[CDH5] Test to confirm that ACLs are inherited correctly on INSERT

Change-Id: I781a6b7203c2e12b484162954abae51a6443bead Reviewed-on: http://gerrit.ent.cloudera.com:8080/3076 Reviewed-by: Alex Behm <alex.behm@cloudera.com> Tested-by: jenkins
2025-12-25 02:03:09 -05:00 · 2014-06-16 12:31:02 -07:00
parent 04ef96e873
commit ff32821c6b
3 changed files with 75 additions and 1 deletions
--- a/testdata/cluster/node_templates/common/etc/hadoop/conf/hdfs-site.xml.tmpl
+++ b/testdata/cluster/node_templates/common/etc/hadoop/conf/hdfs-site.xml.tmpl
@@ -95,4 +95,9 @@
    <name>dfs.namenode.path.based.cache.refresh.interval.ms</name>
    <value>3000</value>
  </property>
+
+  <property>
+    <name>dfs.namenode.acls.enabled</name>
+    <value>true</value>
+  </property>
 </configuration>
--- a/tests/query_test/test_insert_behaviour.py
+++ b/tests/query_test/test_insert_behaviour.py
@@ -87,3 +87,59 @@ functional.insert_overwrite_nopart SELECT int_col FROM functional.tinyinttable""
    # a subdirectory)
    ls = self.hdfs_client.list_dir(partition_dir)
    assert len(ls['FileStatuses']['FileStatus']) == 1
+
+  @pytest.mark.execute_serially
+  def test_insert_inherit_acls(self):
+    """Check that ACLs are inherited when we create new partitions"""
+
+    ROOT_ACL = "default:group:dummy_group:rwx"
+    TEST_ACL = "default:group:impala_test_users:r-x"
+    def check_has_acls(part, acl=TEST_ACL):
+      path = "test-warehouse/functional.db/insert_inherit_acls/" + part
+      result = self.hdfs_client.getacl(path)
+      assert acl in result['AclStatus']['entries']
+
+    # Add a spurious ACL to functional.db directory
+    self.hdfs_client.setacl("test-warehouse/functional.db", ROOT_ACL)
+
+    self.execute_query_expect_success(self.client, "DROP TABLE IF EXISTS"
+                                      " functional.insert_inherit_acls")
+    self.execute_query_expect_success(self.client, "CREATE TABLE "
+                                      "functional.insert_inherit_acls (col int)"
+                                      " PARTITIONED BY (p1 int, p2 int, p3 int)")
+
+    # Check that table creation inherited the ACL
+    check_has_acls("", ROOT_ACL)
+
+    self.execute_query_expect_success(self.client, "ALTER TABLE "
+                                      "functional.insert_inherit_acls ADD PARTITION"
+                                      "(p1=1, p2=1, p3=1)")
+
+    check_has_acls("p1=1", ROOT_ACL)
+    check_has_acls("p1=1/p2=1", ROOT_ACL)
+    check_has_acls("p1=1/p2=1/p3=1", ROOT_ACL)
+
+    self.hdfs_client.setacl(
+      "test-warehouse/functional.db/insert_inherit_acls/p1=1/", TEST_ACL)
+
+    self.execute_query_expect_success(self.client, "INSERT INTO "
+                                      "functional.insert_inherit_acls "
+                                      "PARTITION(p1=1, p2=2, p3=2) VALUES(1)")
+
+    check_has_acls("p1=1/p2=2/")
+    check_has_acls("p1=1/p2=2/p3=2")
+
+    # Check that SETACL didn't cascade down to children (which is more to do with HDFS
+    # than Impala, but worth asserting here)
+    check_has_acls("p1=1/p2=1", ROOT_ACL)
+    check_has_acls("p1=1/p2=1/p3=1", ROOT_ACL)
+
+    # Change ACLs on p1=1,p2=2 and create a new leaf at p3=30
+    self.hdfs_client.setacl(
+      "test-warehouse/functional.db/insert_inherit_acls/p1=1/p2=2/",
+      "default:group:new_leaf_group:-w-")
+
+    self.execute_query_expect_success(self.client, "INSERT INTO "
+                                      "functional.insert_inherit_acls "
+                                      "PARTITION(p1=1, p2=2, p3=30) VALUES(1)")
+    check_has_acls("p1=1/p2=2/p3=30", "default:group:new_leaf_group:-w-")
--- a/tests/util/hdfs_util.py
+++ b/tests/util/hdfs_util.py
@@ -29,9 +29,22 @@ class PyWebHdfsClientWithChmod(PyWebHdfsClient):
    response = requests.put(uri, allow_redirects=True)
    if not response.status_code == httplib.OK:
      _raise_pywebhdfs_exception(response.status_code, response.text)
-
    return True

+  def setacl(self, path, acls):
+    uri = self._create_uri(path, "SETACL", aclspec=acls)
+    response = requests.put(uri, allow_redirects=True)
+    if not response.status_code == httplib.OK:
+      _raise_pywebhdfs_exception(response.status_code, response.text)
+    return True
+
+  def getacl(self, path):
+    uri = self._create_uri(path, "GETACLSTATUS")
+    response = requests.get(uri, allow_redirects=True)
+    if not response.status_code == httplib.OK:
+      _raise_pywebhdfs_exception(response.status_code, response.text)
+    return response.json()
+
 class HdfsConfig(object):
  """Reads an XML configuration file (produced by a mini-cluster) into a dictionary
  accessible via get()"""