mirror of
https://github.com/apache/impala.git
synced 2025-12-19 18:12:08 -05:00
f28a32fbc3
This is the final patch to move all Impala e2e and custom cluster tests to use HS2 protocol by default. Only beeswax-specific test remains testing against beeswax protocol by default. We can remove them once Impala officially remove beeswax support. HS2 error message formatting in impala-hs2-server.cc is adjusted a bit to match with formatting in impala-beeswax-server.cc. Move TestWebPageAndCloseSession from webserver/test_web_pages.py to custom_cluster/test_web_pages.py to disable glog log buffering. Testing: - Pass exhaustive tests, except for some known and unrelated flaky tests. Change-Id: I42e9ceccbba1e6853f37e68f106265d163ccae28 Reviewed-on: http://gerrit.cloudera.org:8080/22845 Reviewed-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com> Tested-by: Jason Fehr <jfehr@cloudera.com>
101 lines
4.5 KiB
Python
101 lines
4.5 KiB
Python
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
from tests.common.impala_connection import IMPALA_CONNECTION_EXCEPTION
|
|
from tests.common.impala_test_suite import ImpalaTestSuite
|
|
from tests.common.test_vector import BEESWAX
|
|
|
|
|
|
class TestBeeswax(ImpalaTestSuite):
|
|
|
|
def test_user_validation(self):
|
|
"""Test various scenarios with cross-connection operations with the same
|
|
and different users."""
|
|
USER1 = "user1"
|
|
USER2 = "user2"
|
|
client1 = self.create_impala_client(protocol=BEESWAX)
|
|
different_user_client = None
|
|
unset_user_client = None
|
|
try:
|
|
same_user_client = self.create_impala_client(protocol=BEESWAX)
|
|
different_user_client = self.create_impala_client(protocol=BEESWAX)
|
|
unset_user_client = self.create_impala_client(protocol=BEESWAX)
|
|
|
|
# Unauthenticated Beewax only sets user once the query is run.
|
|
result = client1.execute("select effective_user()", user=USER1)
|
|
assert result.data[0] == USER1
|
|
result = same_user_client.execute("select effective_user()", user=USER1)
|
|
assert result.data[0] == USER1
|
|
# The user shouldn't change once set.
|
|
result = client1.execute("select effective_user()", user=USER2)
|
|
assert result.data[0] == USER1
|
|
result = different_user_client.execute("select effective_user()", user=USER2)
|
|
assert result.data[0] == USER2
|
|
|
|
QUERY = "select * from functional.alltypes"
|
|
handle = client1.execute_async(QUERY)
|
|
client1.get_state(handle)
|
|
# Connections with a effective user should not be able to access other users'
|
|
# sessions.
|
|
self._assert_invalid_handle(lambda: different_user_client.fetch(QUERY, handle))
|
|
self._assert_invalid_handle(lambda: different_user_client.get_state(handle))
|
|
self._assert_invalid_handle(lambda: different_user_client.get_log(handle))
|
|
self._assert_profile_access_denied(
|
|
lambda: different_user_client.get_runtime_profile(handle))
|
|
self._assert_profile_access_denied(
|
|
lambda: different_user_client.get_exec_summary(handle))
|
|
self._assert_invalid_handle(lambda: different_user_client.close_dml(handle))
|
|
|
|
# Connections with the same user can always access the requests. A connection
|
|
# without an effective user (only possible with unauthenticated connections)
|
|
# is allowed to access any query. Some Impala tests depend on this.
|
|
for valid_client in [client1, same_user_client, unset_user_client]:
|
|
valid_client.get_state(handle)
|
|
valid_client.fetch(QUERY, handle)
|
|
valid_client.get_log(handle)
|
|
valid_client.get_runtime_profile(handle)
|
|
valid_client.get_exec_summary(handle)
|
|
|
|
# Validation of user should be skipped for closing and cancelling queries, to
|
|
# avoid breaking administrative tools that clean up queries via Beeswax RPCs.
|
|
different_user_client.cancel(handle)
|
|
different_user_client.close_query(handle)
|
|
finally:
|
|
if different_user_client is not None:
|
|
different_user_client.close()
|
|
if unset_user_client is not None:
|
|
unset_user_client.close()
|
|
|
|
def _assert_invalid_handle(self, fn):
|
|
"""Assert that invoking fn() raises an ImpalaBeeswaxException with an invalid query
|
|
handle error."""
|
|
try:
|
|
fn()
|
|
assert False, "Expected invalid handle"
|
|
except IMPALA_CONNECTION_EXCEPTION as e:
|
|
assert "Query id" in str(e) and "not found" in str(e), str(e)
|
|
|
|
def _assert_profile_access_denied(self, fn):
|
|
"""Assert that invoking fn() raises an ImpalaBeeswaxException with the error
|
|
message indicating that profile access is denied."""
|
|
try:
|
|
fn()
|
|
assert False, "Expected invalid handle"
|
|
except IMPALA_CONNECTION_EXCEPTION as e:
|
|
assert "is not authorized to access the runtime profile" in str(e), str(e)
|