
| <div class="line"><a name="l01037"></a><span class="lineno"> 1037</span>  <span class="stringliteral">"User '%s' does not have privileges to access: nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l01038"></a><span class="lineno"> 1038</span>  <span class="comment">// Insufficient privileges on table.</span></div> |
| <div class="line"><a name="l01039"></a><span class="lineno"> 1039</span>  AuthzError(<span class="stringliteral">"describe functional.alltypestiny"</span>,</div> |
| <div class="line"><a name="l01040"></a><span class="lineno"> 1040</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.alltypestiny"</span>);</div> |
| <div class="line"><a name="l01041"></a><span class="lineno"> 1041</span>  <span class="comment">// Insufficient privileges on view.</span></div> |
| <div class="line"><a name="l01042"></a><span class="lineno"> 1042</span>  AuthzError(<span class="stringliteral">"describe functional.alltypes_view"</span>,</div> |
| <div class="line"><a name="l01043"></a><span class="lineno"> 1043</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l01044"></a><span class="lineno"> 1044</span>  <span class="comment">// Insufficient privileges on db.</span></div> |
| <div class="line"><a name="l01045"></a><span class="lineno"> 1045</span>  AuthzError(<span class="stringliteral">"describe functional_rc.alltypes"</span>,</div> |
| <div class="line"><a name="l01046"></a><span class="lineno"> 1046</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional_rc.alltypes"</span>);</div> |
| <div class="line"><a name="l01047"></a><span class="lineno"> 1047</span>  }</div> |
| <div class="line"><a name="l01048"></a><span class="lineno"> 1048</span> </div> |
| <div class="line"><a name="l01049"></a><span class="lineno"> 1049</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01050"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa119ebf48eddadba0fd8eb580181bcb8"> 1050</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa119ebf48eddadba0fd8eb580181bcb8">TestLoad</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01051"></a><span class="lineno"> 1051</span>  <span class="comment">// User has permission on table and URI.</span></div> |
| <div class="line"><a name="l01052"></a><span class="lineno"> 1052</span>  AuthzOk(<span class="stringliteral">"load data inpath 'hdfs://localhost:20500/test-warehouse/tpch.lineitem'"</span> +</div> |
| <div class="line"><a name="l01053"></a><span class="lineno"> 1053</span>  <span class="stringliteral">" into table functional.alltypes partition(month=10, year=2009)"</span>);</div> |
| <div class="line"><a name="l01054"></a><span class="lineno"> 1054</span> </div> |
| <div class="line"><a name="l01055"></a><span class="lineno"> 1055</span>  <span class="comment">// User does not have permission on table.</span></div> |
| <div class="line"><a name="l01056"></a><span class="lineno"> 1056</span>  AuthzError(<span class="stringliteral">"load data inpath 'hdfs://localhost:20500/test-warehouse/tpch.lineitem'"</span> +</div> |
| <div class="line"><a name="l01057"></a><span class="lineno"> 1057</span>  <span class="stringliteral">" into table functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l01058"></a><span class="lineno"> 1058</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'INSERT' on: "</span> +</div> |
| <div class="line"><a name="l01059"></a><span class="lineno"> 1059</span>  <span class="stringliteral">"functional.alltypes"</span>);</div> |
| <div class="line"><a name="l01060"></a><span class="lineno"> 1060</span> </div> |
| <div class="line"><a name="l01061"></a><span class="lineno"> 1061</span>  <span class="comment">// User does not have permission on URI.</span></div> |
| <div class="line"><a name="l01062"></a><span class="lineno"> 1062</span>  AuthzError(<span class="stringliteral">"load data inpath 'hdfs://localhost:20500/test-warehouse/tpch.part'"</span> +</div> |
| <div class="line"><a name="l01063"></a><span class="lineno"> 1063</span>  <span class="stringliteral">" into table functional.alltypes partition(month=10, year=2009)"</span>,</div> |
| <div class="line"><a name="l01064"></a><span class="lineno"> 1064</span>  <span class="stringliteral">"User '%s' does not have privileges to access: "</span> +</div> |
| <div class="line"><a name="l01065"></a><span class="lineno"> 1065</span>  <span class="stringliteral">"hdfs://localhost:20500/test-warehouse/tpch.part"</span>);</div> |
| <div class="line"><a name="l01066"></a><span class="lineno"> 1066</span> </div> |
| <div class="line"><a name="l01067"></a><span class="lineno"> 1067</span>  <span class="comment">// URI does not exist and user does not have permission.</span></div> |
| <div class="line"><a name="l01068"></a><span class="lineno"> 1068</span>  AuthzError(<span class="stringliteral">"load data inpath 'hdfs://localhost:20500/test-warehouse/nope'"</span> +</div> |
| <div class="line"><a name="l01069"></a><span class="lineno"> 1069</span>  <span class="stringliteral">" into table functional.alltypes partition(month=10, year=2009)"</span>,</div> |
| <div class="line"><a name="l01070"></a><span class="lineno"> 1070</span>  <span class="stringliteral">"User '%s' does not have privileges to access: "</span> +</div> |
| <div class="line"><a name="l01071"></a><span class="lineno"> 1071</span>  <span class="stringliteral">"hdfs://localhost:20500/test-warehouse/nope"</span>);</div> |
| <div class="line"><a name="l01072"></a><span class="lineno"> 1072</span> </div> |
| <div class="line"><a name="l01073"></a><span class="lineno"> 1073</span>  <span class="comment">// Table/Db does not exist, user does not have permission.</span></div> |
| <div class="line"><a name="l01074"></a><span class="lineno"> 1074</span>  AuthzError(<span class="stringliteral">"load data inpath 'hdfs://localhost:20500/test-warehouse/tpch.lineitem'"</span> +</div> |
| <div class="line"><a name="l01075"></a><span class="lineno"> 1075</span>  <span class="stringliteral">" into table functional.notable"</span>,</div> |
| <div class="line"><a name="l01076"></a><span class="lineno"> 1076</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'INSERT' on: "</span> +</div> |
| <div class="line"><a name="l01077"></a><span class="lineno"> 1077</span>  <span class="stringliteral">"functional.notable"</span>);</div> |
| <div class="line"><a name="l01078"></a><span class="lineno"> 1078</span>  AuthzError(<span class="stringliteral">"load data inpath 'hdfs://localhost:20500/test-warehouse/tpch.lineitem'"</span> +</div> |
| <div class="line"><a name="l01079"></a><span class="lineno"> 1079</span>  <span class="stringliteral">" into table nodb.alltypes"</span>,</div> |
| <div class="line"><a name="l01080"></a><span class="lineno"> 1080</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'INSERT' on: "</span> +</div> |
| <div class="line"><a name="l01081"></a><span class="lineno"> 1081</span>  <span class="stringliteral">"nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l01082"></a><span class="lineno"> 1082</span> </div> |
| <div class="line"><a name="l01083"></a><span class="lineno"> 1083</span>  <span class="comment">// Trying to LOAD a view does not reveal privileged information.</span></div> |
| <div class="line"><a name="l01084"></a><span class="lineno"> 1084</span>  AuthzError(<span class="stringliteral">"load data inpath 'hdfs://localhost:20500/test-warehouse/tpch.lineitem'"</span> +</div> |
| <div class="line"><a name="l01085"></a><span class="lineno"> 1085</span>  <span class="stringliteral">" into table functional.alltypes_view"</span>,</div> |
| <div class="line"><a name="l01086"></a><span class="lineno"> 1086</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'INSERT' on: "</span> +</div> |
| <div class="line"><a name="l01087"></a><span class="lineno"> 1087</span>  <span class="stringliteral">"functional.alltypes_view"</span>);</div> |
| <div class="line"><a name="l01088"></a><span class="lineno"> 1088</span>  }</div> |
| <div class="line"><a name="l01089"></a><span class="lineno"> 1089</span> </div> |
| <div class="line"><a name="l01090"></a><span class="lineno"> 1090</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01091"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a7209b033e9cf0d08ef010cbef488594b"> 1091</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a7209b033e9cf0d08ef010cbef488594b">TestShowPermissions</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01092"></a><span class="lineno"> 1092</span>  AuthzOk(<span class="stringliteral">"show tables in functional"</span>);</div> |
| <div class="line"><a name="l01093"></a><span class="lineno"> 1093</span>  AuthzOk(<span class="stringliteral">"show databases"</span>);</div> |
| <div class="line"><a name="l01094"></a><span class="lineno"> 1094</span>  AuthzOk(<span class="stringliteral">"show tables in _impala_builtins"</span>);</div> |
| <div class="line"><a name="l01095"></a><span class="lineno"> 1095</span>  AuthzOk(<span class="stringliteral">"show functions in _impala_builtins"</span>);</div> |
| <div class="line"><a name="l01096"></a><span class="lineno"> 1096</span> </div> |
| <div class="line"><a name="l01097"></a><span class="lineno"> 1097</span>  <span class="comment">// Database exists, user does not have access.</span></div> |
| <div class="line"><a name="l01098"></a><span class="lineno"> 1098</span>  AuthzError(<span class="stringliteral">"show tables in functional_rc"</span>,</div> |
| <div class="line"><a name="l01099"></a><span class="lineno"> 1099</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional_rc.*"</span>);</div> |
| <div class="line"><a name="l01100"></a><span class="lineno"> 1100</span> </div> |
| <div class="line"><a name="l01101"></a><span class="lineno"> 1101</span>  <span class="comment">// Database does not exist, user does not have access.</span></div> |
| <div class="line"><a name="l01102"></a><span class="lineno"> 1102</span>  AuthzError(<span class="stringliteral">"show tables in nodb"</span>,</div> |
| <div class="line"><a name="l01103"></a><span class="lineno"> 1103</span>  <span class="stringliteral">"User '%s' does not have privileges to access: nodb.*"</span>);</div> |
| <div class="line"><a name="l01104"></a><span class="lineno"> 1104</span> </div> |
| <div class="line"><a name="l01105"></a><span class="lineno"> 1105</span>  AuthzError(<span class="stringliteral">"show tables"</span>,</div> |
| <div class="line"><a name="l01106"></a><span class="lineno"> 1106</span>  <span class="stringliteral">"User '%s' does not have privileges to access: default.*"</span>);</div> |
| <div class="line"><a name="l01107"></a><span class="lineno"> 1107</span> </div> |
| <div class="line"><a name="l01108"></a><span class="lineno"> 1108</span>  <span class="comment">// Database does not exist, user has access.</span></div> |
| <div class="line"><a name="l01109"></a><span class="lineno"> 1109</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l01110"></a><span class="lineno"> 1110</span>  AuthzOk(<span class="stringliteral">"show tables in newdb"</span>);</div> |
| <div class="line"><a name="l01111"></a><span class="lineno"> 1111</span>  fail(<span class="stringliteral">"Expected AnalysisException"</span>);</div> |
| <div class="line"><a name="l01112"></a><span class="lineno"> 1112</span>  } <span class="keywordflow">catch</span> (AnalysisException e) {</div> |
| <div class="line"><a name="l01113"></a><span class="lineno"> 1113</span>  Assert.assertEquals(e.getMessage(), <span class="stringliteral">"Database does not exist: newdb"</span>);</div> |
| <div class="line"><a name="l01114"></a><span class="lineno"> 1114</span>  }</div> |
| <div class="line"><a name="l01115"></a><span class="lineno"> 1115</span> </div> |
| <div class="line"><a name="l01116"></a><span class="lineno"> 1116</span>  <span class="comment">// Show partitions and show table/column stats.</span></div> |
| <div class="line"><a name="l01117"></a><span class="lineno"> 1117</span>  String[] statsQuals = <span class="keyword">new</span> String[] { <span class="stringliteral">"partitions"</span>, <span class="stringliteral">"table stats"</span>, <span class="stringliteral">"column stats"</span> };</div> |
| <div class="line"><a name="l01118"></a><span class="lineno"> 1118</span>  <span class="keywordflow">for</span> (String qual: statsQuals) {</div> |
| <div class="line"><a name="l01119"></a><span class="lineno"> 1119</span>  AuthzOk(String.format(<span class="stringliteral">"show %s functional.alltypesagg"</span>, qual));</div> |
| <div class="line"><a name="l01120"></a><span class="lineno"> 1120</span>  AuthzOk(String.format(<span class="stringliteral">"show %s functional.alltypes"</span>, qual));</div> |
| <div class="line"><a name="l01121"></a><span class="lineno"> 1121</span>  <span class="comment">// User does not have access to db/table.</span></div> |
| <div class="line"><a name="l01122"></a><span class="lineno"> 1122</span>  AuthzError(String.format(<span class="stringliteral">"show %s nodb.tbl"</span>, qual),</div> |
| <div class="line"><a name="l01123"></a><span class="lineno"> 1123</span>  <span class="stringliteral">"User '%s' does not have privileges to access: nodb.tbl"</span>);</div> |
| <div class="line"><a name="l01124"></a><span class="lineno"> 1124</span>  AuthzError(String.format(<span class="stringliteral">"show %s functional.badtbl"</span>, qual),</div> |
| <div class="line"><a name="l01125"></a><span class="lineno"> 1125</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.badtbl"</span>);</div> |
| <div class="line"><a name="l01126"></a><span class="lineno"> 1126</span>  AuthzError(String.format(<span class="stringliteral">"show %s functional_rc.alltypes"</span>, qual),</div> |
| <div class="line"><a name="l01127"></a><span class="lineno"> 1127</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional_rc.alltypes"</span>);</div> |
| <div class="line"><a name="l01128"></a><span class="lineno"> 1128</span>  }</div> |
| <div class="line"><a name="l01129"></a><span class="lineno"> 1129</span> </div> |
| <div class="line"><a name="l01130"></a><span class="lineno"> 1130</span>  <span class="comment">// Show files</span></div> |
| <div class="line"><a name="l01131"></a><span class="lineno"> 1131</span>  String[] partitions = <span class="keyword">new</span> String[] { <span class="stringliteral">""</span>, <span class="stringliteral">"partition(month=10, year=2010)"</span> };</div> |
| <div class="line"><a name="l01132"></a><span class="lineno"> 1132</span>  <span class="keywordflow">for</span> (String partition: partitions) {</div> |
| <div class="line"><a name="l01133"></a><span class="lineno"> 1133</span>  AuthzOk(String.format(<span class="stringliteral">"show files in functional.alltypes %s"</span>, partition));</div> |
| <div class="line"><a name="l01134"></a><span class="lineno"> 1134</span>  <span class="comment">// User does not have access to db/table.</span></div> |
| <div class="line"><a name="l01135"></a><span class="lineno"> 1135</span>  AuthzError(String.format(<span class="stringliteral">"show files in nodb.tbl %s"</span>, partition),</div> |
