Repository: incubator-sentry Updated Branches: refs/heads/hive_plugin_v2 4854ab41d -> fe5e4a9a6
SENTRY-915: Improve Hive E2E tests for keep consistent with Hive metadata. (Dapeng Sun, reviewed by Guoquan Shen) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/fe5e4a9a Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/fe5e4a9a Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/fe5e4a9a Branch: refs/heads/hive_plugin_v2 Commit: fe5e4a9a66d6f465949ab6ed7f65cd85e516a05c Parents: 4854ab4 Author: Sun Dapeng <[email protected]> Authored: Wed Oct 28 09:58:15 2015 +0800 Committer: Sun Dapeng <[email protected]> Committed: Wed Oct 28 09:58:15 2015 +0800 ---------------------------------------------------------------------- .../tests/e2e/dbprovider/TestDbEndToEnd.java | 8 +- .../sentry/tests/e2e/hive/TestCrossDbOps.java | 1 + .../e2e/hive/TestMetadataObjectRetrieval.java | 22 ++- .../tests/e2e/hive/TestMetadataPermissions.java | 16 +- .../sentry/tests/e2e/hive/TestOperations.java | 23 ++- .../e2e/hive/TestPrivilegesAtDatabaseScope.java | 8 +- .../e2e/hive/TestPrivilegesAtFunctionScope.java | 15 +- .../e2e/hive/TestPrivilegesAtTableScope.java | 188 ++++++++++--------- .../e2e/hive/TestRuntimeMetadataRetrieval.java | 3 + .../sentry/tests/e2e/hive/TestSandboxOps.java | 5 +- 10 files changed, 166 insertions(+), 123 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fe5e4a9a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java index d1f2774..bb0ec7a 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java @@ -174,7 +174,10 @@ public class TestDbEndToEnd extends AbstractTestWithStaticConfiguration { statement.execute("DROP DATABASE IF EXISTS " + DB2 + " CASCADE"); statement.execute("CREATE DATABASE " + DB2); statement.execute("USE " + DB2); + statement.execute("DROP TABLE IF EXISTS " + DB2 + "." + tableName1); statement.execute("DROP TABLE IF EXISTS " + DB2 + "." + tableName2); + statement.execute("create table " + DB2 + "." + tableName1 + + " (under_col int comment 'the under column', value string)"); statement.execute("create table " + DB2 + "." + tableName2 + " (under_col int comment 'the under column', value string)"); statement.execute("load data local inpath '" + dataFile.getPath() @@ -198,6 +201,9 @@ public class TestDbEndToEnd extends AbstractTestWithStaticConfiguration { + "' TO ROLE data_uri"); statement.execute("USE " + DB1); + statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + tableName1); + statement.execute("create table " + DB1 + "." + tableName1 + + " (under_col int comment 'the under column', value string)"); statement.execute("GRANT SELECT ON TABLE " + tableName1 + " TO ROLE select_tb1"); @@ -226,7 +232,7 @@ public class TestDbEndToEnd extends AbstractTestWithStaticConfiguration { // 7 connection = context.createConnection(ADMIN1); statement = context.createStatement(connection); - statement.execute("USE " + DB2); + statement.execute("USE " + DB1); statement.execute("DROP TABLE IF EXISTS " + DB1 + "." + tableName1); statement.execute("create table " + DB1 + "." + tableName1 + " (under_col int comment 'the under column', value string)"); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fe5e4a9a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java index 2e4be8a..9a21865 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java @@ -407,6 +407,7 @@ public class TestCrossDbOps extends AbstractTestWithStaticConfiguration { adminStmt.execute("use default"); adminStmt.execute("CREATE DATABASE " + DB1); adminStmt.execute("create table " + DB1 + ".table_1 (id int)"); + adminStmt.execute("create table " + DB1 + ".table_2 (id int)"); adminStmt.close(); adminCon.close(); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fe5e4a9a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java index 7dd0f01..71e3af2 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java @@ -157,6 +157,7 @@ public class TestMetadataObjectRetrieval extends AbstractTestWithStaticConfigura throws Exception { createDb(ADMIN1, DB1); createTable(ADMIN1, DB1, dataFile, TBL1); + createTable(ADMIN1, DB1, dataFile, TBL2); positiveDescribeShowTests(ADMIN1, DB1, TBL1); policyFile @@ -285,14 +286,15 @@ public class TestMetadataObjectRetrieval extends AbstractTestWithStaticConfigura @Test public void testDescribeDatabasesWithAllOnServerAndAllOnDb() throws Exception { + dropDb(ADMIN1, DB1, DB2); + createDb(ADMIN1, DB1, DB2); + createTable(ADMIN1, DB1, dataFile, TBL1); + createTable(ADMIN1, DB2, dataFile, TBL1); policyFile .