diff --git data/conf/llap/hive-site.xml data/conf/llap/hive-site.xml index 0c5d030..d37c1b5 100644 --- data/conf/llap/hive-site.xml +++ data/conf/llap/hive-site.xml @@ -373,4 +373,9 @@ org.apache.hadoop.hive.ql.hooks.ScheduledQueryCreationRegistryHook + + hive.users.in.admin.role + hive_admin_user + + diff --git itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java index 953253f..321161f 100644 --- itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java +++ itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java @@ -76,6 +76,7 @@ import org.apache.hadoop.hive.ql.processors.CommandProcessorFactory; import org.apache.hadoop.hive.ql.processors.CommandProcessorResponse; import org.apache.hadoop.hive.ql.processors.HiveCommand; +import org.apache.hadoop.hive.ql.qoption.QTestAuthorizerHandler; import org.apache.hadoop.hive.ql.qoption.QTestOptionDispatcher; import org.apache.hadoop.hive.ql.qoption.QTestReplaceHandler; import org.apache.hadoop.hive.ql.qoption.QTestSysDbHandler; @@ -211,6 +212,7 @@ testFiles = datasetHandler.getDataDir(conf); conf.set("test.data.dir", datasetHandler.getDataDir(conf)); conf.setVar(ConfVars.HIVE_QUERY_RESULTS_CACHE_DIRECTORY, "/tmp/hive/_resultscache_" + ProcessUtils.getPid()); + dispatcher.register("authorizer", new QTestAuthorizerHandler()); dispatcher.register("dataset", datasetHandler); dispatcher.register("replace", replaceHandler); dispatcher.register("sysdb", new QTestSysDbHandler()); diff --git itests/util/src/main/java/org/apache/hadoop/hive/ql/qoption/QTestAuthorizerHandler.java itests/util/src/main/java/org/apache/hadoop/hive/ql/qoption/QTestAuthorizerHandler.java new file mode 100644 index 0000000..c74f72c --- /dev/null +++ itests/util/src/main/java/org/apache/hadoop/hive/ql/qoption/QTestAuthorizerHandler.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.qoption; + +import org.apache.hadoop.hive.ql.QTestUtil; + +/** + * QTest authorizer option + * + * Enables authorization for the qtest. + * + * Example: + * --! qt:authorizer + */ +public class QTestAuthorizerHandler implements QTestOptionHandler { + private boolean enabled; + + @Override + public void processArguments(String arguments) { + enabled = true; + } + + @Override + public void beforeTest(QTestUtil qt) throws Exception { + if (enabled) { + qt.getConf().set("hive.test.authz.sstd.hs2.mode", "true"); + qt.getConf().set("hive.security.authorization.manager", + "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest"); + qt.getConf().set("hive.security.authenticator.manager", + "org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator"); + qt.getConf().set("hive.security.authorization.enabled", "true"); + } + } + + @Override + public void afterTest(QTestUtil qt) throws Exception { + enabled = false; + } + +} diff --git ql/src/test/queries/clientnegative/authorization_addpartition.q ql/src/test/queries/clientnegative/authorization_addpartition.q index f84ab98..eff19cc 100644 --- ql/src/test/queries/clientnegative/authorization_addpartition.q +++ ql/src/test/queries/clientnegative/authorization_addpartition.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check add partition without insert privilege diff --git ql/src/test/queries/clientnegative/authorization_alter_db_owner.q ql/src/test/queries/clientnegative/authorization_alter_db_owner.q index 83a0efa..f0bee46 100644 --- ql/src/test/queries/clientnegative/authorization_alter_db_owner.q +++ ql/src/test/queries/clientnegative/authorization_alter_db_owner.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check if alter table owner fails diff --git ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q index 2140eca..7283f5c 100644 --- ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q +++ ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check if alter table owner fails diff --git ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q index 5b2c1ed..3a8b2a9 100644 --- ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q +++ ql/src/test/queries/clientnegative/authorization_alter_drop_ptn.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer -- check alter-drop on partition create table auth_trunc2(i int) partitioned by (j int); diff --git ql/src/test/queries/clientnegative/authorization_alter_table_exchange_partition_fail.q ql/src/test/queries/clientnegative/authorization_alter_table_exchange_partition_fail.q index 4bdc27b..8a89d97 100644 --- ql/src/test/queries/clientnegative/authorization_alter_table_exchange_partition_fail.q +++ ql/src/test/queries/clientnegative/authorization_alter_table_exchange_partition_fail.q @@ -1,8 +1,5 @@ +--! qt:authorizer --! qt:dataset:src -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; set user.name=user1; @@ -38,8 +35,4 @@ explain authorization alter table exchange_partition_test_2 exchange partition (b=1) with table exchange_partition_test_1; alter table exchange_partition_test_2 exchange partition (b=1) with table exchange_partition_test_1; - - set hive.security.authorization.enabled=false; - - diff --git ql/src/test/queries/clientnegative/authorization_alter_table_exchange_partition_fail2.q ql/src/test/queries/clientnegative/authorization_alter_table_exchange_partition_fail2.q index 3b7dffa..e6d9123 100644 --- ql/src/test/queries/clientnegative/authorization_alter_table_exchange_partition_fail2.q +++ ql/src/test/queries/clientnegative/authorization_alter_table_exchange_partition_fail2.q @@ -1,8 +1,5 @@ +--! qt:authorizer --! qt:dataset:src -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; set user.name=user1; @@ -43,8 +40,3 @@ explain authorization alter table exchange_partition_test_2 exchange partition (b=1) with table exchange_partition_test_1; alter table exchange_partition_test_2 exchange partition (b=1) with table exchange_partition_test_1; - - set hive.security.authorization.enabled=false; - - - diff --git ql/src/test/queries/clientnegative/authorization_create_func1.q ql/src/test/queries/clientnegative/authorization_create_func1.q index 1154ce8..0162446 100644 --- ql/src/test/queries/clientnegative/authorization_create_func1.q +++ ql/src/test/queries/clientnegative/authorization_create_func1.