# Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. ############################################################################### # curl command tests for templeton # # #use Yahoo::Miners::Test::PigSetup; #PigSetup::setup(); #my $me = `whoami`; #chomp $me; $cfg = { 'driver' => 'Curl', 'groups' => [ ##============================================================================================================= #This suite tests support for doAs user in WebHCat. #This suite of tests requires some set up. They test that security context is properly propagated. #These tests are meant to run in File based security mode. Also, 2 users need to be created. #See README.txt for details on set up. # # { 'name' => 'doAsTests', 'tests' => [ { #drop table if exists to clean up from previous run 'num' => 1, 'method' => 'DELETE', 'url' => ':TEMPLETON_URL:/templeton/v1/ddl/database/default/table/:UNAME:_doastab2?user.name=:UNAME:&ifExists=true', 'status_code' => 200, 'json_field_substr_match' => {'database' => 'default', 'table' => ':UNAME:_doastab2'}, }, { # create a table and set permission so that it's only accessible by owner #(i.e. user issuing request) 'num' => 2, 'method' => 'PUT', 'url' => ':TEMPLETON_URL:/templeton/v1/ddl/database/default/table/:UNAME:_doastab2?user.name=:UNAME:', 'format_header' => 'Content-Type: application/json', 'post_options' => [' { "columns": [ { "name": "id", "type": "bigint" }, { "name": "price", "type": "float"} ], "partitionedBy": [ { "name": "country", "type": "string" } ], "format" : { "storedAs" : "textfile"}, "permissions" : "rwx------" }'], 'status_code' => 200, 'json_field_substr_match' => {'database' => 'default', 'table' => ':UNAME:_doastab2'}, }, { #describe table with doAs user that UNAME is not allowed to impersonate 'num' => 3, 'method' => 'GET', 'url' => ':TEMPLETON_URL:/templeton/v1/ddl/database/default/table/:UNAME:_doastab1?user.name=:UNAME:&doAs=no_such_user', 'status_code' => 401, 'json_field_substr_match' => {'error' => 'Unauthorized proxyuser \[:UNAME:\] for doAsUser \[no_such_user\], not in proxyuser groups'}, }, { #try to describe tale as a user that does not own (doesn't have read permissions on ) the table #this is not going to work in secure mode 'ignore' => 'will not work in secure mode', 'num' => 4, 'method' => 'GET', 'url' => ':TEMPLETON_URL:/templeton/v1/ddl/database/default/table/:UNAME:_doastab1?user.name=no_such_user', 'status_code' => 401, 'json_field_substr_match' => {'error' => 'Unauthorized proxyuser \[:UNAME:\] for doAsUser \[no_such_user\], not in proxyuser groups'}, }, { #descbe the table (as the table owner) #this should succeed 'num' => 5, 'method' => 'GET', 'url' => ':TEMPLETON_URL:/templeton/v1/ddl/database/default/table/:UNAME:_doastab2?user.name=:UNAME:', 'status_code' => 200, 'json_field_substr_match' => {'database' => 'default', 'table' => ':UNAME:_doastab2'}, }, { #descbe the table (as the table owner but using doAs) #this should fail when using StorageBasedAuthorizationProvider 'num' => 6, 'method' => 'GET', 'url' => ':TEMPLETON_URL:/templeton/v1/ddl/database/default/table/:UNAME:_doastab2/partition?user.name=:UNAME:&doAs=:DOAS:', 'status_code' => 500, 'json_field_substr_match' => {'error' => 'java\.security\.AccessControlException: Permission denied: user=:DOAS:, access=READ'}, }, { #this should fail 'num' => 7, 'method' => 'DELETE', 'url' => ':TEMPLETON_URL:/templeton/v1/ddl/database/default/table/:UNAME:_doastab2?user.name=:UNAME:&doAs=:DOAS:', 'status_code' => 500, 'json_field_substr_match' => {'error' => 'java\.security\.AccessControlException: Permission denied: user=:DOAS:, access=READ'}, }, { #descbe the table.... #this should succeed 'num' => 8, 'ignore' => 'foo', 'method' => 'DELETE', 'url' => ':TEMPLETON_URL:/templeton/v1/ddl/database/default/table/:UNAME:_doastab2?user.name=:UNAME:', 'status_code' => 200, 'json_field_substr_match' => {'database' => 'default', 'table' => ':UNAME:_doastab2'}, }, ], }, { 'name' => 'bugs', 'tests'=> [ { #update permissions to rwx------ 'num' => 1, 'ignore' => 'permission setting seems broken - has no effect (not related to doAs) HIVE-5094', 'method' => 'POST', 'url' => ':TEMPLETON_URL:/templeton/v1/ddl/database/default/table/:UNAME:_doastab1?user.name=:UNAME:', 'format_header' => 'Content-Type: application/json', 'post_options' => ['rename=:UNAME:_doastab2', 'permissions=rwx------'], 'status_code' => 200, 'json_field_substr_match' => {'database' => 'default', 'table' => ':UNAME:_doastab2'}, }, ] }, ] }, ;