http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java new file mode 100644 index 0000000..c6177d4 --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java @@ -0,0 +1,57 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; + +import org.apache.hadoop.minikdc.MiniKdc; +import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; +import org.apache.sentry.service.thrift.ServiceConstants; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; + +@Ignore("SENTRY-515: Not part of automated unit testing, as it takes too long. Fails until we move to a hadoop 2.6.1. See HADOOP-10786") +public class TestConnectionWithTicketTimeout extends SentryServiceIntegrationBase { + + @BeforeClass + public static void setup() throws Exception { + SentryServiceIntegrationBase.kerberos = true; + beforeSetup(); + SentryServiceIntegrationBase.setupConf(); + SentryServiceIntegrationBase.startSentryService(); + SentryServiceIntegrationBase.afterSetup(); + } + + public static void beforeSetup() throws Exception { + SentryServiceIntegrationBase.kdcConfOverlay.setProperty(MiniKdc.MAX_TICKET_LIFETIME, "360001"); + //Only UGI based client connections renew their TGT, this is not a problem in the real world + // as this is not configurable and always true + SentryServiceIntegrationBase.conf.set(ServiceConstants.ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true"); + } + + /*** + * Test is run only when sentry.hive.test.ticket.timeout is set to "true" + * @throws Exception + */ + @Test + public void testConnectionAfterTicketTimeout() throws Exception { + Thread.sleep(400000); + connectToSentryService(); + } + +}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java new file mode 100644 index 0000000..6a2f48f --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java @@ -0,0 +1,112 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; + +import java.util.UUID; + +import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.provider.db.service.persistent.CommitContext; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; + +import com.google.common.collect.Lists; + +public class TestNotificationHandlerInvoker { + + private Configuration conf; + private CommitContext commitContext; + private NotificationHandler handler; + private NotificationHandlerInvoker invoker; + + @Before + public void setup() throws Exception { + conf = new Configuration(false); + commitContext = new CommitContext(UUID.randomUUID(), 1L); + handler = Mockito.spy(new NotificationHandler(conf) {}); + invoker = new NotificationHandlerInvoker(conf, + Lists.newArrayList(new ThrowingNotificationHandler(conf), handler)); + } + + @Test + public void testCreateSentryRole() throws Exception { + TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); + TCreateSentryRoleResponse response = new TCreateSentryRoleResponse(); + invoker.create_sentry_role(commitContext, request, response); + Mockito.verify(handler).create_sentry_role(commitContext, + request, response); + } + + @Test + public void testDropSentryRole() throws Exception { + TDropSentryRoleRequest request = new TDropSentryRoleRequest(); + TDropSentryRoleResponse response = new TDropSentryRoleResponse(); + invoker.drop_sentry_role(commitContext, request, response); + Mockito.verify(handler).drop_sentry_role(commitContext, + request, response); + } + + + + @Test + public void testAlterSentryRoleAddGroups() throws Exception { + TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest(); + TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse(); + invoker.alter_sentry_role_add_groups(commitContext, request, response); + Mockito.verify(handler).alter_sentry_role_add_groups(commitContext, + request, response); + } + + @Test + public void testAlterSentryRoleDeleteGroups() throws Exception { + TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest(); + TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse(); + invoker.alter_sentry_role_delete_groups(commitContext, request, response); + Mockito.verify(handler).alter_sentry_role_delete_groups(commitContext, + request, response); + } + + public static class ThrowingNotificationHandler extends NotificationHandler { + public ThrowingNotificationHandler(Configuration config) throws Exception { + super(config); + } + @Override + public void create_sentry_role(CommitContext args, + TCreateSentryRoleRequest request, TCreateSentryRoleResponse response) { + throw new RuntimeException(); + } + public void drop_sentry_role(CommitContext context, + TDropSentryRoleRequest request, + TDropSentryRoleResponse response) { + throw new RuntimeException(); + } + @Override + public void alter_sentry_role_add_groups(CommitContext args, + TAlterSentryRoleAddGroupsRequest request, + TAlterSentryRoleAddGroupsResponse response) { + throw new RuntimeException(); + } + @Override + public void alter_sentry_role_delete_groups( + CommitContext args, TAlterSentryRoleDeleteGroupsRequest request, + TAlterSentryRoleDeleteGroupsResponse response) { + throw new RuntimeException(); + } + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java new file mode 100644 index 0000000..04d92dd --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java @@ -0,0 +1,81 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.service.thrift; + +import org.apache.sentry.core.common.exception.SentrySiteConfigurationException; +import org.junit.Assert; + +import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.core.common.exception.SentryThriftAPIMismatchException; +import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig; +import org.apache.sentry.service.thrift.ServiceConstants; +import org.junit.Before; +import org.junit.Test; + +public class TestSentryPolicyStoreProcessor { + + private Configuration conf; + + @Before + public void setup() { + conf = new Configuration(false); + } + @Test(expected=SentrySiteConfigurationException.class) + public void testConfigNotNotificationHandler() throws Exception { + conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, Object.class.getName()); + SentryPolicyStoreProcessor.createHandlers(conf); + } + @Test(expected=SentrySiteConfigurationException.class) + public void testConfigCannotCreateNotificationHandler() throws Exception { + conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, + ExceptionInConstructorNotificationHandler.class.getName()); + SentryPolicyStoreProcessor.createHandlers(conf); + } + @Test(expected=SentrySiteConfigurationException.class) + public void testConfigNotAClassNotificationHandler() throws Exception { + conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, "junk"); + SentryPolicyStoreProcessor.createHandlers(conf); + } + @Test + public void testConfigMultipleNotificationHandlers() throws Exception { + conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, + NoopNotificationHandler.class.getName() + "," + + NoopNotificationHandler.class.getName() + " " + + NoopNotificationHandler.class.getName()); + Assert.assertEquals(3, SentryPolicyStoreProcessor.createHandlers(conf).size()); + } + public static class ExceptionInConstructorNotificationHandler extends NotificationHandler { + public ExceptionInConstructorNotificationHandler(Configuration config) throws Exception { + super(config); + throw new Exception(); + } + } + public static class NoopNotificationHandler extends NotificationHandler { + public NoopNotificationHandler(Configuration config) throws Exception { + super(config); + } + } + @Test(expected=SentryThriftAPIMismatchException.class) + public void testSentryThriftAPIMismatch() throws Exception { + SentryPolicyStoreProcessor.validateClientVersion(ServiceConstants.ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT -1); + } + @Test + public void testSentryThriftAPIMatchVersion() throws Exception { + SentryPolicyStoreProcessor.validateClientVersion(ServiceConstants.ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java new file mode 100644 index 0000000..d5cc1b9 --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java @@ -0,0 +1,219 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless createRequired by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; +import static org.junit.Assert.assertEquals; + +import java.util.HashSet; +import java.util.Set; + +import org.apache.sentry.core.common.ActiveRoleSet; +import org.apache.sentry.core.model.db.AccessConstants; +import org.apache.sentry.core.model.db.Database; +import org.apache.sentry.core.model.db.Server; +import org.apache.sentry.core.model.db.Table; +import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; +import org.junit.BeforeClass; +import org.junit.Test; + +import com.google.common.collect.Lists; +import com.google.common.collect.Sets; + +public class TestSentryServerForHaWithoutKerberos extends SentryServiceIntegrationBase { + + @BeforeClass + public static void setup() throws Exception { + SentryServiceIntegrationBase.kerberos = false; + SentryServiceIntegrationBase.haEnabled = true; + SentryServiceIntegrationBase.beforeSetup(); + SentryServiceIntegrationBase.setupConf(); + SentryServiceIntegrationBase.startSentryService(); + SentryServiceIntegrationBase.afterSetup(); + } + + @Test + public void testCreateRole() throws Exception { + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + String roleName = "admin_r"; + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + client.dropRole(requestorUserName, roleName); + } + + @Test + public void testQueryPushDown() throws Exception { + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + + String roleName1 = "admin_r1"; + String roleName2 = "admin_r2"; + + String group1 = "g1"; + String group2 = "g2"; + + client.dropRoleIfExists(requestorUserName, roleName1); + client.createRole(requestorUserName, roleName1); + client.grantRoleToGroup(requestorUserName, group1, roleName1); + + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL"); + + + client.dropRoleIfExists(requestorUserName, roleName2); + client.createRole(requestorUserName, roleName2); + client.grantRoleToGroup(requestorUserName, group1, roleName2); + client.grantRoleToGroup(requestorUserName, group2, roleName2); + + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db3", "table5", "ALL"); + + Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"))); + assertEquals("Privilege not