sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestOwnerPrivilegesWithGrantOption.java - sentry - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.sentry.tests.e2e.dbprovider;

 import com.google.common.collect.Lists;
 import java.sql.Connection;
 import java.sql.Statement;
 import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType;
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;

 public class TestOwnerPrivilegesWithGrantOption extends TestOwnerPrivileges {
   @BeforeClass
   public static void setup() throws Exception {
     ownerPrivilegeGrantEnabled = true;

     TestOwnerPrivileges.setup();
   }

   /**
    * Verify that the owner with grant option can call alter table set owner on this table
    *
    * @throws Exception
    */
   @Ignore("Enable the test once HIVE-18762 is in the hiver version integrated with Sentry")
   @Test
   public void testAuthorizeAlterTableSetOwnerByOwner() throws Exception {
     String ownerRole = "owner_role";
     dbNames = new String[]{DB1};
     roles = new String[]{"admin_role", "create_db1", ownerRole};

     // create required roles, and assign them to USERGROUP1
     setupUserRoles(roles, statement);

     // create test DB
     statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE");
     statement.execute("CREATE DATABASE " + DB1);

     // setup privileges for USER1
     statement.execute("GRANT CREATE ON DATABASE " + DB1 + " TO ROLE create_db1");
     statement.execute("USE " + DB1);

     // USER1_1 create table
     Connection connectionUSER1_1 = hiveServer2.createConnection(USER1_1, USER1_1);
     Statement statementUSER1_1 = connectionUSER1_1.createStatement();
     statementUSER1_1.execute("CREATE TABLE " + DB1 + "." + tableName1
         + " (under_col int comment 'the under column')");

     Connection connectionUSER2_1 = hiveServer2.createConnection(USER2_1, USER2_1);
     Statement statementUSER2_1 = connectionUSER2_1.createStatement();

     try {
       // user1_1 is owner of the table having all with grant on this table and can issue
       // command: alter table set owner for user
       statementUSER1_1
           .execute("ALTER TABLE " + DB1 + "." + tableName1 + " SET OWNER USER " + USER2_1);

       // verify privileges is transferred to USER2_1
       verifyTableOwnerPrivilegeExistForPrincipal(statement, SentryPrincipalType.USER,
           Lists.newArrayList(USER2_1),
           DB1, tableName1, 1);

       // alter table set owner for role
       statementUSER2_1
           .execute("ALTER TABLE " + DB1 + "." + tableName1 + " SET OWNER ROLE " + ownerRole);

       // verify privileges is transferred to ownerRole
       verifyTableOwnerPrivilegeExistForPrincipal(statement, SentryPrincipalType.ROLE,
           Lists.newArrayList(ownerRole),
           DB1, tableName1, 1);

     } finally {
       statement.close();
       connection.close();

       statementUSER1_1.close();
       connectionUSER1_1.close();

       statementUSER2_1.close();
       connectionUSER2_1.close();
     }
   }

 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.sentry.tests.e2e.dbprovider;

	import com.google.common.collect.Lists;
	import java.sql.Connection;
	import java.sql.Statement;
	import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType;
	import org.junit.BeforeClass;
	import org.junit.Ignore;
	import org.junit.Test;

	public class TestOwnerPrivilegesWithGrantOption extends TestOwnerPrivileges {
	@BeforeClass
	public static void setup() throws Exception {
	ownerPrivilegeGrantEnabled = true;

	TestOwnerPrivileges.setup();
	}

	/**
	* Verify that the owner with grant option can call alter table set owner on this table
	*
	* @throws Exception
	*/
	@Ignore("Enable the test once HIVE-18762 is in the hiver version integrated with Sentry")
	@Test
	public void testAuthorizeAlterTableSetOwnerByOwner() throws Exception {
	String ownerRole = "owner_role";
	dbNames = new String[]{DB1};
	roles = new String[]{"admin_role", "create_db1", ownerRole};

	// create required roles, and assign them to USERGROUP1
	setupUserRoles(roles, statement);

	// create test DB
	statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE");
	statement.execute("CREATE DATABASE " + DB1);

	// setup privileges for USER1
	statement.execute("GRANT CREATE ON DATABASE " + DB1 + " TO ROLE create_db1");
	statement.execute("USE " + DB1);

	// USER1_1 create table
	Connection connectionUSER1_1 = hiveServer2.createConnection(USER1_1, USER1_1);
	Statement statementUSER1_1 = connectionUSER1_1.createStatement();
	statementUSER1_1.execute("CREATE TABLE " + DB1 + "." + tableName1
	+ " (under_col int comment 'the under column')");

	Connection connectionUSER2_1 = hiveServer2.createConnection(USER2_1, USER2_1);
	Statement statementUSER2_1 = connectionUSER2_1.createStatement();

	try {
	// user1_1 is owner of the table having all with grant on this table and can issue
	// command: alter table set owner for user
	statementUSER1_1
	.execute("ALTER TABLE " + DB1 + "." + tableName1 + " SET OWNER USER " + USER2_1);

	// verify privileges is transferred to USER2_1
	verifyTableOwnerPrivilegeExistForPrincipal(statement, SentryPrincipalType.USER,
	Lists.newArrayList(USER2_1),
	DB1, tableName1, 1);

	// alter table set owner for role
	statementUSER2_1
	.execute("ALTER TABLE " + DB1 + "." + tableName1 + " SET OWNER ROLE " + ownerRole);

	// verify privileges is transferred to ownerRole
	verifyTableOwnerPrivilegeExistForPrincipal(statement, SentryPrincipalType.ROLE,
	Lists.newArrayList(ownerRole),
	DB1, tableName1, 1);

	} finally {
	statement.close();
	connection.close();

	statementUSER1_1.close();
	connectionUSER1_1.close();

	statementUSER2_1.close();
	connectionUSER2_1.close();
	}
	}

	}