| package org.apache.sentry.tests.e2e.hdfs; |
| |
| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| import com.google.common.base.Strings; |
| |
| import java.sql.Connection; |
| import java.sql.Statement; |
| import java.util.ArrayList; |
| import java.util.List; |
| |
| import org.apache.hadoop.fs.Path; |
| import org.apache.hadoop.fs.permission.AclEntry; |
| |
| import static org.junit.Assume.assumeThat; |
| import static org.hamcrest.Matchers.not; |
| |
| import org.junit.Test; |
| |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| |
| /** |
| * Sentry-583 part 2: |
| * Add boundary condition test coverage to HDFS synchronization. |
| * Testing paths are in the pre-defined external path (instead of internal HiveWareDir) |
| * test suite around max #of groups; Normally, HDFS ACLs has a limit of 32 entries per |
| * object (HDFS-5617), but this limit should not be enforced when using Sentry HDFS |
| * synchronization. |
| */ |
| public class TestDbHdfsExtMaxGroups extends TestDbHdfsMaxGroups { |
| private static final Logger LOGGER = LoggerFactory |
| .getLogger(TestDbHdfsExtMaxGroups.class); |
| |
| /** |
| * Test Db and tbl level acls are synced up to db, tbl and par paths |
| * The path is pre-configured in "sentry.hdfs.integration.path.prefixes" |
| * @throws Exception |
| */ |
| @Test |
| public void testExtMaxAclsWithGroups() throws Exception { |
| final String TEST_DB = "test_hdfs_max_group_ext_db"; |
| assumeThat(Strings.isNullOrEmpty(testExtPathDir), not(true)); |
| String extDbDir = Path.getPathWithoutSchemeAndAuthority(new Path(testExtPathDir)) + "/" + TEST_DB; |
| LOGGER.info("extDbDir = " + extDbDir); |
| Path extDbPath = new Path(extDbDir); |
| kinitFromKeytabFile(dfsAdmin, getKeyTabFileFullPath(dfsAdmin)); |
| if (fileSystem.exists(extDbPath)) { |
| LOGGER.info("Deleting " + extDbDir); |
| fileSystem.delete(extDbPath, true); |
| } |
| dropRecreateDbTblRl(extDbDir, TEST_DB, TEST_TBL); |
| testMaxGroupsDbTblHelper(extDbDir, TEST_DB); |
| } |
| |
| /** |
| * A negative test case where path is not in prefix list. |
| * In this case, acls should not be applied to db, tbl and par paths |
| * @throws Exception |
| */ |
| @Test |
| public void testPathNotInPrefix() throws Exception { |
| final String TEST_DB = "test_hdfs_max_group_bad_db"; |
| String extDbDir = Path.getPathWithoutSchemeAndAuthority(new Path(scratchLikeDir)) + "/" + TEST_DB; |
| LOGGER.info("extDbDir = " + extDbDir); |
| Path extDbPath = new Path(extDbDir); |
| kinitFromKeytabFile(dfsAdmin, getKeyTabFileFullPath(dfsAdmin)); |
| if (fileSystem.exists(extDbPath)) { |
| fileSystem.delete(extDbPath, true); |
| } |
| dropRecreateDbTblRl(extDbDir, TEST_DB, TEST_TBL); |
| Connection connection = context.createConnection(ADMIN1); |
| Statement statement = connection.createStatement(); |
| exec(statement, "USE " + TEST_DB); |
| dropRecreateRole(statement, TEST_ROLE1); |
| String dbgrp = "dbgrp"; |
| exec(statement, "GRANT ALL ON DATABASE " + TEST_DB + " TO ROLE " + TEST_ROLE1); |
| exec(statement, "GRANT ROLE " + TEST_ROLE1 + " TO GROUP " + dbgrp); |
| |
| context.close(); |
| |
| List<AclEntry> acls = new ArrayList<>(); |
| acls.add(AclEntry.parseAclEntry("group:" + dbgrp + ":rwx", true)); |
| verifyNoAclRecursive(acls, extDbDir, true); |
| } |
| } |