| <div class="line"><a name="l01136"></a><span class="lineno"> 1136</span>  <span class="stringliteral">"User '%s' does not have privileges to access: nodb.tbl"</span>);</div> |
| <div class="line"><a name="l01137"></a><span class="lineno"> 1137</span>  AuthzError(String.format(<span class="stringliteral">"show files in functional.badtbl %s"</span>, partition),</div> |
| <div class="line"><a name="l01138"></a><span class="lineno"> 1138</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.badtbl"</span>);</div> |
| <div class="line"><a name="l01139"></a><span class="lineno"> 1139</span>  AuthzError(String.format(<span class="stringliteral">"show files in functional_rc.alltypes %s"</span>, partition),</div> |
| <div class="line"><a name="l01140"></a><span class="lineno"> 1140</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional_rc.alltypes"</span>);</div> |
| <div class="line"><a name="l01141"></a><span class="lineno"> 1141</span>  }</div> |
| <div class="line"><a name="l01142"></a><span class="lineno"> 1142</span>  }</div> |
| <div class="line"><a name="l01143"></a><span class="lineno"> 1143</span> </div> |
| <div class="line"><a name="l01144"></a><span class="lineno"> 1144</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01145"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a77dbe3d01a19d8a53aabfdc0a0ccce65"> 1145</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a77dbe3d01a19d8a53aabfdc0a0ccce65">TestShowDbResultsFiltered</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">ImpalaException</a> {</div> |
| <div class="line"><a name="l01146"></a><span class="lineno"> 1146</span>  <span class="comment">// These are the only dbs that should show up because they are the only</span></div> |
| <div class="line"><a name="l01147"></a><span class="lineno"> 1147</span>  <span class="comment">// dbs the user has any permissions on.</span></div> |
| <div class="line"><a name="l01148"></a><span class="lineno"> 1148</span>  List<String> expectedDbs = Lists.newArrayList(<span class="stringliteral">"default"</span>, <span class="stringliteral">"functional"</span>,</div> |
| <div class="line"><a name="l01149"></a><span class="lineno"> 1149</span>  <span class="stringliteral">"functional_parquet"</span>, <span class="stringliteral">"functional_seq_snap"</span>, <span class="stringliteral">"tpcds"</span>, <span class="stringliteral">"tpch"</span>);</div> |
| <div class="line"><a name="l01150"></a><span class="lineno"> 1150</span> </div> |
| <div class="line"><a name="l01151"></a><span class="lineno"> 1151</span>  List<String> dbs = fe_.getDbNames(<span class="stringliteral">"*"</span>, USER);</div> |
| <div class="line"><a name="l01152"></a><span class="lineno"> 1152</span>  Assert.assertEquals(expectedDbs, dbs);</div> |
| <div class="line"><a name="l01153"></a><span class="lineno"> 1153</span> </div> |
| <div class="line"><a name="l01154"></a><span class="lineno"> 1154</span>  dbs = fe_.getDbNames(null, USER);</div> |
| <div class="line"><a name="l01155"></a><span class="lineno"> 1155</span>  Assert.assertEquals(expectedDbs, dbs);</div> |
| <div class="line"><a name="l01156"></a><span class="lineno"> 1156</span>  }</div> |
| <div class="line"><a name="l01157"></a><span class="lineno"> 1157</span> </div> |
| <div class="line"><a name="l01158"></a><span class="lineno"> 1158</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01159"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a29c66a0cd368a46c6ecde9ee9319ed8a"> 1159</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a29c66a0cd368a46c6ecde9ee9319ed8a">TestShowTableResultsFiltered</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">ImpalaException</a> {</div> |
| <div class="line"><a name="l01160"></a><span class="lineno"> 1160</span>  <span class="comment">// The user only has permission on these tables/views in the functional databases.</span></div> |
| <div class="line"><a name="l01161"></a><span class="lineno"> 1161</span>  List<String> expectedTbls =</div> |
| <div class="line"><a name="l01162"></a><span class="lineno"> 1162</span>  Lists.newArrayList(<span class="stringliteral">"alltypes"</span>, <span class="stringliteral">"alltypesagg"</span>, <span class="stringliteral">"complex_view"</span>, <span class="stringliteral">"view_view"</span>);</div> |
| <div class="line"><a name="l01163"></a><span class="lineno"> 1163</span> </div> |
| <div class="line"><a name="l01164"></a><span class="lineno"> 1164</span>  List<String> tables = fe_.getTableNames(<span class="stringliteral">"functional"</span>, <span class="stringliteral">"*"</span>, USER);</div> |
| <div class="line"><a name="l01165"></a><span class="lineno"> 1165</span>  Assert.assertEquals(expectedTbls, tables);</div> |
| <div class="line"><a name="l01166"></a><span class="lineno"> 1166</span> </div> |
| <div class="line"><a name="l01167"></a><span class="lineno"> 1167</span>  tables = fe_.getTableNames(<span class="stringliteral">"functional"</span>, null, USER);</div> |
| <div class="line"><a name="l01168"></a><span class="lineno"> 1168</span>  Assert.assertEquals(expectedTbls, tables);</div> |
| <div class="line"><a name="l01169"></a><span class="lineno"> 1169</span>  }</div> |
| <div class="line"><a name="l01170"></a><span class="lineno"> 1170</span> </div> |
| <div class="line"><a name="l01171"></a><span class="lineno"> 1171</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01172"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a5a8653c0af1de62c26608c168810d55d"> 1172</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a5a8653c0af1de62c26608c168810d55d">TestShowCreateTable</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">ImpalaException</a> {</div> |
| <div class="line"><a name="l01173"></a><span class="lineno"> 1173</span>  AuthzOk(<span class="stringliteral">"show create table functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l01174"></a><span class="lineno"> 1174</span>  AuthzOk(<span class="stringliteral">"show create table functional.alltypes"</span>);</div> |
| <div class="line"><a name="l01175"></a><span class="lineno"> 1175</span> </div> |
| <div class="line"><a name="l01176"></a><span class="lineno"> 1176</span>  <span class="comment">// Unqualified table name.</span></div> |
| <div class="line"><a name="l01177"></a><span class="lineno"> 1177</span>  AuthzError(<span class="stringliteral">"show create table alltypes"</span>,</div> |
| <div class="line"><a name="l01178"></a><span class="lineno"> 1178</span>  <span class="stringliteral">"User '%s' does not have privileges to access: default.alltypes"</span>);</div> |
| <div class="line"><a name="l01179"></a><span class="lineno"> 1179</span>  <span class="comment">// Database doesn't exist.</span></div> |
| <div class="line"><a name="l01180"></a><span class="lineno"> 1180</span>  AuthzError(<span class="stringliteral">"show create table nodb.alltypes"</span>,</div> |
| <div class="line"><a name="l01181"></a><span class="lineno"> 1181</span>  <span class="stringliteral">"User '%s' does not have privileges to access: nodb.alltypes"</span>);</div> |
| <div class="line"><a name="l01182"></a><span class="lineno"> 1182</span>  <span class="comment">// Insufficient privileges on table.</span></div> |
| <div class="line"><a name="l01183"></a><span class="lineno"> 1183</span>  AuthzError(<span class="stringliteral">"show create table functional.alltypestiny"</span>,</div> |
| <div class="line"><a name="l01184"></a><span class="lineno"> 1184</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.alltypestiny"</span>);</div> |
| <div class="line"><a name="l01185"></a><span class="lineno"> 1185</span>  <span class="comment">// Insufficient privileges on db.</span></div> |
| <div class="line"><a name="l01186"></a><span class="lineno"> 1186</span>  AuthzError(<span class="stringliteral">"show create table functional_rc.alltypes"</span>,</div> |
| <div class="line"><a name="l01187"></a><span class="lineno"> 1187</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional_rc.alltypes"</span>);</div> |
| <div class="line"><a name="l01188"></a><span class="lineno"> 1188</span>  }</div> |
| <div class="line"><a name="l01189"></a><span class="lineno"> 1189</span> </div> |
| <div class="line"><a name="l01190"></a><span class="lineno"> 1190</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01191"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aee9bc1d157da933de8fa14306112c176"> 1191</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aee9bc1d157da933de8fa14306112c176">TestHs2GetTables</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">ImpalaException</a> {</div> |
| <div class="line"><a name="l01192"></a><span class="lineno"> 1192</span>  TMetadataOpRequest req = <span class="keyword">new</span> TMetadataOpRequest();</div> |
| <div class="line"><a name="l01193"></a><span class="lineno"> 1193</span>  req.setSession(createSessionState(<span class="stringliteral">"default"</span>, USER));</div> |
| <div class="line"><a name="l01194"></a><span class="lineno"> 1194</span>  req.opcode = TMetadataOpcode.GET_TABLES;</div> |
| <div class="line"><a name="l01195"></a><span class="lineno"> 1195</span>  req.get_tables_req = <span class="keyword">new</span> TGetTablesReq();</div> |
| <div class="line"><a name="l01196"></a><span class="lineno"> 1196</span>  req.get_tables_req.setSchemaName(<span class="stringliteral">"functional"</span>);</div> |
| <div class="line"><a name="l01197"></a><span class="lineno"> 1197</span>  <span class="comment">// Get all tables</span></div> |
| <div class="line"><a name="l01198"></a><span class="lineno"> 1198</span>  req.get_tables_req.setTableName(<span class="stringliteral">"%"</span>);</div> |
| <div class="line"><a name="l01199"></a><span class="lineno"> 1199</span>  TResultSet resp = fe_.execHiveServer2MetadataOp(req);</div> |
| <div class="line"><a name="l01200"></a><span class="lineno"> 1200</span>  assertEquals(4, resp.rows.size());</div> |
| <div class="line"><a name="l01201"></a><span class="lineno"> 1201</span>  assertEquals(<span class="stringliteral">"alltypes"</span>,</div> |
| <div class="line"><a name="l01202"></a><span class="lineno"> 1202</span>  resp.rows.get(0).colVals.get(2).string_val.toLowerCase());</div> |
| <div class="line"><a name="l01203"></a><span class="lineno"> 1203</span>  assertEquals(</div> |
| <div class="line"><a name="l01204"></a><span class="lineno"> 1204</span>  <span class="stringliteral">"alltypesagg"</span>, resp.rows.get(1).colVals.get(2).string_val.toLowerCase());</div> |
| <div class="line"><a name="l01205"></a><span class="lineno"> 1205</span>  assertEquals(</div> |
| <div class="line"><a name="l01206"></a><span class="lineno"> 1206</span>  <span class="stringliteral">"complex_view"</span>, resp.rows.get(2).colVals.get(2).string_val.toLowerCase());</div> |
| <div class="line"><a name="l01207"></a><span class="lineno"> 1207</span>  assertEquals(</div> |
| <div class="line"><a name="l01208"></a><span class="lineno"> 1208</span>  <span class="stringliteral">"view_view"</span>, resp.rows.get(3).colVals.get(2).string_val.toLowerCase());</div> |
| <div class="line"><a name="l01209"></a><span class="lineno"> 1209</span>  }</div> |
| <div class="line"><a name="l01210"></a><span class="lineno"> 1210</span> </div> |
| <div class="line"><a name="l01211"></a><span class="lineno"> 1211</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01212"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a001852560a59c6a6e6dfe3ce191d7c16"> 1212</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a001852560a59c6a6e6dfe3ce191d7c16">TestHs2GetSchema</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">ImpalaException</a> {</div> |
| <div class="line"><a name="l01213"></a><span class="lineno"> 1213</span>  TMetadataOpRequest req = <span class="keyword">new</span> TMetadataOpRequest();</div> |
| <div class="line"><a name="l01214"></a><span class="lineno"> 1214</span>  req.setSession(createSessionState(<span class="stringliteral">"default"</span>, USER));</div> |
| <div class="line"><a name="l01215"></a><span class="lineno"> 1215</span>  req.opcode = TMetadataOpcode.GET_SCHEMAS;</div> |
| <div class="line"><a name="l01216"></a><span class="lineno"> 1216</span>  req.get_schemas_req = <span class="keyword">new</span> TGetSchemasReq();</div> |
| <div class="line"><a name="l01217"></a><span class="lineno"> 1217</span>  <span class="comment">// Get all schema (databases).</span></div> |
| <div class="line"><a name="l01218"></a><span class="lineno"> 1218</span>  req.get_schemas_req.setSchemaName(<span class="stringliteral">"%"</span>);</div> |
| <div class="line"><a name="l01219"></a><span class="lineno"> 1219</span>  TResultSet resp = fe_.execHiveServer2MetadataOp(req);</div> |
| <div class="line"><a name="l01220"></a><span class="lineno"> 1220</span>  List<String> expectedDbs = Lists.newArrayList(<span class="stringliteral">"default"</span>, <span class="stringliteral">"functional"</span>,</div> |
| <div class="line"><a name="l01221"></a><span class="lineno"> 1221</span>  <span class="stringliteral">"functional_parquet"</span>, <span class="stringliteral">"functional_seq_snap"</span>, <span class="stringliteral">"tpcds"</span>, <span class="stringliteral">"tpch"</span>);</div> |
| <div class="line"><a name="l01222"></a><span class="lineno"> 1222</span>  assertEquals(expectedDbs.size(), resp.rows.size());</div> |
| <div class="line"><a name="l01223"></a><span class="lineno"> 1223</span>  <span class="keywordflow">for</span> (<span class="keywordtype">int</span> i = 0; i < resp.rows.size(); ++i) {</div> |
| <div class="line"><a name="l01224"></a><span class="lineno"> 1224</span>  assertEquals(expectedDbs.get(i),</div> |
| <div class="line"><a name="l01225"></a><span class="lineno"> 1225</span>  resp.rows.get(i).colVals.get(0).string_val.toLowerCase());</div> |
| <div class="line"><a name="l01226"></a><span class="lineno"> 1226</span>  }</div> |
| <div class="line"><a name="l01227"></a><span class="lineno"> 1227</span>  }</div> |
| <div class="line"><a name="l01228"></a><span class="lineno"> 1228</span> </div> |
| <div class="line"><a name="l01229"></a><span class="lineno"> 1229</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01230"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a382418ac4ac6f7109eda2c4b96ff9195"> 1230</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a382418ac4ac6f7109eda2c4b96ff9195">TestHs2GetColumns</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">ImpalaException</a> {</div> |
| <div class="line"><a name="l01231"></a><span class="lineno"> 1231</span>  <span class="comment">// It should return one column: alltypes.string_col.</span></div> |
| <div class="line"><a name="l01232"></a><span class="lineno"> 1232</span>  TMetadataOpRequest req = <span class="keyword">new</span> TMetadataOpRequest();</div> |
| <div class="line"><a name="l01233"></a><span class="lineno"> 1233</span>  req.opcode = TMetadataOpcode.GET_COLUMNS;</div> |
| <div class="line"><a name="l01234"></a><span class="lineno"> 1234</span>  req.setSession(createSessionState(<span class="stringliteral">"default"</span>, USER));</div> |