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1) .addRolesToGroup(USERGROUP1, GROUP1_ROLE) .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); - dropDb(ADMIN1, DB1, DB2); - createDb(ADMIN1, DB1, DB2); - createTable(ADMIN1, DB1, dataFile, TBL1); Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); @@ -322,6 +324,8 @@ public class TestMetadataObjectRetrieval extends AbstractTestWithStaticConfigura @Test public void testDescribeDefaultDatabase() throws Exception { createDb(ADMIN1, DB1, DB2); + createTable(ADMIN1, "default", dataFile, TBL1); + createTable(ADMIN1, DB1, dataFile, TBL1); Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); assertTrue(statement.executeQuery("DESCRIBE DATABASE default").next()); @@ -358,6 +362,7 @@ public class TestMetadataObjectRetrieval extends AbstractTestWithStaticConfigura public void testShowIndexes1() throws Exception { createDb(ADMIN1, DB1); createTable(ADMIN1, DB1, dataFile, TBL1); + createTable(ADMIN1, DB1, dataFile, TBL2); Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); @@ -373,8 +378,8 @@ public class TestMetadataObjectRetrieval extends AbstractTestWithStaticConfigura statement.close(); connection.close(); - // grant privilege to non-existent table to allow use db1 - policyFile.addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_NONTABLE) + // grant privilege to table2 to allow use db1 + policyFile.addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_TBL2) .addRolesToGroup(USERGROUP1, GROUP1_ROLE) .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -423,6 +428,9 @@ public class TestMetadataObjectRetrieval extends AbstractTestWithStaticConfigura Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); + statement.execute("DROP TABLE IF EXISTS " + TBL2); + statement.execute("create table " + TBL2 + + " (under_col int, value string) PARTITIONED BY (dt INT)"); statement.execute("DROP TABLE IF EXISTS " + TBL1); statement.execute("create table " + TBL1 + " (under_col int, value string) PARTITIONED BY (dt INT)"); @@ -433,8 +441,8 @@ public class TestMetadataObjectRetrieval extends AbstractTestWithStaticConfigura statement.close(); connection.close(); - // grant privilege to non-existent table to allow use db1 - policyFile.addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_NONTABLE) + // grant privilege to table2 to allow use db1 + policyFile.addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_TBL2) .addRolesToGroup(USERGROUP1, GROUP1_ROLE) .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fe5e4a9a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java index 25d1f8c..8202bc3 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java @@ -32,13 +32,7 @@ public class TestMetadataPermissions extends AbstractTestWithStaticConfiguration @Before public void setup() throws Exception { policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP); - - policyFile - .addRolesToGroup(USERGROUP1, "db1_all", "db2_all") - .addRolesToGroup(USERGROUP2, "db1_all") - .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) - .addPermissionsToRole("db2_all", "server=server1->db=" + DB2) - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); Connection adminCon = context.createConnection(ADMIN1); @@ -52,6 +46,14 @@ public class TestMetadataPermissions extends AbstractTestWithStaticConfiguration adminStmt.execute("CREATE TABLE " + tabName + " (id int)"); } } + + policyFile + .addRolesToGroup(USERGROUP1, "db1_all", "db2_all") + .addRolesToGroup(USERGROUP2, "db1_all") + .addPermissionsToRole("db1_all", "server=server1->db=" + DB1) + .addPermissionsToRole("db2_all", "server=server1->db=" + DB2); + + writePolicyFile(policyFile); } /** http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fe5e4a9a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java index 29b2d60..0c3910a 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java @@ -189,13 +189,13 @@ public class TestOperations extends AbstractTestWithStaticConfiguration { statement.close(); connection.close(); + adminCreate(DB1, null); + policyFile .addPermissionsToRole("all_db1", privileges.get("all_db1")) .addRolesToGroup(USERGROUP2, "all_db1"); writePolicyFile(policyFile); - adminCreate(DB1, null); - connection = context.createConnection(USER2_1); statement = context.createStatement(connection); statement.execute("DROP DATABASE " + DB1); @@ -259,7 +259,7 @@ public class TestOperations extends AbstractTestWithStaticConfiguration { */ @Test public void testDescDB() throws Exception { - adminCreate(DB1, null); + adminCreate(DB1, tableName); policyFile .addPermissionsToRole("select_db1", privileges.get("select_db1")) .addPermissionsToRole("insert_db1", privileges.get("insert_db1")) @@ -445,13 +445,6 @@ public class TestOperations extends AbstractTestWithStaticConfiguration { @Test public void testAlterTable() throws Exception { adminCreate(DB1, tableName, true); - policyFile - .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1")) - .addPermissionsToRole("alter_db1_ptab", privileges.get("alter_db1_ptab")) - .addRolesToGroup(USERGROUP1, "alter_db1_tb1", "alter_db1_ptab") - .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1")) - .addRolesToGroup(USERGROUP2, "insert_db1_tb1"); - writePolicyFile(policyFile); Connection connection; Statement statement; @@ -461,7 +454,17 @@ public class TestOperations extends AbstractTestWithStaticConfiguration { statement.execute("Use " + DB1); statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '10') "); statement.execute("ALTER TABLE tb1 ADD IF NOT EXISTS PARTITION (b = '1') "); + statement.execute("DROP TABLE IF EXISTS ptab"); statement.execute("CREATE TABLE ptab (a int) STORED AS PARQUET"); + + policyFile + .addPermissionsToRole("alter_db1_tb1", privileges.get("alter_db1_tb1")) + .addPermissionsToRole("alter_db1_ptab", privileges.get("alter_db1_ptab")) + .addRolesToGroup(USERGROUP1, "alter_db1_tb1", "alter_db1_ptab") + .addPermissionsToRole("insert_db1_tb1", privileges.get("insert_db1_tb1")) + .addRolesToGroup(USERGROUP2, "insert_db1_tb1"); + writePolicyFile(policyFile); + //Negative test cases connection = context.createConnection(USER2_1); statement = context.createStatement(connection); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fe5e4a9a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java index 3f6f246..9437fca 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtDatabaseScope.java @@ -305,7 +305,7 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithStaticConfigu statement.execute("use " + DB1); statement.execute("CREATE TABLE TAB_1(A STRING)"); statement.execute("CREATE DATABASE " + DB2); - statement.execute("use " + DB1); + statement.execute("use " + DB2); statement.execute("CREATE TABLE TAB_2(A STRING)"); context.close(); @@ -361,6 +361,12 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithStaticConfigu Statement statement = context.createStatement(connection); statement.execute("use default"); statement.execute("create table tab1(a int)"); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("use " + DB1); + statement.execute("CREATE TABLE TAB_1(A STRING)"); + statement.execute("CREATE DATABASE " + DB2); + statement.execute("use " + DB2); + statement.execute("CREATE TABLE TAB_2(A STRING)"); context.close(); policyFile http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fe5e4a9a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java index 7bb199b..7ca3b67 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java @@ -179,6 +179,14 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticConfigu public void testUdfWhiteList () throws Exception { String tableName1 = "tab1"; + Connection connection = context.createConnection(ADMIN1); + Statement statement = connection.createStatement(); + statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); + statement.execute("CREATE DATABASE " + DB1); + statement.execute("USE " + DB1); + statement.execute("create table " + tableName1 + + " (under_col int comment 'the under column', value string)"); + policyFile .addRolesToGroup(USERGROUP1, "db1_all", "UDF_JAR") .addRolesToGroup(USERGROUP2, "db1_tab1", "UDF_JAR") @@ -188,13 +196,6 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticConfigu .