Repository: sentry Updated Branches: refs/heads/master 3f79a5d74 -> dd8828cad
SENTRY-1214: Make Kafka resources/ Kafka Model case sensitive(Ashish K Singh via Colin Ma) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/dd8828ca Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/dd8828ca Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/dd8828ca Branch: refs/heads/master Commit: dd8828cade1c47b038ae96e918f644bd2b913438 Parents: 3f79a5d Author: Colin Ma <[email protected]> Authored: Fri Apr 29 09:55:23 2016 +0800 Committer: Colin Ma <[email protected]> Committed: Fri Apr 29 09:55:23 2016 +0800 ---------------------------------------------------------------------- .../core/model/kafka/KafkaPrivilegeModel.java | 4 +-- .../sentry/tests/e2e/kafka/TestAclsCrud.java | 2 +- .../sentry/tests/e2e/kafka/TestAuthorize.java | 33 ++++++++++---------- 3 files changed, 19 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/dd8828ca/sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaPrivilegeModel.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaPrivilegeModel.java b/sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaPrivilegeModel.java index 74c887e..e460874 100644 --- a/sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaPrivilegeModel.java +++ b/sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaPrivilegeModel.java @@ -43,9 +43,9 @@ public class KafkaPrivilegeModel implements Model { implyMethodMap.put(KafkaAuthorizable.AuthorizableType.HOST.name().toLowerCase(), ImplyMethodType.STRING); implyMethodMap.put(KafkaAuthorizable.AuthorizableType.TOPIC.name().toLowerCase(), - ImplyMethodType.STRING); + ImplyMethodType.STRING_CASE_SENSITIVE); implyMethodMap.put(KafkaAuthorizable.AuthorizableType.CONSUMERGROUP.name().toLowerCase(), - ImplyMethodType.STRING); + ImplyMethodType.STRING_CASE_SENSITIVE); } @Override http://git-wip-us.apache.org/repos/asf/sentry/blob/dd8828ca/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java index 135d362..a02ace7 100644 --- a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java +++ b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAclsCrud.java @@ -125,7 +125,7 @@ public class TestAclsCrud extends AbstractKafkaSentryTestBase { Operation$.MODULE$.fromString("READ")); acls.add(acl); scala.collection.immutable.Set<Acl> aclsScala = scala.collection.JavaConversions.asScalaSet(acls).toSet(); - Resource resource = new Resource(ResourceType$.MODULE$.fromString("TOPIC"), "test-topic"); + Resource resource = new Resource(ResourceType$.MODULE$.fromString("TOPIC"), "test-Topic"); // Add role try { http://git-wip-us.apache.org/repos/asf/sentry/blob/dd8828ca/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java index e800830..250522e 100644 --- a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java +++ b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java @@ -51,6 +51,7 @@ import java.util.concurrent.ExecutionException; public class TestAuthorize extends AbstractKafkaSentryTestBase { private static final Logger LOGGER = LoggerFactory.getLogger(TestAuthorize.class); + private static final String TOPIC_NAME = "tOpIc1"; @Test public void testProduceConsumeForSuperuser() { @@ -70,26 +71,26 @@ public class TestAuthorize extends AbstractKafkaSentryTestBase { // START TESTING PRODUCER try { testProduce("user1"); - Assert.fail("user1 must not have been authorized to create topic t1."); + Assert.fail("user1 must not have been authorized to create topic " + TOPIC_NAME + "."); } catch (ExecutionException ex) { - assertCausedMessage(ex, "Not authorized to access topics: [t1]"); + assertCausedMessage(ex, "Not authorized to access topics: [" + TOPIC_NAME + "]"); } final String role = StaticUserGroupRole.ROLE_1; final String group = StaticUserGroupRole.GROUP_1; - // Allow HOST=localhost->Topic=t1->action=describe + // Allow HOST=localhost->Topic=tOpIc1->action=describe ArrayList<TAuthorizable> authorizables = new ArrayList<TAuthorizable>(); Host host = new Host(localhost); authorizables.add(new