Repository: sentry Updated Branches: refs/heads/SENTRY-999 2561272da -> 637f6dc2b
SENTRY-1103: Authorizable names' case sensitivity must be decided by plugins(Colin Ma, reviewed by Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/637f6dc2 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/637f6dc2 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/637f6dc2 Branch: refs/heads/SENTRY-999 Commit: 637f6dc2b2cde12ff591cb54f33890932b07df3d Parents: 2561272 Author: Colin Ma <[email protected]> Authored: Mon Mar 28 11:56:58 2016 +0800 Committer: Colin Ma <[email protected]> Committed: Mon Mar 28 11:56:58 2016 +0800 ---------------------------------------------------------------------- .../apache/sentry/policy/hive/DBPolicyTestUtil.java | 4 ++-- .../sentry/policy/solr/SearchPolicyTestUtil.java | 4 ++-- .../sentry/policy/sqoop/SqoopPolicyTestUtil.java | 3 ++- .../apache/sentry/core/common/ImplyMethodType.java | 1 + .../apache/sentry/core/common/utils/KeyValue.java | 4 ++-- .../apache/sentry/policy/common/CommonPrivilege.java | 7 +++++-- .../apache/sentry/policy/common/ModelForTest.java | 2 +- .../sentry/policy/common/TestCommonPrivilege.java | 15 +++++++++++++++ sentry-policy/sentry-policy-indexer/pom.xml | 4 ++++ .../sentry/policy/indexer/IndexPolicyTestUtil.java | 4 ++-- 10 files changed, 36 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/637f6dc2/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/DBPolicyTestUtil.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/DBPolicyTestUtil.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/DBPolicyTestUtil.java index c390b66..854acbe 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/DBPolicyTestUtil.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/DBPolicyTestUtil.java @@ -19,7 +19,7 @@ package org.apache.sentry.policy.hive; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.model.db.HivePrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.policy.db.SimpleDBPolicyEngine; +import org.apache.sentry.policy.engine.common.CommonPolicyEngine; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.file.SimpleFileProviderBackend; @@ -40,6 +40,6 @@ public class DBPolicyTestUtil { providerBackend.initialize(context); - return new SimpleDBPolicyEngine(providerBackend); + return new CommonPolicyEngine(providerBackend); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/637f6dc2/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java index 3856825..e198b5c 100644 --- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java +++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java @@ -19,7 +19,7 @@ package org.apache.sentry.policy.solr; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.model.search.SearchPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.policy.search.SimpleSearchPolicyEngine; +import org.apache.sentry.policy.engine.common.CommonPolicyEngine; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.file.SimpleFileProviderBackend; @@ -40,6 +40,6 @@ public class SearchPolicyTestUtil { providerBackend.initialize(context); - return new SimpleSearchPolicyEngine(providerBackend); + return new CommonPolicyEngine(providerBackend); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/637f6dc2/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java index a76554e..bfd11e3 100644 --- a/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java +++ b/sentry-binding/sentry-binding-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java @@ -19,6 +19,7 @@ package org.apache.sentry.policy.sqoop; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; +import org.apache.sentry.policy.engine.common.CommonPolicyEngine; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.file.SimpleFileProviderBackend; @@ -39,6 +40,6 @@ public class SqoopPolicyTestUtil { providerBackend.initialize(context); - return new SimpleSqoopPolicyEngine(providerBackend); + return new CommonPolicyEngine(providerBackend); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/637f6dc2/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java index 16a7a46..8931989 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java @@ -18,6 +18,7 @@ package org.apache.sentry.core.common; public enum ImplyMethodType { STRING, + STRING_CASE_SENSITIVE, URL, ACTION, } http://git-wip-us.apache.org/repos/asf/sentry/blob/637f6dc2/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/KeyValue.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/KeyValue.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/KeyValue.java index 079629e..4e944e5 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/KeyValue.