SENTRY-999: Refactor the sentry to integrate with external components quickly (Colin Ma, reviewed by Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/d94e900a Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/d94e900a Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/d94e900a Branch: refs/heads/master Commit: d94e900af45342d20f0f3c8a56b18240340755f4 Parents: 6d79016 Author: Colin Ma <[email protected]> Authored: Fri Apr 22 14:58:28 2016 +0800 Committer: Colin Ma <[email protected]> Committed: Fri Apr 22 14:58:28 2016 +0800 ---------------------------------------------------------------------- SENTRY-999.001.patch | 18685 +++++++++++++++++ pom.xml | 17 +- .../sentry-binding-hive-common/pom.xml | 4 - .../hive/SentryIniPolicyFileFormatter.java | 6 +- .../binding/hive/authz/HiveAuthzBinding.java | 43 +- .../sentry/binding/hive/conf/HiveAuthzConf.java | 2 +- sentry-binding/sentry-binding-hive/pom.xml | 30 + .../hive/TestSentryIniPolicyFileFormatter.java | 6 +- .../hive/AbstractTestSimplePolicyEngine.java | 156 + .../sentry/policy/hive/DBPolicyTestUtil.java | 45 + .../policy/hive/TestDBModelAuthorizables.java | 77 + .../policy/hive/TestDatabaseRequiredInRole.java | 50 + .../policy/hive/TestPolicyParsingNegative.java | 194 + ...sourceAuthorizationProviderGeneralCases.java | 195 + ...sourceAuthorizationProviderSpecialCases.java | 124 + .../hive/TestSimpleDBPolicyEngineDFS.java | 115 + .../hive/TestSimpleDBPolicyEngineLocalFS.java | 44 + .../hive/TestCommonPrivilegeForHive.java | 344 + ...e-policy-test-authz-provider-other-group.ini | 22 + .../hive-policy-test-authz-provider.ini | 32 + sentry-binding/sentry-binding-kafka/pom.xml | 9 +- .../sentry/kafka/binding/KafkaAuthBinding.java | 891 +- .../apache/sentry/kafka/conf/KafkaAuthConf.java | 4 +- .../kafka/AbstractTestKafkaPolicyEngine.java | 163 + .../policy/kafka/KafkaPolicyTestUtil.java | 48 + .../kafka/MockGroupMappingServiceProvider.java | 39 + ...tKafkaAuthorizationProviderGeneralCases.java | 218 + ...tKafkaAuthorizationProviderSpecialCases.java | 90 + .../kafka/TestKafkaModelAuthorizables.java | 87 + .../policy/kafka/TestKafkaPolicyEngineDFS.java | 75 + .../kafka/TestKafkaPolicyEngineLocalFS.java | 47 + .../policy/kafka/TestKafkaPolicyNegative.java | 104 + .../kafka/TestKafkaPrivilegeValidator.java | 170 + .../kafka/TestKafkaWildcardPrivilege.java | 188 + .../kafka-policy-test-authz-provider.ini | 38 + .../src/test/resources/sentry-site.xml | 2 +- sentry-binding/sentry-binding-solr/pom.xml | 4 - .../binding/solr/authz/SolrAuthzBinding.java | 37 +- .../sentry/binding/solr/conf/SolrAuthzConf.java | 2 +- .../solr/AbstractTestSearchPolicyEngine.java | 129 + .../policy/solr/SearchPolicyTestUtil.java | 45 + .../solr/TestCollectionRequiredInRole.java | 64 + ...SearchAuthorizationProviderGeneralCases.java | 193 + ...SearchAuthorizationProviderSpecialCases.java | 84 + .../solr/TestSearchModelAuthorizables.java | 54 + .../policy/solr/TestSearchPolicyEngineDFS.java | 74 + .../solr/TestSearchPolicyEngineLocalFS.java | 43 + .../policy/solr/TestSearchPolicyNegative.java | 101 + .../solr/TestCommonPrivilegeForSearch.java | 214 + .../solr-policy-test-authz-provider.ini | 31 + sentry-binding/sentry-binding-sqoop/pom.xml | 17 +- .../sentry/sqoop/binding/SqoopAuthBinding.java | 26 +- .../apache/sentry/sqoop/conf/SqoopAuthConf.java | 2 +- .../sqoop/AbstractTestSqoopPolicyEngine.java | 145 + .../policy/sqoop/SqoopPolicyTestUtil.java | 45 + .../sqoop/TestServerNameRequiredMatch.java | 57 + ...tSqoopAuthorizationProviderGeneralCases.java | 241 + ...tSqoopAuthorizationProviderSpecialCases.java | 89 + .../sqoop/TestSqoopModelAuthorizables.java | 54 + .../policy/sqoop/TestSqoopPolicyEngineDFS.java | 75 + .../sqoop/TestSqoopPolicyEngineLocalFS.java | 45 + .../policy/sqoop/TestSqoopPolicyNegative.java | 121 + .../sqoop/TestCommonPrivilegeForSqoop.java | 196 + .../sqoop-policy-test-authz-provider.ini | 40 + .../sentry/core/common/BitFieldAction.java | 2 +- .../sentry/core/common/ImplyMethodType.java | 24 + .../org/apache/sentry/core/common/Model.java | 29 + .../org/apache/sentry/core/common/Resource.java | 26 + .../sentry/core/common/utils/KeyValue.java | 99 + .../core/common/utils/SentryConstants.java | 43 + .../common/validator/PrivilegeValidator.java | 24 + .../validator/PrivilegeValidatorContext.java | 38 + .../sentry/core/common/utils/TestKeyValue.java | 74 + .../core/model/db/DBModelAuthorizables.java | 60 + .../sentry/core/model/db/HiveActionFactory.java | 73 + .../core/model/db/HivePrivilegeModel.java | 68 + .../validator/AbstractDBPrivilegeValidator.java | 51 + .../model/db/validator/DatabaseMustMatch.java | 46 + .../validator/DatabaseRequiredInPrivilege.java | 72 + .../model/db/validator/ServerNameMustMatch.java | 43 + .../model/db/validator/ServersAllIsInvalid.java | 39 + .../indexer/IndexerModelAuthorizables.java | 46 + .../model/indexer/IndexerPrivilegeModel.java | 59 + .../AbstractIndexerPrivilegeValidator.java | 51 + .../validator/IndexerRequiredInPrivilege.java | 43 + .../core/model/kafka/KafkaActionFactory.java | 4 +- .../model/kafka/KafkaModelAuthorizables.java | 57 + .../core/model/kafka/KafkaPrivilegeModel.java | 69 + .../validator/KafkaPrivilegeValidator.java | 119 + .../model/search/SearchModelAuthorizables.java | 46 + .../core/model/search/SearchPrivilegeModel.java | 60 + .../AbstractSearchPrivilegeValidator.java | 52 + .../CollectionRequiredInPrivilege.java | 43 + .../model/sqoop/SqoopModelAuthorizables.java | 52 + .../core/model/sqoop/SqoopPrivilegeModel.java | 63 + .../validator/ServerNameRequiredMatch.java | 70 + sentry-dist/pom.xml | 16 - sentry-policy/pom.xml | 5 +- sentry-policy/sentry-policy-common/pom.xml | 5 + .../sentry/policy/common/CommonPrivilege.java | 176 + .../apache/sentry/policy/common/KeyValue.java | 99 - .../sentry/policy/common/PolicyConstants.java | 38 - .../apache/sentry/policy/common/Privilege.java | 4 +- .../policy/common/PrivilegeValidator.java | 24 - .../common/PrivilegeValidatorContext.java | 38 - .../sentry/policy/common/ModelForTest.java | 87 + .../policy/common/TestCommonPrivilege.java | 147 + .../sentry/policy/common/TestKeyValue.java | 76 - sentry-policy/sentry-policy-db/pom.xml | 98 - .../policy/db/AbstractDBPrivilegeValidator.java | 50 - .../sentry/policy/db/DBModelAuthorizables.java | 67 - .../sentry/policy/db/DBWildcardPrivilege.java | 164 - .../sentry/policy/db/DatabaseMustMatch.java | 46 - .../policy/db/DatabaseRequiredInPrivilege.java | 71 - .../sentry/policy/db/ServerNameMustMatch.java | 43 - .../sentry/policy/db/ServersAllIsInvalid.java | 39 - .../sentry/policy/db/SimpleDBPolicyEngine.java | 121 - .../db/AbstractTestSimplePolicyEngine.java | 156 - .../sentry/policy/db/DBPolicyFileBackend.java | 28 - .../policy/db/TestDBModelAuthorizables.java | 75 - .../policy/db/TestDBWildcardPrivilege.java | 335 - .../policy/db/TestDatabaseRequiredInRole.java | 49 - .../policy/db/TestPolicyParsingNegative.java | 194 - ...sourceAuthorizationProviderGeneralCases.java | 180 - ...sourceAuthorizationProviderSpecialCases.java | 122 - .../policy/db/TestSimpleDBPolicyEngineDFS.java | 114 - .../db/TestSimpleDBPolicyEngineLocalFS.java | 44 - .../src/test/resources/log4j.properties | 31 - .../test-authz-provider-other-group.ini | 22 - .../src/test/resources/test-authz-provider.ini | 32 - sentry-policy/sentry-policy-engine/pom.xml | 53 + .../engine/common/CommonPolicyEngine.java | 106 + .../engine/common/CommonPrivilegeFactory.java | 29 + sentry-policy/sentry-policy-indexer/pom.xml | 4 + .../AbstractIndexerPrivilegeValidator.java | 50 - .../indexer/IndexerModelAuthorizables.java | 48 - .../indexer/IndexerRequiredInPrivilege.java | 43 - .../indexer/IndexerWildcardPrivilege.java | 13 +- .../indexer/SimpleIndexerPolicyEngine.java | 13 +- .../policy/indexer/IndexPolicyTestUtil.java | 44 + .../indexer/IndexerPolicyFileBackend.java | 28 - .../indexer/TestCommonPrivilegeForIndexer.java | 214 + ...ndexerAuthorizationProviderGeneralCases.java | 5 +- ...ndexerAuthorizationProviderSpecialCases.java | 6 +- .../indexer/TestIndexerModelAuthorizables.java | 3 +- .../indexer/TestIndexerPolicyEngineDFS.java | 2 +- .../indexer/TestIndexerPolicyEngineLocalFS.java | 2 +- .../indexer/TestIndexerPolicyNegative.java | 6 +- .../indexer/TestIndexerRequiredInRole.java | 3 +- .../indexer/TestIndexerWildcardPrivilege.java | 203 - sentry-policy/sentry-policy-kafka/pom.xml | 80 - .../policy/kafka/KafkaModelAuthorizables.java | 62 - .../policy/kafka/KafkaPrivilegeValidator.java | 118 - .../policy/kafka/KafkaWildcardPrivilege.java | 146 - .../policy/kafka/SimpleKafkaPolicyEngine.java | 107 - .../kafka/KafkaPolicyFileProviderBackend.java | 34 - .../kafka/MockGroupMappingServiceProvider.java | 39 - .../kafka/TestKafkaModelAuthorizables.java | 86 - .../kafka/TestKafkaPrivilegeValidator.java | 169 - .../kafka/TestKafkaWildcardPrivilege.java | 175 - .../engine/AbstractTestKafkaPolicyEngine.java | 163 - .../kafka/engine/TestKafkaPolicyEngineDFS.java | 76 - .../engine/TestKafkaPolicyEngineLocalFS.java | 47 - ...tKafkaAuthorizationProviderGeneralCases.java | 218 - ...tKafkaAuthorizationProviderSpecialCases.java | 88 - .../kafka/provider/TestKafkaPolicyNegative.java | 105 - .../src/test/resources/log4j.properties | 31 - .../src/test/resources/test-authz-provider.ini | 38 - sentry-policy/sentry-policy-search/pom.xml | 87 - .../AbstractSearchPrivilegeValidator.java | 51 - .../search/CollectionRequiredInPrivilege.java | 43 - .../policy/search/SearchModelAuthorizables.java | 48 - .../policy/search/SearchWildcardPrivilege.java | 144 - .../policy/search/SimpleSearchPolicyEngine.java | 121 - .../search/AbstractTestSearchPolicyEngine.java | 129 - .../policy/search/SearchPolicyFileBackend.java | 28 - .../search/TestCollectionRequiredInRole.java | 63 - ...SearchAuthorizationProviderGeneralCases.java | 178 - ...SearchAuthorizationProviderSpecialCases.java | 82 - .../search/TestSearchModelAuthorizables.java | 53 - .../search/TestSearchPolicyEngineDFS.java | 74 - .../search/TestSearchPolicyEngineLocalFS.java | 43 - .../policy/search/TestSearchPolicyNegative.java | 101 - .../search/TestSearchWildcardPrivilege.java | 203 - .../src/test/resources/log4j.properties | 31 - .../src/test/resources/test-authz-provider.ini | 31 - sentry-policy/sentry-policy-sqoop/pom.xml | 80 - .../policy/sqoop/ServerNameRequiredMatch.java | 69 - .../policy/sqoop/SimpleSqoopPolicyEngine.java | 105 - .../policy/sqoop/SqoopModelAuthorizables.java | 57 - .../policy/sqoop/SqoopWildcardPrivilege.java | 122 - .../sqoop/AbstractTestSqoopPolicyEngine.java | 145 - .../sqoop/MockGroupMappingServiceProvider.java | 39 - .../sqoop/SqoopPolicyFileProviderBackend.java | 35 - .../sqoop/TestServerNameRequiredMatch.java | 56 - ...tSqoopAuthorizationProviderGeneralCases.java | 225 - ...tSqoopAuthorizationProviderSpecialCases.java | 87 - .../sqoop/TestSqoopModelAuthorizables.java | 53 - .../policy/sqoop/TestSqoopPolicyEngineDFS.java | 75 - .../sqoop/TestSqoopPolicyEngineLocalFS.java | 44 - .../policy/sqoop/TestSqoopPolicyNegative.java | 121 - .../sqoop/TestSqoopWildcardPrivilege.java | 176 - .../src/test/resources/log4j.properties | 31 - .../src/test/resources/test-authz-provider.ini | 40 - ...adoopGroupResourceAuthorizationProvider.java | 15 +- .../provider/common/ProviderBackendContext.java | 2 +- .../common/ResourceAuthorizationProvider.java | 15 +- ...adoopGroupResourceAuthorizationProvider.java | 14 +- .../provider/common/TestGetGroupMapping.java | 2 +- sentry-provider/sentry-provider-db/pom.xml | 6 +- .../service/persistent/PrivilegeObject.java | 4 +- .../thrift/SentryGenericPolicyProcessor.java | 14 +- .../tools/KafkaTSentryPrivilegeConvertor.java | 20 +- .../db/generic/tools/SentryConfigToolSolr.java | 10 +- .../tools/SolrTSentryPrivilegeConvertor.java | 24 +- .../db/service/model/MSentryGMPrivilege.java | 4 +- .../db/service/persistent/SentryStore.java | 8 +- .../db/tools/command/hive/CommandUtil.java | 6 +- .../tools/command/hive/ListPrivilegesCmd.java | 18 +- .../service/thrift/SentryServiceUtil.java | 24 +- .../db/generic/tools/TestSentryShellKafka.java | 2 +- .../thrift/TestSentryServiceImportExport.java | 6 +- .../provider/file/LocalGroupMappingService.java | 4 +- ...LocalGroupResourceAuthorizationProvider.java | 11 +- .../file/SimpleFileProviderBackend.java | 6 +- sentry-solr/solr-sentry-handlers/pom.xml | 4 - sentry-tests/sentry-tests-hive/pom.xml | 5 - .../AbstractTestWithStaticConfiguration.java | 8 +- .../tests/e2e/hive/TestPerDBConfiguration.java | 10 +- .../tests/e2e/hive/TestPolicyImportExport.java | 6 +- .../metastore/SentryPolicyProviderForDb.java | 8 +- 231 files changed, 26741 insertions(+), 8275 deletions(-) ----------------------------------------------------------------------