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2"); writePolicyFile(policyFile); - Connection connection = context.createConnection(ADMIN1); - Statement statement = connection.createStatement(); - statement.execute("DROP DATABASE IF EXISTS " + DB1 + " CASCADE"); - statement.execute("CREATE DATABASE " + DB1); - statement.execute("USE " + DB1); - statement.execute("create table " + tableName1 - + " (under_col int comment 'the under column', value string)"); statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE " + DB1 + "." + tableName1); statement.execute("SELECT rand(), concat(value, '_foo') FROM " + tableName1); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fe5e4a9a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java index 6272752..56776db 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtTableScope.java @@ -73,30 +73,30 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat statement.execute("CREATE DATABASE DB_1"); statement.execute("USE DB_1"); - statement.execute("CREATE TABLE TAB_1(B INT, A STRING) " + statement.execute("CREATE TABLE " + TBL1 + "(B INT, A STRING) " + " row format delimited fields terminated by '|' stored as textfile"); - statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE TAB_1"); - statement.execute("CREATE TABLE TAB_2(B INT, A STRING) " + statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE " + TBL1); + statement.execute("CREATE TABLE " + TBL2 + "(B INT, A STRING) " + " row format delimited fields terminated by '|' stored as textfile"); - statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE TAB_2"); - statement.execute("CREATE VIEW VIEW_1 AS SELECT A, B FROM TAB_1"); + statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE " + TBL2); + statement.execute("CREATE VIEW VIEW_1 AS SELECT A, B FROM " + TBL1); statement.close(); connection.close(); } /* - * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, loads data into - * TAB_1, TAB_2 Admin grants SELECT on TAB_1, TAB_2, INSERT on TAB_1 to + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, loads data into + * TBL1, TBL2 Admin grants SELECT on TBL1, TBL2, INSERT on TBL1 to * USER_GROUP of which user1 is a member. */ @Test public void testInsertAndSelect() throws Exception { policyFile .addRolesToGroup(USERGROUP1, "select_tab1", "insert_tab1", "select_tab2") - .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select") - .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert") - .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=insert") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -105,12 +105,12 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat Statement statement = context.createStatement(connection); statement.execute("USE DB_1"); // test user can insert - statement.execute("INSERT INTO TABLE TAB_1 SELECT A, B FROM TAB_2"); + statement.execute("INSERT INTO TABLE " + TBL1 + " SELECT A, B FROM " + TBL2); // test user can query table - statement.executeQuery("SELECT A FROM TAB_2"); + statement.executeQuery("SELECT A FROM " + TBL2); // negative test: test user can't drop try { - statement.execute("DROP TABLE TAB_1"); + statement.execute("DROP TABLE " + TBL1); Assert.fail("Expected SQL exception"); } catch (SQLException e) { context.verifyAuthzException(e); @@ -118,20 +118,20 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat statement.close(); connection.close(); - // connect as admin and drop tab_1 + // connect as admin and drop TBL1 connection = context.createConnection(ADMIN1); statement = context.createStatement(connection); statement.execute("USE DB_1"); - statement.execute("DROP TABLE TAB_1"); + statement.execute("DROP TABLE " + TBL1); statement.close(); connection.close(); - // negative test: connect as user1 and try to recreate tab_1 + // negative test: connect as user1 and try to recreate TBL1 connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("USE DB_1"); try { - statement.execute("CREATE TABLE TAB_1(A STRING)"); + statement.execute("CREATE TABLE " + TBL1 + "(A STRING)"); Assert.fail("Expected SQL exception"); } catch (SQLException e) { context.verifyAuthzException(e); @@ -140,29 +140,29 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat statement.close(); connection.close(); - // connect