diff --git a/ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q b/ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q new file mode 100644 index 0000000..5b2c1ed --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q @@ -0,0 +1,11 @@ +set hive.test.authz.sstd.hs2.mode=true; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; + +-- check alter-drop on partition +create table auth_trunc2(i int) partitioned by (j int); +alter table auth_trunc2 add partition (j=42); +set user.name=user1; +alter table auth_trunc2 drop partition(j=42); + diff --git a/ql/src/test/queries/clientnegative/authorization_export_ptn.q b/ql/src/test/queries/clientnegative/authorization_export_ptn.q new file mode 100644 index 0000000..c9b4675 --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_export_ptn.q @@ -0,0 +1,19 @@ +set hive.test.authz.sstd.hs2.mode=true; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; + +dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875-export/temp; +dfs -rmr ${system:test.tmp.dir}/hive-12875-export; +dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875-export/; + +-- check export on partition +create table auth_export_ptn(i int) partitioned by (j int); +alter table auth_export_ptn add partition (j=42); +set user.name=user1; +export table auth_export_ptn partition (j=42) to 'pfile://${system:test.tmp.dir}/hive-12875-export'; + +set hive.security.authorization.enabled=false; + +drop table auth_export_ptn; + diff --git a/ql/src/test/queries/clientnegative/authorization_import_ptn.q b/ql/src/test/queries/clientnegative/authorization_import_ptn.q new file mode 100644 index 0000000..70c3a36 --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_import_ptn.q @@ -0,0 +1,23 @@ +set hive.test.authz.sstd.hs2.mode=true; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; + +dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875-import/temp; +dfs -rmr ${system:test.tmp.dir}/hive-12875-import; +dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875-import/; + +-- check export on partition +create table auth_import_ptn(i int) partitioned by (j int); +alter table auth_import_ptn add partition (j=42); +export table auth_import_ptn partition (j=42) to 'pfile://${system:test.tmp.dir}/hive-12875-import'; + +alter table auth_import_ptn drop partition (j=42); + +set user.name=user1; +import table auth_import_ptn partition (j=42) from 'pfile://${system:test.tmp.dir}/hive-12875-import'; + +set hive.security.authorization.enabled=false; + +drop table auth_import_ptn; + diff --git a/ql/src/test/queries/clientnegative/authorization_truncate_2.q b/ql/src/test/queries/clientnegative/authorization_truncate_2.q new file mode 100644 index 0000000..120cf5d --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_truncate_2.q @@ -0,0 +1,11 @@ +set hive.test.authz.sstd.hs2.mode=true; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; + +-- check truncate on partition +create table auth_trunc2(i int) partitioned by (j int); +alter table auth_trunc2 add partition (j=42); +set user.name=user1; +truncate table auth_trunc2 partition (j=42); + diff --git a/ql/src/test/results/clientnegative/authorization_alter_drop_ptn.q.out b/ql/src/test/results/clientnegative/authorization_alter_drop_ptn.q.out new file mode 100644 index 0000000..07eddc2 --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_alter_drop_ptn.q.out @@ -0,0 +1,18 @@ +PREHOOK: query: -- check alter-drop on partition +create table auth_trunc2(i int) partitioned by (j int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +PREHOOK: Output: default@auth_trunc2 +POSTHOOK: query: -- check alter-drop on partition +create table auth_trunc2(i int) partitioned by (j int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@auth_trunc2 +PREHOOK: query: alter table auth_trunc2 add partition (j=42) +PREHOOK: type: ALTERTABLE_ADDPARTS +PREHOOK: Output: default@auth_trunc2 +POSTHOOK: query: alter table auth_trunc2 add partition (j=42) +POSTHOOK: type: ALTERTABLE_ADDPARTS +POSTHOOK: Output: default@auth_trunc2 +POSTHOOK: Output: