Repository: sentry Updated Branches: refs/heads/master ddae7c04e -> f45727ab1
http://git-wip-us.apache.org/repos/asf/sentry/blob/f45727ab/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java deleted file mode 100644 index 7ca8bfc..0000000 --- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestNoAuthorizationProvider.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.common; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; - -import org.apache.sentry.core.common.service.GroupMappingService; -import org.junit.Test; - -/** - * Tests around the NoAuthorizationProvider - */ -public class TestNoAuthorizationProvider { - - @Test - public void testNoAuthorizationProvider() { - NoAuthorizationProvider nap = new NoAuthorizationProvider(); - assertFalse(nap.hasAccess(null, null, null, null)); - - GroupMappingService gms = nap.getGroupMapping(); - assertEquals(gms.getGroups(null).size(), 0); - assertEquals(gms.getGroups("").size(), 0); - assertEquals(gms.getGroups("a").size(), 0); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f45727ab/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java deleted file mode 100644 index 7e570ae..0000000 --- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.file; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Set; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.FileSystem; -import org.apache.hadoop.fs.Path; -import org.apache.sentry.core.common.service.GroupMappingService; -import org.apache.sentry.core.common.utils.PolicyFiles; -import org.apache.sentry.core.common.utils.SentryConstants; -import org.apache.sentry.core.common.utils.PolicyFileConstants; -import org.apache.sentry.core.common.exception.SentryGroupNotFoundException; -import org.apache.shiro.config.Ini; -import org.apache.shiro.config.Ini.Section; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.annotations.VisibleForTesting; -import com.google.common.base.Strings; -import com.google.common.collect.Sets; - -/** - * Mapping users to groups - * parse the ini file with section [users] that contains the user names. - * For each user in that list, there's section that contains the group - * name for that user If there's no user section or no group section for - * one of users, then just print a warning and continue. - * Example - - * [users] - * usr1 - * usr2 - * - * [[usr1] - * group1 - * group11 - * - * [usr2] - * group21 - * group22 - * - */ -public class LocalGroupMappingService implements GroupMappingService { - - private static final Logger LOGGER = LoggerFactory - .getLogger(LocalGroupMappingService.class); - - private final Map <String, Set<String>> groupMap = - new HashMap <String, Set<String>> (); - - public LocalGroupMappingService(Path resourcePath) throws IOException { - this(new Configuration(), resourcePath); - } - - @VisibleForTesting - public LocalGroupMappingService(Configuration configuration, Path resourcePath) - throws IOException { - // parse user/group mapping - parseGroups(resourcePath.getFileSystem(configuration), resourcePath); - } - - public LocalGroupMappingService(Configuration configuration, String resource) - throws IOException { - this(configuration, new Path(resource)); - } - - @Override - public Set<String> getGroups(String user) { - Set<String> groups = groupMap.get(user); - if (groups == null || groups.isEmpty()) { - throw new SentryGroupNotFoundException("Unable to obtain groups for " + user); - } - return groups; - } - - private void parseGroups(FileSystem fileSystem, Path resourcePath) throws IOException { - Ini ini = PolicyFiles.loadFromPath(fileSystem, resourcePath); - Section usersSection = ini.getSection(PolicyFileConstants.USERS); - if (usersSection == null) { - LOGGER.warn("No section " + PolicyFileConstants.USERS + " in the " + resourcePath); - return; - } - for (Entry<String, String> userEntry : usersSection.entrySet()) { - String userName = Strings.nullToEmpty(userEntry.getKey()).trim(); - String groupNames = Strings.nullToEmpty(userEntry.getValue()).trim(); - if (userName.isEmpty()) { - LOGGER.error("Invalid user name in the " + resourcePath); - continue; - } - if (groupNames.isEmpty()) { - LOGGER.warn("No groups available for user " + userName + - " in the " + resourcePath); - continue; - } - Set<String> groupList = Sets.newHashSet(SentryConstants.ROLE_SPLITTER.trimResults().split( - groupNames)); - LOGGER.debug("Got user mapping: " + userName + ", Groups: " + groupNames); - groupMap.put(userName, groupList); - } - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f45727ab/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java deleted file mode 100644 index a9e7836..0000000 --- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.file; - -import java.io.IOException; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.Path; -import org.apache.sentry.core.common.Model; -import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.ResourceAuthorizationProvider; - - -public class LocalGroupResourceAuthorizationProvider extends - ResourceAuthorizationProvider { - - public LocalGroupResourceAuthorizationProvider(String resource, PolicyEngine policy, - Model model) throws IOException { - super(policy, new LocalGroupMappingService(new Path(resource)), model); - } - - public LocalGroupResourceAuthorizationProvider(Configuration conf, String resource, PolicyEngine policy, - Model model) throws IOException { - super(policy, new LocalGroupMappingService(conf, new Path(resource)), model); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f45727ab/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java index 69ab260..5e980be 100644 --- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java +++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java @@ -34,7 +34,6 @@ import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.common.utils.PolicyFiles; -import org.apache.sentry.policy.common.PrivilegeUtils; import org.apache.sentry.core.common.validator.PrivilegeValidator; import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; import org.apache.sentry.core.common.utils.PolicyFileConstants; @@ -43,6 +42,7 @@ import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.common.TableCache; import org.apache.shiro.config.Ini; +import org.apache.shiro.util.PermissionUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -297,7 +297,7 @@ public class SimpleFileProviderBackend extends CacheProvider implements Provider LOGGER.warn(warnMsg); configWarnings.add(warnMsg); } - Set<String> privileges = PrivilegeUtils.toPrivilegeStrings(roleValue); + Set<String> privileges = PermissionUtils.toPermissionStrings(roleValue); if (!invalidConfiguration && privileges != null) { Set<String> internedPrivileges = Sets.newHashSet(); for(String privilege : privileges) { http://git-wip-us.apache.org/repos/asf/sentry/blob/f45727ab/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java deleted file mode 100644 index 9864b82..0000000 --- a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.file; - -import java.io.File; -import java.io.IOException; -import java.util.Set; - -import org.apache.commons.io.FileUtils; -import org.apache.hadoop.fs.Path; -import org.apache.sentry.core.common.exception.SentryGroupNotFoundException; -import org.apache.sentry.core.common.utils.PolicyFiles; -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -import com.google.common.collect.Sets; -import com.google.common.io.Files; - -public class TestLocalGroupMapping { - - private static final String resourcePath = "test-authz-provider-local-group-mapping.ini"; - private static final Set<String> fooGroups = Sets.newHashSet("admin", "analyst"); - private static final Set<String> barGroups = Sets.newHashSet("jranalyst"); - - private LocalGroupMappingService localGroupMapping; - - private File baseDir; - - @Before - public void setup() throws IOException { - baseDir = Files.createTempDir(); - PolicyFiles.copyToDir(baseDir, resourcePath); - localGroupMapping = new LocalGroupMappingService(new Path(new File(baseDir, resourcePath).getPath())); - } - - @After - public void teardown() { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - @Test - public void testGroupMapping() { - Set<String> fooGroupsFromResource = localGroupMapping.getGroups("foo"); - Assert.assertEquals(fooGroupsFromResource, fooGroups); - - Set<String> barGroupsFromResource = localGroupMapping.getGroups("bar"); - Assert.assertEquals(barGroupsFromResource, barGroups); - - try { - localGroupMapping.getGroups("unknown"); - Assert.fail("SentryGroupNotFoundException should be thrown."); - } catch (SentryGroupNotFoundException sgnfe) { - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/f45727ab/sentry-service/sentry-service-server/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/pom.xml b/sentry-service/sentry-service-server/pom.xml index 1a4ef16..be165b6 100644 --- a/sentry-service/sentry-service-server/pom.xml +++ b/sentry-service/sentry-service-server/pom.xml @@ -116,6 +116,11 @@ limitations under the License. <artifactId>hive-beeline</artifactId> </dependency> <dependency> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-authorization-provider</artifactId> + <scope>test</scope> + </dependency> + <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-all</artifactId> <scope>test</scope>