as admin to restore the tab_1 + // connect as admin to restore the TBL1 connection = context.createConnection(ADMIN1); statement = context.createStatement(connection); statement.execute("USE DB_1"); - statement.execute("CREATE TABLE TAB_1(B INT, A STRING) " + statement.execute("CREATE TABLE " + TBL1 + "(B INT, A STRING) " + " row format delimited fields terminated by '|' stored as textfile"); - statement.execute("INSERT INTO TABLE TAB_1 SELECT A, B FROM TAB_2"); + statement.execute("INSERT INTO TABLE " + TBL1 + " SELECT A, B FROM " + TBL2); statement.close(); connection.close(); } /* - * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, loads data into - * TAB_1, TAB_2. Admin grants INSERT on TAB_1, SELECT on TAB_2 to USER_GROUP + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, loads data into + * TBL1, TBL2. Admin grants INSERT on TBL1, SELECT on TBL2 to USER_GROUP * of which user1 is a member. */ @Test public void testInsert() throws Exception { policyFile .addRolesToGroup(USERGROUP1, "insert_tab1", "select_tab2") - .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert") - .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select") + .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=insert") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -171,11 +171,11 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); // test user can execute insert on table - statement.execute("INSERT INTO TABLE TAB_1 SELECT A, B FROM TAB_2"); + statement.execute("INSERT INTO TABLE " + TBL1 + " SELECT A, B FROM " + TBL2); // negative test: user can't query table try { - statement.executeQuery("SELECT A FROM TAB_1"); + statement.executeQuery("SELECT A FROM " + TBL1); Assert.fail("Expected SQL exception"); } catch (SQLException e) { context.verifyAuthzException(e); @@ -200,7 +200,7 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat // negative test: test user can't create a new view try { - statement.executeQuery("CREATE VIEW VIEW_2(A) AS SELECT A FROM TAB_1"); + statement.executeQuery("CREATE VIEW VIEW_2(A) AS SELECT A FROM " + TBL1); Assert.fail("Expected SQL Exception"); } catch (SQLException e) { context.verifyAuthzException(e); @@ -210,17 +210,17 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat } /* - * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, loads data into - * TAB_1, TAB_2. Admin grants SELECT on TAB_1, TAB_2 to USER_GROUP of which + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, loads data into + * TBL1, TBL2. Admin grants SELECT on TBL1, TBL2 to USER_GROUP of which * user1 is a member. */ @Test public void testSelect() throws Exception { policyFile .addRolesToGroup(USERGROUP1, "select_tab1", "select_tab2") - .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select") - .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert") - .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=insert") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -229,11 +229,11 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); // test user can execute query on table - statement.executeQuery("SELECT A FROM TAB_1"); + statement.executeQuery("SELECT A FROM " + TBL1); // negative test: test insert into table try { - statement.executeQuery("INSERT INTO TABLE TAB_1 SELECT A, B FROM TAB_2"); + statement.executeQuery("INSERT INTO TABLE " + TBL1 + " SELECT A, B FROM " + TBL2); Assert.fail("Expected SQL exception"); } catch (SQLException e) { context.verifyAuthzException(e); @@ -249,7 +249,7 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat // negative test: test user can't create a new view try { - statement.executeQuery("CREATE VIEW VIEW_2(A) AS SELECT A FROM TAB_1"); + statement.executeQuery("CREATE VIEW VIEW_2(A) AS SELECT A FROM " + TBL1); Assert.fail("Expected SQL Exception"); } catch (SQLException e) { context.verifyAuthzException(e); @@ -259,16 +259,16 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat } /* - * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, VIEW_1 on TAB_1 - * loads data into TAB_1, TAB_2. Admin grants SELECT on TAB_1,TAB_2 to + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, VIEW_1 on TBL1 + * loads data into TBL1, TBL2. Admin grants SELECT on TBL1,TBL2 to * USER_GROUP of which user1 is a member. */ @Test public void testTableViewJoin() throws Exception { policyFile .addRolesToGroup(USERGROUP1, "select_tab1", "select_tab2") - .