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/utils/KeyValue.java @@ -84,14 +84,14 @@ public class KeyValue { if (other.key != null) { return false; } - } else if (!key.equalsIgnoreCase(other.key)) { + } else if (!key.equals(other.key)) { return false; } if (value == null) { if (other.value != null) { return false; } - } else if (!value.equalsIgnoreCase(other.value)) { + } else if (!value.equals(other.value)) { return false; } return true; http://git-wip-us.apache.org/repos/asf/sentry/blob/637f6dc2/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java index edad2e8..dedd908 100644 --- a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java +++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java @@ -120,8 +120,8 @@ public class CommonPrivilege implements Privilege { // if requestValue is wildcard, means privilege request is to match with any value of given resource if (SentryConstants.RESOURCE_WILDCARD_VALUE.equals(policyValue) || SentryConstants.RESOURCE_WILDCARD_VALUE.equals(requestValue) - || SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equals(policyValue) - || SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equals(requestValue) + || SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equalsIgnoreCase(policyValue) + || SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equalsIgnoreCase(requestValue) || SentryConstants.RESOURCE_WILDCARD_VALUE_SOME.equals(requestValue)) { return true; } @@ -129,6 +129,9 @@ public class CommonPrivilege implements Privilege { // compare as the url if (ImplyMethodType.URL == implyMethodType) { return PathUtils.impliesURI(policyValue, requestValue); + } else if (ImplyMethodType.STRING_CASE_SENSITIVE == implyMethodType) { + // compare as the string case sensitive + return policyValue.equals(requestValue); } // default: compare as the string case insensitive return policyValue.equalsIgnoreCase(requestValue); http://git-wip-us.apache.org/repos/asf/sentry/blob/637f6dc2/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java index a213987..6c7ea08 100644 --- a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java +++ b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java @@ -35,7 +35,7 @@ public class ModelForTest implements Model { implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Server.name().toLowerCase(), ImplyMethodType.STRING); implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Db.name().toLowerCase(), ImplyMethodType.STRING); implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Table.name().toLowerCase(), ImplyMethodType.STRING); - implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Column.name().toLowerCase(), ImplyMethodType.STRING); + implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Column.name().toLowerCase(), ImplyMethodType.STRING_CASE_SENSITIVE); implyMethodMap.put(DBModelAuthorizable.AuthorizableType.URI.name().toLowerCase(), ImplyMethodType.URL); } http://git-wip-us.apache.org/repos/asf/sentry/blob/637f6dc2/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java index abaf61f..3f60b19 100644 --- a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java +++ b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java @@ -129,4 +129,19 @@ public class TestCommonPrivilege { assertFalse(privilegForSelect.implies(privilegForAll, testModel)); assertFalse(privilegForInsert.implies(privilegForAll, testModel)); } + + @Test + public void testImplyStringCaseSensitive() throws Exception { + CommonPrivilege privileg1 = new CommonPrivilege("server=server1->db=db1->table=table1->column=col1->action=select"); + CommonPrivilege privileg2 = new CommonPrivilege("server=server1->db=db1->table=table1->column=CoL1->action=select"); + CommonPrivilege privileg3 = new CommonPrivilege("server=SERver1->db=Db1->table=TAbLe1->column=col1->action=select"); + CommonPrivilege privileg4 = new CommonPrivilege("SERVER=server1->DB=db1->TABLE=table1->COLUMN=col1->ACTION=select"); + + // column is case sensitive + assertFalse(privileg1.implies(privileg2, testModel)); + // server, db, table is case insensitive + assertTrue(privileg1.implies(privileg3, testModel)); + // key in privilege is case insensitive + assertTrue(privileg1.implies(privileg4, testModel)); + } } http://git-wip-us.apache.org/repos/asf/sentry/blob/637f6dc2/sentry-policy/sentry-policy-indexer/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/pom.xml b/sentry-policy/sentry-policy-indexer/pom.xml index 1a50581..498ea45 100644 --- a/sentry-policy/sentry-policy-indexer/pom.xml +++ b/sentry-policy/sentry-policy-indexer/pom.xml @@ -73,6 +73,10 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> + <artifactId>sentry-policy-engine</artifactId> + </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> <artifactId>sentry-provider-file</artifactId> </dependency> <dependency> http://git-wip-us.apache.org/repos/asf/sentry/blob/637f6dc2/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java index 45d3400..45f100e 100644 --- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java +++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java @@ -19,6 +19,7 @@ package org.apache.sentry.policy.indexer; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; +import org.apache.sentry.policy.engine.common.CommonPolicyEngine; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.file.SimpleFileProviderBackend; @@ -38,7 +39,6 @@ public class IndexPolicyTestUtil { // initialize the backend with the context providerBackend.initialize(context); - - return new SimpleIndexerPolicyEngine(providerBackend); + return new CommonPolicyEngine(providerBackend); } }