| <div class="line"><a name="l01235"></a><span class="lineno"> 1235</span>  req.get_columns_req = <span class="keyword">new</span> TGetColumnsReq();</div> |
| <div class="line"><a name="l01236"></a><span class="lineno"> 1236</span>  req.get_columns_req.setSchemaName(<span class="stringliteral">"functional"</span>);</div> |
| <div class="line"><a name="l01237"></a><span class="lineno"> 1237</span>  req.get_columns_req.setTableName(<span class="stringliteral">"alltypes"</span>);</div> |
| <div class="line"><a name="l01238"></a><span class="lineno"> 1238</span>  req.get_columns_req.setColumnName(<span class="stringliteral">"stri%"</span>);</div> |
| <div class="line"><a name="l01239"></a><span class="lineno"> 1239</span>  TResultSet resp = fe_.execHiveServer2MetadataOp(req);</div> |
| <div class="line"><a name="l01240"></a><span class="lineno"> 1240</span>  assertEquals(1, resp.rows.size());</div> |
| <div class="line"><a name="l01241"></a><span class="lineno"> 1241</span> </div> |
| <div class="line"><a name="l01242"></a><span class="lineno"> 1242</span>  <span class="comment">// User does not have permission to access the table, no results should be returned.</span></div> |
| <div class="line"><a name="l01243"></a><span class="lineno"> 1243</span>  req.get_columns_req.setTableName(<span class="stringliteral">"alltypesnopart"</span>);</div> |
| <div class="line"><a name="l01244"></a><span class="lineno"> 1244</span>  resp = fe_.execHiveServer2MetadataOp(req);</div> |
| <div class="line"><a name="l01245"></a><span class="lineno"> 1245</span>  assertEquals(0, resp.rows.size());</div> |
| <div class="line"><a name="l01246"></a><span class="lineno"> 1246</span> </div> |
| <div class="line"><a name="l01247"></a><span class="lineno"> 1247</span>  <span class="comment">// User does not have permission to access db or table, no results should be</span></div> |
| <div class="line"><a name="l01248"></a><span class="lineno"> 1248</span>  <span class="comment">// returned.</span></div> |
| <div class="line"><a name="l01249"></a><span class="lineno"> 1249</span>  req.get_columns_req.setSchemaName(<span class="stringliteral">"functional_seq_gzip"</span>);</div> |
| <div class="line"><a name="l01250"></a><span class="lineno"> 1250</span>  req.get_columns_req.setTableName(<span class="stringliteral">"alltypes"</span>);</div> |
| <div class="line"><a name="l01251"></a><span class="lineno"> 1251</span>  resp = fe_.execHiveServer2MetadataOp(req);</div> |
| <div class="line"><a name="l01252"></a><span class="lineno"> 1252</span>  assertEquals(0, resp.rows.size());</div> |
| <div class="line"><a name="l01253"></a><span class="lineno"> 1253</span>  }</div> |
| <div class="line"><a name="l01254"></a><span class="lineno"> 1254</span> </div> |
| <div class="line"><a name="l01255"></a><span class="lineno"> 1255</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01256"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a8d35cb1f9ad2970962e3f4b06bcad2ad"> 1256</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a8d35cb1f9ad2970962e3f4b06bcad2ad">TestShortUsernameUsed</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>,</div> |
| <div class="line"><a name="l01257"></a><span class="lineno"> 1257</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l01258"></a><span class="lineno"> 1258</span>  <span class="comment">// Different long variations of the same username.</span></div> |
| <div class="line"><a name="l01259"></a><span class="lineno"> 1259</span>  List<User> users = Lists.newArrayList(</div> |
| <div class="line"><a name="l01260"></a><span class="lineno"> 1260</span>  <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(USER.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>() + <span class="stringliteral">"/abc.host.com"</span>),</div> |
| <div class="line"><a name="l01261"></a><span class="lineno"> 1261</span>  <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(USER.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>() + <span class="stringliteral">"/abc.host.com@REAL.COM"</span>),</div> |
| <div class="line"><a name="l01262"></a><span class="lineno"> 1262</span>  <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(USER.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>() + <span class="stringliteral">"@REAL.COM"</span>));</div> |
| <div class="line"><a name="l01263"></a><span class="lineno"> 1263</span>  <span class="keywordflow">for</span> (<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> user: users) {</div> |
| <div class="line"><a name="l01264"></a><span class="lineno"> 1264</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a> context = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a>(catalog_,</div> |
| <div class="line"><a name="l01265"></a><span class="lineno"> 1265</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html">TestUtils</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html#a6c9fa086559d58750e77fb02b21cedfd">createQueryContext</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html">Catalog</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html#a9f92d2cb3e8ca769090f3d0478c11734">DEFAULT_DB</a>, user.getName()),</div> |
| <div class="line"><a name="l01266"></a><span class="lineno"> 1266</span>  authzConfig_);</div> |
| <div class="line"><a name="l01267"></a><span class="lineno"> 1267</span> </div> |
| <div class="line"><a name="l01268"></a><span class="lineno"> 1268</span>  <span class="comment">// Can select from table that user has privileges on.</span></div> |
| <div class="line"><a name="l01269"></a><span class="lineno"> 1269</span>  AuthzOk(context, <span class="stringliteral">"select * from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l01270"></a><span class="lineno"> 1270</span> </div> |
| <div class="line"><a name="l01271"></a><span class="lineno"> 1271</span>  <span class="comment">// Unqualified table name.</span></div> |
| <div class="line"><a name="l01272"></a><span class="lineno"> 1272</span>  AuthzError(context, <span class="stringliteral">"select * from alltypes"</span>,</div> |
| <div class="line"><a name="l01273"></a><span class="lineno"> 1273</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: default.alltypes"</span>,</div> |
| <div class="line"><a name="l01274"></a><span class="lineno"> 1274</span>  user);</div> |
| <div class="line"><a name="l01275"></a><span class="lineno"> 1275</span>  }</div> |
| <div class="line"><a name="l01276"></a><span class="lineno"> 1276</span>  <span class="comment">// If the first character is '/' or '@', the short username should be the same as</span></div> |
| <div class="line"><a name="l01277"></a><span class="lineno"> 1277</span>  <span class="comment">// the full username.</span></div> |
| <div class="line"><a name="l01278"></a><span class="lineno"> 1278</span>  assertEquals(<span class="stringliteral">"/"</span> + USER.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>(), <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(<span class="stringliteral">"/"</span> + USER.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>()).getShortName());</div> |
| <div class="line"><a name="l01279"></a><span class="lineno"> 1279</span>  assertEquals(<span class="stringliteral">"@"</span> + USER.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>(), <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(<span class="stringliteral">"@"</span> + USER.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>()).getShortName());</div> |
| <div class="line"><a name="l01280"></a><span class="lineno"> 1280</span>  }</div> |
| <div class="line"><a name="l01281"></a><span class="lineno"> 1281</span> </div> |
| <div class="line"><a name="l01282"></a><span class="lineno"> 1282</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01283"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a0a33504213603b77929fb7c35455f0dc"> 1283</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a0a33504213603b77929fb7c35455f0dc">TestFunction</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">ImpalaException</a> {</div> |
| <div class="line"><a name="l01284"></a><span class="lineno"> 1284</span>  <span class="comment">// First try with the less privileged user.</span></div> |
| <div class="line"><a name="l01285"></a><span class="lineno"> 1285</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> currentUser = USER;</div> |
| <div class="line"><a name="l01286"></a><span class="lineno"> 1286</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a> context = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a>(catalog_,</div> |
| <div class="line"><a name="l01287"></a><span class="lineno"> 1287</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html">TestUtils</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html#a6c9fa086559d58750e77fb02b21cedfd">createQueryContext</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html">Catalog</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html#a9f92d2cb3e8ca769090f3d0478c11734">DEFAULT_DB</a>, currentUser.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>()),</div> |
| <div class="line"><a name="l01288"></a><span class="lineno"> 1288</span>  authzConfig_);</div> |
| <div class="line"><a name="l01289"></a><span class="lineno"> 1289</span>  AuthzError(context, <span class="stringliteral">"show functions"</span>,</div> |
| <div class="line"><a name="l01290"></a><span class="lineno"> 1290</span>  <span class="stringliteral">"User '%s' does not have privileges to access: default"</span>, currentUser);</div> |
| <div class="line"><a name="l01291"></a><span class="lineno"> 1291</span>  AuthzOk(context, <span class="stringliteral">"show functions in tpch"</span>);</div> |
| <div class="line"><a name="l01292"></a><span class="lineno"> 1292</span> </div> |
| <div class="line"><a name="l01293"></a><span class="lineno"> 1293</span>  AuthzError(context, <span class="stringliteral">"create function f() returns int location "</span> +</div> |
| <div class="line"><a name="l01294"></a><span class="lineno"> 1294</span>  <span class="stringliteral">"'/test-warehouse/libTestUdfs.so' symbol='NoArgs'"</span>,</div> |
| <div class="line"><a name="l01295"></a><span class="lineno"> 1295</span>  <span class="stringliteral">"User '%s' does not have privileges to CREATE/DROP functions."</span>, currentUser);</div> |
| <div class="line"><a name="l01296"></a><span class="lineno"> 1296</span> </div> |
| <div class="line"><a name="l01297"></a><span class="lineno"> 1297</span>  AuthzError(context, <span class="stringliteral">"create function tpch.f() returns int location "</span> +</div> |
| <div class="line"><a name="l01298"></a><span class="lineno"> 1298</span>  <span class="stringliteral">"'/test-warehouse/libTestUdfs.so' symbol='NoArgs'"</span>,</div> |
| <div class="line"><a name="l01299"></a><span class="lineno"> 1299</span>  <span class="stringliteral">"User '%s' does not have privileges to CREATE/DROP functions."</span>, currentUser);</div> |
| <div class="line"><a name="l01300"></a><span class="lineno"> 1300</span> </div> |
| <div class="line"><a name="l01301"></a><span class="lineno"> 1301</span>  AuthzError(context, <span class="stringliteral">"create function notdb.f() returns int location "</span> +</div> |
| <div class="line"><a name="l01302"></a><span class="lineno"> 1302</span>  <span class="stringliteral">"'/test-warehouse/libTestUdfs.so' symbol='NoArgs'"</span>,</div> |
| <div class="line"><a name="l01303"></a><span class="lineno"> 1303</span>  <span class="stringliteral">"User '%s' does not have privileges to CREATE/DROP functions."</span>, currentUser);</div> |
| <div class="line"><a name="l01304"></a><span class="lineno"> 1304</span> </div> |
| <div class="line"><a name="l01305"></a><span class="lineno"> 1305</span>  AuthzError(context, <span class="stringliteral">"drop function if exists f()"</span>,</div> |
| <div class="line"><a name="l01306"></a><span class="lineno"> 1306</span>  <span class="stringliteral">"User '%s' does not have privileges to CREATE/DROP functions."</span>, currentUser);</div> |
| <div class="line"><a name="l01307"></a><span class="lineno"> 1307</span> </div> |
| <div class="line"><a name="l01308"></a><span class="lineno"> 1308</span>  AuthzError(context, <span class="stringliteral">"drop function notdb.f()"</span>,</div> |
| <div class="line"><a name="l01309"></a><span class="lineno"> 1309</span>  <span class="stringliteral">"User '%s' does not have privileges to CREATE/DROP functions."</span>, currentUser);</div> |
| <div class="line"><a name="l01310"></a><span class="lineno"> 1310</span> </div> |
| <div class="line"><a name="l01311"></a><span class="lineno"> 1311</span>  <span class="comment">// TODO: Add test support for dynamically changing privileges for</span></div> |
| <div class="line"><a name="l01312"></a><span class="lineno"> 1312</span>  <span class="comment">// file-based policy.</span></div> |
| <div class="line"><a name="l01313"></a><span class="lineno"> 1313</span>  <span class="keywordflow">if</span> (authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5768546a8fc8db18eb1a9256c1d80f76">isFileBasedPolicy</a>()) <span class="keywordflow">return</span>;</div> |
| <div class="line"><a name="l01314"></a><span class="lineno"> 1314</span> </div> |
| <div class="line"><a name="l01315"></a><span class="lineno"> 1315</span>  <span class="comment">// Admin should be able to do everything</span></div> |
| <div class="line"><a name="l01316"></a><span class="lineno"> 1316</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a> sentryService =</div> |
| <div class="line"><a name="l01317"></a><span class="lineno"> 1317</span>  <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a>(authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5ba958fd6bdecb5c2cac4f4171147c90">getSentryConfig</a>());</div> |
| <div class="line"><a name="l01318"></a><span class="lineno"> 1318</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l01319"></a><span class="lineno"> 1319</span>  sentryService.grantRoleToGroup(USER, <span class="stringliteral">"admin"</span>, USER.getName());</div> |
| <div class="line"><a name="l01320"></a><span class="lineno"> 1320</span>  ((<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">ImpaladTestCatalog</a>) catalog_).reset();</div> |
| <div class="line"><a name="l01321"></a><span class="lineno"> 1321</span> </div> |
| <div class="line"><a name="l01322"></a><span class="lineno"> 1322</span>  AuthzOk(<span class="stringliteral">"show functions"</span>);</div> |
| <div class="line"><a name="l01323"></a><span class="lineno"> 1323</span>  AuthzOk(<span class="stringliteral">"show functions in tpch"</span>);</div> |
| <div class="line"><a name="l01324"></a><span class="lineno"> 1324</span> </div> |
| <div class="line"><a name="l01325"></a><span class="lineno"> 1325</span>  AuthzOk(<span class="stringliteral">"create function f() returns int location "</span> +</div> |
| <div class="line"><a name="l01326"></a><span class="lineno"> 1326</span>  <span class="stringliteral">"'/test-warehouse/libTestUdfs.so' symbol='NoArgs'"</span>);</div> |
| <div class="line"><a name="l01327"></a><span class="lineno"> 1327</span>  AuthzOk(<span class="stringliteral">"create function tpch.f() returns int location "</span> +</div> |
