SENTRY-1142: Rebase on master (Ashish K Singh via Hao Hao) Change-Id: If050cf5187021fc5a428f6e8cf8a3c405431d8b7
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/07df5fba Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/07df5fba Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/07df5fba Branch: refs/heads/master Commit: 07df5fbadb09975bfd5c5bd609479b44c23b2d0c Parents: 00a14d9 Author: hahao <[email protected]> Authored: Mon Mar 21 23:05:16 2016 -0700 Committer: hahao <[email protected]> Committed: Mon Mar 21 23:18:37 2016 -0700 ---------------------------------------------------------------------- .../core/model/kafka/TestKafkaAction.java | 2 -- .../policy/kafka/KafkaModelAuthorizables.java | 2 +- .../policy/kafka/KafkaPrivilegeValidator.java | 5 ++-- .../policy/kafka/KafkaWildcardPrivilege.java | 4 +-- .../kafka/KafkaPolicyFileProviderBackend.java | 1 - .../kafka/TestKafkaModelAuthorizables.java | 2 +- .../kafka/TestKafkaWildcardPrivilege.java | 26 +++++++------------ ...tKafkaAuthorizationProviderGeneralCases.java | 18 ++++++++----- .../sentry/tests/e2e/kafka/TestAuthorize.java | 5 ++-- .../src/test/resources/user1.keystore.jks | Bin 0 -> 2060 bytes .../src/test/resources/user1.truststore.jks | Bin 0 -> 1513 bytes .../src/test/resources/user2.keystore.jks | Bin 0 -> 2058 bytes .../src/test/resources/user2.truststore.jks | Bin 0 -> 1513 bytes 13 files changed, 30 insertions(+), 35 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAction.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAction.java b/sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAction.java index e5fc7ff..dcab5d5 100644 --- a/sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAction.java +++ b/sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAction.java @@ -18,8 +18,6 @@ import static junit.framework.Assert.assertEquals; import static junit.framework.Assert.assertFalse; import static junit.framework.Assert.assertTrue; -import org.apache.sentry.core.model.kafka.KafkaActionConstant; -import org.apache.sentry.core.model.kafka.KafkaActionFactory; import org.apache.sentry.core.model.kafka.KafkaActionFactory.KafkaAction; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaModelAuthorizables.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaModelAuthorizables.java b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaModelAuthorizables.java index 1da1193..7be4241 100644 --- a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaModelAuthorizables.java +++ b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaModelAuthorizables.java @@ -22,7 +22,7 @@ import org.apache.sentry.core.model.kafka.KafkaAuthorizable; import org.apache.sentry.core.model.kafka.KafkaAuthorizable.AuthorizableType; import org.apache.sentry.core.model.kafka.Host; import org.apache.sentry.core.model.kafka.Topic; -import org.apache.sentry.provider.common.KeyValue; +import org.apache.sentry.policy.common.KeyValue; import org.apache.shiro.config.ConfigurationException; public class KafkaModelAuthorizables { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaPrivilegeValidator.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaPrivilegeValidator.java b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaPrivilegeValidator.java index 5cdfd3f..7383e50 100644 --- a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaPrivilegeValidator.java +++ b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaPrivilegeValidator.java @@ -16,14 +16,13 @@ */ package org.apache.sentry.policy.kafka; -import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_SPLITTER; -import static org.apache.sentry.provider.common.ProviderConstants.PRIVILEGE_PREFIX; +import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER; +import static org.apache.sentry.policy.common.PolicyConstants.PRIVILEGE_PREFIX; import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import com.google.common.annotations.VisibleForTesting; import org.apache.sentry.core.model.kafka.KafkaActionFactory; import org.apache.sentry.core.model.kafka.KafkaAuthorizable; import org.apache.sentry.core.model.kafka.Host; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaWildcardPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaWildcardPrivilege.java b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaWildcardPrivilege.java index 76aeb80..bc299b0 100644 --- a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaWildcardPrivilege.java +++ b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaWildcardPrivilege.java @@ -16,7 +16,7 @@ */ package org.apache.sentry.policy.kafka; -import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_SPLITTER; +import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER; import java.util.List; @@ -24,7 +24,7 @@ import org.apache.sentry.core.model.kafka.KafkaActionConstant; import org.apache.sentry.core.model.kafka.KafkaAuthorizable; import org.apache.sentry.policy.common.Privilege; import org.apache.sentry.policy.common.PrivilegeFactory; -import org.apache.sentry.provider.common.KeyValue; +import org.apache.sentry.policy.common.KeyValue; import com.google.common.base.Preconditions; import com.google.common.base.Strings; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/KafkaPolicyFileProviderBackend.