Google Git
Sign in
apache / sentry / 33db3ca694a58e9bd85f5f9303627172f8b277e2 / . / sentry-binding / sentry-binding-hive / src / test / java / org / apache / sentry / binding / hive / TestSentryHiveAuthorizationTaskFactory.java
blob: b6cf31f04aacb3f893b0076e18c858c0bc9dba62 [file] [log] [blame]
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sentry.binding.hive;
import java.io.File;
import java.io.Serializable;
import java.util.HashMap;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.hive.ql.QueryState;
import org.junit.Assert;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hive.SentryHiveConstants;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.ql.Context;
import org.apache.hadoop.hive.ql.exec.SentryHivePrivilegeObjectDesc;
import org.apache.hadoop.hive.ql.exec.Task;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.metadata.Partition;
import org.apache.hadoop.hive.ql.metadata.Table;
import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer;
import org.apache.hadoop.hive.ql.parse.ParseUtils;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.plan.DDLWork;
import org.apache.hadoop.hive.ql.plan.GrantDesc;
import org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL;
import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
import org.apache.hadoop.hive.ql.plan.RevokeDesc;
import org.apache.hadoop.hive.ql.plan.RoleDDLDesc;
import org.apache.hadoop.hive.ql.plan.RoleDDLDesc.RoleOperation;
import org.apache.hadoop.hive.ql.plan.ShowGrantDesc;
import org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator;
import org.apache.hadoop.hive.ql.security.authorization.Privilege;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import com.google.common.io.Files;
public class TestSentryHiveAuthorizationTaskFactory {
private static final String ALL = "ALL";
private static final String DB = "default";
private static final String TABLE = "table1";
private static final String GROUP = "group1";
private static final String ROLE = "role1";
private static final String USER = "user1";
private static final String SERVER = "server1";
private DDLSemanticAnalyzer analyzer;
private HiveConf conf;
private Context context;
private String currentUser;
private Hive db;
private Table table;
private Partition partition;
private File baseDir;
@Before
public void setup() throws Exception {
conf = new HiveConf();
conf.set("datanucleus.schema.autoCreateTables", "true");
baseDir = Files.createTempDir();
baseDir.setWritable(true, false);
conf.setVar(HiveConf.ConfVars.SCRATCHDIR, baseDir.getAbsolutePath());
SessionState.start(conf);
conf.setVar(ConfVars.HIVE_AUTHORIZATION_TASK_FACTORY,
SentryHiveAuthorizationTaskFactoryImpl.class.getName());
// This configuration avoids starting the HS2 WebUI which was causes test failures when
// HS2 is configured for concurrency
conf.setBoolVar(HiveConf.ConfVars.HIVE_IN_TEST, true);
// This configuration avoids that the HMS fails if the Metastore schema has not version
// information. For some reason, HMS does not set a version initially on our tests.
conf.setBoolVar(HiveConf.ConfVars.METASTORE_SCHEMA_VERIFICATION, false);
db = Mockito.mock(Hive.class);
table = new Table(DB, TABLE);
partition = new Partition(table);
context = new Context(conf);
analyzer = new DDLSemanticAnalyzer(new QueryState(conf), db);
SessionState.start(conf);
Mockito.when(db.getTable(TABLE, false)).thenReturn(table);
Mockito.when(db.getPartition(table, new HashMap<String, String>(), false))
.thenReturn(partition);
HadoopDefaultAuthenticator auth = new HadoopDefaultAuthenticator();
auth.setConf(conf);
currentUser = auth.getUserName();
}
/**
* CREATE ROLE ...
*/
@Test
public void testCreateRole() throws Exception {
DDLWork work = analyze(parse("CREATE ROLE " + ROLE));
RoleDDLDesc roleDesc = work.getRoleDDLDesc();
Assert.assertNotNull("Role should not be null", roleDesc);
Assert.assertEquals(RoleOperation.CREATE_ROLE, roleDesc.getOperation());
Assert.assertFalse("Did not expect a group", roleDesc.getGroup());
Assert.assertEquals(ROLE, roleDesc.getName());
}
/**
* DROP ROLE ...