| <div class="line"><a name="l01328"></a><span class="lineno"> 1328</span>  <span class="stringliteral">"'/test-warehouse/libTestUdfs.so' symbol='NoArgs'"</span>);</div> |
| <div class="line"><a name="l01329"></a><span class="lineno"> 1329</span>  AuthzOk(<span class="stringliteral">"drop function if exists f()"</span>);</div> |
| <div class="line"><a name="l01330"></a><span class="lineno"> 1330</span> </div> |
| <div class="line"><a name="l01331"></a><span class="lineno"> 1331</span>  <span class="comment">// Can't add function to system db</span></div> |
| <div class="line"><a name="l01332"></a><span class="lineno"> 1332</span>  AuthzError(<span class="stringliteral">"create function _impala_builtins.f() returns int location "</span> +</div> |
| <div class="line"><a name="l01333"></a><span class="lineno"> 1333</span>  <span class="stringliteral">"'/test-warehouse/libTestUdfs.so' symbol='NoArgs'"</span>,</div> |
| <div class="line"><a name="l01334"></a><span class="lineno"> 1334</span>  <span class="stringliteral">"Cannot modify system database."</span>);</div> |
| <div class="line"><a name="l01335"></a><span class="lineno"> 1335</span>  AuthzError(<span class="stringliteral">"drop function if exists pi()"</span>,</div> |
| <div class="line"><a name="l01336"></a><span class="lineno"> 1336</span>  <span class="stringliteral">"Cannot modify system database."</span>);</div> |
| <div class="line"><a name="l01337"></a><span class="lineno"> 1337</span> </div> |
| <div class="line"><a name="l01338"></a><span class="lineno"> 1338</span>  <span class="comment">// Add default.f(), tpch.f()</span></div> |
| <div class="line"><a name="l01339"></a><span class="lineno"> 1339</span>  catalog_.addFunction(<span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ScalarFunction.html">ScalarFunction</a>(<span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1FunctionName.html">FunctionName</a>(<span class="stringliteral">"default"</span>, <span class="stringliteral">"f"</span>),</div> |
| <div class="line"><a name="l01340"></a><span class="lineno"> 1340</span>  <span class="keyword">new</span> ArrayList<Type>(), <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html">Type</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html#aeda0ea0ab3d4d62510569d3593712868">INT</a>, null, null, null, null));</div> |
| <div class="line"><a name="l01341"></a><span class="lineno"> 1341</span>  catalog_.addFunction(<span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ScalarFunction.html">ScalarFunction</a>(<span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1FunctionName.html">FunctionName</a>(<span class="stringliteral">"tpch"</span>, <span class="stringliteral">"f"</span>),</div> |
| <div class="line"><a name="l01342"></a><span class="lineno"> 1342</span>  <span class="keyword">new</span> ArrayList<Type>(), <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html">Type</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html#aeda0ea0ab3d4d62510569d3593712868">INT</a>, null, null, null, null));</div> |
| <div class="line"><a name="l01343"></a><span class="lineno"> 1343</span> </div> |
| <div class="line"><a name="l01344"></a><span class="lineno"> 1344</span>  AuthzOk(<span class="stringliteral">"drop function tpch.f()"</span>);</div> |
| <div class="line"><a name="l01345"></a><span class="lineno"> 1345</span>  } <span class="keywordflow">finally</span> {</div> |
| <div class="line"><a name="l01346"></a><span class="lineno"> 1346</span>  sentryService.revokeRoleFromGroup(USER, <span class="stringliteral">"admin"</span>, USER.getName());</div> |
| <div class="line"><a name="l01347"></a><span class="lineno"> 1347</span>  ((<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">ImpaladTestCatalog</a>) catalog_).reset();</div> |
| <div class="line"><a name="l01348"></a><span class="lineno"> 1348</span> </div> |
| <div class="line"><a name="l01349"></a><span class="lineno"> 1349</span>  AuthzError(context, <span class="stringliteral">"create function tpch.f() returns int location "</span> +</div> |
| <div class="line"><a name="l01350"></a><span class="lineno"> 1350</span>  <span class="stringliteral">"'/test-warehouse/libTestUdfs.so' symbol='NoArgs'"</span>,</div> |
| <div class="line"><a name="l01351"></a><span class="lineno"> 1351</span>  <span class="stringliteral">"User '%s' does not have privileges to CREATE/DROP functions."</span>, currentUser);</div> |
| <div class="line"><a name="l01352"></a><span class="lineno"> 1352</span> </div> |
| <div class="line"><a name="l01353"></a><span class="lineno"> 1353</span>  <span class="comment">// Couldn't create tpch.f() but can run it.</span></div> |
| <div class="line"><a name="l01354"></a><span class="lineno"> 1354</span>  AuthzOk(<span class="stringliteral">"select tpch.f()"</span>);</div> |
| <div class="line"><a name="l01355"></a><span class="lineno"> 1355</span> </div> |
| <div class="line"><a name="l01356"></a><span class="lineno"> 1356</span>  <span class="comment">//Other tests don't expect tpch to contain functions</span></div> |
| <div class="line"><a name="l01357"></a><span class="lineno"> 1357</span>  <span class="comment">//Specifically, if these functions are not cleaned up, TestDropDatabase() will fail</span></div> |
| <div class="line"><a name="l01358"></a><span class="lineno"> 1358</span>  catalog_.removeFunction(<span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ScalarFunction.html">ScalarFunction</a>(<span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1FunctionName.html">FunctionName</a>(<span class="stringliteral">"default"</span>, <span class="stringliteral">"f"</span>),</div> |
| <div class="line"><a name="l01359"></a><span class="lineno"> 1359</span>  <span class="keyword">new</span> ArrayList<Type>(), <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html">Type</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html#aeda0ea0ab3d4d62510569d3593712868">INT</a>, null, null, null, null));</div> |
| <div class="line"><a name="l01360"></a><span class="lineno"> 1360</span>  catalog_.removeFunction(<span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ScalarFunction.html">ScalarFunction</a>(<span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1FunctionName.html">FunctionName</a>(<span class="stringliteral">"tpch"</span>, <span class="stringliteral">"f"</span>),</div> |
| <div class="line"><a name="l01361"></a><span class="lineno"> 1361</span>  <span class="keyword">new</span> ArrayList<Type>(), <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html">Type</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html#aeda0ea0ab3d4d62510569d3593712868">INT</a>, null, null, null, null));</div> |
| <div class="line"><a name="l01362"></a><span class="lineno"> 1362</span>  }</div> |
| <div class="line"><a name="l01363"></a><span class="lineno"> 1363</span>  }</div> |
| <div class="line"><a name="l01364"></a><span class="lineno"> 1364</span> </div> |
| <div class="line"><a name="l01365"></a><span class="lineno"> 1365</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01366"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a0c4641874e1196ffad4975528400029e"> 1366</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a0c4641874e1196ffad4975528400029e">TestServerNameAuthorized</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01367"></a><span class="lineno"> 1367</span>  <span class="keywordflow">if</span> (authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5768546a8fc8db18eb1a9256c1d80f76">isFileBasedPolicy</a>()) {</div> |
| <div class="line"><a name="l01368"></a><span class="lineno"> 1368</span>  <span class="comment">// Authorization config that has a different server name from policy file.</span></div> |
| <div class="line"><a name="l01369"></a><span class="lineno"> 1369</span>  TestWithIncorrectConfig(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a6711728ec210e600436c1a9492cfca6b">createHadoopGroupAuthConfig</a>(</div> |
| <div class="line"><a name="l01370"></a><span class="lineno"> 1370</span>  <span class="stringliteral">"differentServerName"</span>, AUTHZ_POLICY_FILE, <span class="stringliteral">""</span>),</div> |
| <div class="line"><a name="l01371"></a><span class="lineno"> 1371</span>  <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(System.getProperty(<span class="stringliteral">"user.name"</span>)));</div> |
| <div class="line"><a name="l01372"></a><span class="lineno"> 1372</span>  } <span class="comment">// TODO: Test using policy server.</span></div> |
| <div class="line"><a name="l01373"></a><span class="lineno"> 1373</span>  }</div> |
| <div class="line"><a name="l01374"></a><span class="lineno"> 1374</span> </div> |
| <div class="line"><a name="l01375"></a><span class="lineno"> 1375</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01376"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a951eeca73b2d32b3388e41451d9d040b"> 1376</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a951eeca73b2d32b3388e41451d9d040b">TestNoPermissionsWhenPolicyFileDoesNotExist</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01377"></a><span class="lineno"> 1377</span>  <span class="comment">// Test doesn't make sense except for file based policies.</span></div> |
| <div class="line"><a name="l01378"></a><span class="lineno"> 1378</span>  <span class="keywordflow">if</span> (!authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5768546a8fc8db18eb1a9256c1d80f76">isFileBasedPolicy</a>()) <span class="keywordflow">return</span>;</div> |
| <div class="line"><a name="l01379"></a><span class="lineno"> 1379</span> </div> |
| <div class="line"><a name="l01380"></a><span class="lineno"> 1380</span>  <span class="comment">// Validate a non-existent policy file.</span></div> |
| <div class="line"><a name="l01381"></a><span class="lineno"> 1381</span>  <span class="comment">// Use a HadoopGroupProvider in this case so the user -> group mappings can still be</span></div> |
| <div class="line"><a name="l01382"></a><span class="lineno"> 1382</span>  <span class="comment">// resolved in the absence of the policy file.</span></div> |
| <div class="line"><a name="l01383"></a><span class="lineno"> 1383</span>  TestWithIncorrectConfig(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a6711728ec210e600436c1a9492cfca6b">createHadoopGroupAuthConfig</a>(<span class="stringliteral">"server1"</span>,</div> |
| <div class="line"><a name="l01384"></a><span class="lineno"> 1384</span>  AUTHZ_POLICY_FILE + <span class="stringliteral">"_does_not_exist"</span>, <span class="stringliteral">""</span>),</div> |
| <div class="line"><a name="l01385"></a><span class="lineno"> 1385</span>  <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(System.getProperty(<span class="stringliteral">"user.name"</span>)));</div> |
| <div class="line"><a name="l01386"></a><span class="lineno"> 1386</span>  }</div> |
| <div class="line"><a name="l01387"></a><span class="lineno"> 1387</span> </div> |
| <div class="line"><a name="l01388"></a><span class="lineno"> 1388</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01389"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a9f1bc5248ae7350d1be14cbecfddb4b1"> 1389</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a9f1bc5248ae7350d1be14cbecfddb4b1">TestConfigValidation</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1InternalException.html">InternalException</a> {</div> |
| <div class="line"><a name="l01390"></a><span class="lineno"> 1390</span>  String sentryConfig = authzConfig_.getSentryConfig().getConfigFile();</div> |
| <div class="line"><a name="l01391"></a><span class="lineno"> 1391</span>  <span class="comment">// Valid configs pass validation.</span></div> |
| <div class="line"><a name="l01392"></a><span class="lineno"> 1392</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a> config = AuthorizationConfig.createHadoopGroupAuthConfig(</div> |
| <div class="line"><a name="l01393"></a><span class="lineno"> 1393</span>  <span class="stringliteral">"server1"</span>, AUTHZ_POLICY_FILE, sentryConfig);</div> |
| <div class="line"><a name="l01394"></a><span class="lineno"> 1394</span>  config.validateConfig();</div> |
| <div class="line"><a name="l01395"></a><span class="lineno"> 1395</span>  Assert.assertTrue(config.isEnabled());</div> |
| <div class="line"><a name="l01396"></a><span class="lineno"> 1396</span>  Assert.assertTrue(config.isFileBasedPolicy());</div> |
| <div class="line"><a name="l01397"></a><span class="lineno"> 1397</span> </div> |
| <div class="line"><a name="l01398"></a><span class="lineno"> 1398</span>  config = AuthorizationConfig.createHadoopGroupAuthConfig(<span class="stringliteral">"server1"</span>, null,</div> |
| <div class="line"><a name="l01399"></a><span class="lineno"> 1399</span>  sentryConfig);</div> |
| <div class="line"><a name="l01400"></a><span class="lineno"> 1400</span>  config.validateConfig();</div> |
| <div class="line"><a name="l01401"></a><span class="lineno"> 1401</span>  Assert.assertTrue(config.isEnabled());</div> |
| <div class="line"><a name="l01402"></a><span class="lineno"> 1402</span>  Assert.assertTrue(!config.isFileBasedPolicy());</div> |
| <div class="line"><a name="l01403"></a><span class="lineno"> 1403</span> </div> |
| <div class="line"><a name="l01404"></a><span class="lineno"> 1404</span>  <span class="comment">// Invalid configs</span></div> |
| <div class="line"><a name="l01405"></a><span class="lineno"> 1405</span>  <span class="comment">// No sentry configuration file.</span></div> |
| <div class="line"><a name="l01406"></a><span class="lineno"> 1406</span>  config = AuthorizationConfig.createHadoopGroupAuthConfig(</div> |
| <div class="line"><a name="l01407"></a><span class="lineno"> 1407</span>  <span class="stringliteral">"server1"</span>, AUTHZ_POLICY_FILE, null);</div> |
| <div class="line"><a name="l01408"></a><span class="lineno"> 1408</span>  Assert.assertTrue(config.isEnabled());</div> |
| <div class="line"><a name="l01409"></a><span class="lineno"> 1409</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l01410"></a><span class="lineno"> 1410</span>  config.validateConfig();</div> |
| <div class="line"><a name="l01411"></a><span class="lineno"> 1411</span>  } <span class="keywordflow">catch</span> (Exception e) {</div> |
| <div class="line"><a name="l01412"></a><span class="lineno"> 1412</span>  Assert.assertEquals(e.getMessage(), <span class="stringliteral">"A valid path to a sentry-site.xml config "</span> +</div> |
| <div class="line"><a name="l01413"></a><span class="lineno"> 1413</span>  <span class="stringliteral">"file must be set using --sentry_config to enable authorization."</span>);</div> |
| <div class="line"><a name="l01414"></a><span class="lineno"> 1414</span>  }</div> |
| <div class="line"><a name="l01415"></a><span class="lineno"> 1415</span> </div> |
| <div class="line"><a name="l01416"></a><span class="lineno"> 1416</span>  <span class="comment">// Empty / null server name.</span></div> |
| <div class="line"><a name="l01417"></a><span class="lineno"> 1417</span>  config = AuthorizationConfig.createHadoopGroupAuthConfig(</div> |
