def test_close_session(self): """Test that an open session can be closed""" open_session_req = TCLIService.TOpenSessionReq() resp = self.hs2_client.OpenSession(open_session_req) TestHS2.check_response(resp) close_session_req = TCLIService.TCloseSessionReq() close_session_req.sessionHandle = resp.sessionHandle TestHS2.check_response(self.hs2_client.CloseSession(close_session_req))
def test_double_close_session(self): """Test that an already closed session cannot be closed a second time""" open_session_req = TCLIService.TOpenSessionReq() resp = self.hs2_client.OpenSession(open_session_req) TestHS2.check_response(resp) close_session_req = TCLIService.TCloseSessionReq() close_session_req.sessionHandle = resp.sessionHandle TestHS2.check_response(self.hs2_client.CloseSession(close_session_req)) # Double close should be an error TestHS2.check_response(self.hs2_client.CloseSession(close_session_req), TCLIService.TStatusCode.ERROR_STATUS)
def test_socket_close_forces_session_close(self): """Test that closing the underlying socket forces the associated session to close. See IMPALA-564""" open_session_req = TCLIService.TOpenSessionReq() resp = self.hs2_client.OpenSession(open_session_req) TestHS2.check_response(resp) num_sessions = self.impalad_test_service.get_metric_value( "impala-server.num-open-hiveserver2-sessions") assert num_sessions > 0 self.socket.close() self.socket = None self.impalad_test_service.wait_for_metric_value( "impala-server.num-open-hiveserver2-sessions", num_sessions - 1)
def add_session(self): open_session_req = TCLIService.TOpenSessionReq() open_session_req.username = getuser() open_session_req.configuration = dict() resp = self.hs2_client.OpenSession(open_session_req) HS2TestSuite.check_response(resp) self.session_handle = resp.sessionHandle try: fn(self) finally: close_session_req = TCLIService.TCloseSessionReq() close_session_req.sessionHandle = resp.sessionHandle HS2TestSuite.check_response( self.hs2_client.CloseSession(close_session_req)) self.session_handle = None
def test_impersonation(self): """End-to-end impersonation + authorization test. Expects authorization to be configured before running this test""" # TODO: To reuse the HS2 utility code from the TestHS2 test suite we need to import # the module within this test function, rather than as a top-level import. This way # the tests in that module will not get pulled when executing this test suite. The fix # is to split the utility code out of the TestHS2 class and support HS2 as a first # class citizen in our test framework. from tests.hs2.test_hs2 import TestHS2 open_session_req = TCLIService.TOpenSessionReq() open_session_req.username = '******' open_session_req.configuration = dict() open_session_req.configuration['impala.doas.user'] = getuser() resp = self.hs2_client.OpenSession(open_session_req) TestHS2.check_response(resp) # Try to query a table we are not authorized to access. self.session_handle = resp.sessionHandle execute_statement_req = TCLIService.TExecuteStatementReq() execute_statement_req.sessionHandle = self.session_handle execute_statement_req.statement = "describe tpch_seq.lineitem" execute_statement_resp = self.hs2_client.ExecuteStatement( execute_statement_req) assert 'User \'%s\' does not have privileges to access' % getuser() in\ str(execute_statement_resp) assert self.__wait_for_audit_record(user=getuser(), impersonator='hue'),\ 'No matching audit event recorded in time window' # Now try the same operation on a table we are authorized to access. execute_statement_req = TCLIService.TExecuteStatementReq() execute_statement_req.sessionHandle = self.session_handle execute_statement_req.statement = "describe tpch.lineitem" execute_statement_resp = self.hs2_client.ExecuteStatement( execute_statement_req) TestHS2.check_response(execute_statement_resp) # Try to impersonate as a user we are not authorized to impersonate. open_session_req.configuration['impala.doas.user'] = '******' resp = self.hs2_client.OpenSession(open_session_req) assert 'User \'hue\' is not authorized to impersonate \'some_user\'' in str( resp) self.socket.close() self.socket = None
def test_multiple_sessions(self): """Test that multiple sessions on the same socket connection are allowed""" num_sessions = self.impalad_test_service.get_metric_value( "impala-server.num-open-hiveserver2-sessions") session_ids = [] for _ in xrange(5): open_session_req = TCLIService.TOpenSessionReq() resp = self.hs2_client.OpenSession(open_session_req) TestHS2.check_response(resp) # Check that all sessions get different IDs assert resp.sessionHandle not in session_ids session_ids.append(resp.sessionHandle) self.impalad_test_service.wait_for_metric_value( "impala-server.num-open-hiveserver2-sessions", num_sessions + 5) self.socket.close() self.socket = None self.impalad_test_service.wait_for_metric_value( "impala-server.num-open-hiveserver2-sessions", num_sessions)