*/
@Test
public void testDropRole() throws Exception {
DDLWork work = analyze(parse("DROP ROLE " + ROLE));
RoleDDLDesc roleDesc = work.getRoleDDLDesc();
Assert.assertNotNull("Role should not be null", roleDesc);
Assert.assertEquals(RoleOperation.DROP_ROLE, roleDesc.getOperation());
Assert.assertFalse("Did not expect a group", roleDesc.getGroup());
Assert.assertEquals(ROLE, roleDesc.getName());
}
/**
* GRANT ... ON TABLE ... TO USER ...
*/
@Test
public void testGrantUserTable() throws Exception {
expectSemanticException("GRANT " + ALL + " ON TABLE " + TABLE + " TO USER " + USER,
SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + "USER");
}
/**
* GRANT ... ON TABLE ... TO ROLE ...
*/
@Test
public void testGrantRoleTable() throws Exception {
DDLWork work = analyze(parse("GRANT " + ALL + " ON TABLE " + TABLE
+ " TO ROLE " + ROLE));
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipals())) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
for (PrivilegeDesc privilege : assertSize(1, grantDesc.getPrivileges())) {
Assert.assertEquals(Privilege.ALL, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc()
.getTable());
Assert.assertEquals(TABLE, grantDesc.getPrivilegeSubjectDesc().getObject());
}
/**
* GRANT ... ON TABLE ... TO ROLE ... WITH GRANT OPTION
*/
@Test
public void testGrantRoleTableWithGrantOption() throws Exception {
DDLWork work = analyze(parse("GRANT " + ALL + " ON TABLE " + TABLE + " TO ROLE " + ROLE +
" WITH GRANT OPTION"));
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipals())) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
for (PrivilegeDesc privilege : assertSize(1, grantDesc.getPrivileges())) {
Assert.assertEquals(Privilege.ALL, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc()
.getTable());
Assert.assertTrue("Expected grantOption is true", grantDesc.isGrantOption());
Assert.assertEquals(TABLE, grantDesc.getPrivilegeSubjectDesc().getObject());
}
/**
* GRANT ... ON TABLE ... TO GROUP ...
*/
@Test
public void testGrantGroupTable() throws Exception {
expectSemanticException("GRANT " + ALL + " ON TABLE " + TABLE + " TO GROUP " + GROUP,
SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + "GROUP");
}
/**
* REVOKE ... ON TABLE ... FROM USER ...
*/
@Test
public void testRevokeUserTable() throws Exception {
expectSemanticException("REVOKE " + ALL + " ON TABLE " + TABLE + " FROM USER " + USER,
SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + "USER");
}
/**
* REVOKE ... ON TABLE ... FROM ROLE ...
*/
@Test
public void testRevokeRoleTable() throws Exception {
DDLWork work = analyze(parse("REVOKE " + ALL + " ON TABLE " + TABLE
+ " FROM ROLE " + ROLE));
RevokeDesc grantDesc = work.getRevokeDesc();
Assert.assertNotNull("Revoke should not be null", grantDesc);
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipals())) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
for (PrivilegeDesc privilege : assertSize(1, grantDesc.getPrivileges())) {
Assert.assertEquals(Privilege.ALL, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc()
.getTable());
Assert.assertEquals(TABLE, grantDesc.getPrivilegeSubjectDesc().getObject());
}
/**
* REVOKE ... ON TABLE ... FROM GROUP ...
*/
@Test
public void testRevokeGroupTable() throws Exception {
expectSemanticException("REVOKE " + ALL + " ON TABLE " + TABLE + " FROM GROUP " + GROUP,
SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + "GROUP");
}
/**
* GRANT ROLE ... TO USER ...
