Repository: sentry Updated Branches: refs/heads/master d4165e423 -> c523c46ee
SENTRY-1225: Improve SentryPolicyServiceClientDefaultImpl to support user section with import/export(Colin Ma, reviewed by Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/c523c46e Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/c523c46e Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/c523c46e Branch: refs/heads/master Commit: c523c46ee66fb005be47a1646b0665038b3aa9d1 Parents: d4165e4 Author: Colin Ma <[email protected]> Authored: Thu May 5 17:21:07 2016 +0800 Committer: Colin Ma <[email protected]> Committed: Thu May 5 17:21:07 2016 +0800 ---------------------------------------------------------------------- .../SentryPolicyServiceClientDefaultImpl.java | 2 + .../thrift/TestSentryServiceImportExport.java | 55 +++++++++++++++++--- 2 files changed, 51 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/c523c46e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java index 0da3cfd..a52ad8f 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java @@ -940,6 +940,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService // convert the mapping data for [group,role] from map structure to // TSentryMappingData.GroupRolesMap tSentryMappingData.setGroupRolesMap(policyFileMappingData.get(PolicyFileConstants.GROUPS)); + tSentryMappingData.setUserRolesMap(policyFileMappingData.get(PolicyFileConstants.USERS)); // convert the mapping data for [role,privilege] from map structure to // TSentryMappingData.RolePrivilegesMap tSentryMappingData @@ -984,6 +985,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService Status.throwIfNotOk(response.getStatus()); TSentryMappingData tSentryMappingData = response.getMappingData(); Map<String, Map<String, Set<String>>> resultMap = Maps.newHashMap(); + resultMap.put(PolicyFileConstants.USERS, tSentryMappingData.getUserRolesMap()); resultMap.put(PolicyFileConstants.GROUPS, tSentryMappingData.getGroupRolesMap()); resultMap.put(PolicyFileConstants.ROLES, convertRolePrivilegesMapForPolicyFile(tSentryMappingData.getRolePrivilegesMap())); http://git-wip-us.apache.org/repos/asf/sentry/blob/c523c46e/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceImportExport.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceImportExport.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceImportExport.java index 865f66e..2665db1 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceImportExport.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceImportExport.java @@ -663,23 +663,66 @@ public class TestSentryServiceImportExport extends SentryServiceIntegrationBase }); } + // Befor import, database is empty. + // The following information is imported: + // group1=role1,role2,role3 + // group2=role1,role2,role3 + // user1=role1,role2,role3 + // user2=role1,role2,role3 + // role1=privilege1,privilege2,privilege3,privilege4 + // role2=privilege1,privilege2,privilege3,privilege4 + // role3=privilege1,privilege2,privilege3,privilege4 + @Test + public void testImportExportPolicyWithUser() throws Exception { + runTestAsSubject(new TestOperation() { + @Override + public void runTestAsSubject() throws Exception { + Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); + Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); + Map<String, Set<String>> userRolesMap = Maps.newHashMap(); + Set<String> roles = Sets.newHashSet("role1", "role2", "role3"); + groupRolesMap.put("group1", roles); + groupRolesMap.put("group2", roles); + userRolesMap.put("user1", roles); + userRolesMap.put("user2", roles); + Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap(); + for (String roleName : roles) { + rolePrivilegesMap.put(roleName, Sets.newHashSet(PRIVILIEGE1, + PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4)); + } + policyFileMappingData.put(PolicyFileConstants.USERS, userRolesMap); + policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); + policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap); + client.importPolicy(policyFileMappingData, ADMIN_USER, false); + + Map<String, Map<String, Set<String>>> sentryMappingData = + client.exportPolicy(ADMIN_USER, null); + // validate the [user, role] mapping + validateRolesMap(sentryMappingData.get(PolicyFileConstants.USERS), + policyFileMappingData.get(PolicyFileConstants.USERS)); + validateSentryMappingData(sentryMappingData, + policyFileMappingData); + } + }); + } + // verify the mapping data public void validateSentryMappingData( Map<String, Map<String, Set<String>>> actualMappingData, Map<String, Map<String, Set<String>>> expectedMappingData) { - validateGroupRolesMap(actualMappingData.get(PolicyFileConstants.GROUPS), + validateRolesMap(actualMappingData.get(PolicyFileConstants.GROUPS), expectedMappingData.get(PolicyFileConstants.GROUPS)); validateRolePrivilegesMap(actualMappingData.get(PolicyFileConstants.ROLES), expectedMappingData.get(PolicyFileConstants.ROLES)); } - // verify the mapping data for [group,role] - private void validateGroupRolesMap(Map<String, Set<String>> actualMap, + // verify the mapping data for [group,role] and [user,role] + private void validateRolesMap(Map<String, Set<String>> actualMap, Map<String, Set<String>> expectedMap) { assertEquals(expectedMap.keySet().size(), actualMap.keySet().size()); - for (String groupName : actualMap.keySet()) { - Set<String> actualRoles = actualMap.get(groupName); - Set<String> expectedRoles = expectedMap.get(groupName); + for (String name : actualMap.keySet()) { + Set<String> actualRoles = actualMap.get(name); + Set<String> expectedRoles = expectedMap.get(name); assertEquals(actualRoles.size(), expectedRoles.size()); assertTrue(actualRoles.equals(expectedRoles)); }
