diff --git data/conf/llap/hive-site.xml data/conf/llap/hive-site.xml index 0c5d030..d37c1b5 100644 --- data/conf/llap/hive-site.xml +++ data/conf/llap/hive-site.xml @@ -373,4 +373,9 @@ org.apache.hadoop.hive.ql.hooks.ScheduledQueryCreationRegistryHook + + hive.users.in.admin.role + hive_admin_user + + diff --git itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java index 953253f..321161f 100644 --- itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java +++ itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java @@ -76,6 +76,7 @@ import org.apache.hadoop.hive.ql.processors.CommandProcessorFactory; import org.apache.hadoop.hive.ql.processors.CommandProcessorResponse; import org.apache.hadoop.hive.ql.processors.HiveCommand; +import org.apache.hadoop.hive.ql.qoption.QTestAuthorizerHandler; import org.apache.hadoop.hive.ql.qoption.QTestOptionDispatcher; import org.apache.hadoop.hive.ql.qoption.QTestReplaceHandler; import org.apache.hadoop.hive.ql.qoption.QTestSysDbHandler; @@ -211,6 +212,7 @@ testFiles = datasetHandler.getDataDir(conf); conf.set("test.data.dir", datasetHandler.getDataDir(conf)); conf.setVar(ConfVars.HIVE_QUERY_RESULTS_CACHE_DIRECTORY, "/tmp/hive/_resultscache_" + ProcessUtils.getPid()); + dispatcher.register("authorizer", new QTestAuthorizerHandler()); dispatcher.register("dataset", datasetHandler); dispatcher.register("replace", replaceHandler); dispatcher.register("sysdb", new QTestSysDbHandler()); diff --git itests/util/src/main/java/org/apache/hadoop/hive/ql/qoption/QTestAuthorizerHandler.java itests/util/src/main/java/org/apache/hadoop/hive/ql/qoption/QTestAuthorizerHandler.java new file mode 100644 index 0000000..05512a4 --- /dev/null +++ itests/util/src/main/java/org/apache/hadoop/hive/ql/qoption/QTestAuthorizerHandler.java @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.qoption; + +import org.apache.hadoop.hive.ql.QTestUtil; + +/** + * QTest authorizer option + * + * Enables authorization for the qtest. + * + * Example: + * --! qt:authorizer + */ +public class QTestAuthorizerHandler implements QTestOptionHandler { + private boolean enabled; + + @Override + public void processArguments(String arguments) { + enabled = true; + } + + @Override + public void beforeTest(QTestUtil qt) throws Exception { + if (enabled) { + qt.getConf().set("user.name", "hive_admin_user"); + qt.getConf().set("hive.test.authz.sstd.hs2.mode", "true"); + qt.getConf().set("hive.security.authorization.manager", + "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest"); + qt.getConf().set("hive.security.authenticator.manager", + "org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator"); + qt.getConf().set("hive.security.authorization.enabled", "true"); + } + } + + @Override + public void afterTest(QTestUtil qt) throws Exception { + enabled = false; + } + +} diff --git ql/src/test/queries/clientpositive/sysdb_schq.q ql/src/test/queries/clientpositive/sysdb_schq.q index 6b93199..1105ca9 100644 --- ql/src/test/queries/clientpositive/sysdb_schq.q +++ ql/src/test/queries/clientpositive/sysdb_schq.q @@ -1,13 +1,16 @@ +--! qt:authorizer --! qt:scheduledqueryservice --! qt:dataset:src --! qt:sysdb -use sys; +set role admin; create scheduled query asd cron '* * * * * ? *' defined as select 1; !sleep 10; +use sys; + desc formatted scheduled_queries; select diff --git ql/src/test/results/clientpositive/llap/sysdb.q.out ql/src/test/results/clientpositive/llap/sysdb.q.out index 30a87a1..6ec2a06 100644 --- ql/src/test/results/clientpositive/llap/sysdb.q.out +++ ql/src/test/results/clientpositive/llap/sysdb.q.out @@ -1185,6 +1185,7 @@ POSTHOOK: type: QUERY POSTHOOK: Input: sys@role_map #### A masked pattern was here #### +hive_admin_user admin PREHOOK: query: explain vectorization detail select count(*) from sds PREHOOK: type: QUERY diff --git ql/src/test/results/clientpositive/llap/sysdb_schq.q.out ql/src/test/results/clientpositive/llap/sysdb_schq.q.out index b89f571..9b532d5 100644 --- ql/src/test/results/clientpositive/llap/sysdb_schq.q.out +++ ql/src/test/results/clientpositive/llap/sysdb_schq.q.out @@ -1,13 +1,17 @@ +PREHOOK: query: set role admin +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role admin +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 +PREHOOK: type: QUERY +POSTHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 +POSTHOOK: type: QUERY PREHOOK: query: use sys PREHOOK: type: SWITCHDATABASE PREHOOK: Input: database:sys POSTHOOK: query: use sys POSTHOOK: type: SWITCHDATABASE POSTHOOK: Input: database:sys -PREHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 -PREHOOK: type: QUERY -POSTHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 -POSTHOOK: type: QUERY PREHOOK: query: desc formatted scheduled_queries PREHOOK: type: DESCTABLE PREHOOK: Input: sys@scheduled_queries @@ -96,7 +100,7 @@ POSTHOOK: type: QUERY POSTHOOK: Input: sys@scheduled_queries #### A masked pattern was here #### -1 asd true hive * * * * * ? * hive_test_user select 1 true +1 asd true hive * * * * * ? * hive_admin_user select 1 true PREHOOK: query: select scheduled_execution_id, scheduled_query_id, state,