*/
@Test
public void testGrantRoleUser() throws Exception {
DDLWork work = analyze(parse("GRANT ROLE " + ROLE + " TO USER " + USER));
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertTrue("Expected grant ", grantDesc.getGrant());
Assert.assertFalse("Grant option should be false", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
for (String role : assertSize(1, grantDesc.getRoles())) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipalDesc())) {
Assert.assertEquals(PrincipalType.USER, principal.getType());
Assert.assertEquals(USER, principal.getName());
}
}
/**
* GRANT ROLE ... TO ROLE ...
*/
@Test
public void testGrantRoleRole() throws Exception {
expectSemanticException("GRANT ROLE " + ROLE + " TO ROLE " + ROLE,
SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_ON_OBJECT + "ROLE");
}
/**
* GRANT ROLE ... TO GROUP ...
*/
@Test
public void testGrantRoleGroup() throws Exception {
DDLWork work = analyze(parse("GRANT ROLE " + ROLE + " TO GROUP " + GROUP));
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertTrue("Expected grant ", grantDesc.getGrant());
Assert
.assertFalse("Grant option should be false", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
for (String role : assertSize(1, grantDesc.getRoles())) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipalDesc())) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
}
/**
* REVOKE ROLE ... FROM USER ...
*/
@Test
public void testRevokeRoleUser() throws Exception {
DDLWork work = analyze(parse("REVOKE ROLE " + ROLE + " FROM USER " + USER));
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
Assert.assertFalse("Grant option is always true ", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
for (String role : assertSize(1, grantDesc.getRoles())) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipalDesc())) {
Assert.assertEquals(PrincipalType.USER, principal.getType());
Assert.assertEquals(USER, principal.getName());
}
}
/**
* REVOKE ROLE ... FROM ROLE ...
*/
@Test
public void testRevokeRoleRole() throws Exception {
expectSemanticException("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE,
SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_ON_OBJECT + "ROLE");
}
/**
* REVOKE ROLE ... FROM GROUP ...
*/
@Test
public void testRevokeRoleGroup() throws Exception {
DDLWork work = analyze(parse("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP));
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
Assert.assertFalse("Grant option is always true ", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
for (String role : assertSize(1, grantDesc.getRoles())) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipalDesc())) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
}
/**
* SHOW ROLE GRANT USER ...
*/
@Test
public void testShowRoleGrantUser() throws Exception {
DDLWork work = analyze(parse("SHOW ROLE GRANT USER " + USER));
RoleDDLDesc roleDesc = work.getRoleDDLDesc();
Assert.assertNotNull("Role should not be null", roleDesc);
Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation());
Assert.assertEquals(PrincipalType.USER, roleDesc.getPrincipalType());
Assert.assertEquals(USER, roleDesc.getName());
}
/**
* SHOW ROLE GRANT ROLE ...
*/
@Test
public void testShowRoleGrantRole() throws Exception {
expectSemanticException("SHOW ROLE GRANT ROLE " + ROLE,
SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + "ROLE");
}
/**
* SHOW ROLE GRANT GROUP ...
*/
@Test
public void testShowRoleGrantGroup() throws Exception {
DDLWork work = analyze(parse("SHOW ROLE GRANT GROUP " + GROUP));
RoleDDLDesc roleDesc = work.getRoleDDLDesc();
Assert.assertNotNull("Role should not be null", roleDesc);
Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation());
Assert.assertEquals(PrincipalType.GROUP, roleDesc.getPrincipalType());
Assert.assertEquals(GROUP, roleDesc.getName());
}
/**
* SHOW GRANT USER ... ON TABLE ...
*/
@Test
public void testShowGrantUserOnTable() throws Exception {
DDLWork work = analyze(parse("SHOW GRANT USER " + USER + " ON TABLE " + TABLE));
ShowGrantDesc grantDesc = work.getShowGrantDesc();
Assert.assertNotNull("Show grant should not be null", grantDesc);
Assert.assertEquals(PrincipalType.USER, grantDesc.getPrincipalDesc().getType());
Assert.assertEquals(USER, grantDesc.getPrincipalDesc().getName());
Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable());
Assert.assertEquals(TABLE, grantDesc.getHiveObj().getObject());
Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable());
}
/**
* SHOW GRANT ROLE ... ON TABLE ...