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=hive_test_user; -- permanent function creation should fail for non-admin roles diff --git ql/src/test/queries/clientnegative/authorization_create_func2.q ql/src/test/queries/clientnegative/authorization_create_func2.q index 0d273fa..2c41380 100644 --- ql/src/test/queries/clientnegative/authorization_create_func2.q +++ ql/src/test/queries/clientnegative/authorization_create_func2.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=hive_test_user; -- temp function creation should fail for non-admin roles diff --git ql/src/test/queries/clientnegative/authorization_create_macro1.q ql/src/test/queries/clientnegative/authorization_create_macro1.q index f965426..b3dbcd7 100644 --- ql/src/test/queries/clientnegative/authorization_create_macro1.q +++ ql/src/test/queries/clientnegative/authorization_create_macro1.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=hive_test_user; -- temp macro creation should fail for non-admin roles diff --git ql/src/test/queries/clientnegative/authorization_create_tbl.q ql/src/test/queries/clientnegative/authorization_create_tbl.q index f0f398f..adad4b5 100644 --- ql/src/test/queries/clientnegative/authorization_create_tbl.q +++ ql/src/test/queries/clientnegative/authorization_create_tbl.q @@ -1,8 +1,5 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +--! qt:authorizer -set hive.security.authorization.enabled=true; set user.name=user33; create database db23221; use db23221; diff --git ql/src/test/queries/clientnegative/authorization_create_view.q ql/src/test/queries/clientnegative/authorization_create_view.q index 6438cdd..1ef8ef1 100644 --- ql/src/test/queries/clientnegative/authorization_create_view.q +++ ql/src/test/queries/clientnegative/authorization_create_view.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user3; create database db1; diff --git ql/src/test/queries/clientnegative/authorization_createview.q ql/src/test/queries/clientnegative/authorization_createview.q index 4c91c70..04a92b7 100644 --- ql/src/test/queries/clientnegative/authorization_createview.q +++ ql/src/test/queries/clientnegative/authorization_createview.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer -- check create view without select privileges create table t1(i int); diff --git ql/src/test/queries/clientnegative/authorization_ctas.q ql/src/test/queries/clientnegative/authorization_ctas.q index 13e25f5..2556fc0 100644 --- ql/src/test/queries/clientnegative/authorization_ctas.q +++ ql/src/test/queries/clientnegative/authorization_ctas.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer -- check query without select privilege fails create table t1(i int); diff --git ql/src/test/queries/clientnegative/authorization_ctas2.q ql/src/test/queries/clientnegative/authorization_ctas2.q index 0bf634c..f92bf51 100644 --- ql/src/test/queries/clientnegative/authorization_ctas2.q +++ ql/src/test/queries/clientnegative/authorization_ctas2.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user_dbowner; -- check ctas without db ownership diff --git ql/src/test/queries/clientnegative/authorization_delete_nodeletepriv.q ql/src/test/queries/clientnegative/authorization_delete_nodeletepriv.q index 28c256e..778b845 100644 --- ql/src/test/queries/clientnegative/authorization_delete_nodeletepriv.q +++ ql/src/test/queries/clientnegative/authorization_delete_nodeletepriv.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set hive.support.concurrency=true; set hive.txn.manager=org.apache.hadoop.hive.ql.lockmgr.DbTxnManager; diff --git ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q index 598cc75..fdc8593 100644 --- ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q +++ ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check if alter table fails as different user diff --git ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q index eb573f4..0d3baea 100644 --- ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q +++ ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- ensure that drop database cascade works diff --git ql/src/test/queries/clientnegative/authorization_drop_db_empty.q ql/src/test/queries/clientnegative/authorization_drop_db_empty.q index 570a0fa..14ed4de 100644 --- ql/src/test/queries/clientnegative/authorization_drop_db_empty.q +++ ql/src/test/queries/clientnegative/authorization_drop_db_empty.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check if changing owner and dropping as other user works diff --git ql/src/test/queries/clientnegative/authorization_droppartition.q ql/src/test/queries/clientnegative/authorization_droppartition.q index 29a27ce..d24a04c 100644 --- ql/src/test/queries/clientnegative/authorization_droppartition.q +++ ql/src/test/queries/clientnegative/authorization_droppartition.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/authz_drop_part_1; diff --git ql/src/test/queries/clientnegative/authorization_export_ptn.q ql/src/test/queries/clientnegative/authorization_export_ptn.q index c9b4675..1681134 100644 --- ql/src/test/queries/clientnegative/authorization_export_ptn.q +++ ql/src/test/queries/clientnegative/authorization_export_ptn.