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/KafkaPolicyFileProviderBackend.java b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/KafkaPolicyFileProviderBackend.java index 47a053d..c4a2f7b 100644 --- a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/KafkaPolicyFileProviderBackend.java +++ b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/KafkaPolicyFileProviderBackend.java @@ -21,7 +21,6 @@ package org.apache.sentry.policy.kafka; import java.io.IOException; import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.policy.kafka.SimpleKafkaPolicyEngine; import org.apache.sentry.provider.file.SimpleFileProviderBackend; import org.slf4j.Logger; import org.slf4j.LoggerFactory; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaModelAuthorizables.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaModelAuthorizables.java b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaModelAuthorizables.java index 6a18148..421466e 100644 --- a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaModelAuthorizables.java +++ b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaModelAuthorizables.java @@ -75,7 +75,7 @@ public class TestKafkaModelAuthorizables { @Test public void testClusterResourceNameIsRestricted() throws Exception { try { - Cluster cluster1 = (Cluster) KafkaModelAuthorizables.from("Cluster=cluster1"); + KafkaModelAuthorizables.from("Cluster=cluster1"); fail("Cluster with name other than " + Cluster.NAME + " must not have been created."); } catch (ConfigurationException cex) { assertEquals("Exception message is not as expected.", "Kafka's cluster resource can only have name " + Cluster.NAME, cex.getMessage()); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaWildcardPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaWildcardPrivilege.java b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaWildcardPrivilege.java index 8566984..bdef91c 100644 --- a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaWildcardPrivilege.java +++ b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaWildcardPrivilege.java @@ -19,14 +19,11 @@ package org.apache.sentry.policy.kafka; import static junit.framework.Assert.assertFalse; import static junit.framework.Assert.assertTrue; -import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_JOINER; -import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER; -import static org.apache.sentry.provider.common.ProviderConstants.KV_SEPARATOR; import org.apache.sentry.core.model.kafka.KafkaActionConstant; +import org.apache.sentry.policy.common.PolicyConstants; import org.apache.sentry.policy.common.Privilege; -import org.apache.sentry.policy.kafka.KafkaWildcardPrivilege; -import org.apache.sentry.provider.common.KeyValue; +import org.apache.sentry.policy.common.KeyValue; import org.junit.Test; public class TestKafkaWildcardPrivilege { @@ -58,11 +55,6 @@ public class TestKafkaWildcardPrivilege { private static final Privilege KAFKA_HOST1_GROUP1_WRITE = create(new KeyValue("HOST", "host1"), new KeyValue("GROUP", "cgroup1"), new KeyValue("action", KafkaActionConstant.WRITE)); - - private static final Privilege KAFKA_CLUSTER1_HOST1_ALL = - create(new KeyValue("CLUSTER", "cluster1"), new KeyValue("HOST", "host1"), new KeyValue("action", KafkaActionConstant.ALL)); - - @Test public void testSimpleAction() throws Exception { //host @@ -153,28 +145,28 @@ public class TestKafkaWildcardPrivilege { @Test(expected=IllegalArgumentException.class) public void testEmptyKey() throws Exception { - System.out.println(create(KV_JOINER.join("", "host1"))); + System.out.println(create(PolicyConstants.KV_JOINER.join("", "host1"))); } @Test(expected=IllegalArgumentException.class) public void testEmptyValue() throws Exception { - System.out.println(create(KV_JOINER.join("HOST", ""))); + System.out.println(create(PolicyConstants.KV_JOINER.join("HOST", ""))); } @Test(expected=IllegalArgumentException.class) public void testEmptyPart() throws Exception { - System.out.println(create(AUTHORIZABLE_JOINER. - join(KV_JOINER.join("HOST", "host1"), ""))); + System.out.println(create(PolicyConstants.AUTHORIZABLE_JOINER. + join(PolicyConstants.KV_JOINER.join("HOST", "host1"), ""))); } @Test(expected=IllegalArgumentException.class) public void testOnlySeperators() throws Exception { - System.out.println(create(AUTHORIZABLE_JOINER. - join(KV_SEPARATOR, KV_SEPARATOR, KV_SEPARATOR))); + System.out.println(create(PolicyConstants.AUTHORIZABLE_JOINER. + join(PolicyConstants.KV_SEPARATOR, PolicyConstants.KV_SEPARATOR, PolicyConstants.KV_SEPARATOR))); } static KafkaWildcardPrivilege create(KeyValue... keyValues) { - return create(AUTHORIZABLE_JOINER.join(keyValues)); + return create(PolicyConstants.AUTHORIZABLE_JOINER.join(keyValues)); } static KafkaWildcardPrivilege create(String s) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/provider/TestKafkaAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/provider/TestKafkaAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/provider/TestKafkaAuthorizationProviderGeneralCases.java index dc7ade2..386d2d5 100644 --- a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/provider/TestKafkaAuthorizationProviderGeneralCases.java +++ b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/provider/TestKafkaAuthorizationProviderGeneralCases.java @@ -166,38 +166,44 @@ public class TestKafkaAuthorizationProviderGeneralCases { @Test public void testConsumer() throws Exception { for (KafkaAction action : allActions) { - for (Host host : Sets.newHashSet(HOST_1, HOST_2)) + for (Host host : Sets.newHashSet(HOST_1, HOST_2)) { doTestResourceAuthorizationProvider(CONSUMER0, Arrays.asList(host, topic1), Sets.newHashSet(action), READ.equals(action)); + } } for (KafkaAction action : allActions) { - for (Host host : Sets.newHashSet(HOST_1, HOST_2)) + for (Host host : Sets.newHashSet(HOST_1, HOST_2)) { doTestResourceAuthorizationProvider(CONSUMER1, Arrays.asList(host, topic1), Sets.newHashSet(action), HOST_1.equals(host) && READ.equals(action)); + } } for (KafkaAction action : allActions) { - for (Host host : Sets.newHashSet(HOST_1, HOST_2)) + for (Host host : Sets.newHashSet(HOST_1, HOST_2)) { doTestResourceAuthorizationProvider(CONSUMER2, Arrays.asList(host, topic2), Sets.newHashSet(action), HOST_2.equals(host) && READ.equals(action)); + } } } @Test public void testProducer() throws Exception { for (KafkaAction action : allActions) { - for (Host host : Sets.newHashSet(HOST_1, HOST_2)) + for (Host host : Sets.newHashSet(HOST_1, HOST_2)) { doTestResourceAuthorizationProvider(PRODUCER0, Arrays.asList(host, topic1), Sets.newHashSet(action), WRITE.equals(action)); + } } for (KafkaAction action : allActions) { - for (Host host : Sets.newHashSet(HOST_1, HOST_2)) + for (Host host : Sets.newHashSet(HOST_1, HOST_2)) { doTestResourceAuthorizationProvider(PRODUCER1, Arrays.asList(host, topic1), Sets.newHashSet(action), HOST_1.equals(host) && WRITE.equals(action)); + } } for (KafkaAction action : allActions) { - for (Host host : Sets.newHashSet(HOST_1, HOST_2)) + for (Host host : Sets.newHashSet(HOST_1, HOST_2)) { doTestResourceAuthorizationProvider(PRODUCER2, Arrays.asList(host, topic2), Sets.newHashSet(action), HOST_2.equals(host) && WRITE.equals(action)); + } } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java index a5cd3da..e800830 100644 --- a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java +++ b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java @@ -197,8 +197,9 @@ public class TestAuthorize extends AbstractKafkaSentryTestBase { @Override public Boolean call() throws Exception { ConsumerRecords<String, String> records = kafkaConsumer.poll(1000); - if (records.isEmpty()) + if (records.isEmpty()) { LOGGER.debug("No record received from consumer."); + } for (ConsumerRecord<String, String> record : records) { if (record.value().equals(msg)) { LOGGER.debug("Received message: " + record); @@ -294,4 +295,4 @@ public class TestAuthorize extends AbstractKafkaSentryTestBase { } } } -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks b/sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks new file mode 100644 index 0000000..60bb91a Binary files /dev/null and b/sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks differ http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks b/sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks new file mode 100644 index 0000000..a59dab2 Binary files /dev/null and b/sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks differ http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks b/sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks new file mode 100644 index 0000000..beeff4c Binary files /dev/null and b/sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks differ http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/07df5fba/sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks b/sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks new file mode 100644 index 0000000..067677d Binary files /dev/null and b/sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks differ
