/** * Test that setting HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST_APPEND config works * @throws HiveAuthzPluginException */ @Test public void testConfigProcessingCustomSetWhitelistAppend() throws HiveAuthzPluginException { // append new config params to whitelist List<String> paramRegexes = Arrays.asList("hive.ctest.param", "hive.abc..*"); List<String> settableParams = Arrays.asList("hive.ctest.param", "hive.abc.def"); verifySettability(paramRegexes, settableParams, ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST_APPEND); }
/** * Test if SQLStdHiveAccessController is applying configuration security * policy on hiveconf correctly * * @throws HiveAuthzPluginException * @throws IllegalAccessException * @throws NoSuchFieldException * @throws IllegalArgumentException * @throws SecurityException */ @Test public void testConfigProcessing() throws HiveAuthzPluginException, SecurityException, IllegalArgumentException, NoSuchFieldException, IllegalAccessException { HiveConf processedConf = newAuthEnabledConf(); SQLStdHiveAccessController accessController = new SQLStdHiveAccessController(null, processedConf, new HadoopDefaultAuthenticator(), getHS2SessionCtx()); accessController.applyAuthorizationConfigPolicy(processedConf); // check that hook to disable transforms has been added assertTrue("Check for transform query disabling hook", processedConf.getVar(ConfVars.PREEXECHOOKS).contains(DisallowTransformHook.class.getName())); List<String> settableParams = getSettableParams(); verifyParamSettability(settableParams, processedConf); }
private void verifySettability(List<String> paramRegexes, List<String> settableParams, ConfVars whiteListParam) throws HiveAuthzPluginException { HiveConf processedConf = newAuthEnabledConf(); processedConf.setVar(whiteListParam, Joiner.on("|").join(paramRegexes)); SQLStdHiveAccessController accessController = new SQLStdHiveAccessController(null, processedConf, new HadoopDefaultAuthenticator(), getHS2SessionCtx()); accessController.applyAuthorizationConfigPolicy(processedConf); verifyParamSettability(settableParams, processedConf); }
/** * Verify that params in settableParams can be modified, and other random ones can't be modified * @param settableParams * @param processedConf */ private void verifyParamSettability(List<String> settableParams, HiveConf processedConf) { // verify that the whitlelist params can be set for (String param : settableParams) { try { processedConf.verifyAndSet(param, "dummy"); } catch (IllegalArgumentException e) { fail("Unable to set value for parameter in whitelist " + param + " " + e); } } // verify that non whitelist params can't be set assertConfModificationException(processedConf, "dummy.param"); // does not make sense to have any of the metastore config variables to be // modifiable for (ConfVars metaVar : HiveConf.metaVars) { assertConfModificationException(processedConf, metaVar.varname); } }
/** * Test that setting HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST config works * @throws HiveAuthzPluginException */ @Test public void testConfigProcessingCustomSetWhitelist() throws HiveAuthzPluginException { // append new config params to whitelist List<String> paramRegexes = Arrays.asList("hive.ctest.param", "hive.abc..*"); List<String> settableParams = Arrays.asList("hive.ctest.param", "hive.abc.def"); verifySettability(paramRegexes, settableParams, ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST); }