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875-export/temp; dfs -rmr ${system:test.tmp.dir}/hive-12875-export; @@ -12,8 +9,3 @@ alter table auth_export_ptn add partition (j=42); set user.name=user1; export table auth_export_ptn partition (j=42) to 'pfile://${system:test.tmp.dir}/hive-12875-export'; - -set hive.security.authorization.enabled=false; - -drop table auth_export_ptn; - diff --git ql/src/test/queries/clientnegative/authorization_import.q ql/src/test/queries/clientnegative/authorization_import.q index e296411..1bf923f 100644 --- ql/src/test/queries/clientnegative/authorization_import.q +++ ql/src/test/queries/clientnegative/authorization_import.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authorization.enabled=true; +--! qt:authorizer set test.hive.authz.sstd.validator.bypassObjTypes=DFS_URI; diff --git ql/src/test/queries/clientnegative/authorization_import_ptn.q ql/src/test/queries/clientnegative/authorization_import_ptn.q index 70c3a36..c959a12 100644 --- ql/src/test/queries/clientnegative/authorization_import_ptn.q +++ ql/src/test/queries/clientnegative/authorization_import_ptn.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875-import/temp; dfs -rmr ${system:test.tmp.dir}/hive-12875-import; @@ -16,8 +13,3 @@ set user.name=user1; import table auth_import_ptn partition (j=42) from 'pfile://${system:test.tmp.dir}/hive-12875-import'; - -set hive.security.authorization.enabled=false; - -drop table auth_import_ptn; - diff --git ql/src/test/queries/clientnegative/authorization_insert_noinspriv.q ql/src/test/queries/clientnegative/authorization_insert_noinspriv.q index 0ab5c08..13f1e64 100644 --- ql/src/test/queries/clientnegative/authorization_insert_noinspriv.q +++ ql/src/test/queries/clientnegative/authorization_insert_noinspriv.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer -- check insert without select priv create table t1(i int); diff --git ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q index 7b60d56..7addb68 100644 --- ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q +++ ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer -- check insert without select priv create table t1(i int); diff --git ql/src/test/queries/clientnegative/authorization_insertoverwrite_nodel.q ql/src/test/queries/clientnegative/authorization_insertoverwrite_nodel.q index d891ca2..16387cc 100644 --- ql/src/test/queries/clientnegative/authorization_insertoverwrite_nodel.q +++ ql/src/test/queries/clientnegative/authorization_insertoverwrite_nodel.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=hive_test_user; -- check insert overwrite without delete priv diff --git ql/src/test/queries/clientnegative/authorization_insertpart_noinspriv.q ql/src/test/queries/clientnegative/authorization_insertpart_noinspriv.q index 225eff4..2452201 100644 --- ql/src/test/queries/clientnegative/authorization_insertpart_noinspriv.q +++ ql/src/test/queries/clientnegative/authorization_insertpart_noinspriv.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer -- check insert without select priv create table testp(i int) partitioned by (dt string); diff --git ql/src/test/queries/clientnegative/authorization_jdbc_keystore.q ql/src/test/queries/clientnegative/authorization_jdbc_keystore.q index 63288f7..8aacbd4 100644 --- ql/src/test/queries/clientnegative/authorization_jdbc_keystore.q +++ ql/src/test/queries/clientnegative/authorization_jdbc_keystore.q @@ -1,9 +1,6 @@ +--! qt:authorizer --! qt:dataset: -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; dfs -cp ${system:test.tmp.dir}/../../../../data/files/test.jceks ${system:test.tmp.dir}/test.jceks; dfs -chmod 555 ${system:test.tmp.dir}/test.jceks; diff --git ql/src/test/queries/clientnegative/authorization_msck.q ql/src/test/queries/clientnegative/authorization_msck.q index 8c7edce..80bd7b6 100644 --- ql/src/test/queries/clientnegative/authorization_msck.q +++ ql/src/test/queries/clientnegative/authorization_msck.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check if alter table fails as different user diff --git ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q index fe5c1f6..284ee3f 100644 --- ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q +++ ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check if alter table fails as different user diff --git ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q index 2eb4180..8b1b494 100644 --- ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q +++ ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check if alter table fails as different user diff --git ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q index aa8b684..6180109 100644 --- ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q +++ ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check if create table fails as different user diff --git ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q index c4ef868..45c2de9 100644 --- ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q +++ ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; create database db1; diff --git ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q index 8e611a0..77991bd 100644 --- ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q +++ ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check if create table fails as different user diff --git ql/src/test/queries/clientnegative/authorization_rolehierarchy_privs.q ql/src/test/queries/clientnegative/authorization_rolehierarchy_privs.q index ede7dfd..c07a5d3 100644 --- ql/src/test/queries/clientnegative/authorization_rolehierarchy_privs.q +++ ql/src/test/queries/clientnegative/authorization_rolehierarchy_privs.