def test_impersonation(self): """End-to-end impersonation + authorization test. Expects authorization to be configured before running this test""" # TODO: To reuse the HS2 utility code from the TestHS2 test suite we need to import # the module within this test function, rather than as a top-level import. This way # the tests in that module will not get pulled when executing this test suite. The fix # is to split the utility code out of the TestHS2 class and support HS2 as a first # class citizen in our test framework. from tests.hs2.test_hs2 import TestHS2 open_session_req = TCLIService.TOpenSessionReq() # Connected user is 'hue' open_session_req.username = '******' open_session_req.configuration = dict() # Delegated user is the current user open_session_req.configuration['impala.doas.user'] = getuser() resp = self.hs2_client.OpenSession(open_session_req) TestHS2.check_response(resp) # Try to query a table we are not authorized to access. self.session_handle = resp.sessionHandle execute_statement_req = TCLIService.TExecuteStatementReq() execute_statement_req.sessionHandle = self.session_handle execute_statement_req.statement = "describe tpch_seq.lineitem" execute_statement_resp = self.hs2_client.ExecuteStatement( execute_statement_req) assert 'User \'%s\' does not have privileges to access' % getuser() in\ str(execute_statement_resp) assert self.__wait_for_audit_record(user=getuser(), impersonator='hue'),\ 'No matching audit event recorded in time window' # Now try the same operation on a table we are authorized to access. execute_statement_req = TCLIService.TExecuteStatementReq() execute_statement_req.sessionHandle = self.session_handle execute_statement_req.statement = "describe tpch.lineitem" execute_statement_resp = self.hs2_client.ExecuteStatement( execute_statement_req) TestHS2.check_response(execute_statement_resp) # Verify the correct user information is in the runtime profile query_id = operation_id_to_query_id( execute_statement_resp.operationHandle.operationId) profile_page = self.cluster.impalads[ 0].service.read_query_profile_page(query_id) self.__verify_profile_user_fields(profile_page, effective_user=getuser(), delegated_user=getuser(), connected_user='******') # Try to user we are not authorized to delegate to. open_session_req.configuration['impala.doas.user'] = '******' resp = self.hs2_client.OpenSession(open_session_req) assert 'User \'hue\' is not authorized to delegate to \'some_user\'' in str( resp) # Create a new session which does not have a do_as_user. open_session_req.username = '******' open_session_req.configuration = dict() resp = self.hs2_client.OpenSession(open_session_req) TestHS2.check_response(resp) # Run a simple query, which should succeed. execute_statement_req = TCLIService.TExecuteStatementReq() execute_statement_req.sessionHandle = resp.sessionHandle execute_statement_req.statement = "select 1" execute_statement_resp = self.hs2_client.ExecuteStatement( execute_statement_req) TestHS2.check_response(execute_statement_resp) # Verify the correct user information is in the runtime profile. Since there is # no do_as_user the Delegated User field should be empty. query_id = operation_id_to_query_id( execute_statement_resp.operationHandle.operationId) profile_page = self.cluster.impalads[ 0].service.read_query_profile_page(query_id) self.__verify_profile_user_fields(profile_page, effective_user='******', delegated_user='', connected_user='******') self.socket.close() self.socket = None
help="Indicates whether the cluster is kerberized.") options, args = parser.parse_args() hs2_host, hs2_port = options.hs2_hostport.split(':') hs2_transport = create_transport(use_kerberos=options.use_kerberos, host=hs2_host, port=hs2_port, service="hiveserver2") protocol = TBinaryProtocol.TBinaryProtocol(hs2_transport) hs2_client = TCLIService.Client(protocol) # Try to connect to the HiveServer2 service and create a session now = time.time() TIMEOUT_SECONDS = 30.0 while time.time() - now < TIMEOUT_SECONDS: try: hs2_transport.open() open_session_req = TCLIService.TOpenSessionReq() open_session_req.username = getpass.getuser() resp = hs2_client.OpenSession(open_session_req) if resp.status.statusCode == TCLIService.TStatusCode.SUCCESS_STATUS: close_session_req = TCLIService.TCloseSessionReq() close_session_req.sessionHandle = resp.sessionHandle hs2_client.CloseSession(close_session_req) print "HiveServer2 service is up at %s." % options.hs2_hostport exit(0) except Exception, e: print "Waiting for HiveServer2 at %s..." % options.hs2_hostport time.sleep(0.5) print "HiveServer2 service failed to start within %s seconds." % TIMEOUT_SECONDS exit(1)
def test_open_session(self): """Check that a session can be opened""" open_session_req = TCLIService.TOpenSessionReq() TestHS2.check_response(self.hs2_client.OpenSession(open_session_req))