assigned to role2 !!", 2, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db2"), new Table("table1"))); + assertEquals("Privilege not assigned to role2 !!", 0, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"), new Table("table1"))); + assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db3"))); + assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size()); + + Set<String> listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, ActiveRoleSet.ALL, new Server("server"), new Database("db2")); + assertEquals("Privilege not correctly assigned to roles !!", + Sets.newHashSet("server=server->db=db2->table=table4->action=all", "server=server->db=db2->table=table3->action=all"), + listPrivilegesForProvider); + + listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, ActiveRoleSet.ALL, new Server("server"), new Database("db3")); + assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider); + + listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3")); + assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider); + + listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1")); + assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider); + } + + + + /** + * Create role, add privileges and grant it to a group drop the role and + * verify the privileges are no longer visible recreate the role with same + * name and verify the privileges again. + * @throws Exception + */ + @Test + public void testDropRole() throws Exception { + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + String roleName = "admin_r"; + + // create role and add privileges + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName); + client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); + client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL"); + assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + + // drop role and verify privileges + client.dropRole(requestorUserName, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + + // recreate the role + client.createRole(requestorUserName, roleName); + client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + + // grant different privileges and verify + client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); + assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + client.dropRole(requestorUserName, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + } + + @Test + public void testDropRoleOnUser() throws Exception { + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + Set<String> requestorUserNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_USER); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + String roleName = "admin_r"; + + // create role and add privileges + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + client.grantRoleToUser(requestorUserName, SentryServiceIntegrationBase.ADMIN_USER, roleName); + client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); + client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL"); + assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + + // drop role and verify privileges + client.dropRole(requestorUserName, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + + // recreate the role + client.createRole(requestorUserName, roleName); + client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + + // grant different privileges and verify + client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); + assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + client.dropRole(requestorUserName, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + } + + /** + * Test that we are correctly substituting "_HOST" if/when needed. + * + * @throws Exception + */ + @Test + public void testHostSubstitution() throws Exception { + // We just need to ensure that we are able to correct connect to the server + connectToSentryService(); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolHAWithoutKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolHAWithoutKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolHAWithoutKerberos.java new file mode 100644 index 0000000..9ba7d23 --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolHAWithoutKerberos.java @@ -0,0 +1,36 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless createRequired by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; + +import org.junit.BeforeClass; + +public class TestSentryServerForPoolHAWithoutKerberos extends TestSentryServerForHaWithoutKerberos { + + @BeforeClass + public static void setup() throws Exception { + kerberos = false; + haEnabled = true; + pooled = true; + beforeSetup(); + setupConf(); + startSentryService(); + afterSetup(); + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolWithoutKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolWithoutKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolWithoutKerberos.java new file mode 100644 index 0000000..121fc4d --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolWithoutKerberos.java @@ -0,0 +1,37 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless createRequired by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; + +import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; +import