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=hive_admin_user; show current roles; diff --git ql/src/test/queries/clientnegative/authorization_select.q ql/src/test/queries/clientnegative/authorization_select.q index d4cc148..e77c810 100644 --- ql/src/test/queries/clientnegative/authorization_select.q +++ ql/src/test/queries/clientnegative/authorization_select.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer -- check query without select privilege fails create table t1(i int); diff --git ql/src/test/queries/clientnegative/authorization_select_view.q ql/src/test/queries/clientnegative/authorization_select_view.q index 365f239..25b7dd0 100644 --- ql/src/test/queries/clientnegative/authorization_select_view.q +++ ql/src/test/queries/clientnegative/authorization_select_view.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer -- check create view without select privileges create table t1(i int); diff --git ql/src/test/queries/clientnegative/authorization_show_columns.q ql/src/test/queries/clientnegative/authorization_show_columns.q index a6597af..8a2590f 100644 --- ql/src/test/queries/clientnegative/authorization_show_columns.q +++ ql/src/test/queries/clientnegative/authorization_show_columns.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer create database db1; use db1; diff --git ql/src/test/queries/clientnegative/authorization_show_grant_otherrole.q ql/src/test/queries/clientnegative/authorization_show_grant_otherrole.q index e689c60..9baf194 100644 --- ql/src/test/queries/clientnegative/authorization_show_grant_otherrole.q +++ ql/src/test/queries/clientnegative/authorization_show_grant_otherrole.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=hive_admin_user; set role admin; diff --git ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_all.q ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_all.q index 8b55f8d..d29b8d6 100644 --- ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_all.q +++ ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_all.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; show grant; diff --git ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_alltabs.q ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_alltabs.q index 912842e..f2c2ac8 100644 --- ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_alltabs.q +++ ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_alltabs.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; show grant user user2; diff --git ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_wtab.q ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_wtab.q index 3558c4d..5024e54 100644 --- ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_wtab.q +++ ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_wtab.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; create table t1(i int, j int, k int); diff --git ql/src/test/queries/clientnegative/authorization_show_parts_nosel.q ql/src/test/queries/clientnegative/authorization_show_parts_nosel.q index e63dfd8..e8bc3e2 100644 --- ql/src/test/queries/clientnegative/authorization_show_parts_nosel.q +++ ql/src/test/queries/clientnegative/authorization_show_parts_nosel.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- check if alter table fails as different user diff --git ql/src/test/queries/clientnegative/authorization_truncate.q ql/src/test/queries/clientnegative/authorization_truncate.q index da96c61..e446bad 100644 --- ql/src/test/queries/clientnegative/authorization_truncate.q +++ ql/src/test/queries/clientnegative/authorization_truncate.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer -- check add partition without insert privilege create table t1(i int, j int); diff --git ql/src/test/queries/clientnegative/authorization_truncate_2.q ql/src/test/queries/clientnegative/authorization_truncate_2.q index 120cf5d..91d31a2 100644 --- ql/src/test/queries/clientnegative/authorization_truncate_2.q +++ ql/src/test/queries/clientnegative/authorization_truncate_2.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer -- check truncate on partition create table auth_trunc2(i int) partitioned by (j int); diff --git ql/src/test/queries/clientnegative/authorization_update_noupdatepriv.q ql/src/test/queries/clientnegative/authorization_update_noupdatepriv.q index 674ad1e..316f25a 100644 --- ql/src/test/queries/clientnegative/authorization_update_noupdatepriv.q +++ ql/src/test/queries/clientnegative/authorization_update_noupdatepriv.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set hive.support.concurrency=true; set hive.txn.manager=org.apache.hadoop.hive.ql.lockmgr.DbTxnManager; diff --git ql/src/test/queries/clientnegative/authorization_uri_add_partition.q ql/src/test/queries/clientnegative/authorization_uri_add_partition.q index 5b2e486..ad42aff 100644 --- ql/src/test/queries/clientnegative/authorization_uri_add_partition.q +++ ql/src/test/queries/clientnegative/authorization_uri_add_partition.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/a_uri_add_part; dfs -touchz ${system:test.tmp.dir}/a_uri_add_part/1.txt; diff --git ql/src/test/queries/clientnegative/authorization_uri_alterpart_loc.q ql/src/test/queries/clientnegative/authorization_uri_alterpart_loc.q index b7ad814..f1df486 100644 --- ql/src/test/queries/clientnegative/authorization_uri_alterpart_loc.q +++ ql/src/test/queries/clientnegative/authorization_uri_alterpart_loc.