*/
@Test
public void testShowGrantRoleOnTable() throws Exception {
DDLWork work = analyze(parse("SHOW GRANT ROLE " + ROLE + " ON TABLE " + TABLE));
ShowGrantDesc grantDesc = work.getShowGrantDesc();
Assert.assertNotNull("Show grant should not be null", grantDesc);
Assert.assertEquals(PrincipalType.ROLE, grantDesc.getPrincipalDesc().getType());
Assert.assertEquals(ROLE, grantDesc.getPrincipalDesc().getName());
Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable());
Assert.assertEquals(TABLE, grantDesc.getHiveObj().getObject());
Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable());
}
/**
* SHOW GRANT ROLE ... ON DATABASE ...
*/
@Test
public void testShowGrantRoleOnDatabase() throws Exception {
DDLWork work = analyze(parse("SHOW GRANT ROLE " + ROLE + " ON DATABASE " + DB));
ShowGrantDesc grantDesc = work.getShowGrantDesc();
Assert.assertNotNull("Show grant should not be null", grantDesc);
Assert.assertEquals(PrincipalType.ROLE, grantDesc.getPrincipalDesc().getType());
Assert.assertEquals(ROLE, grantDesc.getPrincipalDesc().getName());
Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase());
Assert.assertEquals(DB, ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getObject());
}
/**
* SHOW GRANT GROUP ... ON TABLE ...
*/
@Test
public void testShowGrantGroupOnTable() throws Exception {
expectSemanticException("SHOW GRANT GROUP " + GROUP + " ON TABLE " + TABLE,
SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + "GROUP");
}
/**
* SHOW GRANT GROUP ... ON DATABASE ...
*/
@Test
public void testShowGrantGroupOnDatabase() throws Exception {
expectSemanticException("SHOW GRANT GROUP " + GROUP + " ON DATABASE " + DB,
SentryHiveConstants.SHOW_NOT_SUPPORTED_FOR_PRINCIPAL + "GROUP");
}
/**
* SHOW ROLES
*/
@Test
public void testShowRoles() throws Exception {
DDLWork work = analyze(parse("SHOW ROLES"));
RoleDDLDesc roleDDLDesc = work.getRoleDDLDesc();
Assert.assertEquals(RoleOperation.SHOW_ROLES, roleDDLDesc.getOperation());
}
/**
* SHOW CURRENT ROLE
*/
@Test
public void testShowCurrentRole() throws Exception {
DDLWork work = analyze(parse("SHOW CURRENT ROLES"));
RoleDDLDesc roleDDLDesc = work.getRoleDDLDesc();
Assert.assertEquals(PrincipalType.USER, roleDDLDesc.getPrincipalType());
Assert.assertEquals(RoleOperation.SHOW_CURRENT_ROLE, roleDDLDesc.getOperation());
}
@Test
public void testGrantUri() throws Exception {
String uriPath = "/tmp";
DDLWork work = analyze(parse("GRANT " + ALL + " ON URI '" + uriPath
+ "' TO ROLE " + ROLE));
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipals())) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
for (PrivilegeDesc privilege : assertSize(1, grantDesc.getPrivileges())) {
Assert.assertEquals(Privilege.ALL, privilege.getPrivilege());
}
SentryHivePrivilegeObjectDesc privilegeDesc = (SentryHivePrivilegeObjectDesc)grantDesc.getPrivilegeSubjectDesc();
Assert.assertTrue("Expected uri", privilegeDesc.getUri());
Assert.assertEquals(uriPath, privilegeDesc.getObject());
}
/**
* GRANT ALL ON SERVER
*/
@Test
public void testGrantServer() throws Exception {
DDLWork work = analyze(parse("GRANT " + ALL + " ON SERVER " + SERVER
+ " TO ROLE " + ROLE));
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipals())) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
for (PrivilegeDesc privilege : assertSize(1, grantDesc.getPrivileges())) {
Assert.assertEquals(Privilege.ALL, privilege.getPrivilege());
}
SentryHivePrivilegeObjectDesc privilegeDesc =
(SentryHivePrivilegeObjectDesc)grantDesc.getPrivilegeSubjectDesc();
Assert.assertTrue("Expected server", privilegeDesc.getServer());
Assert.assertEquals(SERVER, privilegeDesc.getObject());
}
/**
* SHOW GRANT ... ON SERVER ...