TAuthorizable(host.getTypeName(), host.getName())); - Topic topic = new Topic("t1"); + Topic topic = new Topic(TOPIC_NAME); // Topic name is case sensitive. authorizables.add(new TAuthorizable(topic.getTypeName(), topic.getName())); addPermissions(role, group, KafkaActionConstant.DESCRIBE, authorizables); try { testProduce("user1"); - Assert.fail("user1 must not have been authorized to create topic t1."); + Assert.fail("user1 must not have been authorized to create topic " + TOPIC_NAME + "."); } catch (ExecutionException ex) { - assertCausedMessage(ex, "Not authorized to access topics: [t1]"); + assertCausedMessage(ex, "Not authorized to access topics: [" + TOPIC_NAME + "]"); } // Allow HOST=localhost->Cluster=kafka-cluster->action=create @@ -100,12 +101,12 @@ public class TestAuthorize extends AbstractKafkaSentryTestBase { addPermissions(role, group, KafkaActionConstant.CREATE, authorizables); try { testProduce("user1"); - Assert.fail("user1 must not have been authorized to create topic t1."); + Assert.fail("user1 must not have been authorized to create topic " + TOPIC_NAME + "."); } catch (ExecutionException ex) { - assertCausedMessage(ex, "Not authorized to access topics: [t1]"); + assertCausedMessage(ex, "Not authorized to access topics: [" + TOPIC_NAME + "]"); } - // Allow HOST=localhost->Topic=t1->action=write + // Allow HOST=localhost->Topic=tOpIc1->action=write authorizables = new ArrayList<TAuthorizable>(); authorizables.add(new TAuthorizable(host.getTypeName(), host.getName())); authorizables.add(new TAuthorizable(topic.getTypeName(), topic.getName())); @@ -113,7 +114,7 @@ public class TestAuthorize extends AbstractKafkaSentryTestBase { try { testProduce("user1"); } catch (Exception ex) { - Assert.fail("user1 should have been able to successfully produce to topic t1. \n Exception: " + ex); + Assert.fail("user1 should have been able to successfully produce to topic " + TOPIC_NAME + ". \n Exception: " + ex); } // START TESTING CONSUMER @@ -144,12 +145,12 @@ public class TestAuthorize extends AbstractKafkaSentryTestBase { addPermissions(role, group, KafkaActionConstant.READ, authorizables); try { testConsume("user1"); - Assert.fail("user1 must not have been authorized to read from topic t1."); + Assert.fail("user1 must not have been authorized to read from topic " + TOPIC_NAME + "."); } catch (Exception ex) { - assertCausedMessage(ex, "Not authorized to access topics: [t1]"); + assertCausedMessage(ex, "Not authorized to access topics: [" + TOPIC_NAME + "]"); } - // HOST=localhost->Topic=t1->action=read + // HOST=localhost->Topic=tOpIc1->action=read authorizables = new ArrayList<TAuthorizable>(); authorizables.add(new TAuthorizable(host.getTypeName(), host.getName())); authorizables.add(new TAuthorizable(topic.getTypeName(), topic.getName())); @@ -177,9 +178,8 @@ public class TestAuthorize extends AbstractKafkaSentryTestBase { private void testProduce(String producerUser) throws Exception { final KafkaProducer<String, String> kafkaProducer = createKafkaProducer(producerUser); try { - final String topic = "t1"; final String msg = "message1"; - ProducerRecord<String, String> producerRecord = new ProducerRecord<String, String>(topic, msg); + ProducerRecord<String, String> producerRecord = new ProducerRecord<String, String>(TOPIC_NAME, msg); kafkaProducer.send(producerRecord).get(); LOGGER.debug("Sent message: " + producerRecord); } finally { @@ -190,9 +190,8 @@ public class TestAuthorize extends AbstractKafkaSentryTestBase { private void testConsume(String consumerUser) throws Exception { final KafkaConsumer<String, String> kafkaConsumer = createKafkaConsumer(consumerUser); try { - final String topic = "t1"; final String msg = "message1"; - kafkaConsumer.subscribe(Collections.singletonList(topic), new CustomRebalanceListener(kafkaConsumer)); + kafkaConsumer.subscribe(Collections.singletonList(TOPIC_NAME), new CustomRebalanceListener(kafkaConsumer)); waitTillTrue("Did not receive expected message.", 60, 2, new Callable<Boolean>() { @Override public Boolean call() throws Exception {