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/az_uri_alterpart_loc_perm; dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/az_uri_alterpart_loc; diff --git ql/src/test/queries/clientnegative/authorization_uri_altertab_setloc.q ql/src/test/queries/clientnegative/authorization_uri_altertab_setloc.q index 653b7bb..06d7b56 100644 --- ql/src/test/queries/clientnegative/authorization_uri_altertab_setloc.q +++ ql/src/test/queries/clientnegative/authorization_uri_altertab_setloc.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/az_uri_altertab_setloc; dfs -touchz ${system:test.tmp.dir}/az_uri_altertab_setloc/1.txt; diff --git ql/src/test/queries/clientnegative/authorization_uri_create_table1.q ql/src/test/queries/clientnegative/authorization_uri_create_table1.q index 307c4f6..1434239 100644 --- ql/src/test/queries/clientnegative/authorization_uri_create_table1.q +++ ql/src/test/queries/clientnegative/authorization_uri_create_table1.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/a_uri_crtab1; dfs -touchz ${system:test.tmp.dir}/a_uri_crtab1/1.txt; diff --git ql/src/test/queries/clientnegative/authorization_uri_create_table_ext.q ql/src/test/queries/clientnegative/authorization_uri_create_table_ext.q index 82b5916..982cac4 100644 --- ql/src/test/queries/clientnegative/authorization_uri_create_table_ext.q +++ ql/src/test/queries/clientnegative/authorization_uri_create_table_ext.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/a_uri_crtab_ext; dfs -touchz ${system:test.tmp.dir}/a_uri_crtab_ext/1.txt; diff --git ql/src/test/queries/clientnegative/authorization_uri_createdb.q ql/src/test/queries/clientnegative/authorization_uri_createdb.q index 1a257c0..a6482b2 100644 --- ql/src/test/queries/clientnegative/authorization_uri_createdb.q +++ ql/src/test/queries/clientnegative/authorization_uri_createdb.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/az_uri_createdb; dfs -touchz ${system:test.tmp.dir}/az_uri_createdb/1.txt; diff --git ql/src/test/queries/clientnegative/authorization_uri_export.q ql/src/test/queries/clientnegative/authorization_uri_export.q index 05dea16..e64a99b 100644 --- ql/src/test/queries/clientnegative/authorization_uri_export.q +++ ql/src/test/queries/clientnegative/authorization_uri_export.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set hive.test.mode=true; set hive.test.mode.prefix=; diff --git ql/src/test/queries/clientnegative/authorization_uri_import.q ql/src/test/queries/clientnegative/authorization_uri_import.q index 58ca093..a65e58e 100644 --- ql/src/test/queries/clientnegative/authorization_uri_import.q +++ ql/src/test/queries/clientnegative/authorization_uri_import.q @@ -1,8 +1,5 @@ +--! qt:authorizer set hive.mapred.mode=nonstrict; -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; set hive.test.mode=true; set hive.test.mode.prefix=; diff --git ql/src/test/queries/clientnegative/authorization_uri_insert.q ql/src/test/queries/clientnegative/authorization_uri_insert.q index 39bb4b6..0eb2ae2 100644 --- ql/src/test/queries/clientnegative/authorization_uri_insert.q +++ ql/src/test/queries/clientnegative/authorization_uri_insert.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/az_uri_insert; dfs -touchz ${system:test.tmp.dir}/az_uri_insert/1.txt; diff --git ql/src/test/queries/clientnegative/authorization_uri_insert_local.q ql/src/test/queries/clientnegative/authorization_uri_insert_local.q index 4ad350c..5fb20cc 100644 --- ql/src/test/queries/clientnegative/authorization_uri_insert_local.q +++ ql/src/test/queries/clientnegative/authorization_uri_insert_local.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/az_uri_insert_local; dfs -touchz ${system:test.tmp.dir}/az_uri_insert_local/1.txt; diff --git ql/src/test/queries/clientnegative/authorization_uri_load_data.q ql/src/test/queries/clientnegative/authorization_uri_load_data.q index a409e18..866cc57 100644 --- ql/src/test/queries/clientnegative/authorization_uri_load_data.q +++ ql/src/test/queries/clientnegative/authorization_uri_load_data.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/authz_uri_load_data; dfs -touchz ${system:test.tmp.dir}/authz_uri_load_data/1.txt; diff --git ql/src/test/queries/clientnegative/ct_noperm_loc.q ql/src/test/queries/clientnegative/ct_noperm_loc.q index 958d78d..4be0bcd 100644 --- ql/src/test/queries/clientnegative/ct_noperm_loc.q +++ ql/src/test/queries/clientnegative/ct_noperm_loc.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} hdfs:///tmp/ct_noperm_loc; diff --git ql/src/test/queries/clientnegative/ctas_noperm_loc.q ql/src/test/queries/clientnegative/ctas_noperm_loc.q index 9fc3141..53bec6f 100644 --- ql/src/test/queries/clientnegative/ctas_noperm_loc.q +++ ql/src/test/queries/clientnegative/ctas_noperm_loc.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer dfs ${system:test.dfs.mkdir} hdfs:///tmp/ctas_noperm_loc; diff --git ql/src/test/queries/clientnegative/materialized_view_authorization_create_no_grant.q ql/src/test/queries/clientnegative/materialized_view_authorization_create_no_grant.q index 6aa6385..c8e67f5 100644 --- ql/src/test/queries/clientnegative/materialized_view_authorization_create_no_grant.q +++ ql/src/test/queries/clientnegative/materialized_view_authorization_create_no_grant.