[GitHub] ihuzenko commented on a change in pull request #1559: DRILL-540: Allow querying hive views in Drill

GitBox Thu, 27 Dec 2018 06:32:54 -0800

ihuzenko commented on a change in pull request #1559: DRILL-540: Allow querying 
hive views in Drill
URL: https://github.com/apache/drill/pull/1559#discussion_r244163534


 ##########
 File path: 
contrib/storage-hive/core/src/test/java/org/apache/drill/exec/impersonation/hive/TestSqlStdBasedAuthorization.java
 ##########
 @@ -229,77 +297,114 @@ public void select_user1_3() throws Exception {
   }
 
   @Test
-  public void select_user2_1() throws Exception {
-    // SELECT on "voter_role0" table is granted to role "role0" and user 
"user2" is part the role "role0"
-    updateClient(org1Users[2]);
+  public void user1_allowed_vw_voter_role0_but_forbidden_vw_student_user2() 
throws Exception {
+    // SELECT on "vw_voter_role0" table is granted to role "role0" and user 
"user1" is part the role "role0"
+    // SELECT on "vw_student_user2" table is NOT granted to either role 
"role0" or user "user1"
+    updateClient(org1Users[1]);
     test("USE " + hivePluginName + "." + db_general);
-    test(String.format("SELECT * FROM %s ORDER BY name LIMIT 2", 
g_voter_role0));
+    final String query =
+        String.format("SELECT * FROM %s v JOIN %s s on v.name = s.name limit 
2;", vw_voter_role0, vw_student_user2);
+    errorMsgTestHelper(query, "Principal [name=user1_1, type=USER] does not 
have following privileges for " +
+        "operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, 
name=db_general.vw_student_user2]]");
   }
 
   @Test
-  public void select_user2_2() throws Exception {
-    // SELECT on "student_user2" table is granted to user "user2"
-    updateClient(org1Users[2]);
-    test("USE " + hivePluginName + "." + db_general);
-    test(String.format("SELECT * FROM %s ORDER BY name LIMIT 2", 
g_student_user2));
+  public void user1_allowed_v_student_u0g0_750() throws Exception {
+    updateClient(org1Users[1]);
+    queryView(v_student_u0g0_750);
   }
 
   @Test
-  public void select_user2_3() throws Exception {
+  public void user1_allowed_v_student_u1g1_750() throws Exception {
+    updateClient(org1Users[1]);
+    queryView(v_student_u1g1_750);
+  }
+
+  @Test
+  public void user2_allowed_g_voter_role0() throws Exception {
     // SELECT on "voter_role0" table is granted to role "role0" and user 
"user2" is part the role "role0"
-    // SELECT on "student_user2" table is granted to user "user2"
     updateClient(org1Users[2]);
     test("USE " + hivePluginName + "." + db_general);
-    test(String.format("SELECT * FROM %s v JOIN %s s on v.name = s.name limit 
2;", g_voter_role0, g_student_user2));
+    test(String.format("SELECT * FROM %s ORDER BY name LIMIT 2", 
g_voter_role0));
   }
 
-  private static void queryViewHelper(final String queryUser, final String 
query) throws Exception {
-    updateClient(queryUser);
-    testBuilder()
-        .sqlQuery(query)
-        .unOrdered()
-        .baselineColumns("rownum")
-        .baselineValues(1)
-        .go();
+  @Test
+  public void user2_allowed_vw_voter_role0() throws Exception {
+    queryHiveView(org1Users[2], vw_voter_role0);
   }
 
   @Test
-  public void selectUser0_v_student_u0g0_750() throws Exception {
-    queryViewHelper(org1Users[0], query_v_student_u0g0_750);
+  public void user2_allowed_g_student_user2() throws Exception {
+    // SELECT on "student_user2" table is granted to user "user2"
+    updateClient(org1Users[2]);
+    test("USE " + hivePluginName + "." + db_general);
+    test(String.format("SELECT * FROM %s ORDER BY name LIMIT 2", 
g_student_user2));
   }
 
