Re: [PR] HIVE-28957: Enhance TestHiveMetaStoreAuthorizer [hive]

Mon, 16 Jun 2025 19:35:22 -0700 


dengzhhu653 commented on code in PR #5819:
URL: https://github.com/apache/hive/pull/5819#discussion_r2151202698


##########
ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java:
##########
@@ -547,76 +642,29 @@ public void testUnAuthorizedCause() {
           .build(conf);
       hmsHandler.create_database(db);
     } catch (Exception e) {
-      String[] rootCauseStackTrace = ExceptionUtils.getRootCauseStackTrace(e);
-      assertTrue(Arrays.stream(rootCauseStackTrace)
-          .anyMatch(stack -> 
stack.contains(DummyHiveAuthorizer.class.getName())));
-    }
-  }
-
-  @Test
-  public void testTableFilterContextWithOwnership() throws Exception {
-    List<TableMeta> tableMetas = new ArrayList<>();
-    TableMeta ownerTableMeta = new TableMeta();
-    ownerTableMeta.setCatName("hive");
-    ownerTableMeta.setDbName(default_db);
-    ownerTableMeta.setTableName("owner_table");
-    ownerTableMeta.setOwnerName(authorizedUser);
-    
ownerTableMeta.setOwnerType(org.apache.hadoop.hive.metastore.api.PrincipalType.USER);
-    tableMetas.add(ownerTableMeta);
-
-    TableMeta otherTableMeta = new TableMeta();
-    otherTableMeta.setCatName("hive");
-    otherTableMeta.setDbName(default_db);
-    otherTableMeta.setTableName("other_table");
-    otherTableMeta.setOwnerName(unAuthorizedUser);
-    
otherTableMeta.setOwnerType(org.apache.hadoop.hive.metastore.api.PrincipalType.USER);
-    tableMetas.add(otherTableMeta);
-
-    TableFilterContext filterContext = 
TableFilterContext.createFromTableMetas(default_db, tableMetas);
-    List<Table> tables = filterContext.getTables();
-    assertEquals("Should have two tables in context", 2, tables.size());
-
-    boolean foundOwnerTable = false;
-    boolean foundOtherTable = false;
-
-    for (Table table : tables) {
-      if (table.getTableName().equals("owner_table")) {
-        foundOwnerTable = true;
-        assertEquals("owner_table should have authorized user as owner", 
authorizedUser, table.getOwner());
-        assertEquals("owner_table should have correct owner type",
-            org.apache.hadoop.hive.metastore.api.PrincipalType.USER, 
table.getOwnerType());
-      } else if (table.getTableName().equals("other_table")) {
-        foundOtherTable = true;
-        assertEquals("other_table should have unauthorized user as owner", 
unAuthorizedUser, table.getOwner());
-        assertEquals("other_table should have correct owner type",
-            org.apache.hadoop.hive.metastore.api.PrincipalType.USER, 
table.getOwnerType());
+      // Check if the exception chain contains HiveAuthzPluginException
+      Throwable current = e;
+      boolean foundAuthzException = false;
+      while (current != null) {
+        if (current instanceof HiveAuthzPluginException) {
+          foundAuthzException = true;
+          String expectedErrMsg = "Operation type " + 
HiveOperationType.CREATEDATABASE + " not allowed for user:" + unAuthorizedUser;
+          assertTrue("Expected error message mismatch. Actual: '" + 
current.getMessage() + "'", current.getMessage().contains(expectedErrMsg));
+          break;
+        }
+        current = current.getCause();
       }
-    }
-
-    assertTrue("owner_table not found in tables", foundOwnerTable);
-    assertTrue("other_table not found in tables", foundOtherTable);
-
-    HiveMetaStoreAuthzInfo authzInfo = filterContext.getAuthzContext();
-    List<HivePrivilegeObject> privObjects = authzInfo.getInputHObjs();
 
-    assertEquals("Should have two privilege objects", 2, privObjects.size());
-
-    foundOwnerTable = false;
-    foundOtherTable = false;
-
-    for (HivePrivilegeObject obj : privObjects) {
-      if (obj.getObjectName().equals("owner_table")) {
-        foundOwnerTable = true;
-        assertEquals("owner_table privilege object should have authorized user 
as owner",
-            authorizedUser, obj.getOwnerName());
-      } else if (obj.getObjectName().equals("other_table")) {
-        foundOtherTable = true;
-        assertEquals("other_table privilege object should have unauthorized 
user as owner",
-            unAuthorizedUser, obj.getOwnerName());
+      if (!foundAuthzException) {
+        Throwable rootCause = ExceptionUtils.getRootCause(e);
+        if (rootCause instanceof HiveAuthzPluginException) {

Review Comment:
   if `foundAuthzException` is false, then the `rootCause` shouldn't be the 
`HiveAuthzPluginException`?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org

Reply via email to