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; create table amvcng_gtable (a int, b varchar(256), c decimal(10,2)); diff --git ql/src/test/queries/clientnegative/materialized_view_authorization_create_no_select_perm.q ql/src/test/queries/clientnegative/materialized_view_authorization_create_no_select_perm.q index 2ec7133..fb5f46c 100644 --- ql/src/test/queries/clientnegative/materialized_view_authorization_create_no_select_perm.q +++ ql/src/test/queries/clientnegative/materialized_view_authorization_create_no_select_perm.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; create table amvnsp_table (a int, b varchar(256), c decimal(10,2)); diff --git ql/src/test/queries/clientnegative/materialized_view_authorization_drop_other.q ql/src/test/queries/clientnegative/materialized_view_authorization_drop_other.q index 9a486f2..ed50a8d 100644 --- ql/src/test/queries/clientnegative/materialized_view_authorization_drop_other.q +++ ql/src/test/queries/clientnegative/materialized_view_authorization_drop_other.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; create table amvdo_table (a int, b varchar(256), c decimal(10,2)); diff --git ql/src/test/queries/clientnegative/materialized_view_authorization_no_select_perm.q ql/src/test/queries/clientnegative/materialized_view_authorization_no_select_perm.q index eb59349..1a11623 100644 --- ql/src/test/queries/clientnegative/materialized_view_authorization_no_select_perm.q +++ ql/src/test/queries/clientnegative/materialized_view_authorization_no_select_perm.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; create table amvnsp_table (a int, b varchar(256), c decimal(10,2)); diff --git ql/src/test/queries/clientnegative/materialized_view_authorization_rebuild_no_grant.q ql/src/test/queries/clientnegative/materialized_view_authorization_rebuild_no_grant.q index fb849ab..b361bcf 100644 --- ql/src/test/queries/clientnegative/materialized_view_authorization_rebuild_no_grant.q +++ ql/src/test/queries/clientnegative/materialized_view_authorization_rebuild_no_grant.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; create table amvrng_table (a int, b varchar(256), c decimal(10,2)); diff --git ql/src/test/queries/clientnegative/materialized_view_authorization_rebuild_other.q ql/src/test/queries/clientnegative/materialized_view_authorization_rebuild_other.q index d22ee26..792b851 100644 --- ql/src/test/queries/clientnegative/materialized_view_authorization_rebuild_other.q +++ ql/src/test/queries/clientnegative/materialized_view_authorization_rebuild_other.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; create table amvro_table (a int, b varchar(256), c decimal(10,2)); diff --git ql/src/test/queries/clientnegative/repl_dump_requires_admin.q ql/src/test/queries/clientnegative/repl_dump_requires_admin.q index 9d712ca..9633a79 100644 --- ql/src/test/queries/clientnegative/repl_dump_requires_admin.q +++ ql/src/test/queries/clientnegative/repl_dump_requires_admin.q @@ -1,7 +1,4 @@ -set hive.security.authorization.enabled=true; -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +--! qt:authorizer set hive.repl.rootdir=${system:test.tmp.dir}/hrepl; dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hrepl/sentinel; diff --git ql/src/test/queries/clientnegative/repl_load_requires_admin.q ql/src/test/queries/clientnegative/repl_load_requires_admin.q index 0b1b12b..f4395aa 100644 --- ql/src/test/queries/clientnegative/repl_load_requires_admin.q +++ ql/src/test/queries/clientnegative/repl_load_requires_admin.q @@ -1,7 +1,4 @@ -set hive.security.authorization.enabled=true; -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +--! qt:authorizer set hive.repl.rootdir=${system:test.tmp.dir}/hrepl; dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hrepl/sentinel; diff --git ql/src/test/queries/clientnegative/temp_table_authorize_create_tbl.q ql/src/test/queries/clientnegative/temp_table_authorize_create_tbl.q index 69bcc43a..02ac973 100644 --- ql/src/test/queries/clientnegative/temp_table_authorize_create_tbl.q +++ ql/src/test/queries/clientnegative/temp_table_authorize_create_tbl.q @@ -1,8 +1,5 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +--! qt:authorizer -set hive.security.authorization.enabled=true; set user.name=user33; create database db23221; use db23221; diff --git ql/src/test/queries/clientpositive/authorization_1.q ql/src/test/queries/clientpositive/authorization_1.q index 80e7a5d..0056bf9 100644 --- ql/src/test/queries/clientpositive/authorization_1.q +++ ql/src/test/queries/clientpositive/authorization_1.q @@ -88,5 +88,3 @@ -- drop role drop role sRc_roLE; -set hive.security.authorization.enabled=false; -drop table src_autho_test_n11; diff --git ql/src/test/queries/clientpositive/authorization_1_sql_std.q ql/src/test/queries/clientpositive/authorization_1_sql_std.q index b7b6710..45b3748 100644 --- ql/src/test/queries/clientpositive/authorization_1_sql_std.q +++ ql/src/test/queries/clientpositive/authorization_1_sql_std.q @@ -1,11 +1,8 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +--! qt:authorizer set user.name=hive_admin_user; create table src_autho_test (key STRING, value STRING) ; -set hive.security.authorization.enabled=true; --select dummy table select 1; @@ -36,6 +33,3 @@ -- drop role drop role SRc_role; - -set hive.security.authorization.enabled=false; -drop table src_autho_test; diff --git ql/src/test/queries/clientpositive/authorization_alter_table_exchange_partition.q ql/src/test/queries/clientpositive/authorization_alter_table_exchange_partition.q index 4ffe4a1..a1e554d 100644 --- ql/src/test/queries/clientpositive/authorization_alter_table_exchange_partition.q +++ ql/src/test/queries/clientpositive/authorization_alter_table_exchange_partition.q @@ -1,8 +1,5 @@ +--! qt:authorizer --! qt:dataset:src -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; set user.name=user1; @@ -44,5 +41,3 @@ explain authorization alter table exchange_partition_test_2 exchange partition (b=1) with table exchange_partition_test_1; alter table exchange_partition_test_2 exchange partition (b=1) with table exchange_partition_test_1; - -set hive.security.authorization.enabled=false; diff --git ql/src/test/queries/clientpositive/authorization_create_func1.q ql/src/test/queries/clientpositive/authorization_create_func1.q index 6c7ebc7..4476536 100644 --- ql/src/test/queries/clientpositive/authorization_create_func1.q +++ ql/src/test/queries/clientpositive/authorization_create_func1.