| <div class="line"><a name="l01418"></a><span class="lineno"> 1418</span>  <span class="stringliteral">""</span>, AUTHZ_POLICY_FILE, sentryConfig);</div> |
| <div class="line"><a name="l01419"></a><span class="lineno"> 1419</span>  Assert.assertTrue(config.isEnabled());</div> |
| <div class="line"><a name="l01420"></a><span class="lineno"> 1420</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l01421"></a><span class="lineno"> 1421</span>  config.validateConfig();</div> |
| <div class="line"><a name="l01422"></a><span class="lineno"> 1422</span>  fail(<span class="stringliteral">"Expected configuration to fail."</span>);</div> |
| <div class="line"><a name="l01423"></a><span class="lineno"> 1423</span>  } <span class="keywordflow">catch</span> (IllegalArgumentException e) {</div> |
| <div class="line"><a name="l01424"></a><span class="lineno"> 1424</span>  Assert.assertEquals(e.getMessage(),</div> |
| <div class="line"><a name="l01425"></a><span class="lineno"> 1425</span>  <span class="stringliteral">"Authorization is enabled but the server name is null or empty. Set the "</span> +</div> |
| <div class="line"><a name="l01426"></a><span class="lineno"> 1426</span>  <span class="stringliteral">"server name using the impalad --server_name flag."</span>);</div> |
| <div class="line"><a name="l01427"></a><span class="lineno"> 1427</span>  }</div> |
| <div class="line"><a name="l01428"></a><span class="lineno"> 1428</span>  config = AuthorizationConfig.createHadoopGroupAuthConfig(null, AUTHZ_POLICY_FILE,</div> |
| <div class="line"><a name="l01429"></a><span class="lineno"> 1429</span>  sentryConfig);</div> |
| <div class="line"><a name="l01430"></a><span class="lineno"> 1430</span>  Assert.assertTrue(config.isEnabled());</div> |
| <div class="line"><a name="l01431"></a><span class="lineno"> 1431</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l01432"></a><span class="lineno"> 1432</span>  config.validateConfig();</div> |
| <div class="line"><a name="l01433"></a><span class="lineno"> 1433</span>  fail(<span class="stringliteral">"Expected configuration to fail."</span>);</div> |
| <div class="line"><a name="l01434"></a><span class="lineno"> 1434</span>  } <span class="keywordflow">catch</span> (IllegalArgumentException e) {</div> |
| <div class="line"><a name="l01435"></a><span class="lineno"> 1435</span>  Assert.assertEquals(e.getMessage(),</div> |
| <div class="line"><a name="l01436"></a><span class="lineno"> 1436</span>  <span class="stringliteral">"Authorization is enabled but the server name is null or empty. Set the "</span> +</div> |
| <div class="line"><a name="l01437"></a><span class="lineno"> 1437</span>  <span class="stringliteral">"server name using the impalad --server_name flag."</span>);</div> |
| <div class="line"><a name="l01438"></a><span class="lineno"> 1438</span>  }</div> |
| <div class="line"><a name="l01439"></a><span class="lineno"> 1439</span> </div> |
| <div class="line"><a name="l01440"></a><span class="lineno"> 1440</span>  <span class="comment">// Sentry config file does not exist.</span></div> |
| <div class="line"><a name="l01441"></a><span class="lineno"> 1441</span>  config = AuthorizationConfig.createHadoopGroupAuthConfig(<span class="stringliteral">"server1"</span>, <span class="stringliteral">""</span>,</div> |
| <div class="line"><a name="l01442"></a><span class="lineno"> 1442</span>  <span class="stringliteral">"/path/does/not/exist.xml"</span>);</div> |
| <div class="line"><a name="l01443"></a><span class="lineno"> 1443</span>  Assert.assertTrue(config.isEnabled());</div> |
| <div class="line"><a name="l01444"></a><span class="lineno"> 1444</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l01445"></a><span class="lineno"> 1445</span>  config.validateConfig();</div> |
| <div class="line"><a name="l01446"></a><span class="lineno"> 1446</span>  fail(<span class="stringliteral">"Expected configuration to fail."</span>);</div> |
| <div class="line"><a name="l01447"></a><span class="lineno"> 1447</span>  } <span class="keywordflow">catch</span> (Exception e) {</div> |
| <div class="line"><a name="l01448"></a><span class="lineno"> 1448</span>  Assert.assertEquals(e.getMessage(),</div> |
| <div class="line"><a name="l01449"></a><span class="lineno"> 1449</span>  <span class="stringliteral">"Sentry configuration file does not exist: /path/does/not/exist.xml"</span>);</div> |
| <div class="line"><a name="l01450"></a><span class="lineno"> 1450</span>  }</div> |
| <div class="line"><a name="l01451"></a><span class="lineno"> 1451</span> </div> |
| <div class="line"><a name="l01452"></a><span class="lineno"> 1452</span>  <span class="comment">// Invalid ResourcePolicyProvider class name.</span></div> |
| <div class="line"><a name="l01453"></a><span class="lineno"> 1453</span>  config = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a>(<span class="stringliteral">"server1"</span>, AUTHZ_POLICY_FILE, <span class="stringliteral">""</span>,</div> |
| <div class="line"><a name="l01454"></a><span class="lineno"> 1454</span>  <span class="stringliteral">"ClassDoesNotExist"</span>);</div> |
| <div class="line"><a name="l01455"></a><span class="lineno"> 1455</span>  Assert.assertTrue(config.isEnabled());</div> |
| <div class="line"><a name="l01456"></a><span class="lineno"> 1456</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l01457"></a><span class="lineno"> 1457</span>  config.validateConfig();</div> |
| <div class="line"><a name="l01458"></a><span class="lineno"> 1458</span>  fail(<span class="stringliteral">"Expected configuration to fail."</span>);</div> |
| <div class="line"><a name="l01459"></a><span class="lineno"> 1459</span>  } <span class="keywordflow">catch</span> (IllegalArgumentException e) {</div> |
| <div class="line"><a name="l01460"></a><span class="lineno"> 1460</span>  Assert.assertEquals(e.getMessage(),</div> |
| <div class="line"><a name="l01461"></a><span class="lineno"> 1461</span>  <span class="stringliteral">"The authorization policy provider class 'ClassDoesNotExist' was not found."</span>);</div> |
| <div class="line"><a name="l01462"></a><span class="lineno"> 1462</span>  }</div> |
| <div class="line"><a name="l01463"></a><span class="lineno"> 1463</span> </div> |
| <div class="line"><a name="l01464"></a><span class="lineno"> 1464</span>  <span class="comment">// Valid class name, but class is not derived from ResourcePolicyProvider</span></div> |
| <div class="line"><a name="l01465"></a><span class="lineno"> 1465</span>  config = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a>(<span class="stringliteral">"server1"</span>, AUTHZ_POLICY_FILE, <span class="stringliteral">""</span>,</div> |
| <div class="line"><a name="l01466"></a><span class="lineno"> 1466</span>  this.getClass().getName());</div> |
| <div class="line"><a name="l01467"></a><span class="lineno"> 1467</span>  Assert.assertTrue(config.isEnabled());</div> |
| <div class="line"><a name="l01468"></a><span class="lineno"> 1468</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l01469"></a><span class="lineno"> 1469</span>  config.validateConfig();</div> |
| <div class="line"><a name="l01470"></a><span class="lineno"> 1470</span>  fail(<span class="stringliteral">"Expected configuration to fail."</span>);</div> |
| <div class="line"><a name="l01471"></a><span class="lineno"> 1471</span>  } <span class="keywordflow">catch</span> (IllegalArgumentException e) {</div> |
| <div class="line"><a name="l01472"></a><span class="lineno"> 1472</span>  Assert.assertEquals(e.getMessage(), String.format(<span class="stringliteral">"The authorization policy "</span> +</div> |
| <div class="line"><a name="l01473"></a><span class="lineno"> 1473</span>  <span class="stringliteral">"provider class '%s' must be a subclass of '%s'."</span>, <span class="keyword">this</span>.getClass().getName(),</div> |
| <div class="line"><a name="l01474"></a><span class="lineno"> 1474</span>  ResourceAuthorizationProvider.class.getName()));</div> |
| <div class="line"><a name="l01475"></a><span class="lineno"> 1475</span>  }</div> |
| <div class="line"><a name="l01476"></a><span class="lineno"> 1476</span> </div> |
| <div class="line"><a name="l01477"></a><span class="lineno"> 1477</span>  <span class="comment">// Config validations skipped if authorization disabled</span></div> |
| <div class="line"><a name="l01478"></a><span class="lineno"> 1478</span>  config = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a>(<span class="stringliteral">""</span>, <span class="stringliteral">""</span>, <span class="stringliteral">""</span>, <span class="stringliteral">""</span>);</div> |
| <div class="line"><a name="l01479"></a><span class="lineno"> 1479</span>  Assert.assertFalse(config.isEnabled());</div> |
| <div class="line"><a name="l01480"></a><span class="lineno"> 1480</span>  config = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a>(null, <span class="stringliteral">""</span>, <span class="stringliteral">""</span>, null);</div> |
| <div class="line"><a name="l01481"></a><span class="lineno"> 1481</span>  Assert.assertFalse(config.isEnabled());</div> |
| <div class="line"><a name="l01482"></a><span class="lineno"> 1482</span>  config = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a>(<span class="stringliteral">""</span>, null, <span class="stringliteral">""</span>, <span class="stringliteral">""</span>);</div> |
| <div class="line"><a name="l01483"></a><span class="lineno"> 1483</span>  Assert.assertFalse(config.isEnabled());</div> |
| <div class="line"><a name="l01484"></a><span class="lineno"> 1484</span>  config = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a>(null, null, null, null);</div> |
| <div class="line"><a name="l01485"></a><span class="lineno"> 1485</span>  Assert.assertFalse(config.isEnabled());</div> |
| <div class="line"><a name="l01486"></a><span class="lineno"> 1486</span>  }</div> |
| <div class="line"><a name="l01487"></a><span class="lineno"> 1487</span> </div> |
| <div class="line"><a name="l01488"></a><span class="lineno"> 1488</span>  @<a class="code" href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div> |
| <div class="line"><a name="l01489"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa88f07abf7b0488e465ec9e5773d41a5"> 1489</a></span>  <span class="keyword">public</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa88f07abf7b0488e465ec9e5773d41a5">TestLocalGroupPolicyProvider</a>() throws <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a>,</div> |
| <div class="line"><a name="l01490"></a><span class="lineno"> 1490</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a> {</div> |
| <div class="line"><a name="l01491"></a><span class="lineno"> 1491</span>  <span class="keywordflow">if</span> (!authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5768546a8fc8db18eb1a9256c1d80f76">isFileBasedPolicy</a>()) <span class="keywordflow">return</span>;</div> |
| <div class="line"><a name="l01492"></a><span class="lineno"> 1492</span>  <span class="comment">// Use an authorization configuration that uses the</span></div> |
| <div class="line"><a name="l01493"></a><span class="lineno"> 1493</span>  <span class="comment">// LocalGroupResourceAuthorizationProvider.</span></div> |
| <div class="line"><a name="l01494"></a><span class="lineno"> 1494</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a> authzConfig = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a>(<span class="stringliteral">"server1"</span>,</div> |
| <div class="line"><a name="l01495"></a><span class="lineno"> 1495</span>  AUTHZ_POLICY_FILE, <span class="stringliteral">""</span>,</div> |
| <div class="line"><a name="l01496"></a><span class="lineno"> 1496</span>  LocalGroupResourceAuthorizationProvider.class.getName());</div> |
| <div class="line"><a name="l01497"></a><span class="lineno"> 1497</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ImpaladCatalog.html">ImpaladCatalog</a> catalog = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">ImpaladTestCatalog</a>(authzConfig);</div> |
| <div class="line"><a name="l01498"></a><span class="lineno"> 1498</span> </div> |
| <div class="line"><a name="l01499"></a><span class="lineno"> 1499</span>  <span class="comment">// Create an analysis context + FE with the test user (as defined in the policy file)</span></div> |
| <div class="line"><a name="l01500"></a><span class="lineno"> 1500</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> user = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(<span class="stringliteral">"test_user"</span>);</div> |
| <div class="line"><a name="l01501"></a><span class="lineno"> 1501</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a> context = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a>(catalog,</div> |
| <div class="line"><a name="l01502"></a><span class="lineno"> 1502</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html">TestUtils</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html#a6c9fa086559d58750e77fb02b21cedfd">createQueryContext</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html">Catalog</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html#a9f92d2cb3e8ca769090f3d0478c11734">DEFAULT_DB</a>, user.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>()), authzConfig);</div> |
| <div class="line"><a name="l01503"></a><span class="lineno"> 1503</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">Frontend</a> fe = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">Frontend</a>(authzConfig, catalog);</div> |
| <div class="line"><a name="l01504"></a><span class="lineno"> 1504</span> </div> |
| <div class="line"><a name="l01505"></a><span class="lineno"> 1505</span>  <span class="comment">// Can select from table that user has privileges on.</span></div> |
| <div class="line"><a name="l01506"></a><span class="lineno"> 1506</span>  AuthzOk(fe, context, <span class="stringliteral">"select * from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l01507"></a><span class="lineno"> 1507</span>  <span class="comment">// Does not have privileges to execute a query</span></div> |
| <div class="line"><a name="l01508"></a><span class="lineno"> 1508</span>  AuthzError(fe, context, <span class="stringliteral">"select * from functional.alltypes"</span>,</div> |
| <div class="line"><a name="l01509"></a><span class="lineno"> 1509</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: functional.alltypes"</span>,</div> |
| <div class="line"><a name="l01510"></a><span class="lineno"> 1510</span>  user);</div> |
| <div class="line"><a name="l01511"></a><span class="lineno"> 1511</span> </div> |
| <div class="line"><a name="l01512"></a><span class="lineno"> 1512</span>  <span class="comment">// Verify with the admin user</span></div> |
| <div class="line"><a name="l01513"></a><span class="lineno"> 1513</span>  user = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a>(<span class="stringliteral">"admin_user"</span>);</div> |
| <div class="line"><a name="l01514"></a><span class="lineno"> 1514</span>  context = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a>(catalog,</div> |