*/
@Test
public void testShowGrantOnServer() throws Exception {
DDLWork work = analyze(parse("SHOW GRANT ON SERVER " + SERVER));
ShowGrantDesc grantDesc = work.getShowGrantDesc();
Assert.assertNotNull("Show grant should not be null", grantDesc);
Assert.assertEquals(null, grantDesc.getPrincipalDesc().getType());
Assert.assertEquals(StringUtils.EMPTY, grantDesc.getPrincipalDesc().getName());
Assert.assertEquals(SERVER, grantDesc.getHiveObj().getObject());
Assert.assertTrue("Expected server", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getServer());
}
/**
* SHOW GRANT ... ON DATABASE ...
*/
@Test
public void testShowGrantOnDatabase() throws Exception {
DDLWork work = analyze(parse("SHOW GRANT ON DATABASE " + DB));
ShowGrantDesc grantDesc = work.getShowGrantDesc();
Assert.assertNotNull("Show grant should not be null", grantDesc);
Assert.assertEquals(null, grantDesc.getPrincipalDesc().getType());
Assert.assertEquals(StringUtils.EMPTY, grantDesc.getPrincipalDesc().getName());
Assert.assertEquals(DB, grantDesc.getHiveObj().getObject());
Assert.assertTrue("Expected database", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getDatabase());
}
/**
* SHOW GRANT ... ON TABLE ...
*/
@Test
public void testShowGrantOnTable() throws Exception {
DDLWork work = analyze(parse("SHOW GRANT ON TABLE " + TABLE));
ShowGrantDesc grantDesc = work.getShowGrantDesc();
Assert.assertNotNull("Show grant should not be null", grantDesc);
Assert.assertEquals(null, grantDesc.getPrincipalDesc().getType());
Assert.assertEquals(StringUtils.EMPTY, grantDesc.getPrincipalDesc().getName());
Assert.assertEquals(TABLE, grantDesc.getHiveObj().getObject());
Assert.assertTrue("Expected table", ((SentryHivePrivilegeObjectDesc)grantDesc.getHiveObj()).getTable());
}
/*
Db prefix in grant
*/
@Test
public void testDBPrefixInGrant() throws Exception {
DDLWork work = analyze(parse("GRANT " + ALL + " ON TABLE " + "db1." + TABLE
+ " TO ROLE " + ROLE));
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertEquals("Fully qualified table name in Grant statement is resolved incorrectly", "db1." + TABLE,
grantDesc.getPrivilegeSubjectDesc().getObject());
}
private void expectSemanticException(String command, String msg) throws Exception {
try {
analyze(parse(command));
Assert.fail("Expected command '" + command + "' to fail with '" + msg + "'");
} catch (SemanticException e) {
Assert.assertEquals(msg, e.getMessage());
}
}
private ASTNode parse(String command) throws Exception {
return ParseUtils.parse(command);
}
private DDLWork analyze(ASTNode ast) throws Exception {
analyzer.analyze(ast, context);
List<Task<? extends Serializable>> rootTasks = analyzer.getRootTasks();
return (DDLWork) assertSize(1, rootTasks).get(0).getWork();
}
private static <L extends List<?>> L assertSize(int size, L list) {
Assert.assertEquals(list.toString(), size, list.size());
return list;
}
@After
public void clear() {
if(baseDir != null) {
FileUtils.deleteQuietly(baseDir);
}
}
}