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=hive_admin_user; -- admin required for create function diff --git ql/src/test/queries/clientpositive/authorization_create_macro1.q ql/src/test/queries/clientpositive/authorization_create_macro1.q index e0297d2..0f75ee5 100644 --- ql/src/test/queries/clientpositive/authorization_create_macro1.q +++ ql/src/test/queries/clientpositive/authorization_create_macro1.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=hive_admin_user; -- admin required for create macro diff --git ql/src/test/queries/clientpositive/authorization_create_temp_table.q ql/src/test/queries/clientpositive/authorization_create_temp_table.q index 4878e20..230d828 100644 --- ql/src/test/queries/clientpositive/authorization_create_temp_table.q +++ ql/src/test/queries/clientpositive/authorization_create_temp_table.q @@ -1,14 +1,11 @@ +--! qt:authorizer --! qt:dataset:src set hive.mapred.mode=nonstrict; -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; create table authorization_create_temp_table_1 as select * from src limit 10; grant select on authorization_create_temp_table_1 to user user1; set user.name=user1; -set hive.security.authorization.enabled=true; create temporary table tmp1(c1 string, c2 string); diff --git ql/src/test/queries/clientpositive/authorization_delete_own_table.q ql/src/test/queries/clientpositive/authorization_delete_own_table.q index 34dfa6a..a648198 100644 --- ql/src/test/queries/clientpositive/authorization_delete_own_table.q +++ ql/src/test/queries/clientpositive/authorization_delete_own_table.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set hive.support.concurrency=true; set hive.txn.manager=org.apache.hadoop.hive.ql.lockmgr.DbTxnManager; diff --git ql/src/test/queries/clientpositive/authorization_owner_actions.q ql/src/test/queries/clientpositive/authorization_owner_actions.q index 7340dbc..0826d32 100644 --- ql/src/test/queries/clientpositive/authorization_owner_actions.q +++ ql/src/test/queries/clientpositive/authorization_owner_actions.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- actions that require user to be table owner diff --git ql/src/test/queries/clientpositive/authorization_owner_actions_db.q ql/src/test/queries/clientpositive/authorization_owner_actions_db.q index ccd4605..afc2792 100644 --- ql/src/test/queries/clientpositive/authorization_owner_actions_db.q +++ ql/src/test/queries/clientpositive/authorization_owner_actions_db.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=hive_admin_user; set role admin; diff --git ql/src/test/queries/clientpositive/authorization_parts.q ql/src/test/queries/clientpositive/authorization_parts.q index d1a74a3..633de31 100644 --- ql/src/test/queries/clientpositive/authorization_parts.q +++ ql/src/test/queries/clientpositive/authorization_parts.q @@ -1,8 +1,5 @@ +--! qt:authorizer set hive.mapred.mode=nonstrict; -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/a_uri_add_part1; dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/a_uri_add_part2; diff --git ql/src/test/queries/clientpositive/authorization_reset.q ql/src/test/queries/clientpositive/authorization_reset.q index 047474e..5ae56c9 100644 --- ql/src/test/queries/clientpositive/authorization_reset.q +++ ql/src/test/queries/clientpositive/authorization_reset.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set hive.metastore.server.min.threads=101; set hive.metastore.server.min.threads; diff --git ql/src/test/queries/clientpositive/authorization_show_grant.q ql/src/test/queries/clientpositive/authorization_show_grant.q index 3c79db9..3e10225 100644 --- ql/src/test/queries/clientpositive/authorization_show_grant.q +++ ql/src/test/queries/clientpositive/authorization_show_grant.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=hive_admin_user; set role admin; diff --git ql/src/test/queries/clientpositive/authorization_update_own_table.q ql/src/test/queries/clientpositive/authorization_update_own_table.q index 9189bf5d..a912575 100644 --- ql/src/test/queries/clientpositive/authorization_update_own_table.q +++ ql/src/test/queries/clientpositive/authorization_update_own_table.