| <div class="line"><a name="l01515"></a><span class="lineno"> 1515</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html">TestUtils</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html#a6c9fa086559d58750e77fb02b21cedfd">createQueryContext</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html">Catalog</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html#a9f92d2cb3e8ca769090f3d0478c11734">DEFAULT_DB</a>, user.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>()), authzConfig);</div> |
| <div class="line"><a name="l01516"></a><span class="lineno"> 1516</span>  fe = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">Frontend</a>(authzConfig, catalog);</div> |
| <div class="line"><a name="l01517"></a><span class="lineno"> 1517</span> </div> |
| <div class="line"><a name="l01518"></a><span class="lineno"> 1518</span>  <span class="comment">// Admin user should have privileges to do anything</span></div> |
| <div class="line"><a name="l01519"></a><span class="lineno"> 1519</span>  AuthzOk(fe, context, <span class="stringliteral">"select * from functional.alltypesagg"</span>);</div> |
| <div class="line"><a name="l01520"></a><span class="lineno"> 1520</span>  AuthzOk(fe, context, <span class="stringliteral">"select * from functional.alltypes"</span>);</div> |
| <div class="line"><a name="l01521"></a><span class="lineno"> 1521</span>  AuthzOk(fe, context, <span class="stringliteral">"invalidate metadata"</span>);</div> |
| <div class="line"><a name="l01522"></a><span class="lineno"> 1522</span>  }</div> |
| <div class="line"><a name="l01523"></a><span class="lineno"> 1523</span> </div> |
| <div class="line"><a name="l01524"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ad968be7c56b4c5aa4f807c17f5993228"> 1524</a></span>  <span class="keyword">private</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ad968be7c56b4c5aa4f807c17f5993228">TestWithIncorrectConfig</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">AuthorizationConfig</a> authzConfig, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> user)</div> |
| <div class="line"><a name="l01525"></a><span class="lineno"> 1525</span>  <span class="keywordflow">throws</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01526"></a><span class="lineno"> 1526</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">Frontend</a> fe = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">Frontend</a>(authzConfig, catalog_);</div> |
| <div class="line"><a name="l01527"></a><span class="lineno"> 1527</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a> ac = <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a>(<span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">ImpaladTestCatalog</a>(),</div> |
| <div class="line"><a name="l01528"></a><span class="lineno"> 1528</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html">TestUtils</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html#a6c9fa086559d58750e77fb02b21cedfd">createQueryContext</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html">Catalog</a>.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html#a9f92d2cb3e8ca769090f3d0478c11734">DEFAULT_DB</a>, user.getName()), authzConfig);</div> |
| <div class="line"><a name="l01529"></a><span class="lineno"> 1529</span>  AuthzError(fe, ac, <span class="stringliteral">"select * from functional.alltypesagg"</span>,</div> |
| <div class="line"><a name="l01530"></a><span class="lineno"> 1530</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'SELECT' on: "</span> +</div> |
| <div class="line"><a name="l01531"></a><span class="lineno"> 1531</span>  <span class="stringliteral">"functional.alltypesagg"</span>, user);</div> |
| <div class="line"><a name="l01532"></a><span class="lineno"> 1532</span>  AuthzError(fe, ac, <span class="stringliteral">"ALTER TABLE functional_seq_snap.alltypes ADD COLUMNS (c1 int)"</span>,</div> |
| <div class="line"><a name="l01533"></a><span class="lineno"> 1533</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'ALTER' on: "</span> +</div> |
| <div class="line"><a name="l01534"></a><span class="lineno"> 1534</span>  <span class="stringliteral">"functional_seq_snap.alltypes"</span>, user);</div> |
| <div class="line"><a name="l01535"></a><span class="lineno"> 1535</span>  AuthzError(fe, ac, <span class="stringliteral">"drop table tpch.lineitem"</span>,</div> |
| <div class="line"><a name="l01536"></a><span class="lineno"> 1536</span>  <span class="stringliteral">"User '%s' does not have privileges to execute 'DROP' on: tpch.lineitem"</span>,</div> |
| <div class="line"><a name="l01537"></a><span class="lineno"> 1537</span>  user);</div> |
| <div class="line"><a name="l01538"></a><span class="lineno"> 1538</span>  AuthzError(fe, ac, <span class="stringliteral">"show tables in functional"</span>,</div> |
| <div class="line"><a name="l01539"></a><span class="lineno"> 1539</span>  <span class="stringliteral">"User '%s' does not have privileges to access: functional.*"</span>, user);</div> |
| <div class="line"><a name="l01540"></a><span class="lineno"> 1540</span>  }</div> |
| <div class="line"><a name="l01541"></a><span class="lineno"> 1541</span> </div> |
| <div class="line"><a name="l01542"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a4c8e72e843b03b5b00f9c2c08ba9929d"> 1542</a></span>  <span class="keyword">private</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a4c8e72e843b03b5b00f9c2c08ba9929d">AuthzOk</a>(String stmt) <span class="keywordflow">throws</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">AuthorizationException</a>,</div> |
| <div class="line"><a name="l01543"></a><span class="lineno"> 1543</span>  <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01544"></a><span class="lineno"> 1544</span>  AuthzOk(analysisContext_, stmt);</div> |
| <div class="line"><a name="l01545"></a><span class="lineno"> 1545</span>  }</div> |
| <div class="line"><a name="l01546"></a><span class="lineno"> 1546</span> </div> |
| <div class="line"><a name="l01547"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#acb05141085c7f9a49956388c89a19d0a"> 1547</a></span>  <span class="keyword">private</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#acb05141085c7f9a49956388c89a19d0a">AuthzOk</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a> context, String stmt)</div> |
| <div class="line"><a name="l01548"></a><span class="lineno"> 1548</span>  <span class="keywordflow">throws</span> AuthorizationException, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01549"></a><span class="lineno"> 1549</span>  AuthzOk(fe_, context, stmt);</div> |
| <div class="line"><a name="l01550"></a><span class="lineno"> 1550</span>  }</div> |
| <div class="line"><a name="l01551"></a><span class="lineno"> 1551</span> </div> |
| <div class="line"><a name="l01552"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a18f39d22b89af1e7ca1be97e9d5f2c4a"> 1552</a></span>  <span class="keyword">private</span> <span class="keyword">static</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a18f39d22b89af1e7ca1be97e9d5f2c4a">AuthzOk</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">Frontend</a> fe, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a> context, String stmt)</div> |
| <div class="line"><a name="l01553"></a><span class="lineno"> 1553</span>  <span class="keywordflow">throws</span> AuthorizationException, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01554"></a><span class="lineno"> 1554</span>  context.analyze(stmt);</div> |
| <div class="line"><a name="l01555"></a><span class="lineno"> 1555</span>  context.getAnalyzer().authorize(fe.getAuthzChecker());</div> |
| <div class="line"><a name="l01556"></a><span class="lineno"> 1556</span>  }</div> |
| <div class="line"><a name="l01557"></a><span class="lineno"> 1557</span> </div> |
| <div class="line"><a name="l01562"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a3084988aaa910403da7efd3e0dce63e4"> 1562</a></span>  <span class="keyword">private</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a3084988aaa910403da7efd3e0dce63e4">AuthzError</a>(String stmt, String expectedErrorString)</div> |
| <div class="line"><a name="l01563"></a><span class="lineno"> 1563</span>  <span class="keywordflow">throws</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01564"></a><span class="lineno"> 1564</span>  AuthzError(analysisContext_, stmt, expectedErrorString, USER);</div> |
| <div class="line"><a name="l01565"></a><span class="lineno"> 1565</span>  }</div> |
| <div class="line"><a name="l01566"></a><span class="lineno"> 1566</span> </div> |
| <div class="line"><a name="l01567"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a4222d310466ba905e94cf9d8eecf2393"> 1567</a></span>  <span class="keyword">private</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a4222d310466ba905e94cf9d8eecf2393">AuthzError</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a> analysisContext,</div> |
| <div class="line"><a name="l01568"></a><span class="lineno"> 1568</span>  String stmt, String expectedErrorString, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> user) <span class="keywordflow">throws</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01569"></a><span class="lineno"> 1569</span>  AuthzError(fe_, analysisContext, stmt, expectedErrorString, user);</div> |
| <div class="line"><a name="l01570"></a><span class="lineno"> 1570</span>  }</div> |
| <div class="line"><a name="l01571"></a><span class="lineno"> 1571</span> </div> |
| <div class="line"><a name="l01572"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a7afb9ea0750563f805d30569ac29d601"> 1572</a></span>  <span class="keyword">private</span> <span class="keyword">static</span> <span class="keywordtype">void</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a7afb9ea0750563f805d30569ac29d601">AuthzError</a>(<a class="code" href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">Frontend</a> fe, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">AnalysisContext</a> analysisContext,</div> |
| <div class="line"><a name="l01573"></a><span class="lineno"> 1573</span>  String stmt, String expectedErrorString, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> user) <span class="keywordflow">throws</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">AnalysisException</a> {</div> |
| <div class="line"><a name="l01574"></a><span class="lineno"> 1574</span>  Preconditions.checkNotNull(expectedErrorString);</div> |
| <div class="line"><a name="l01575"></a><span class="lineno"> 1575</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l01576"></a><span class="lineno"> 1576</span>  <span class="keywordflow">try</span> {</div> |
| <div class="line"><a name="l01577"></a><span class="lineno"> 1577</span>  analysisContext.analyze(stmt);</div> |
| <div class="line"><a name="l01578"></a><span class="lineno"> 1578</span>  } <span class="keywordflow">finally</span> {</div> |
| <div class="line"><a name="l01579"></a><span class="lineno"> 1579</span>  analysisContext.getAnalyzer().authorize(fe.getAuthzChecker());</div> |
| <div class="line"><a name="l01580"></a><span class="lineno"> 1580</span>  }</div> |
| <div class="line"><a name="l01581"></a><span class="lineno"> 1581</span>  } <span class="keywordflow">catch</span> (AuthorizationException e) {</div> |
| <div class="line"><a name="l01582"></a><span class="lineno"> 1582</span>  <span class="comment">// Insert the username into the error.</span></div> |
| <div class="line"><a name="l01583"></a><span class="lineno"> 1583</span>  expectedErrorString = String.format(expectedErrorString, user.getName());</div> |
| <div class="line"><a name="l01584"></a><span class="lineno"> 1584</span>  String errorString = e.getMessage();</div> |
| <div class="line"><a name="l01585"></a><span class="lineno"> 1585</span>  Assert.assertTrue(</div> |
| <div class="line"><a name="l01586"></a><span class="lineno"> 1586</span>  <span class="stringliteral">"got error:\n"</span> + errorString + <span class="stringliteral">"\nexpected:\n"</span> + expectedErrorString,</div> |
| <div class="line"><a name="l01587"></a><span class="lineno"> 1587</span>  errorString.startsWith(expectedErrorString));</div> |
| <div class="line"><a name="l01588"></a><span class="lineno"> 1588</span>  <span class="keywordflow">return</span>;</div> |
| <div class="line"><a name="l01589"></a><span class="lineno"> 1589</span>  }</div> |
| <div class="line"><a name="l01590"></a><span class="lineno"> 1590</span>  fail(<span class="stringliteral">"Stmt didn't result in authorization error: "</span> + stmt);</div> |
| <div class="line"><a name="l01591"></a><span class="lineno"> 1591</span>  }</div> |
| <div class="line"><a name="l01592"></a><span class="lineno"> 1592</span> </div> |
| <div class="line"><a name="l01593"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a44cc7bb25f8c6f8ae0d9b32ec08bb046"> 1593</a></span>  <span class="keyword">private</span> <span class="keyword">static</span> TSessionState <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a44cc7bb25f8c6f8ae0d9b32ec08bb046">createSessionState</a>(String defaultDb, <a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">User</a> user) {</div> |
| <div class="line"><a name="l01594"></a><span class="lineno"> 1594</span>  <span class="keywordflow">return</span> <span class="keyword">new</span> TSessionState(null, null,</div> |
| <div class="line"><a name="l01595"></a><span class="lineno"> 1595</span>  defaultDb, user.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">getName</a>(), <span class="keyword">new</span> TNetworkAddress(<span class="stringliteral">""</span>, 0));</div> |
| <div class="line"><a name="l01596"></a><span class="lineno"> 1596</span>  }</div> |
| <div class="line"><a name="l01597"></a><span class="lineno"> 1597</span> </div> |
| <div class="line"><a name="l01598"></a><span class="lineno"><a class="line" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#af440dbf882aec7d8a9fe79bede11eac6"> 1598</a></span>  <span class="keyword">private</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#af440dbf882aec7d8a9fe79bede11eac6">createSentryService</a>() {</div> |
| <div class="line"><a name="l01599"></a><span class="lineno"> 1599</span>  <span class="keywordflow">return</span> <span class="keyword">new</span> <a class="code" href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">SentryPolicyService</a>(authzConfig_.<a class="code" href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5ba958fd6bdecb5c2cac4f4171147c90">getSentryConfig</a>());</div> |
| <div class="line"><a name="l01600"></a><span class="lineno"> 1600</span>  }</div> |