org.junit.BeforeClass; + +public class TestSentryServerForPoolWithoutKerberos extends TestSentryServerWithoutKerberos { + + @BeforeClass + public static void setup() throws Exception { + SentryServiceIntegrationBase.kerberos = false; + SentryServiceIntegrationBase.haEnabled = false; + SentryServiceIntegrationBase.pooled = true; + SentryServiceIntegrationBase.beforeSetup(); + SentryServiceIntegrationBase.setupConf(); + SentryServiceIntegrationBase.startSentryService(); + SentryServiceIntegrationBase.afterSetup(); + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java new file mode 100644 index 0000000..86cf9da --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java @@ -0,0 +1,214 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless createRequired by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; +import static org.junit.Assert.assertEquals; + +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Set; + +import org.apache.sentry.core.common.ActiveRoleSet; +import org.apache.sentry.core.common.Authorizable; +import org.apache.sentry.core.model.db.AccessConstants; +import org.apache.sentry.core.model.db.Database; +import org.apache.sentry.core.model.db.Server; +import org.apache.sentry.core.model.db.Table; +import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; +import org.junit.BeforeClass; +import org.junit.Test; + +import com.google.common.collect.Lists; +import com.google.common.collect.Sets; + +public class TestSentryServerWithoutKerberos extends SentryServiceIntegrationBase { + + @BeforeClass + public static void setup() throws Exception { + SentryServiceIntegrationBase.kerberos = false; + SentryServiceIntegrationBase.beforeSetup(); + SentryServiceIntegrationBase.setupConf(); + SentryServiceIntegrationBase.startSentryService(); + SentryServiceIntegrationBase.afterSetup(); + } + + @Test + public void testCreateRole() throws Exception { + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + String roleName = "admin_r"; + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + client.dropRole(requestorUserName, roleName); + } + + @Test + public void testQueryPushDown() throws Exception { + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + + String roleName1 = "admin_r1"; + String roleName2 = "admin_r2"; + + String group1 = "g1"; + String group2 = "g2"; + + client.dropRoleIfExists(requestorUserName, roleName1); + client.createRole(requestorUserName, roleName1); + client.grantRoleToGroup(requestorUserName, group1, roleName1); + + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL"); + + client.dropRoleIfExists(requestorUserName, roleName2); + client.createRole(requestorUserName, roleName2); + client.grantRoleToGroup(requestorUserName, group1, roleName2); + client.grantRoleToGroup(requestorUserName, group2, roleName2); + + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db3", "table5", "ALL"); + + Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, null); + assertEquals("Privilege not assigned to role2 !!", 5, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, new ArrayList<Authorizable>()); + assertEquals("Privilege not assigned to role2 !!", 5, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"))); + assertEquals("Privilege not assigned to role2 !!", 2, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db2"), new Table("table1"))); + assertEquals("Privilege not assigned to role2 !!", 0, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"), new Table("table1"))); + assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db3"))); + assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size()); + + Set<String> listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, ActiveRoleSet.ALL, new Server("server"), new Database("db2")); + assertEquals("Privilege not correctly assigned to roles !!", + Sets.newHashSet("server=server->db=db2->table=table4->action=all", "server=server->db=db2->table=table3->action=all"), + listPrivilegesForProvider); + + listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, ActiveRoleSet.ALL, new Server("server"), new Database("db3")); + assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider); + + listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3")); + assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider); + + listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1")); + assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider); + } + + + + /** + * Create role, add privileges and grant it to a group drop the role and + * verify the privileges are no longer visible recreate the role with same + * name and verify the privileges again. + * @throws Exception + */ + @Test + public void testDropRole() throws Exception { + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + String roleName = "admin_r"; + + // create role and add privileges + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName); + client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); + client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL"); + assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + + // drop role and verify privileges + client.dropRole(requestorUserName, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + + // recreate the role + client.createRole(requestorUserName, roleName); + client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + + // grant different privileges and verify + client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); + assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + client.dropRole(requestorUserName, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, + ActiveRoleSet.ALL).size()); + } + + @Test + public void testDropRoleOnUser() throws Exception { + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + Set<String> requestorUserNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_USER); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + String roleName = "admin_r"; + + // create role and add privileges + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + client.grantRoleToUser(requestorUserName, SentryServiceIntegrationBase.ADMIN_USER, roleName); + client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); + client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL"); + assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + + // drop role and verify privileges + client.dropRole(requestorUserName, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + + // recreate the role + client.createRole(requestorUserName, roleName); + client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + + // grant different privileges and verify + client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); + assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + client.dropRole(requestorUserName, roleName); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, + ActiveRoleSet.ALL).size()); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceClientPool.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceClientPool.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceClientPool.java new file mode 100644 index 0000000..87eb41b --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceClientPool.java @@ -0,0 +1,111 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; + +import static org.junit.Assert.assertTrue; + +import java.security.PrivilegedExceptionAction; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; +import java.util.concurrent.Callable; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; +import java.util.concurrent.FutureTask; + +import org.apache.sentry.core.common.exception.SentryUserException; +import org.apache.sentry.service.thrift.SentryServiceFactory; +import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; +import org.junit.Test; + +import com.google.common.collect.Sets; + +public class TestSentryServiceClientPool extends SentryServiceIntegrationBase { + + @Test + public void testConnectionWhenReconnect() throws Exception { + runTestAsSubject(new TestOperation() { + @Override + public void runTestAsSubject() throws Exception { + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + String roleName = "admin_r"; + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + client.listRoles(requestorUserName); + stopSentryService(); + SentryServiceIntegrationBase.server = new SentryServiceFactory().create(SentryServiceIntegrationBase.conf); + SentryServiceIntegrationBase.startSentryService(); + client.listRoles(requestorUserName); + client.dropRole(requestorUserName, roleName); + } + }); + } + + @Test + public void testConnectionWithMultipleRetries() throws Exception { + runTestAsSubject(new TestOperation() { + @Override + public void runTestAsSubject() throws Exception { + List<Future<Boolean>> tasks = new ArrayList<Future<Boolean>>(); + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + String roleName = "admin_r"; + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + + ExecutorService executorService = Executors.newFixedThreadPool(20); + + Callable<Boolean> func = new Callable<Boolean>() { + public Boolean call() throws Exception { + return SentryServiceIntegrationBase.clientUgi.doAs(new PrivilegedExceptionAction<Boolean>() { + @Override + public Boolean run() throws Exception { + try { + client.listRoles(SentryServiceIntegrationBase.ADMIN_USER); + return true; + } catch (SentryUserException sue) { + return false; + } + } + }); + } + }; + + for (int i = 0; i < 30; i++) { + FutureTask<Boolean> task = new FutureTask<Boolean>(func); + tasks.add(task); + executorService.submit(task); + } + + for (Future<Boolean> task : tasks) { + Boolean result = task.get(); + assertTrue("Some tasks are failed.", result); + } + } + }); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java new file mode 100644 index 0000000..e44c7ca --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java @@ -0,0 +1,74 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; + +import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; +import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.base.Strings; + +public class TestSentryServiceFailureCase extends SentryServiceIntegrationBase { + private static final Logger LOGGER = LoggerFactory.getLogger(TestSentryServiceFailureCase.class); + private