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select") - .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -276,12 +276,12 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat Connection connection = context.createConnection(USER1_1); Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); - // test user can execute query TAB_1 JOIN TAB_2 - statement.executeQuery("SELECT T1.B FROM TAB_1 T1 JOIN TAB_2 T2 ON (T1.B = T2.B)"); + // test user can execute query TBL1 JOIN TBL2 + statement.executeQuery("SELECT T1.B FROM " + TBL1 + " T1 JOIN " + TBL2 + " T2 ON (T1.B = T2.B)"); - // negative test: test user can't execute query VIEW_1 JOIN TAB_2 + // negative test: test user can't execute query VIEW_1 JOIN TBL2 try { - statement.executeQuery("SELECT V1.B FROM VIEW_1 V1 JOIN TAB_2 T2 ON (V1.B = T2.B)"); + statement.executeQuery("SELECT V1.B FROM VIEW_1 V1 JOIN " + TBL2 + " T2 ON (V1.B = T2.B)"); Assert.fail("Expected SQL exception"); } catch (SQLException e) { context.verifyAuthzException(e); @@ -292,16 +292,16 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat } /* - * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, VIEW_1 on TAB_1 - * loads data into TAB_1, TAB_2. Admin grants SELECT on TAB_2 to USER_GROUP of + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, VIEW_1 on TBL1 + * loads data into TBL1, TBL2. Admin grants SELECT on TBL2 to USER_GROUP of * which user1 is a member. */ @Test public void testTableViewJoin2() throws Exception { policyFile .addRolesToGroup(USERGROUP1, "select_tab2") - .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select") - .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -309,20 +309,20 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat Connection connection = context.createConnection(USER1_1); Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); - // test user can execute query on TAB_2 - statement.executeQuery("SELECT A FROM TAB_2"); + // test user can execute query on TBL2 + statement.executeQuery("SELECT A FROM " + TBL2); - // negative test: test user can't execute query VIEW_1 JOIN TAB_2 + // negative test: test user can't execute query VIEW_1 JOIN TBL2 try { - statement.executeQuery("SELECT VIEW_1.B FROM VIEW_1 JOIN TAB_2 ON (VIEW_1.B = TAB_2.B)"); + statement.executeQuery("SELECT VIEW_1.B FROM VIEW_1 JOIN " + TBL2 + " ON (VIEW_1.B = " + TBL2 + ".B)"); Assert.fail("Expected SQL exception"); } catch (SQLException e) { context.verifyAuthzException(e); } - // negative test: test user can't execute query TAB_1 JOIN TAB_2 + // negative test: test user can't execute query TBL1 JOIN TBL2 try { - statement.executeQuery("SELECT TAB_1.B FROM TAB_1 JOIN TAB_2 ON (TAB_1.B = TAB_2.B)"); + statement.executeQuery("SELECT " + TBL1 + ".B FROM " + TBL1 + " JOIN " + TBL2 + " ON (" + TBL1 + ".B = " + TBL2 + ".B)"); Assert.fail("Expected SQL exception"); } catch (SQLException e) { context.verifyAuthzException(e); @@ -333,8 +333,8 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat } /* - * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, VIEW_1 on TAB_1 - * loads data into TAB_1, TAB_2. Admin grants SELECT on TAB_2, VIEW_1 to + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, VIEW_1 on TBL1 + * loads data into TBL1, TBL2. Admin grants SELECT on TBL2, VIEW_1 to * USER_GROUP of which user1 is a member. */ @Test @@ -342,7 +342,7 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat policyFile .addRolesToGroup(USERGROUP1, "select_tab2", "select_view1") .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select") - .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL2 + "->action=select") .