use of org.apache.hadoop.hive.metastore.api.Role in project hive by apache.
the class TestHBaseImport method importOneRole.
// TODO test for bogus function name
// TODO test for bogus table name
// TODO test for non-existent items
@Test
public void importOneRole() throws Exception {
RawStore rdbms;
rdbms = new ObjectStore();
rdbms.setConf(conf);
String[] dbNames = new String[] { "oneroledb1", "oneroledb2" };
String[] roles = new String[] { "onerolerole1", "onerolerole2" };
String[] tokenIds = new String[] { "oneroletokenid1", "oneroletokenid2" };
String[] tokens = new String[] { "oneroletoken1", "oneroletoken2" };
String[] masterKeys = new String[] { "onerolemk1", "onerolemk2" };
int now = (int) System.currentTimeMillis() / 1000;
setupObjectStore(rdbms, roles, dbNames, tokenIds, tokens, masterKeys, now);
int baseNumRoles = store.listRoleNames() == null ? 0 : store.listRoleNames().size();
int baseNumDbs = store.getAllDatabases() == null ? 0 : store.getAllDatabases().size();
int baseNumToks = store.getAllTokenIdentifiers() == null ? 0 : store.getAllTokenIdentifiers().size();
int baseNumKeys = store.getMasterKeys() == null ? 0 : store.getMasterKeys().length;
HBaseImport importer = new HBaseImport("-r", roles[0]);
importer.setConnections(rdbms, store);
importer.run();
Role role = store.getRole(roles[0]);
Assert.assertNotNull(role);
Assert.assertEquals(roles[0], role.getRoleName());
// Make sure there aren't any extra roles
Assert.assertEquals(baseNumRoles + 1, store.listRoleNames().size());
Assert.assertEquals(baseNumDbs, store.getAllDatabases().size());
Assert.assertEquals(baseNumToks, store.getAllTokenIdentifiers().size());
String[] hbaseKeys = store.getMasterKeys();
Assert.assertEquals(baseNumKeys, hbaseKeys.length);
// Have to do this last as it will throw an exception
thrown.expect(NoSuchObjectException.class);
store.getRole(roles[1]);
}
use of org.apache.hadoop.hive.metastore.api.Role in project hive by apache.
the class TestHBaseStoreIntegration method userToRoleMapOnDrop.
@Test
public void userToRoleMapOnDrop() throws Exception {
String roleName1 = "utrmod1";
store.addRole(roleName1, "me");
String roleName2 = "utrmod2";
store.addRole(roleName2, "me");
String user1 = "pebbles";
String user2 = "bam-bam";
Role role1 = store.getRole(roleName1);
Role role2 = store.getRole(roleName2);
store.grantRole(role1, user1, PrincipalType.USER, "bob", PrincipalType.USER, false);
store.grantRole(role1, roleName2, PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
store.grantRole(role1, user2, PrincipalType.USER, "bob", PrincipalType.USER, false);
List<String> roles = HBaseReadWrite.getInstance().getUserRoles(user2);
Assert.assertEquals(2, roles.size());
String[] roleNames = roles.toArray(new String[roles.size()]);
Arrays.sort(roleNames);
Assert.assertArrayEquals(new String[] { roleName1, roleName2 }, roleNames);
store.removeRole(roleName2);
HBaseReadWrite.setConf(conf);
roles = HBaseReadWrite.getInstance().getUserRoles(user1);
Assert.assertEquals(1, roles.size());
Assert.assertEquals(roleName1, roles.get(0));
roles = HBaseReadWrite.getInstance().getUserRoles(user2);
Assert.assertEquals(1, roles.size());
Assert.assertEquals(roleName1, roles.get(0));
}
use of org.apache.hadoop.hive.metastore.api.Role in project hive by apache.
the class TestHBaseStoreIntegration method createRole.
@Test
public void createRole() throws Exception {
int now = (int) System.currentTimeMillis() / 1000;
String roleName = "myrole";
store.addRole(roleName, "me");
Role r = store.getRole(roleName);
Assert.assertEquals(roleName, r.getRoleName());
Assert.assertEquals("me", r.getOwnerName());
Assert.assertTrue(now <= r.getCreateTime());
}
use of org.apache.hadoop.hive.metastore.api.Role in project hive by apache.
the class TestHBaseStoreIntegration method doGrantRevoke.
