http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java new file mode 100644 index 0000000..74e9dd8 --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java @@ -0,0 +1,416 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.log.util; + +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import org.apache.sentry.core.model.db.AccessConstants; +import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; +import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; +import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; +import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; +import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; +import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; +import org.junit.Assert; +import org.junit.Test; + +import com.google.common.collect.Sets; + +public class TestCommandUtil extends Assert { + + @Test + public void testCreateCmdForCreateOrDropRole() { + String roleName = "testRole"; + + String createRoleCmdResult = CommandUtil.createCmdForCreateOrDropRole( + roleName, true); + String dropRoleCmdResult = CommandUtil.createCmdForCreateOrDropRole( + roleName, false); + String createRoleCmdExcepted = "CREATE ROLE testRole"; + String dropRoleCmdExcepted = "DROP ROLE testRole"; + + Assert.assertEquals(createRoleCmdExcepted, createRoleCmdResult); + Assert.assertEquals(dropRoleCmdResult, dropRoleCmdExcepted); + } + + @Test + public void testCreateCmdForRoleAddOrDeleteGroup1() { + + String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole", + getGroupStr(1)); + String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1"; + String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole", + getGroupStr(1)); + String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1"; + + Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult); + Assert.assertEquals(createRoleDeleteGroupCmdExcepted, + createRoleDeleteGroupCmdResult); + } + + @Test + public void testCreateCmdForRoleAddOrDeleteGroup2() { + String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole", + getGroupStr(3)); + String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1, testGroup2, testGroup3"; + String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole", + getGroupStr(3)); + String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1, testGroup2, testGroup3"; + + Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult); + Assert.assertEquals(createRoleDeleteGroupCmdExcepted, + createRoleDeleteGroupCmdResult); + } + + @Test + public void testCreateCmdForRoleAddOrDeleteUser1() { + String createRoleAddGroupCmdResult = + CommandUtil.createCmdForRoleAddUser("testRole", getUserStr(1)); + String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO USER testUser1"; + String createRoleDeleteGroupCmdResult = + CommandUtil.createCmdForRoleDeleteUser("testRole", getUserStr(1)); + String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM USER testUser1"; + + Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult); + Assert.assertEquals(createRoleDeleteGroupCmdExcepted, createRoleDeleteGroupCmdResult); + } + + @Test + public void testCreateCmdForRoleAddOrDeleteUser2() { + String createRoleAddGroupCmdResult = + CommandUtil.createCmdForRoleAddUser("testRole", getUserStr(3)); + String createRoleAddGroupCmdExcepted = + "GRANT ROLE testRole TO USER testUser1, testUser2, testUser3"; + String createRoleDeleteGroupCmdResult = + CommandUtil.createCmdForRoleDeleteUser("testRole", getUserStr(3)); + String createRoleDeleteGroupCmdExcepted = + "REVOKE ROLE testRole FROM USER testUser1, testUser2, testUser3"; + + Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult); + Assert.assertEquals(createRoleDeleteGroupCmdExcepted, createRoleDeleteGroupCmdResult); + } + + @Test + public void testCreateCmdForGrantOrRevokePrivilege1() { + TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); + TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); + + TSentryPrivilege privilege = getPrivilege(AccessConstants.ALL, + PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", + "hdfs://namenode:port/path/to/dir"); + Set<TSentryPrivilege> privileges = Sets.newHashSet(); + privileges.add(privilege); + grantRequest.setPrivileges(privileges); + revokeRequest.setPrivileges(privileges); + + String createGrantPrivilegeCmdResult = CommandUtil + .createCmdForGrantPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT ALL ON DATABASE dbTest TO ROLE testRole"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokePrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE ALL ON DATABASE dbTest FROM ROLE testRole"; + + Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + Assert.assertEquals(createRevokePrivilegeCmdExcepted, + createRevokePrivilegeCmdResult); + } + + @Test + public void testCreateCmdForGrantOrRevokePrivilege2() { + TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); + TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); + + TSentryPrivilege privilege = getPrivilege(AccessConstants.INSERT, + PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", + "hdfs://namenode:port/path/to/dir"); + Set<TSentryPrivilege> privileges = Sets.newHashSet(); + privileges.add(privilege); + grantRequest.setPrivileges(privileges); + revokeRequest.setPrivileges(privileges); + + String createGrantPrivilegeCmdResult = CommandUtil + .createCmdForGrantPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT INSERT ON DATABASE dbTest TO ROLE testRole"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokePrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE INSERT ON DATABASE dbTest FROM ROLE testRole"; + + Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + Assert.assertEquals(createRevokePrivilegeCmdExcepted, + createRevokePrivilegeCmdResult); + } + + @Test + public void testCreateCmdForGrantOrRevokePrivilege3() { + TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); + TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); + + TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, + PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", + "hdfs://namenode:port/path/to/dir"); + Set<TSentryPrivilege> privileges = Sets.newHashSet(); + privileges.add(privilege); + grantRequest.setPrivileges(privileges); + revokeRequest.setPrivileges(privileges); + + String createGrantPrivilegeCmdResult = CommandUtil + .createCmdForGrantPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON DATABASE dbTest TO ROLE testRole"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokePrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON DATABASE dbTest FROM ROLE testRole"; + + Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + Assert.assertEquals(createRevokePrivilegeCmdExcepted, + createRevokePrivilegeCmdResult); + } + + @Test + public void testCreateCmdForGrantOrRevokePrivilege4() { + TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); + TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); + + TSentryPrivilege privilege = getPrivilege(null, + PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest", + "hdfs://namenode:port/path/to/dir"); + Set<TSentryPrivilege> privileges = Sets.newHashSet(); + privileges.add(privilege); + grantRequest.setPrivileges(privileges); + revokeRequest.setPrivileges(privileges); + + String createGrantPrivilegeCmdResult = CommandUtil + .createCmdForGrantPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT null ON DATABASE dbTest TO ROLE testRole"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokePrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE null ON DATABASE dbTest FROM ROLE testRole"; + + Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + Assert.assertEquals(createRevokePrivilegeCmdExcepted, + createRevokePrivilegeCmdResult); + } + + @Test + public void testCreateCmdForGrantOrRevokePrivilege5() { + TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); + TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); + + TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, + PrivilegeScope.TABLE.name(), "dbTest", "tableTest", "serverTest", + "hdfs://namenode:port/path/to/dir"); + Set<TSentryPrivilege> privileges = Sets.newHashSet(); + privileges.add(privilege); + grantRequest.setPrivileges(privileges); + revokeRequest.setPrivileges(privileges); + + String createGrantPrivilegeCmdResult = CommandUtil + .createCmdForGrantPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON TABLE tableTest TO ROLE testRole"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokePrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON TABLE tableTest FROM ROLE testRole"; + + Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + Assert.assertEquals(createRevokePrivilegeCmdExcepted, + createRevokePrivilegeCmdResult); + } + + @Test + public void testCreateCmdForGrantOrRevokePrivilege6() { + TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); + TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); + + TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, + PrivilegeScope.SERVER.name(), "dbTest", "tableTest", "serverTest", + "hdfs://namenode:port/path/to/dir"); + Set<TSentryPrivilege> privileges = Sets.newHashSet(); + privileges.add(privilege); + grantRequest.setPrivileges(privileges); + revokeRequest.setPrivileges(privileges); + + String createGrantPrivilegeCmdResult = CommandUtil + .createCmdForGrantPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON SERVER serverTest TO ROLE testRole"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokePrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON SERVER serverTest FROM ROLE testRole"; + + Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + Assert.assertEquals(createRevokePrivilegeCmdExcepted, + createRevokePrivilegeCmdResult); + } + + @Test + public void testCreateCmdForGrantOrRevokePrivilege7() { + TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); + TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); + + TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, + PrivilegeScope.URI.name(), "dbTest", "tableTest", "serverTest", + "hdfs://namenode:port/path/to/dir"); + Set<TSentryPrivilege> privileges = Sets.newHashSet(); + privileges.add(privilege); + grantRequest.setPrivileges(privileges); + revokeRequest.setPrivileges(privileges); + + String createGrantPrivilegeCmdResult = CommandUtil + .createCmdForGrantPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON URI hdfs://namenode:port/path/to/dir TO ROLE testRole"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokePrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON URI hdfs://namenode:port/path/to/dir FROM ROLE testRole"; + + Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + Assert.assertEquals(createRevokePrivilegeCmdExcepted, + createRevokePrivilegeCmdResult); + } + + @Test + public void testCreateCmdForGrantOrRevokePrivilege8() { + TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest(); + TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest(); + + TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.SERVER.name(), + "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir"); + privilege.setGrantOption(TSentryGrantOption.TRUE); + Set<TSentryPrivilege> privileges = Sets.newHashSet(); + privileges.add(privilege); + grantRequest.setPrivileges(privileges); + revokeRequest.setPrivileges(privileges); + + String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON SERVER serverTest TO ROLE testRole WITH GRANT OPTION"; + String createRevokePrivilegeCmdResult = CommandUtil.createCmdForRevokePrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON SERVER serverTest FROM ROLE testRole WITH GRANT OPTION"; + + Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + Assert.assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); + } + + // generate the command without grant option + @Test + public void testCreateCmdForGrantOrRevokeGMPrivilege1() { + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); + org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege(); + grantRequest.setPrivilege(privilege); + revokeRequest.setPrivilege(privilege); + + String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokeGMPrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole"; + + Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + Assert.assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); + } + + // generate the command with grant option + @Test + public void testCreateCmdForGrantOrRevokeGMPrivilege2() { + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); + org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege(); + privilege + .setGrantOption(org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption.TRUE); + grantRequest.setPrivilege(privilege); + revokeRequest.setPrivilege(privilege); + + String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole WITH GRANT OPTION"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokeGMPrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole WITH GRANT OPTION"; + + Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + Assert.assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); + } + + private String getGroupStr(int num) { + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < num; i++) { + if (i > 0) { + sb.append(", "); + } + sb.append("testGroup" + (i + 1)); + } + return sb.toString(); + } + + private String getUserStr(int num) { + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < num; i++) { + if (i > 0) { + sb.append(", "); + } + sb.append("testUser" + (i + 1)); + } + return sb.toString(); + } + + private TAlterSentryRoleGrantPrivilegeRequest getGrantPrivilegeRequest() { + TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); + request.setRoleName("testRole"); + return request; + } + + private TAlterSentryRoleRevokePrivilegeRequest getRevokePrivilegeRequest() { + TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); + request.setRoleName("testRole"); + return request; + } + + private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest getGrantGMPrivilegeRequest() { + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest(); + request.setRoleName("testRole"); + return request; + } + + private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest getRevokeGMPrivilegeRequest() { + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest(); + request.setRoleName("testRole"); + return request; + } + + private TSentryPrivilege getPrivilege(String action, String privilegeScope, + String dbName, String tableName, String serverName, String URI) { + TSentryPrivilege privilege = new TSentryPrivilege(); + privilege.setAction(action); + privilege.setPrivilegeScope(privilegeScope); + privilege.setDbName(dbName); + privilege.setTableName(tableName); + privilege.setServerName(serverName); + privilege.setURI(URI); + return privilege; + } + + private org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege getGMPrivilege() { + org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = new org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege(); + privilege.setAction("ACTION"); + privilege.setComponent("COMPONENT"); + List<TAuthorizable> authorizables = new ArrayList<TAuthorizable>(); + authorizables.add(new TAuthorizable("resourceType1", "resourceName1")); + authorizables.add(new TAuthorizable("resourceType2", "resourceName2")); + privilege.setAuthorizables(authorizables); + return privilege; + } +}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java new file mode 100644 index 0000000..c31233b --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java @@ -0,0 +1,245 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.persistent; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import org.apache.sentry.core.model.db.AccessConstants; +import org.apache.sentry.provider.db.service.model.MSentryPrivilege; +import org.junit.Test; + +public class TestSentryPrivilege { + @Test + public void testImpliesPrivilegePositive() throws Exception { + // 1.test server+database+table+action + MSentryPrivilege my = new MSentryPrivilege(); + MSentryPrivilege your = new MSentryPrivilege(); + my.setServerName("server1"); + my.setDbName("db1"); + my.setTableName("tb1"); + my.setAction(AccessConstants.SELECT); + your.setServerName("server1"); + your.setDbName("db1"); + your.setTableName("tb1"); + your.setAction(AccessConstants.SELECT); + assertTrue(my.implies(your)); + + my.setAction(AccessConstants.ALL); + assertTrue(my.implies(your)); + + my.setTableName(""); + assertTrue(my.implies(your)); + + my.setDbName(""); + assertTrue(my.implies(your)); + + my.setAction(AccessConstants.ACTION_ALL); + assertTrue(my.implies(your)); + + my.setTableName(""); + assertTrue(my.implies(your)); + + my.setDbName(""); + assertTrue(my.implies(your)); + + // 2.test server+URI+action using all combinations of * and ALL for action + String[][] actionMap = new String[][] { + { AccessConstants.ALL, AccessConstants.ALL }, + { AccessConstants.ALL, AccessConstants.ACTION_ALL }, + { AccessConstants.ACTION_ALL, AccessConstants.ALL }, + { AccessConstants.ACTION_ALL, AccessConstants.ACTION_ALL } }; + + for (int actions = 0; actions < actionMap.length; actions++) { + my = new MSentryPrivilege(); + your = new MSentryPrivilege(); + my.setServerName("server1"); + my.setAction(actionMap[actions][0]); + your.setServerName("server1"); + your.setAction(actionMap[actions][1]); + my.setURI("hdfs://namenode:9000/path"); + your.setURI("hdfs://namenode:9000/path"); + assertTrue(my.implies(your)); + + my.setURI("hdfs://namenode:9000/path"); + your.setURI("hdfs://namenode:9000/path/to/some/dir"); + assertTrue(my.implies(your)); + + my.setURI("file:///path"); + your.setURI("file:///path"); + assertTrue(my.implies(your)); + + my.setURI("file:///path"); + your.setURI("file:///path/to/some/dir"); + assertTrue(my.implies(your)); + + // my is SERVER level privilege, your is URI level privilege + my.setURI(""); + your.setURI("file:///path"); + assertTrue(my.implies(your)); + } + } + + @Test + public void testImpliesPrivilegeNegative() throws Exception { + // 1.test server+database+table+action + MSentryPrivilege my = new MSentryPrivilege(); + MSentryPrivilege your = new MSentryPrivilege(); + // bad action + my.setServerName("server1"); + my.setDbName("db1"); + my.setTableName("tb1"); + my.setAction(AccessConstants.SELECT); + your.setServerName("server1"); + your.setDbName("db1"); + your.setTableName("tb1"); + your.setAction(AccessConstants.INSERT); + assertFalse(my.implies(your)); + + // bad action + your.setAction(AccessConstants.ALL); + assertFalse(my.implies(your)); + + + // bad table + your.setTableName("tb2"); + assertFalse(my.implies(your)); + + // bad database + your.setTableName("tb1"); + your.setDbName("db2"); + assertFalse(my.implies(your)); + + // bad server + your.setTableName("tb1"); + your.setDbName("db1"); + your.setServerName("server2"); + assertFalse(my.implies(your)); + + // 2.test server+URI+action + my = new MSentryPrivilege(); + your = new MSentryPrivilege(); + my.setServerName("server1"); + my.setAction(AccessConstants.ALL); + your.setServerName("server2"); + your.setAction(AccessConstants.ALL); + + // relative path + my.setURI("hdfs://namenode:9000/path"); + your.setURI("hdfs://namenode:9000/path/to/../../other"); + assertFalse(my.implies(your)); + my.setURI("file:///path"); + your.setURI("file:///path/to/../../other"); + assertFalse(my.implies(your)); + + // bad uri + my.setURI("blah"); + your.setURI("hdfs://namenode:9000/path/to/some/dir"); + assertFalse(my.implies(your)); + my.setURI("hdfs://namenode:9000/path/to/some/dir"); + your.setURI("blah"); + assertFalse(my.implies(your)); + + // bad scheme + my.setURI("hdfs://namenode:9000/path"); + your.setURI("file:///path/to/some/dir"); + assertFalse(my.implies(your)); + my.setURI("hdfs://namenode:9000/path"); + your.setURI("file://namenode:9000/path/to/some/dir"); + assertFalse(my.implies(your)); + + // bad hostname + my.setURI("hdfs://namenode1:9000/path"); + your.setURI("hdfs://namenode2:9000/path"); + assertFalse(my.implies(your)); + + // bad port + my.setURI("hdfs://namenode:9000/path"); + your.setURI("hdfs://namenode:9001/path"); + assertFalse(my.implies(your)); + + // bad path + my.setURI("hdfs://namenode:9000/path1"); + your.setURI("hdfs://namenode:9000/path2"); + assertFalse(my.implies(your)); + my.setURI("file:///path1"); + your.setURI("file:///path2"); + assertFalse(my.implies(your)); + + // bad server + your.setServerName("server2"); + my.setURI("hdfs://namenode:9000/path1"); + your.setURI("hdfs://namenode:9000/path1"); + assertFalse(my.implies(your)); + + // bad implies + my.setServerName("server1"); + my.setURI("hdfs://namenode:9000/path1"); + your.setServerName("server1"); + your.setURI(""); + assertFalse(my.implies(your)); + } + + @Test + public void testImpliesPrivilegePositiveWithColumn() throws Exception { + // 1.test server+database+table+column+action + MSentryPrivilege my = new MSentryPrivilege(); + MSentryPrivilege your = new MSentryPrivilege(); + my.setServerName("server1"); + my.setAction(AccessConstants.SELECT); + your.setServerName("server1"); + your.setDbName("db1"); + your.setTableName("tb1"); + your.setColumnName("c1"); + your.setAction(AccessConstants.SELECT); + assertTrue(my.implies(your)); + + my.setDbName("db1"); + assertTrue(my.implies(your)); + + my.setTableName("tb1"); + assertTrue(my.implies(your)); + + my.setColumnName("c1"); + assertTrue(my.implies(your)); + } + + @Test + public void testImpliesPrivilegeNegativeWithColumn() throws Exception { + // 1.test server+database+table+column+action + MSentryPrivilege my = new MSentryPrivilege(); + MSentryPrivilege your = new MSentryPrivilege(); + // bad column + my.setServerName("server1"); + my.setDbName("db1"); + my.setTableName("tb1"); + my.setColumnName("c1"); + my.setAction(AccessConstants.SELECT); + your.setServerName("server1"); + your.setDbName("db1"); + your.setTableName("tb1"); + your.setColumnName("c2"); + your.setAction(AccessConstants.SELECT); + assertFalse(my.implies(your)); + + // bad scope + your.setColumnName(""); + assertFalse(my.implies(your)); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java new file mode 100644 index 0000000..7cbcc11 --- /dev/null +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java @@ -0,0 +1,123 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.service.persistent; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import org.apache.hadoop.conf.Configuration; + +import org.apache.curator.test.TestingServer; +import org.apache.curator.x.discovery.ServiceInstance; +import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import static org.junit.Assert.assertEquals; + +public class TestSentryServiceDiscovery { + + private HAContext haContext; + private TestingServer server; + + @Before + public void setup() throws Exception { + server = new TestingServer(); + // HA conf + Configuration conf = new Configuration(false); + conf.set(ServerConfig.SENTRY_HA_ENABLED, "true"); + conf.set(ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE, "sentry-test"); + conf.set(ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM, server.getConnectString()); + haContext = HAContext.getHAContext(conf); + } + + @After + public void teardown() { + HAContext.clearServerContext(); + if (server != null) { + try { + server.stop(); + } catch (IOException e) { + } + } + } + + @Test + public void testRegisterOneService() throws Exception { + final String hostname = "localhost1"; + final Integer port = 123; + ServiceRegister register = new ServiceRegister(haContext); + register.regService(hostname, port); + ServiceManager manager = new ServiceManager(haContext); + ServiceInstance<Void> instance = manager.getServiceInstance(); + assertEquals("'hostname' doesn't match.", hostname, instance.getAddress()); + assertEquals("'port' doesn't match.", port, instance.getPort()); + } + + @Test + public void testRegisterMultiService() throws Exception { + + final String hostname1 = "localhost1"; + final Integer port1 = 123; + final String hostname2 = "localhost2"; + final Integer port2 = 456; + final String hostname3 = "localhost3"; + final Integer port3 = 789; + + Map<String, Integer> servicesMap = new HashMap<String, Integer>(); + servicesMap.put(hostname1, port1); + servicesMap.put(hostname2, port2); + servicesMap.put(hostname3, port3); + + ServiceRegister register1 = new ServiceRegister(haContext); + register1.regService(hostname1, port1); + ServiceRegister register2 = new ServiceRegister(haContext); + register2.regService(hostname2, port2); + ServiceRegister register3 = new ServiceRegister(haContext); + register3.regService(hostname3, port3); + + ServiceManager manager = new ServiceManager(haContext); + ServiceInstance<Void> instance = manager.getServiceInstance(); + assertEquals("'instance' doesn't match.", instance.getPort(), servicesMap.get(instance.getAddress())); + instance = manager.getServiceInstance(); + assertEquals("'instance' doesn't match.", instance.getPort(), servicesMap.get(instance.getAddress())); + instance = manager.getServiceInstance(); + assertEquals("'instance' doesn't match.", instance.getPort(), servicesMap.get(instance.getAddress())); + } + + @Test + public void testReportError() throws Exception { + final String hostname1 = "localhost1"; + final Integer port1 = 123; + + ServiceRegister register1 = new ServiceRegister(haContext); + register1.regService(hostname1, port1); + + ServiceManager manager = new ServiceManager(haContext); + ServiceInstance<Void> instance = manager.getServiceInstance(); + manager.reportError(instance); + // report twice, manager will not return temporarily + instance = manager.getServiceInstance(); + manager.reportError(instance); + instance = manager.getServiceInstance(); + assertEquals("'instance' should be null.", null, instance); + } + +}
