sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegeAtTransform.java - sentry - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.sentry.tests.e2e.hive;

 import static org.junit.Assert.assertTrue;

 import java.io.File;
 import java.io.FileOutputStream;
 import java.sql.Connection;
 import java.sql.Statement;

 import org.apache.sentry.provider.file.PolicyFile;
 import org.junit.Before;
 import org.junit.Test;

 import com.google.common.io.Resources;

 public class TestPrivilegeAtTransform extends AbstractTestWithStaticConfiguration {
   private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
   private File dataDir;
   private File dataFile;
   private PolicyFile policyFile;

   @Override
   @Before
   public void setup() throws Exception {
     dataDir = context.getDataDir();
     dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
     policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
   }

   /**
    * Steps:
    * 1. admin create database, create table, load data into it
    * 2. all@server can issue transforms command
    * 3. all@database cannot issue transform command
    * 4. insert@table select@table cannot issue transform command
    * 5. select@view cannot issue transform command
    * 6. transform@server can issue the transform command
    * 7. non-admin user with URI privilege on transform can execute query
    */
   @Test
   public void testTransform1() throws Exception {
     policyFile
       .addPermissionsToRole("all_db1", "server=server1->db=" + DB1)
       .addPermissionsToRole("transform_uri", "server=server1->uri=file:///bin/cat")
       .addRolesToGroup(USERGROUP1, "all_db1")
       .addRolesToGroup(USERGROUP2, "all_db1", "transform_uri")
       .setUserGroupMapping(StaticUserGroup.getStaticMapping());
     writePolicyFile(policyFile);

     // verify by SQL
     // 1, 2
     String tableName1 = "tb_1";
     String query = "select TRANSFORM(a.under_col, a.value) "
         + "USING '/bin/cat' AS (tunder_col, tvalue) FROM " + DB1 + "." + tableName1 + " a";
     Connection connection = context.createConnection(ADMIN1);
     Statement statement = context.createStatement(connection);
     statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE");
     statement.execute("CREATE DATABASE " + DB1);
     statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + tableName1);
     statement.execute("create table " + DB1 + "." + tableName1
         + " (under_col int, value string)");
     statement.execute("load data local inpath '" + dataFile.getPath()
             + "' into table " + DB1 + "." + tableName1);
     assertTrue(query, statement.execute(query));

     statement.close();
     connection.close();

     // 3
     connection = context.createConnection(USER1_1);
     statement = context.createStatement(connection);
     context.assertAuthzException(statement, query);

     // 4
     policyFile
       .addPermissionsToRole("select_tb1", "server=server1->db=" + DB1 + "->table=tb_1->action=select")
       .addPermissionsToRole("insert_tb1", "server=server1->db=" + DB1 + "->table=tb_1->action=insert")
       .addRolesToGroup(USERGROUP1, "select_tb1", "insert_tb1");
     writePolicyFile(policyFile);
     context.assertAuthzException(statement, query);

     // 5
     policyFile
       .addPermissionsToRole("all_server1", "server=server1")
       .addRolesToGroup(USERGROUP1, "all_server1");
     writePolicyFile(policyFile);
     assertTrue(query, statement.execute(query));
     statement.close();
     connection.close();

     connection = context.createConnection(USER2_1);
     statement = context.createStatement(connection);
     assertTrue(query, statement.execute(query));
     statement.close();
     connection.close();

   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.sentry.tests.e2e.hive;

	import static org.junit.Assert.assertTrue;

	import java.io.File;
	import java.io.FileOutputStream;
	import java.sql.Connection;
	import java.sql.Statement;

	import org.apache.sentry.provider.file.PolicyFile;
	import org.junit.Before;
	import org.junit.Test;

	import com.google.common.io.Resources;

	public class TestPrivilegeAtTransform extends AbstractTestWithStaticConfiguration {
	private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
	private File dataDir;
	private File dataFile;
	private PolicyFile policyFile;

	@Override
	@Before
	public void setup() throws Exception {
	dataDir = context.getDataDir();
	dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
	FileOutputStream to = new FileOutputStream(dataFile);
	Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
	to.close();
	policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
	}

	/**
	* Steps:
	* 1. admin create database, create table, load data into it
	* 2. all@server can issue transforms command
	* 3. all@database cannot issue transform command
	* 4. insert@table select@table cannot issue transform command
	* 5. select@view cannot issue transform command
	* 6. transform@server can issue the transform command
	* 7. non-admin user with URI privilege on transform can execute query
	*/
	@Test
	public void testTransform1() throws Exception {
	policyFile
	.addPermissionsToRole("all_db1", "server=server1->db=" + DB1)
	.addPermissionsToRole("transform_uri", "server=server1->uri=file:///bin/cat")
	.addRolesToGroup(USERGROUP1, "all_db1")
	.addRolesToGroup(USERGROUP2, "all_db1", "transform_uri")
	.setUserGroupMapping(StaticUserGroup.getStaticMapping());
	writePolicyFile(policyFile);

	// verify by SQL
	// 1, 2
	String tableName1 = "tb_1";
	String query = "select TRANSFORM(a.under_col, a.value) "
	+ "USING '/bin/cat' AS (tunder_col, tvalue) FROM " + DB1 + "." + tableName1 + " a";
	Connection connection = context.createConnection(ADMIN1);
	Statement statement = context.createStatement(connection);
	statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE");
	statement.execute("CREATE DATABASE " + DB1);
	statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + tableName1);
	statement.execute("create table " + DB1 + "." + tableName1
	+ " (under_col int, value string)");
	statement.execute("load data local inpath '" + dataFile.getPath()
	+ "' into table " + DB1 + "." + tableName1);
	assertTrue(query, statement.execute(query));

	statement.close();
	connection.close();

	// 3
	connection = context.createConnection(USER1_1);
	statement = context.createStatement(connection);
	context.assertAuthzException(statement, query);

	// 4
	policyFile
	.addPermissionsToRole("select_tb1", "server=server1->db=" + DB1 + "->table=tb_1->action=select")
	.addPermissionsToRole("insert_tb1", "server=server1->db=" + DB1 + "->table=tb_1->action=insert")
	.addRolesToGroup(USERGROUP1, "select_tb1", "insert_tb1");
	writePolicyFile(policyFile);
	context.assertAuthzException(statement, query);

	// 5
	policyFile
	.addPermissionsToRole("all_server1", "server=server1")
	.addRolesToGroup(USERGROUP1, "all_server1");
	writePolicyFile(policyFile);
	assertTrue(query, statement.execute(query));
	statement.close();
	connection.close();

	connection = context.createConnection(USER2_1);
	statement = context.createStatement(connection);
	assertTrue(query, statement.execute(query));
	statement.close();
	connection.close();

	}
	}