| <div class="line"><a name="l01601"></a><span class="lineno"> 1601</span> }</div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a96a4d7a3e149df9912cc7e7694cb2920"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a96a4d7a3e149df9912cc7e7694cb2920">com.cloudera.impala.analysis.AuthorizationTest.TestSelect</a></div><div class="ttdeci">void TestSelect()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00293">AuthorizationTest.java:293</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html">com.cloudera.impala.catalog.Catalog</a></div><div class="ttdef"><b>Definition:</b> <a href="Catalog_8java_source.html#l00053">Catalog.java:53</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a60442b9127a348c1d28281f05d4534b4"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a60442b9127a348c1d28281f05d4534b4">com.cloudera.impala.analysis.AuthorizationTest.TestDropTable</a></div><div class="ttdeci">void TestDropTable()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00768">AuthorizationTest.java:768</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html">com.cloudera.impala.authorization.User</a></div><div class="ttdef"><b>Definition:</b> <a href="User_8java_source.html#l00022">User.java:22</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a6aae43733fd25f6593a629438c0d8e08"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a6aae43733fd25f6593a629438c0d8e08">com.cloudera.impala.analysis.AuthorizationTest.TestDropStats</a></div><div class="ttdeci">void TestDropStats()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01016">AuthorizationTest.java:1016</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_ae22bf254f471d6c8886faee15b56c36e"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ae22bf254f471d6c8886faee15b56c36e">com.cloudera.impala.analysis.AuthorizationTest.catalog_</a></div><div class="ttdeci">final ImpaladCatalog catalog_</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00091">AuthorizationTest.java:91</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig_html_a5ba958fd6bdecb5c2cac4f4171147c90"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5ba958fd6bdecb5c2cac4f4171147c90">com.cloudera.impala.authorization.AuthorizationConfig.getSentryConfig</a></div><div class="ttdeci">SentryConfig getSentryConfig()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationConfig_8java_source.html#l00143">AuthorizationConfig.java:143</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html">com.cloudera.impala.catalog.Type</a></div><div class="ttdef"><b>Definition:</b> <a href="Type_8java_source.html#l00042">Type.java:42</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_aa119ebf48eddadba0fd8eb580181bcb8"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa119ebf48eddadba0fd8eb580181bcb8">com.cloudera.impala.analysis.AuthorizationTest.TestLoad</a></div><div class="ttdeci">void TestLoad()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01050">AuthorizationTest.java:1050</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a6dd6148e3254e38229e72a597ac7f2e8"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a6dd6148e3254e38229e72a597ac7f2e8">com.cloudera.impala.analysis.AuthorizationTest.TestAlterTable</a></div><div class="ttdeci">void TestAlterTable()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00834">AuthorizationTest.java:834</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_ab5b15c3fa7a6700ba7d5fc3cf8208657"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ab5b15c3fa7a6700ba7d5fc3cf8208657">com.cloudera.impala.analysis.AuthorizationTest.TestDescribe</a></div><div class="ttdeci">void TestDescribe()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01027">AuthorizationTest.java:1027</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a7209b033e9cf0d08ef010cbef488594b"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a7209b033e9cf0d08ef010cbef488594b">com.cloudera.impala.analysis.AuthorizationTest.TestShowPermissions</a></div><div class="ttdeci">void TestShowPermissions()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01091">AuthorizationTest.java:1091</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a0a33504213603b77929fb7c35455f0dc"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a0a33504213603b77929fb7c35455f0dc">com.cloudera.impala.analysis.AuthorizationTest.TestFunction</a></div><div class="ttdeci">void TestFunction()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01283">AuthorizationTest.java:1283</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a0c4641874e1196ffad4975528400029e"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a0c4641874e1196ffad4975528400029e">com.cloudera.impala.analysis.AuthorizationTest.TestServerNameAuthorized</a></div><div class="ttdeci">void TestServerNameAuthorized()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01366">AuthorizationTest.java:1366</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_aee9bc1d157da933de8fa14306112c176"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aee9bc1d157da933de8fa14306112c176">com.cloudera.impala.analysis.AuthorizationTest.TestHs2GetTables</a></div><div class="ttdeci">void TestHs2GetTables()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01191">AuthorizationTest.java:1191</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog_html_a5658ea435839f2c30e9c25f045be3270"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html#a5658ea435839f2c30e9c25f045be3270">com.cloudera.impala.catalog.Catalog.getDb</a></div><div class="ttdeci">Db getDb(String dbName)</div><div class="ttdef"><b>Definition:</b> <a href="Catalog_8java_source.html#l00115">Catalog.java:115</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_ab1e78e3702d8224c6391b7613d856124"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ab1e78e3702d8224c6391b7613d856124">com.cloudera.impala.analysis.AuthorizationTest.TestCreateDatabase</a></div><div class="ttdeci">void TestCreateDatabase()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00699">AuthorizationTest.java:699</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig_html_a6711728ec210e600436c1a9492cfca6b"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a6711728ec210e600436c1a9492cfca6b">com.cloudera.impala.authorization.AuthorizationConfig.createHadoopGroupAuthConfig</a></div><div class="ttdeci">static AuthorizationConfig createHadoopGroupAuthConfig(String serverName, String policyFile, String sentryConfigFile)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationConfig_8java_source.html#l00064">AuthorizationConfig.java:64</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils_html_a6c9fa086559d58750e77fb02b21cedfd"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html#a6c9fa086559d58750e77fb02b21cedfd">com.cloudera.impala.testutil.TestUtils.createQueryContext</a></div><div class="ttdeci">static TQueryCtx createQueryContext()</div><div class="ttdef"><b>Definition:</b> <a href="TestUtils_8java_source.html#l00197">TestUtils.java:197</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ScalarFunction_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ScalarFunction.html">com.cloudera.impala.catalog.ScalarFunction</a></div><div class="ttdef"><b>Definition:</b> <a href="ScalarFunction_8java_source.html#l00033">ScalarFunction.java:33</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a382418ac4ac6f7109eda2c4b96ff9195"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a382418ac4ac6f7109eda2c4b96ff9195">com.cloudera.impala.analysis.AuthorizationTest.TestHs2GetColumns</a></div><div class="ttdeci">void TestHs2GetColumns()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01230">AuthorizationTest.java:1230</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a98ed2134b987497ff34193e78c8046ad"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a98ed2134b987497ff34193e78c8046ad">com.cloudera.impala.analysis.AuthorizationTest.AuthorizationTest</a></div><div class="ttdeci">AuthorizationTest(String policyFile)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00106">AuthorizationTest.java:106</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1common_1_1AnalysisException.html">com.cloudera.impala.common.AnalysisException</a></div><div class="ttdef"><b>Definition:</b> <a href="AnalysisException_8java_source.html#l00021">AnalysisException.java:21</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a3c93574a7f6bec59974c53e5220e759d"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a3c93574a7f6bec59974c53e5220e759d">com.cloudera.impala.analysis.AuthorizationTest.TestUseDb</a></div><div class="ttdeci">void TestUseDb()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00506">AuthorizationTest.java:506</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User_html_a973cec0d33eca38e7004f3225fafef2c"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1User.html#a973cec0d33eca38e7004f3225fafef2c">com.cloudera.impala.authorization.User.getName</a></div><div class="ttdeci">String getName()</div><div class="ttdef"><b>Definition:</b> <a href="User_8java_source.html#l00030">User.java:30</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ImpaladCatalog_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1ImpaladCatalog.html">com.cloudera.impala.catalog.ImpaladCatalog</a></div><div class="ttdef"><b>Definition:</b> <a href="ImpaladCatalog_8java_source.html#l00064">ImpaladCatalog.java:64</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_aa912171c42f167bdc34de883137b44c4"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa912171c42f167bdc34de883137b44c4">com.cloudera.impala.analysis.AuthorizationTest.analysisContext_</a></div><div class="ttdeci">final AnalysisContext analysisContext_</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00093">AuthorizationTest.java:93</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableTable_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableTable.html">com.cloudera.impala.authorization.AuthorizeableTable</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizeableTable_8java_source.html#l00029">AuthorizeableTable.java:29</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a7afb9ea0750563f805d30569ac29d601"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a7afb9ea0750563f805d30569ac29d601">com.cloudera.impala.analysis.AuthorizationTest.AuthzError</a></div><div class="ttdeci">static void AuthzError(Frontend fe, AnalysisContext analysisContext, String stmt, String expectedErrorString, User user)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01572">AuthorizationTest.java:1572</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a957b40be9afbf089bc16032ddfcf9200"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a957b40be9afbf089bc16032ddfcf9200">com.cloudera.impala.analysis.AuthorizationTest.TestResetMetadata</a></div><div class="ttdeci">void TestResetMetadata()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00536">AuthorizationTest.java:536</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AnalysisContext.html">com.cloudera.impala.analysis.AnalysisContext</a></div><div class="ttdef"><b>Definition:</b> <a href="AnalysisContext_8java_source.html#l00034">AnalysisContext.java:34</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a77dbe3d01a19d8a53aabfdc0a0ccce65"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a77dbe3d01a19d8a53aabfdc0a0ccce65">com.cloudera.impala.analysis.AuthorizationTest.TestShowDbResultsFiltered</a></div><div class="ttdeci">void TestShowDbResultsFiltered()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01145">AuthorizationTest.java:1145</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a29c66a0cd368a46c6ecde9ee9319ed8a"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a29c66a0cd368a46c6ecde9ee9319ed8a">com.cloudera.impala.analysis.AuthorizationTest.TestShowTableResultsFiltered</a></div><div class="ttdeci">void TestShowTableResultsFiltered()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01159">AuthorizationTest.java:1159</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a001852560a59c6a6e6dfe3ce191d7c16"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a001852560a59c6a6e6dfe3ce191d7c16">com.cloudera.impala.analysis.AuthorizationTest.TestHs2GetSchema</a></div><div class="ttdeci">void TestHs2GetSchema()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01212">AuthorizationTest.java:1212</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a44cc7bb25f8c6f8ae0d9b32ec08bb046"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a44cc7bb25f8c6f8ae0d9b32ec08bb046">com.cloudera.impala.analysis.AuthorizationTest.createSessionState</a></div><div class="ttdeci">static TSessionState createSessionState(String defaultDb, User user)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01593">AuthorizationTest.java:1593</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a5a8653c0af1de62c26608c168810d55d"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a5a8653c0af1de62c26608c168810d55d">com.cloudera.impala.analysis.AuthorizationTest.TestShowCreateTable</a></div><div class="ttdeci">void TestShowCreateTable()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01172">AuthorizationTest.java:1172</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_abfeda252c0de28457d99214325aca7d8"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#abfeda252c0de28457d99214325aca7d8">com.cloudera.impala.analysis.AuthorizationTest.TestAlterView</a></div><div class="ttdeci">void TestAlterView()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00949">AuthorizationTest.java:949</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a9793d51ed0c03f2198629c7017ed0001"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a9793d51ed0c03f2198629c7017ed0001">com.cloudera.impala.analysis.AuthorizationTest.TestComputeStatsTable</a></div><div class="ttdeci">void TestComputeStatsTable()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01005">AuthorizationTest.java:1005</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a18f39d22b89af1e7ca1be97e9d5f2c4a"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a18f39d22b89af1e7ca1be97e9d5f2c4a">com.cloudera.impala.analysis.AuthorizationTest.AuthzOk</a></div><div class="ttdeci">static void AuthzOk(Frontend fe, AnalysisContext context, String stmt)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01552">AuthorizationTest.java:1552</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a776a081a9a0497c4136ca3385aa8c29d"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a776a081a9a0497c4136ca3385aa8c29d">com.cloudera.impala.analysis.AuthorizationTest.TestInsert</a></div><div class="ttdeci">void TestInsert()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00373">AuthorizationTest.java:373</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1common_1_1InternalException_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1common_1_1InternalException.html">com.cloudera.impala.common.InternalException</a></div><div class="ttdef"><b>Definition:</b> <a href="InternalException_8java_source.html#l00021">InternalException.java:21</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a4c8e72e843b03b5b00f9c2c08ba9929d"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a4c8e72e843b03b5b00f9c2c08ba9929d">com.cloudera.impala.analysis.AuthorizationTest.AuthzOk</a></div><div class="ttdeci">void AuthzOk(String stmt)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01542">AuthorizationTest.java:1542</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html">com.cloudera.impala.analysis.AuthorizationTest</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00070">AuthorizationTest.java:70</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1FunctionName_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1FunctionName.html">com.cloudera.impala.analysis.FunctionName</a></div><div class="ttdef"><b>Definition:</b> <a href="FunctionName_8java_source.html#l00030">FunctionName.java:30</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_aaf8cb95d5981299f97890ecbf6269357"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aaf8cb95d5981299f97890ecbf6269357">com.cloudera.impala.analysis.AuthorizationTest.fe_</a></div><div class="ttdeci">final Frontend fe_</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00094">AuthorizationTest.java:94</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type_html_aeda0ea0ab3d4d62510569d3593712868"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Type.html#aeda0ea0ab3d4d62510569d3593712868">com.cloudera.impala.catalog.Type.INT</a></div><div class="ttdeci">static final ScalarType INT</div><div class="ttdef"><b>Definition:</b> <a href="Type_8java_source.html#l00049">Type.java:49</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_ad47e151437d01c57bfa4375434d267fe"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ad47e151437d01c57bfa4375434d267fe">com.cloudera.impala.analysis.AuthorizationTest.TestFix</a></div><div class="ttdeci">void TestFix()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00249">AuthorizationTest.java:249</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_adf7f1f20aa5ddffae0dfcf1c21afb28d"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#adf7f1f20aa5ddffae0dfcf1c21afb28d">com.cloudera.impala.analysis.AuthorizationTest.TestSentryService</a></div><div class="ttdeci">void TestSentryService()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00256">AuthorizationTest.java:256</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a951eeca73b2d32b3388e41451d9d040b"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a951eeca73b2d32b3388e41451d9d040b">com.cloudera.impala.analysis.AuthorizationTest.TestNoPermissionsWhenPolicyFileDoesNotExist</a></div><div class="ttdeci">void TestNoPermissionsWhenPolicyFileDoesNotExist()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01376">AuthorizationTest.java:1376</a></div></div> |