static final String PEER_CALLBACK_FAILURE = "Peer indicated failure: Problem with callback handler"; + + @BeforeClass + public static void setup() throws Exception { + SentryServiceIntegrationBase.kerberos = true; + SentryServiceIntegrationBase.beforeSetup(); + SentryServiceIntegrationBase.setupConf(); + SentryServiceIntegrationBase.conf.set(ServerConfig.ALLOW_CONNECT, ""); + SentryServiceIntegrationBase.startSentryService(); + SentryServiceIntegrationBase.afterSetup(); + } + + @Override + @Before + public void before() throws Exception { + } + + @Override + @After + public void after() { + } + + @Test + public void testClientServerConnectionFailure() throws Exception { + try { + connectToSentryService(); + Assert.fail("Failed to receive Exception"); + } catch(Exception e) { + LOGGER.info("Excepted exception", e); + Throwable cause = e.getCause(); + if (cause == null) { + throw e; + } + String msg = "Exception message: " + cause.getMessage() + " to contain " + + PEER_CALLBACK_FAILURE; + Assert.assertTrue(msg, Strings.nullToEmpty(cause.getMessage()) + .contains(PEER_CALLBACK_FAILURE)); + } + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java new file mode 100644 index 0000000..f6cd8a0 --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java @@ -0,0 +1,75 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.service.thrift; + + +import java.io.File; +import java.util.Set; + +import org.apache.sentry.core.common.utils.PolicyFile; +import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; +import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +import com.google.common.collect.Sets; + +/** + * Test various kerberos related stuff on the SentryService side + */ +public class TestSentryServiceForHAWithKerberos extends SentryServiceIntegrationBase { + + @BeforeClass + public static void setup() throws Exception { + SentryServiceIntegrationBase.kerberos = true; + SentryServiceIntegrationBase.haEnabled = true; + SentryServiceIntegrationBase.SERVER_KERBEROS_NAME = "sentry/_HOST@" + SentryServiceIntegrationBase.REALM; + SentryServiceIntegrationBase.beforeSetup(); + SentryServiceIntegrationBase.setupConf(); + SentryServiceIntegrationBase.startSentryService(); + SentryServiceIntegrationBase.afterSetup(); + } + + @Override + @Before + public void before() throws Exception { + policyFilePath = new File(SentryServiceIntegrationBase.dbDir, "local_policy_file.ini"); + SentryServiceIntegrationBase.conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, + policyFilePath.getPath()); + policyFile = new PolicyFile(); + connectToSentryService(); + } + + @Test + public void testCreateRole() throws Exception { + runTestAsSubject(new TestOperation(){ + @Override + public void runTestAsSubject() throws Exception { + String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + String roleName = "admin_r"; + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + client.dropRole(requestorUserName, roleName); + } + }); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolHAWithKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolHAWithKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolHAWithKerberos.java new file mode 100644 index 0000000..d453e92 --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolHAWithKerberos.java @@ -0,0 +1,39 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless createRequired by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; + +import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; +import org.junit.BeforeClass; + +public class + + TestSentryServiceForPoolHAWithKerberos extends TestSentryServiceWithKerberos { + + @BeforeClass + public static void setup() throws Exception { + SentryServiceIntegrationBase.kerberos = true; + SentryServiceIntegrationBase.haEnabled = true; + SentryServiceIntegrationBase.pooled = true; + SentryServiceIntegrationBase.beforeSetup(); + SentryServiceIntegrationBase.setupConf(); + SentryServiceIntegrationBase.startSentryService(); + SentryServiceIntegrationBase.afterSetup(); + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolWithKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolWithKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolWithKerberos.java new file mode 100644 index 0000000..f3eb648 --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolWithKerberos.java @@ -0,0 +1,37 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless createRequired by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.thrift; + +import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; +import org.junit.BeforeClass; + +public class TestSentryServiceForPoolWithKerberos extends TestSentryServiceWithKerberos { + + @BeforeClass + public static void setup() throws Exception { + SentryServiceIntegrationBase.kerberos = true; + SentryServiceIntegrationBase.haEnabled = false; + SentryServiceIntegrationBase.pooled = true; + SentryServiceIntegrationBase.beforeSetup(); + SentryServiceIntegrationBase.setupConf(); + SentryServiceIntegrationBase.startSentryService(); + SentryServiceIntegrationBase.afterSetup(); + } + +} \ No newline at end of file