private void doGrantRevoke(HiveObjectType objectType, String dbName, String tableName, String[] roleNames, String[] userNames) throws Exception {
store.addRole(roleNames[0], "me");
store.addRole(roleNames[1], "me");
int now = (int) (System.currentTimeMillis() / 1000);
Role role1 = store.getRole(roleNames[0]);
Role role2 = store.getRole(roleNames[1]);
store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false);
store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false);
List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
HiveObjectRef hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false);
HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, grantInfo);
privileges.add(hop);
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
privileges.add(hop);
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("exec", now, "me", PrincipalType.USER, false);
hop = new HiveObjectPrivilege(hiveObjRef, roleNames[1], PrincipalType.ROLE, grantInfo);
privileges.add(hop);
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("create", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
privileges.add(hop);
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("create2", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
privileges.add(hop);
PrivilegeBag pBag = new PrivilegeBag(privileges);
store.grantPrivileges(pBag);
PrincipalPrivilegeSet pps = getPPS(objectType, dbName, tableName, userNames[0]);
Assert.assertEquals(1, pps.getUserPrivilegesSize());
Assert.assertEquals(1, pps.getUserPrivileges().get(userNames[0]).size());
grantInfo = pps.getUserPrivileges().get(userNames[0]).get(0);
Assert.assertEquals("read", grantInfo.getPrivilege());
Assert.assertTrue(now <= grantInfo.getCreateTime());
Assert.assertEquals("me", grantInfo.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
Assert.assertFalse(grantInfo.isGrantOption());
Assert.assertEquals(2, pps.getRolePrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
grantInfo = pps.getRolePrivileges().get(roleNames[0]).get(0);
Assert.assertEquals("write", grantInfo.getPrivilege());
Assert.assertTrue(now <= grantInfo.getCreateTime());
Assert.assertEquals("me", grantInfo.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
Assert.assertTrue(grantInfo.isGrantOption());
Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[1]).size());
grantInfo = pps.getRolePrivileges().get(roleNames[1]).get(0);
Assert.assertEquals("exec", grantInfo.getPrivilege());
Assert.assertTrue(now <= grantInfo.getCreateTime());
Assert.assertEquals("me", grantInfo.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
Assert.assertFalse(grantInfo.isGrantOption());
pps = getPPS(objectType, dbName, tableName, userNames[1]);
Assert.assertEquals(0, pps.getUserPrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[1]).size());
grantInfo = pps.getRolePrivileges().get(roleNames[1]).get(0);
Assert.assertEquals("exec", grantInfo.getPrivilege());
Assert.assertTrue(now <= grantInfo.getCreateTime());
Assert.assertEquals("me", grantInfo.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
Assert.assertFalse(grantInfo.isGrantOption());
pps = getPPS(objectType, dbName, tableName, userNames[2]);
Assert.assertEquals(1, pps.getUserPrivilegesSize());
Assert.assertEquals(2, pps.getUserPrivileges().get(userNames[2]).size());
Assert.assertEquals(0, pps.getRolePrivilegesSize());
pps = getPPS(objectType, dbName, tableName, userNames[3]);
Assert.assertEquals(0, pps.getUserPrivilegesSize());
Assert.assertEquals(0, pps.getRolePrivilegesSize());
// Test that removing role removes the role grants
store.removeRole(roleNames[1]);
checkRoleRemovedFromAllPrivileges(objectType, dbName, tableName, roleNames[1]);
pps = getPPS(objectType, dbName, tableName, userNames[0]);
Assert.assertEquals(1, pps.getRolePrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
pps = getPPS(objectType, dbName, tableName, userNames[1]);
Assert.assertEquals(0, pps.getRolePrivilegesSize());
// Test that revoking with grant option = true just removes grant option
privileges.clear();
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
privileges.add(hop);
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("create2", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
privileges.add(hop);
pBag = new PrivilegeBag(privileges);
store.revokePrivileges(pBag, true);
pps = getPPS(objectType, dbName, tableName, userNames[0]);
Assert.assertEquals(1, pps.getRolePrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
grantInfo = pps.getRolePrivileges().get(roleNames[0]).get(0);
Assert.assertEquals("write", grantInfo.getPrivilege());
Assert.assertTrue(now <= grantInfo.getCreateTime());
Assert.assertEquals("me", grantInfo.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
Assert.assertFalse(grantInfo.isGrantOption());
pps = getPPS(objectType, dbName, tableName, userNames[2]);
Assert.assertEquals(1, pps.getUserPrivilegesSize());
Assert.assertEquals(2, pps.getUserPrivileges().get(userNames[2]).size());
for (PrivilegeGrantInfo pgi : pps.getUserPrivileges().get(userNames[2])) {
if (pgi.getPrivilege().equals("create"))
Assert.assertTrue(pgi.isGrantOption());
else if (pgi.getPrivilege().equals("create2"))
Assert.assertFalse(pgi.isGrantOption());
else
Assert.fail("huh?");
}
// Test revoking revokes
store.revokePrivileges(pBag, false);
pps = getPPS(objectType, dbName, tableName, userNames[0]);
Assert.assertEquals(1, pps.getUserPrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivilegesSize());
Assert.assertEquals(0, pps.getRolePrivileges().get(roleNames[0]).size());
pps = getPPS(objectType, dbName, tableName, userNames[2]);
Assert.assertEquals(1, pps.getUserPrivilegesSize());
Assert.assertEquals(1, pps.getUserPrivileges().get(userNames[2]).size());
Assert.assertEquals("create", pps.getUserPrivileges().get(userNames[2]).get(0).getPrivilege());
Assert.assertEquals(0, pps.getRolePrivilegesSize());
}
use of org.apache.hadoop.hive.metastore.api.Role in project hive by apache.
the class TestObjectStore method testRoleOps.
/**
* Test role operation
*/
@Test
public void testRoleOps() throws InvalidObjectException, MetaException, NoSuchObjectException {
objectStore.addRole(ROLE1, OWNER);
objectStore.addRole(ROLE2, OWNER);
List<String> roles = objectStore.listRoleNames();
Assert.assertEquals(2, roles.size());
Assert.assertEquals(ROLE2, roles.get(1));
Role role1 = objectStore.getRole(ROLE1);
Assert.assertEquals(OWNER, role1.getOwnerName());
objectStore.grantRole(role1, USER1, PrincipalType.USER, OWNER, PrincipalType.ROLE, true);
objectStore.revokeRole(role1, USER1, PrincipalType.USER, false);
objectStore.removeRole(ROLE1);
}
Aggregations