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -350,18 +350,18 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat Connection connection = context.createConnection(USER1_1); Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); - // test user can execute query on TAB_2 - statement.executeQuery("SELECT A FROM TAB_2"); + // test user can execute query on TBL2 + statement.executeQuery("SELECT A FROM " + TBL2); - // test user can execute query VIEW_1 JOIN TAB_2 - statement.executeQuery("SELECT V1.B FROM VIEW_1 V1 JOIN TAB_2 T2 ON (V1.B = T2.B)"); + // test user can execute query VIEW_1 JOIN TBL2 + statement.executeQuery("SELECT V1.B FROM VIEW_1 V1 JOIN " + TBL2 + " T2 ON (V1.B = T2.B)"); // test user can execute query on VIEW_1 statement.executeQuery("SELECT A FROM VIEW_1"); - // negative test: test user can't execute query TAB_1 JOIN TAB_2 + // negative test: test user can't execute query TBL1 JOIN TBL2 try { - statement.executeQuery("SELECT T1.B FROM TAB_1 T1 JOIN TAB_2 T2 ON (T1.B = T2.B)"); + statement.executeQuery("SELECT T1.B FROM " + TBL1 + " T1 JOIN " + TBL2 + " T2 ON (T1.B = T2.B)"); Assert.fail("Expected SQL exception"); } catch (SQLException e) { context.verifyAuthzException(e); @@ -372,8 +372,8 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat } /* - * Admin creates database DB_1, table TAB_1, TAB_2 in DB_1, VIEW_1 on TAB_1 - * loads data into TAB_1, TAB_2. Admin grants SELECT on TAB_1, VIEW_1 to + * Admin creates database DB_1, table TBL1, TBL2 in DB_1, VIEW_1 on TBL1 + * loads data into TBL1, TBL2. Admin grants SELECT on TBL1, VIEW_1 to * USER_GROUP of which user1 is a member. */ @Test @@ -381,7 +381,7 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat policyFile .addRolesToGroup(USERGROUP1, "select_tab1", "select_view1") .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select") - .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") .setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); @@ -390,12 +390,12 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); - // test user can execute query VIEW_1 JOIN TAB_1 - statement.executeQuery("SELECT VIEW_1.B FROM VIEW_1 JOIN TAB_1 ON (VIEW_1.B = TAB_1.B)"); + // test user can execute query VIEW_1 JOIN TBL1 + statement.executeQuery("SELECT VIEW_1.B FROM VIEW_1 JOIN " + TBL1 + " ON (VIEW_1.B = " + TBL1 + ".B)"); - // negative test: test user can't execute query TAB_1 JOIN TAB_2 + // negative test: test user can't execute query TBL1 JOIN TBL2 try { - statement.executeQuery("SELECT TAB_1.B FROM TAB_1 JOIN TAB_2 ON (TAB_1.B = TAB_2.B)"); + statement.executeQuery("SELECT " + TBL1 + ".B FROM " + TBL1 + " JOIN " + TBL2 + " ON (" + TBL1 + ".B = " + TBL2 + ".B)"); Assert.fail("Expected SQL exception"); } catch (SQLException e) { context.verifyAuthzException(e); @@ -419,18 +419,7 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to); to.close(); - policyFile - .addRolesToGroup(USERGROUP1, "all_tab1") - .addPermissionsToRole("all_tab1", - "server=server1->db=" + DB1 + "->table=" + TBL2) - .addRolesToGroup(USERGROUP2, "drop_tab1") - .addPermissionsToRole("drop_tab1", - "server=server1->db=" + DB1 + "->table=" + TBL3 + "->action=drop", - "server=server1->db=" + DB1 + "->table=" + TBL3 + "->action=select") - .addRolesToGroup(USERGROUP3, "select_tab1") - .addPermissionsToRole("select_tab1", - "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=select") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); // setup db objects needed by the test @@ -438,6 +427,9 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); + statement.execute("DROP TABLE if exists " + TBL1); + statement.execute("DROP TABLE if exists " + TBL2); + statement.execute("DROP TABLE if exists " + TBL3); statement.execute("CREATE TABLE " + TBL1 + "(B INT, A STRING) " + " row format delimited fields terminated by '|' stored as textfile"); statement.execute("CREATE TABLE " + TBL2 + "(B INT, A STRING) " @@ -454,9 +446,23 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat // verify admin can execute truncate table statement.execute("TRUNCATE TABLE " + TBL1); assertFalse(hasData(statement, TBL1)); + statement.close(); connection.close(); + policyFile + .addRolesToGroup(USERGROUP1, "all_tab1") + .addPermissionsToRole("all_tab1", + "server=server1->db=" + DB1 + "->table=" + TBL2) + .addRolesToGroup(USERGROUP2, "drop_tab1") + .addPermissionsToRole("drop_tab1", + "server=server1->db=" + DB1 + "->table=" + TBL3 + "->action=drop", + "server=server1->db=" + DB1 + "->table=" + TBL3 + "->action=select") + .addRolesToGroup(USERGROUP3, "select_tab1") + .addPermissionsToRole("select_tab1", + "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=select"); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("USE " + DB1); @@ -527,11 +533,7 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat @Test public void testDummyPartition() throws Exception { - policyFile - .addRolesToGroup(USERGROUP1, "select_tab1", "select_tab2") - .