This is an automated email from the ASF dual-hosted git repository. kgyrtkirk pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push: new 7bb1d1e HIVE-22518: SQLStdHiveAuthorizerFactoryForTest doesn't work correctly for llap tests (Zoltan Haindrich reviewed by Miklos Gergely) 7bb1d1e is described below commit 7bb1d1edfcba558958265ec47245bc529eaee2d8 Author: Zoltan Haindrich <k...@rxd.hu> AuthorDate: Mon Jan 27 10:57:30 2020 +0000 HIVE-22518: SQLStdHiveAuthorizerFactoryForTest doesn't work correctly for llap tests (Zoltan Haindrich reviewed by Miklos Gergely) Signed-off-by: Zoltan Haindrich <k...@rxd.hu> --- data/conf/llap/hive-site.xml | 5 ++ .../java/org/apache/hadoop/hive/ql/QTestUtil.java | 2 + .../hive/ql/qoption/QTestAuthorizerHandler.java | 56 ++++++++++++++++++++++ ql/src/test/queries/clientpositive/sysdb_schq.q | 6 ++- .../test/results/clientpositive/llap/sysdb.q.out | 1 + .../results/clientpositive/llap/sysdb_schq.q.out | 14 ++++-- 6 files changed, 78 insertions(+), 6 deletions(-) diff --git a/data/conf/llap/hive-site.xml b/data/conf/llap/hive-site.xml index 0c5d030..d37c1b5 100644 --- a/data/conf/llap/hive-site.xml +++ b/data/conf/llap/hive-site.xml @@ -373,4 +373,9 @@ <value>org.apache.hadoop.hive.ql.hooks.ScheduledQueryCreationRegistryHook</value> </property> +<property> + <name>hive.users.in.admin.role</name> + <value>hive_admin_user</value> +</property> + </configuration> diff --git a/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java b/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java index 217049a..c5624f2 100644 --- a/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java +++ b/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java @@ -76,6 +76,7 @@ import org.apache.hadoop.hive.ql.processors.CommandProcessorException; import org.apache.hadoop.hive.ql.processors.CommandProcessorFactory; import org.apache.hadoop.hive.ql.processors.CommandProcessorResponse; import org.apache.hadoop.hive.ql.processors.HiveCommand; +import org.apache.hadoop.hive.ql.qoption.QTestAuthorizerHandler; import org.apache.hadoop.hive.ql.qoption.QTestOptionDispatcher; import org.apache.hadoop.hive.ql.qoption.QTestReplaceHandler; import org.apache.hadoop.hive.ql.qoption.QTestSysDbHandler; @@ -211,6 +212,7 @@ public class QTestUtil { testFiles = datasetHandler.getDataDir(conf); conf.set("test.data.dir", datasetHandler.getDataDir(conf)); conf.setVar(ConfVars.HIVE_QUERY_RESULTS_CACHE_DIRECTORY, "/tmp/hive/_resultscache_" + ProcessUtils.getPid()); + dispatcher.register("authorizer", new QTestAuthorizerHandler()); dispatcher.register("dataset", datasetHandler); dispatcher.register("replace", replaceHandler); dispatcher.register("sysdb", new QTestSysDbHandler()); diff --git a/itests/util/src/main/java/org/apache/hadoop/hive/ql/qoption/QTestAuthorizerHandler.java b/itests/util/src/main/java/org/apache/hadoop/hive/ql/qoption/QTestAuthorizerHandler.java new file mode 100644 index 0000000..c74f72c --- /dev/null +++ b/itests/util/src/main/java/org/apache/hadoop/hive/ql/qoption/QTestAuthorizerHandler.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.qoption; + +import org.apache.hadoop.hive.ql.QTestUtil; + +/** + * QTest authorizer option + * + * Enables authorization for the qtest. + * + * Example: + * --! qt:authorizer + */ +public class QTestAuthorizerHandler implements QTestOptionHandler { + private boolean enabled; + + @Override + public void processArguments(String arguments) { + enabled = true; + } + + @Override + public void beforeTest(QTestUtil qt) throws Exception { + if (enabled) { + qt.getConf().set("hive.test.authz.sstd.hs2.mode", "true"); + qt.getConf().set("hive.security.authorization.manager", + "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest"); + qt.getConf().set("hive.security.authenticator.manager", + "org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator"); + qt.getConf().set("hive.security.authorization.enabled", "true"); + } + } + + @Override + public void afterTest(QTestUtil qt) throws Exception { + enabled = false; + } + +} diff --git a/ql/src/test/queries/clientpositive/sysdb_schq.q b/ql/src/test/queries/clientpositive/sysdb_schq.q index 6b93199..fc1bcd5 100644 --- a/ql/src/test/queries/clientpositive/sysdb_schq.q +++ b/ql/src/test/queries/clientpositive/sysdb_schq.q @@ -1,13 +1,17 @@ +--! qt:authorizer --! qt:scheduledqueryservice --! qt:dataset:src --! qt:sysdb -use sys; +set user.name=hive_admin_user; +set role admin; create scheduled query asd cron '* * * * * ? *' defined as select 1; !sleep 10; +use sys; + desc formatted scheduled_queries; select diff --git a/ql/src/test/results/clientpositive/llap/sysdb.q.out b/ql/src/test/results/clientpositive/llap/sysdb.q.out index 30a87a1..6ec2a06 100644 --- a/ql/src/test/results/clientpositive/llap/sysdb.q.out +++ b/ql/src/test/results/clientpositive/llap/sysdb.q.out @@ -1185,6 +1185,7 @@ POSTHOOK: query: select principal_name, grantor from role_map order by principal POSTHOOK: type: QUERY POSTHOOK: Input: sys@role_map #### A masked pattern was here #### +hive_admin_user admin PREHOOK: query: explain vectorization detail select count(*) from sds PREHOOK: type: QUERY diff --git a/ql/src/test/results/clientpositive/llap/sysdb_schq.q.out b/ql/src/test/results/clientpositive/llap/sysdb_schq.q.out index 528bb3f..6af1181 100644 --- a/ql/src/test/results/clientpositive/llap/sysdb_schq.q.out +++ b/ql/src/test/results/clientpositive/llap/sysdb_schq.q.out @@ -1,13 +1,17 @@ +PREHOOK: query: set role admin +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role admin +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 +PREHOOK: type: QUERY +POSTHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 +POSTHOOK: type: QUERY PREHOOK: query: use sys PREHOOK: type: SWITCHDATABASE PREHOOK: Input: database:sys POSTHOOK: query: use sys POSTHOOK: type: SWITCHDATABASE POSTHOOK: Input: database:sys -PREHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 -PREHOOK: type: QUERY -POSTHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 -POSTHOOK: type: QUERY PREHOOK: query: desc formatted scheduled_queries PREHOOK: type: DESCTABLE PREHOOK: Input: sys@scheduled_queries @@ -96,7 +100,7 @@ POSTHOOK: query: select POSTHOOK: type: QUERY POSTHOOK: Input: sys@scheduled_queries #### A masked pattern was here #### -1 asd true hive * * * * * ? * hive_test_user select 1 true +1 asd true hive * * * * * ? * hive_admin_user select 1 true PREHOOK: query: select scheduled_execution_id, scheduled_query_id, state,