Repository: incubator-hawq Updated Branches: refs/heads/master a803aab4e -> 9d88cdd81
HAWQ-1396. Add cases for querying hcatalog via PXF with Ranger enable. Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/9d88cdd8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/9d88cdd8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/9d88cdd8 Branch: refs/heads/master Commit: 9d88cdd8187b9f26ed8c43411b2b45ea18b65e48 Parents: a803aab Author: interma <inte...@outlook.com> Authored: Mon Mar 27 13:44:18 2017 +0800 Committer: Wen Lin <w...@pivotal.io> Committed: Tue Mar 28 11:19:46 2017 +0800 ---------------------------------------------------------------------- src/test/feature/Ranger/ans/pxf1_fail.ans | 10 ++++++++ src/test/feature/Ranger/ans/pxf1_success.ans | 14 ++++++++++ src/test/feature/Ranger/data/testhive.sql | 5 ++++ src/test/feature/Ranger/pxfpolicy/1/1.json | 1 + src/test/feature/Ranger/pxfpolicy/1/2.json | 1 + src/test/feature/Ranger/pxfpolicy/1/3.json | 1 + src/test/feature/Ranger/sql/pxf/1.sql | 2 ++ src/test/feature/Ranger/test_ranger.cpp | 31 +++++++++++++++++++++++ 8 files changed, 65 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/ans/pxf1_fail.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/pxf1_fail.ans b/src/test/feature/Ranger/ans/pxf1_fail.ans new file mode 100644 index 0000000..a8a7197 --- /dev/null +++ b/src/test/feature/Ranger/ans/pxf1_fail.ans @@ -0,0 +1,10 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_HcatalogTest; +SET +-- end_ignore +set session role= 'userpxf1'; +SET +select * from hcatalog.default.testhive; +psql:/tmp/TestHawqRanger_HcatalogTest.sql:5: ERROR: permission denied for schema default +LINE 1: select * from hcatalog.default.testhive; + ^ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/ans/pxf1_success.ans ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/ans/pxf1_success.ans b/src/test/feature/Ranger/ans/pxf1_success.ans new file mode 100644 index 0000000..8a0088f --- /dev/null +++ b/src/test/feature/Ranger/ans/pxf1_success.ans @@ -0,0 +1,14 @@ +-- start_ignore +SET SEARCH_PATH=TestHawqRanger_HcatalogTest; +SET +-- end_ignore +set session role= 'userpxf1'; +SET +select * from hcatalog.default.testhive; + a | b +---+--- + 1 | 2 + 2 | 4 + 3 | 6 +(3 rows) + http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/data/testhive.sql ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/data/testhive.sql b/src/test/feature/Ranger/data/testhive.sql new file mode 100644 index 0000000..3ae6c58 --- /dev/null +++ b/src/test/feature/Ranger/data/testhive.sql @@ -0,0 +1,5 @@ +drop table if exists testhive; +CREATE TABLE testhive (a int, b int) ; +INSERT INTO testhive VALUES(1, 2); +INSERT INTO testhive VALUES(2, 4); +INSERT INTO testhive VALUES(3, 6); http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/pxfpolicy/1/1.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/pxfpolicy/1/1.json b/src/test/feature/Ranger/pxfpolicy/1/1.json new file mode 100644 index 0000000..50b821b --- /dev/null +++ b/src/test/feature/Ranger/pxfpolicy/1/1.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "pxfpolicy1-1", "policyItems": [{"accesses": [{"isAllowed": true, "type": "usage-schema"}], "conditions": [], "delegateAdmin": true, "groups": null, "users": ["userpxf1"]}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hcatalog"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["default"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["*"]}}, "service": "hawq", "version": 3} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/pxfpolicy/1/2.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/pxfpolicy/1/2.json b/src/test/feature/Ranger/pxfpolicy/1/2.json new file mode 100644 index 0000000..ff97050 --- /dev/null +++ b/src/test/feature/Ranger/pxfpolicy/1/2.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "pxfpolicy1-2", "policyItems": [{"accesses": [{"isAllowed": true, "type": "select"}], "conditions": [], "delegateAdmin": true, "groups": null, "users": ["userpxf1"]}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hcatalog"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["default"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["testhive"]}}, "service": "hawq", "version": 1} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/pxfpolicy/1/3.json ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/pxfpolicy/1/3.json b/src/test/feature/Ranger/pxfpolicy/1/3.json new file mode 100644 index 0000000..08937c4 --- /dev/null +++ b/src/test/feature/Ranger/pxfpolicy/1/3.json @@ -0,0 +1 @@ +{"allowExceptions": [], "denyExceptions": [], "denyPolicyItems": [], "description": "no description", "isAuditEnabled": true, "isEnabled": true, "name": "pxfpolicy1-3", "policyItems": [{"accesses": [{"isAllowed": true, "type": "usage-schema"}], "conditions": [], "delegateAdmin": true, "groups": null, "users": ["userpxf1"]}], "resources": {"database": {"isExcludes": false, "isRecursive": false, "values": ["hawq_feature_test_db"]}, "schema": {"isExcludes": false, "isRecursive": false, "values": ["testhawqranger_hcatalogtest"]}, "table": {"isExcludes": false, "isRecursive": false, "values": ["*"]}}, "service": "hawq", "version": 3} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/sql/pxf/1.sql ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/sql/pxf/1.sql b/src/test/feature/Ranger/sql/pxf/1.sql new file mode 100644 index 0000000..be66b55 --- /dev/null +++ b/src/test/feature/Ranger/sql/pxf/1.sql @@ -0,0 +1,2 @@ +set session role= 'userpxf1'; +select * from hcatalog.default.testhive; http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/9d88cdd8/src/test/feature/Ranger/test_ranger.cpp ---------------------------------------------------------------------- diff --git a/src/test/feature/Ranger/test_ranger.cpp b/src/test/feature/Ranger/test_ranger.cpp index 7461d66..9a61826 100644 --- a/src/test/feature/Ranger/test_ranger.cpp +++ b/src/test/feature/Ranger/test_ranger.cpp @@ -314,6 +314,37 @@ TEST_F(TestHawqRanger, ResourceIncludeATest) { } } +TEST_F(TestHawqRanger, HcatalogTest) { + SQLUtility util; + if (util.getGUCValue("hawq_acl_type") == "ranger") + { + /* + * create a table in hive and populate some rows + */ + clearEnv(&util, "pxf", 1); + clearEnv(&util, "pxf", 2); + clearEnv(&util, "pxf", 3); + string rootPath(util.getTestRootPath()); + string sqlPath = rootPath + "/Ranger/data/testhive.sql"; + auto cmd = hawq::test::stringFormat("hive -f %s", sqlPath.c_str()); + Command::getCommandStatus(cmd); + + /* + * create a user and query this table, fail. + */ + addUser(&util, "pxf", 1, false); + runSQLFile(&util, "pxf", "fail", 1); + + /* + * add allow policies for this user and query again, succeed. + */ + addPolicy(&util, "pxf", 1); // usage of default + addPolicy(&util, "pxf", 2); // select of table + addPolicy(&util, "pxf", 3); // usage of current schema(e.g.testhawqranger_hcatalogtest) + runSQLFile(&util, "pxf", "success", 1); + } +} + void TestHawqRanger::addUser(hawq::test::SQLUtility* util, std::string case_name, int user_index, bool full_policy, int writable_index) { string rootPath = util->getTestRootPath();