default@auth_trunc2@j=42 +FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation ALTERTABLE_DROPPARTS [[DELETE] on Object [type=TABLE_OR_VIEW, name=default.auth_trunc2]] diff --git a/ql/src/test/results/clientnegative/authorization_export_ptn.q.out b/ql/src/test/results/clientnegative/authorization_export_ptn.q.out new file mode 100644 index 0000000..be0bb9f --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_export_ptn.q.out @@ -0,0 +1,19 @@ +#### A masked pattern was here #### +PREHOOK: query: -- check export on partition +create table auth_export_ptn(i int) partitioned by (j int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +PREHOOK: Output: default@auth_export_ptn +POSTHOOK: query: -- check export on partition +create table auth_export_ptn(i int) partitioned by (j int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@auth_export_ptn +PREHOOK: query: alter table auth_export_ptn add partition (j=42) +PREHOOK: type: ALTERTABLE_ADDPARTS +PREHOOK: Output: default@auth_export_ptn +POSTHOOK: query: alter table auth_export_ptn add partition (j=42) +POSTHOOK: type: ALTERTABLE_ADDPARTS +POSTHOOK: Output: default@auth_export_ptn +POSTHOOK: Output: default@auth_export_ptn@j=42 +#### A masked pattern was here #### diff --git a/ql/src/test/results/clientnegative/authorization_import_ptn.q.out b/ql/src/test/results/clientnegative/authorization_import_ptn.q.out new file mode 100644 index 0000000..17e9c9e --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_import_ptn.q.out @@ -0,0 +1,34 @@ +#### A masked pattern was here #### +PREHOOK: query: -- check export on partition +create table auth_import_ptn(i int) partitioned by (j int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +PREHOOK: Output: default@auth_import_ptn +POSTHOOK: query: -- check export on partition +create table auth_import_ptn(i int) partitioned by (j int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@auth_import_ptn +PREHOOK: query: alter table auth_import_ptn add partition (j=42) +PREHOOK: type: ALTERTABLE_ADDPARTS +PREHOOK: Output: default@auth_import_ptn +POSTHOOK: query: alter table auth_import_ptn add partition (j=42) +POSTHOOK: type: ALTERTABLE_ADDPARTS +POSTHOOK: Output: default@auth_import_ptn +POSTHOOK: Output: default@auth_import_ptn@j=42 +#### A masked pattern was here #### +PREHOOK: type: EXPORT +PREHOOK: Input: default@auth_import_ptn@j=42 +#### A masked pattern was here #### +POSTHOOK: type: EXPORT +POSTHOOK: Input: default@auth_import_ptn@j=42 +#### A masked pattern was here #### +PREHOOK: query: alter table auth_import_ptn drop partition (j=42) +PREHOOK: type: ALTERTABLE_DROPPARTS +PREHOOK: Input: default@auth_import_ptn +PREHOOK: Output: default@auth_import_ptn@j=42 +POSTHOOK: query: alter table auth_import_ptn drop partition (j=42) +POSTHOOK: type: ALTERTABLE_DROPPARTS +POSTHOOK: Input: default@auth_import_ptn +POSTHOOK: Output: default@auth_import_ptn@j=42 +#### A masked pattern was here #### diff --git a/ql/src/test/results/clientnegative/authorization_truncate_2.q.out b/ql/src/test/results/clientnegative/authorization_truncate_2.q.out new file mode 100644 index 0000000..04246f4 --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_truncate_2.q.out @@ -0,0 +1,18 @@ +PREHOOK: query: -- check truncate on partition +create table auth_trunc2(i int) partitioned by (j int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +PREHOOK: Output: default@auth_trunc2 +POSTHOOK: query: -- check truncate on partition +create table auth_trunc2(i int) partitioned by (j int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@auth_trunc2 +PREHOOK: query: alter table auth_trunc2 add partition (j=42) +PREHOOK: type: ALTERTABLE_ADDPARTS +PREHOOK: Output: default@auth_trunc2 +POSTHOOK: query: alter table auth_trunc2 add partition (j=42) +POSTHOOK: type: ALTERTABLE_ADDPARTS +POSTHOOK: Output: default@auth_trunc2 +POSTHOOK: Output: default@auth_trunc2@j=42 +FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation TRUNCATETABLE [[OBJECT OWNERSHIP] on Object [type=TABLE_OR_VIEW, name=default.auth_trunc2]]