| <div class="ttc" id="cache-hash-test_8cc_html_a18269e3eecadb27e79614c02d898173e"><div class="ttname"><a href="cache-hash-test_8cc.html#a18269e3eecadb27e79614c02d898173e">Test</a></div><div class="ttdeci">uint64_t Test(T *ht, const ProbeTuple *input, uint64_t num_tuples)</div><div class="ttdef"><b>Definition:</b> <a href="cache-hash-test_8cc_source.html#l00067">cache-hash-test.cc:67</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html">com.cloudera.impala.authorization.AuthorizationConfig</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationConfig_8java_source.html#l00027">AuthorizationConfig.java:27</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_aad11feb4455462d81af07e793723d444"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aad11feb4455462d81af07e793723d444">com.cloudera.impala.analysis.AuthorizationTest.TestTPCHCleanup</a></div><div class="ttdeci">void TestTPCHCleanup()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00283">AuthorizationTest.java:283</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_afdb47ee829960cf66c33861369a43ee1"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#afdb47ee829960cf66c33861369a43ee1">com.cloudera.impala.analysis.AuthorizationTest.testVectors</a></div><div class="ttdeci">static Collection testVectors()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00102">AuthorizationTest.java:102</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1util_1_1SentryPolicyService.html">com.cloudera.impala.util.SentryPolicyService</a></div><div class="ttdef"><b>Definition:</b> <a href="SentryPolicyService_8java_source.html#l00044">SentryPolicyService.java:44</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a4222d310466ba905e94cf9d8eecf2393"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a4222d310466ba905e94cf9d8eecf2393">com.cloudera.impala.analysis.AuthorizationTest.AuthzError</a></div><div class="ttdeci">void AuthzError(AnalysisContext analysisContext, String stmt, String expectedErrorString, User user)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01567">AuthorizationTest.java:1567</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_acdaf11236b97a417c7aae42b3b5da7fb"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#acdaf11236b97a417c7aae42b3b5da7fb">com.cloudera.impala.analysis.AuthorizationTest.setup</a></div><div class="ttdeci">void setup()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00120">AuthorizationTest.java:120</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a942e579460060b80fadc3cc37521e0d1"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a942e579460060b80fadc3cc37521e0d1">com.cloudera.impala.analysis.AuthorizationTest.TestDropView</a></div><div class="ttdeci">void TestDropView()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00801">AuthorizationTest.java:801</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_aa71a79fca040b11dccf0bbc1299fb605"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa71a79fca040b11dccf0bbc1299fb605">com.cloudera.impala.analysis.AuthorizationTest.TestCreateTable</a></div><div class="ttdeci">void TestCreateTable()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00577">AuthorizationTest.java:577</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_aa8df20dc8bea0ef17adadcd85713ba95"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa8df20dc8bea0ef17adadcd85713ba95">com.cloudera.impala.analysis.AuthorizationTest.TestExplain</a></div><div class="ttdeci">void TestExplain()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00434">AuthorizationTest.java:434</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_ae85ff09595e027387de33e00650326a7"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ae85ff09595e027387de33e00650326a7">com.cloudera.impala.analysis.AuthorizationTest.TestCreateView</a></div><div class="ttdeci">void TestCreateView()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00648">AuthorizationTest.java:648</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1ImpaladTestCatalog.html">com.cloudera.impala.testutil.ImpaladTestCatalog</a></div><div class="ttdef"><b>Definition:</b> <a href="ImpaladTestCatalog_8java_source.html#l00030">ImpaladTestCatalog.java:30</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a32fdb7d790b1bb4c1c2363079a5c9b14"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a32fdb7d790b1bb4c1c2363079a5c9b14">com.cloudera.impala.analysis.AuthorizationTest.queryCtx_</a></div><div class="ttdeci">final TQueryCtx queryCtx_</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00092">AuthorizationTest.java:92</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a8351cebb13f843f5c442d30d85cbc11a"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a8351cebb13f843f5c442d30d85cbc11a">com.cloudera.impala.analysis.AuthorizationTest.TestDropDatabase</a></div><div class="ttdeci">void TestDropDatabase()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00738">AuthorizationTest.java:738</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1service_1_1Frontend.html">com.cloudera.impala.service.Frontend</a></div><div class="ttdef"><b>Definition:</b> <a href="Frontend_8java_source.html#l00142">Frontend.java:142</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a2087b002116bc408323ad493ff0a0011"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a2087b002116bc408323ad493ff0a0011">com.cloudera.impala.analysis.AuthorizationTest.TestUnion</a></div><div class="ttdeci">void TestUnion()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00362">AuthorizationTest.java:362</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a9f1bc5248ae7350d1be14cbecfddb4b1"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a9f1bc5248ae7350d1be14cbecfddb4b1">com.cloudera.impala.analysis.AuthorizationTest.TestConfigValidation</a></div><div class="ttdeci">void TestConfigValidation()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01389">AuthorizationTest.java:1389</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_af440dbf882aec7d8a9fe79bede11eac6"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#af440dbf882aec7d8a9fe79bede11eac6">com.cloudera.impala.analysis.AuthorizationTest.createSentryService</a></div><div class="ttdeci">SentryPolicyService createSentryService()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01598">AuthorizationTest.java:1598</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_aa88f07abf7b0488e465ec9e5773d41a5"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#aa88f07abf7b0488e465ec9e5773d41a5">com.cloudera.impala.analysis.AuthorizationTest.TestLocalGroupPolicyProvider</a></div><div class="ttdeci">void TestLocalGroupPolicyProvider()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01489">AuthorizationTest.java:1489</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_acb05141085c7f9a49956388c89a19d0a"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#acb05141085c7f9a49956388c89a19d0a">com.cloudera.impala.analysis.AuthorizationTest.AuthzOk</a></div><div class="ttdeci">void AuthzOk(AnalysisContext context, String stmt)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01547">AuthorizationTest.java:1547</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a8d35cb1f9ad2970962e3f4b06bcad2ad"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a8d35cb1f9ad2970962e3f4b06bcad2ad">com.cloudera.impala.analysis.AuthorizationTest.TestShortUsernameUsed</a></div><div class="ttdeci">void TestShortUsernameUsed()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01256">AuthorizationTest.java:1256</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1AuthorizationException.html">com.cloudera.impala.catalog.AuthorizationException</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationException_8java_source.html#l00021">AuthorizationException.java:21</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a0b00fa6c77583c9f90e5fe550d0089b9"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a0b00fa6c77583c9f90e5fe550d0089b9">com.cloudera.impala.analysis.AuthorizationTest.authzConfig_</a></div><div class="ttdeci">final AuthorizationConfig authzConfig_</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00090">AuthorizationTest.java:90</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1common_1_1ImpalaException.html">com.cloudera.impala.common.ImpalaException</a></div><div class="ttdef"><b>Definition:</b> <a href="ImpalaException_8java_source.html#l00022">ImpalaException.java:22</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableTable_html_a6e8cf91cf9431e070d96214e53c0680a"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableTable.html#a6e8cf91cf9431e070d96214e53c0680a">com.cloudera.impala.authorization.AuthorizeableTable.ANY_TABLE_NAME</a></div><div class="ttdeci">static final String ANY_TABLE_NAME</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizeableTable_8java_source.html#l00032">AuthorizeableTable.java:32</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog_html_a9f92d2cb3e8ca769090f3d0478c11734"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1catalog_1_1Catalog.html#a9f92d2cb3e8ca769090f3d0478c11734">com.cloudera.impala.catalog.Catalog.DEFAULT_DB</a></div><div class="ttdeci">static final String DEFAULT_DB</div><div class="ttdef"><b>Definition:</b> <a href="Catalog_8java_source.html#l00058">Catalog.java:58</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_ad968be7c56b4c5aa4f807c17f5993228"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#ad968be7c56b4c5aa4f807c17f5993228">com.cloudera.impala.analysis.AuthorizationTest.TestWithIncorrectConfig</a></div><div class="ttdeci">void TestWithIncorrectConfig(AuthorizationConfig authzConfig, User user)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01524">AuthorizationTest.java:1524</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableDb_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizeableDb.html">com.cloudera.impala.authorization.AuthorizeableDb</a></div><div class="ttdef"><b>Definition:</b> <a href="AuthorizeableDb_8java_source.html#l00027">AuthorizeableDb.java:27</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_a3084988aaa910403da7efd3e0dce63e4"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#a3084988aaa910403da7efd3e0dce63e4">com.cloudera.impala.analysis.AuthorizationTest.AuthzError</a></div><div class="ttdeci">void AuthzError(String stmt, String expectedErrorString)</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l01562">AuthorizationTest.java:1562</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest_html_af5a9d771b69086e3a3bdffb3add668da"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1analysis_1_1AuthorizationTest.html#af5a9d771b69086e3a3bdffb3add668da">com.cloudera.impala.analysis.AuthorizationTest.TestWithClause</a></div><div class="ttdeci">void TestWithClause()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationTest_8java_source.html#l00408">AuthorizationTest.java:408</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils_html"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1testutil_1_1TestUtils.html">com.cloudera.impala.testutil.TestUtils</a></div><div class="ttdef"><b>Definition:</b> <a href="TestUtils_8java_source.html#l00034">TestUtils.java:34</a></div></div> |
| <div class="ttc" id="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig_html_a5768546a8fc8db18eb1a9256c1d80f76"><div class="ttname"><a href="classcom_1_1cloudera_1_1impala_1_1authorization_1_1AuthorizationConfig.html#a5768546a8fc8db18eb1a9256c1d80f76">com.cloudera.impala.authorization.AuthorizationConfig.isFileBasedPolicy</a></div><div class="ttdeci">boolean isFileBasedPolicy()</div><div class="ttdef"><b>Definition:</b> <a href="AuthorizationConfig_8java_source.html#l00128">AuthorizationConfig.java:128</a></div></div> |
| </div><!-- fragment --></div><!-- contents --> |
| </div><!-- doc-content --> |
| <!-- start footer part --> |
| <div id="nav-path" class="navpath"><!-- id is needed for treeview function! --> |
| <ul> |
| <li class="navelem"><a class="el" href="dir_ca2797c59c2e868cd2eca72571423f6a.html">fe</a></li><li class="navelem"><a class="el" href="dir_9456c03c9c6e5a96e843b28fc5c6395b.html">src</a></li><li class="navelem"><a class="el" href="dir_5e883f6dc74bff61c96421c8f6a7e178.html">test</a></li><li class="navelem"><a class="el" href="dir_90203b64d536a3b270171a34c42a21ea.html">java</a></li><li class="navelem"><a class="el" href="dir_11616761b8bb98abd72e3e6bfe811524.html">com</a></li><li class="navelem"><a class="el" href="dir_b7afc6fa9388eeabd689520334a456b3.html">cloudera</a></li><li class="navelem"><a class="el" href="dir_85b47c81f280e02ede8246bf72165fa2.html">impala</a></li><li class="navelem"><a class="el" href="dir_cdbbf6d73da7e44e161bf53ae6a5acb7.html">analysis</a></li><li class="navelem"><a class="el" href="AuthorizationTest_8java.html">AuthorizationTest.java</a></li> |
| <li class="footer">Generated on Thu May 7 2015 16:10:39 for Impala by |
| <a href="http://www.doxygen.org/index.html"> |
| <img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.8.6 </li> |
| </ul> |
| </div> |
| </body> |
| </html> |