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set hive.support.concurrency=true; set hive.txn.manager=org.apache.hadoop.hive.ql.lockmgr.DbTxnManager; diff --git ql/src/test/queries/clientpositive/authorization_wm.q ql/src/test/queries/clientpositive/authorization_wm.q index 95019f1..394c6e3 100644 --- ql/src/test/queries/clientpositive/authorization_wm.q +++ ql/src/test/queries/clientpositive/authorization_wm.q @@ -1,8 +1,5 @@ +--! qt:authorizer set hive.cli.errors.ignore=true; -set hive.security.authorization.enabled=true; -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; set user.name=ruser1; @@ -75,4 +72,4 @@ alter user mapping 'joe' IN rp TO pool0; drop user mapping 'joe' IN rp; drop pool rp.pool0; -drop trigger rp.trigger0; \ No newline at end of file +drop trigger rp.trigger0; diff --git ql/src/test/queries/clientpositive/exim_25_export_parentpath_has_inaccessible_children.q ql/src/test/queries/clientpositive/exim_25_export_parentpath_has_inaccessible_children.q index af33cbe..b04945e 100644 --- ql/src/test/queries/clientpositive/exim_25_export_parentpath_has_inaccessible_children.q +++ ql/src/test/queries/clientpositive/exim_25_export_parentpath_has_inaccessible_children.q @@ -1,4 +1,3 @@ -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; diff --git ql/src/test/queries/clientpositive/materialized_view_authorization_sqlstd.q ql/src/test/queries/clientpositive/materialized_view_authorization_sqlstd.q index 5807c77..283c893 100644 --- ql/src/test/queries/clientpositive/materialized_view_authorization_sqlstd.q +++ ql/src/test/queries/clientpositive/materialized_view_authorization_sqlstd.q @@ -1,8 +1,5 @@ +--! qt:authorizer set hive.vectorized.execution.enabled=false; -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; set user.name=user1; create table amvs_table (a int, b varchar(256), c decimal(10,2)); diff --git ql/src/test/queries/clientpositive/results_cache_with_auth.q ql/src/test/queries/clientpositive/results_cache_with_auth.q index 18118f6..e08ddcd 100644 --- ql/src/test/queries/clientpositive/results_cache_with_auth.q +++ ql/src/test/queries/clientpositive/results_cache_with_auth.q @@ -1,3 +1,4 @@ +--! qt:authorizer -- Setup results cache set hive.compute.query.using.stats=false; @@ -5,10 +6,6 @@ set hive.query.results.cache.nontransactional.tables.enabled=true; -- Setup auth -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; create table results_cache_with_auth_t1 (c1 string); insert into results_cache_with_auth_t1 values ('abc'); @@ -25,5 +22,3 @@ select count(*) from results_cache_with_auth_t1; -set hive.security.authorization.enabled=false; -drop table results_cache_with_auth_t1; diff --git ql/src/test/queries/clientpositive/sysdb_schq.q ql/src/test/queries/clientpositive/sysdb_schq.q index 6b93199..fc1bcd5 100644 --- ql/src/test/queries/clientpositive/sysdb_schq.q +++ ql/src/test/queries/clientpositive/sysdb_schq.q @@ -1,13 +1,17 @@ +--! qt:authorizer --! qt:scheduledqueryservice --! qt:dataset:src --! qt:sysdb -use sys; +set user.name=hive_admin_user; +set role admin; create scheduled query asd cron '* * * * * ? *' defined as select 1; !sleep 10; +use sys; + desc formatted scheduled_queries; select diff --git ql/src/test/queries/clientpositive/view_authorization_sqlstd.q ql/src/test/queries/clientpositive/view_authorization_sqlstd.q index bc5b9bd..f380632 100644 --- ql/src/test/queries/clientpositive/view_authorization_sqlstd.q +++ ql/src/test/queries/clientpositive/view_authorization_sqlstd.q @@ -1,7 +1,4 @@ -set hive.test.authz.sstd.hs2.mode=true; -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set hive.security.authorization.enabled=true; +--! qt:authorizer set user.name=user1; -- Test view authorization , and 'show grant' variants diff --git ql/src/test/results/clientpositive/authorization_1.q.out ql/src/test/results/clientpositive/authorization_1.q.out index 0a3e19a..26dc4a0 100644 --- ql/src/test/results/clientpositive/authorization_1.q.out +++ ql/src/test/results/clientpositive/authorization_1.q.out @@ -354,11 +354,3 @@ PREHOOK: type: DROPROLE POSTHOOK: query: drop role sRc_roLE POSTHOOK: type: DROPROLE -PREHOOK: query: drop table src_autho_test_n11 -PREHOOK: type: DROPTABLE -PREHOOK: Input: default@src_autho_test_n11 -PREHOOK: Output: default@src_autho_test_n11 -POSTHOOK: query: drop table src_autho_test_n11 -POSTHOOK: type: DROPTABLE -POSTHOOK: Input: default@src_autho_test_n11 -POSTHOOK: Output: default@src_autho_test_n11 diff --git ql/src/test/results/clientpositive/llap/sysdb.q.out ql/src/test/results/clientpositive/llap/sysdb.q.out index 30a87a1..6ec2a06 100644 --- ql/src/test/results/clientpositive/llap/sysdb.q.out +++ ql/src/test/results/clientpositive/llap/sysdb.q.out @@ -1185,6 +1185,7 @@ POSTHOOK: type: QUERY POSTHOOK: Input: sys@role_map #### A masked pattern was here #### +hive_admin_user admin PREHOOK: query: explain vectorization detail select count(*) from sds PREHOOK: type: QUERY diff --git ql/src/test/results/clientpositive/llap/sysdb_schq.q.out ql/src/test/results/clientpositive/llap/sysdb_schq.q.out index 528bb3f..6af1181 100644 --- ql/src/test/results/clientpositive/llap/sysdb_schq.q.out +++ ql/src/test/results/clientpositive/llap/sysdb_schq.q.out @@ -1,13 +1,17 @@ +PREHOOK: query: set role admin +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role admin +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 +PREHOOK: type: QUERY +POSTHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 +POSTHOOK: type: QUERY PREHOOK: query: use sys PREHOOK: type: SWITCHDATABASE PREHOOK: Input: database:sys POSTHOOK: query: use sys POSTHOOK: type: SWITCHDATABASE POSTHOOK: Input: database:sys -PREHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 -PREHOOK: type: QUERY -POSTHOOK: query: create scheduled query asd cron '* * * * * ? *' defined as select 1 -POSTHOOK: type: QUERY PREHOOK: query: desc formatted scheduled_queries PREHOOK: type: DESCTABLE PREHOOK: Input: sys@scheduled_queries @@ -96,7 +100,7 @@ POSTHOOK: type: QUERY POSTHOOK: Input: sys@scheduled_queries #### A masked pattern was here #### -1 asd true hive * * * * * ? * hive_test_user select 1 true +1 asd true hive * * * * * ? * hive_admin_user select 1 true PREHOOK: query: select scheduled_execution_id, scheduled_query_id, state,