   @Test
-  public void selectUser1_v_student_u0g0_750() throws Exception {
-    queryViewHelper(org1Users[1], query_v_student_u0g0_750);
+  public void user2_allowed_vw_student_user2() throws Exception {
+    queryHiveView(org1Users[2], vw_student_user2);
   }
 
   @Test
-  public void selectUser2_v_student_u0g0_750() throws Exception {
+  public void user2_allowed_g_voter_role0_and_g_student_user2() throws 
Exception {
+    // SELECT on "voter_role0" table is granted to role "role0" and user 
"user2" is part the role "role0"
+    // SELECT on "student_user2" table is granted to user "user2"
     updateClient(org1Users[2]);
-    errorMsgTestHelper(query_v_student_u0g0_750, String.format(
-        "Not authorized to read view [v_student_u0g0_750] in schema [%s.tmp]", 
MINI_DFS_STORAGE_PLUGIN_NAME));
+    test("USE " + hivePluginName + "." + db_general);
+    test(String.format("SELECT * FROM %s v JOIN %s s on v.name = s.name limit 
2;", g_voter_role0, g_student_user2));
   }
 
   @Test
-  public void selectUser0_v_student_u1g1_750() throws Exception {
-    updateClient(org1Users[0]);
-    errorMsgTestHelper(query_v_student_u1g1_750, String.format(
-        "Not authorized to read view [v_student_u1g1_750] in schema [%s.tmp]", 
MINI_DFS_STORAGE_PLUGIN_NAME));
+  public void user2_allowed_vw_voter_role0_and_vw_student_user2() throws 
Exception {
+    updateClient(org1Users[2]);
+    test("USE " + hivePluginName + "." + db_general);
+    test(String.format("SELECT * FROM %s v JOIN %s s on v.name = s.name limit 
2;", vw_voter_role0, vw_student_user2));
   }
 
   @Test
-  public void selectUser1_v_student_u1g1_750() throws Exception {
-    queryViewHelper(org1Users[1], query_v_student_u1g1_750);
+  public void user2_forbidden_v_student_u0g0_750() throws Exception {
+    updateClient(org1Users[2]);
+    queryViewNotAuthorized(v_student_u0g0_750);
   }
 
   @Test
-  public void selectUser2_v_student_u1g1_750() throws Exception {
-    queryViewHelper(org1Users[2], query_v_student_u1g1_750);
+  public void user2_allowed_v_student_u1g1_750() throws Exception {
+    updateClient(org1Users[2]);
+    queryView(v_student_u1g1_750);
   }
 
   @AfterClass
   public static void shutdown() throws Exception {
     stopMiniDfsCluster();
     stopHiveMetaStore();
   }
-}
+
+  private static void queryHiveView(String usr, String viewName) throws 
Exception {
+    String query = String.format("SELECT COUNT(*) AS rownum FROM %s.%s.%s",
+        hivePluginName, db_general, viewName);
+    updateClient(usr);
+    testBuilder()
+        .sqlQuery(query)
+        .unOrdered()
+        .baselineColumns("rownum")
+        .baselineValues(1L)
+        .go();
+  }
+
+  private static void queryHiveViewNotAuthorized(String usr, String viewName) 
throws Exception {
+    final String query = String.format("SELECT * FROM %s.%s.%s", 
hivePluginName, db_general, viewName);
+    final String expectedError = String.format("Principal [name=%s, type=USER] 
does not have following privileges for " +
+            "operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, 
name=db_general.%s]]\n",
+        usr, viewName);
+
+    updateClient(usr);
+    errorMsgTestHelper(query, expectedError);
+  }
+
+  private static void createHiveView(Driver driver, String db, String 
viewName, String tblName) {
+    String viewFullName = db + "." + viewName;
+    String tblFullName = db + "." + tblName;
+    executeQuery(driver, String.format("CREATE OR REPLACE VIEW %s AS SELECT * 
FROM %s LIMIT 1", viewFullName, tblFullName));
+  }
+}
 
 Review comment:
   added lines

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] ihuzenko commented on a change in pull request #1559: DRILL-540: Allow querying hive views in Drill

Reply via email to