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select") - .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_3->action=insert") - .setUserGroupMapping(StaticUserGroup.getStaticMapping()); + policyFile.setUserGroupMapping(StaticUserGroup.getStaticMapping()); writePolicyFile(policyFile); // setup db objects needed by the test @@ -539,15 +541,25 @@ public class TestPrivilegesAtTableScope extends AbstractTestWithStaticConfigurat Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); - statement.execute("CREATE table TAB_3 (a2 int) PARTITIONED BY (b2 string, c2 string)"); + + statement.execute("DROP TABLE if exists " + TBL1); + statement.execute("CREATE table " + TBL1 + " (a int) PARTITIONED BY (b string, c string)"); + statement.execute("DROP TABLE if exists " + TBL3); + statement.execute("CREATE table " + TBL3 + " (a2 int) PARTITIONED BY (b2 string, c2 string)"); statement.close(); connection.close(); + policyFile + .addRolesToGroup(USERGROUP1, "select_tab1", "select_tab2") + .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=" + TBL1 + "->action=select") + .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=" + TBL3 + "->action=insert"); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); statement = context.createStatement(connection); statement.execute("USE " + DB1); - statement.execute("INSERT OVERWRITE TABLE TAB_3 PARTITION(b2='abc', c2) select a, b as c2 from TAB_1"); + statement.execute("INSERT OVERWRITE TABLE " + TBL3 + " PARTITION(b2='abc', c2) select a, b as c2 from " + TBL1); statement.close(); connection.close(); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fe5e4a9a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java index 6eb960b..4925f2e 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestRuntimeMetadataRetrieval.java @@ -347,6 +347,7 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur String[] dbNames = {DB1, DB2, DB3}; List<String> dbNamesValidation = new ArrayList<String>(); String[] user1DbNames = {DB1, DB2}; + String tableNames[] = {"tb_1"}; // verify by SQL // 1, 2 @@ -355,6 +356,8 @@ public class TestRuntimeMetadataRetrieval extends AbstractTestWithStaticConfigur dbNamesValidation.add("default"); Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); + createTabs(statement, DB1, tableNames); + createTabs(statement, DB2, tableNames); ResultSet rs = statement.executeQuery("SHOW DATABASES"); validateDBs(rs, dbNamesValidation); // admin should see all dbs rs.close(); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fe5e4a9a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java index fe837e4..da3b90f 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestSandboxOps.java @@ -305,6 +305,7 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { public void testSandboxOpt13() throws Exception { createDb(ADMIN1, DB1); createTable(ADMIN1, DB1, dataFile, TBL1); + createTable(ADMIN1, DB1, dataFile, TBL2); Connection connection = context.createConnection(ADMIN1); Statement statement = context.createStatement(connection); statement.execute("USE " + DB1); @@ -360,16 +361,16 @@ public class TestSandboxOps extends AbstractTestWithStaticConfiguration { @Test public void testSandboxOpt17() throws Exception { createDb(ADMIN1, DB1); + createTable(ADMIN1, DB1, dataFile, TBL1, TBL2); policyFile .addRolesToGroup(USERGROUP1, "all_db1", "load_data") .addRolesToGroup(USERGROUP2, "select_tb1") - .addPermissionsToRole("select_tb1", "server=server1->db=" + DB1 + "->table=tbl_1->action=select") + .addPermissionsToRole("select_tb1", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=select") .addPermissionsToRole("all_db1", "server=server1->db=" + DB1) .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.toString()); writePolicyFile(policyFile); - createTable(USER1_1, DB1, dataFile, TBL1, TBL2); Connection connection = context.createConnection(USER1_1); Statement statement = context.createStatement(connection); // c
