Repository: sentry Updated Branches: refs/heads/sentry-ha-redesign-1 [created] 96e1d9a1c
http://git-wip-us.apache.org/repos/asf/sentry/blob/ee2d3f7a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java index a35c8d7..59c9567 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java @@ -35,6 +35,11 @@ import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.core.common.exception.SentryAlreadyExistsException; import org.apache.sentry.core.common.exception.SentryGrantDeniedException; import org.apache.sentry.core.common.exception.SentryNoSuchObjectException; +import org.apache.sentry.hdfs.PermissionsUpdate; +import org.apache.sentry.hdfs.Updateable; +import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges; +import org.apache.sentry.hdfs.service.thrift.TRoleChanges; +import org.apache.sentry.provider.db.service.model.MSentryPermChange; import org.apache.sentry.provider.db.service.model.MSentryPrivilege; import org.apache.sentry.provider.db.service.model.MSentryRole; import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet; @@ -2263,6 +2268,210 @@ public class TestSentryStore extends org.junit.Assert { assertTrue(names.containsAll(result)); } + @Test + public void testPrivilegesWithPermUpdate() throws Exception { + String roleName = "test-privilege"; + String grantor = "g1"; + String server = "server1"; + String db = "db1"; + String table = "tbl1"; + String authzObj = "db1.tbl1"; + createRole(roleName); + + TSentryPrivilege privilege = new TSentryPrivilege(); + privilege.setPrivilegeScope("Column"); + privilege.setServerName(server); + privilege.setDbName(db); + privilege.setTableName(table); + privilege.setAction(AccessConstants.SELECT); + privilege.setCreateTime(System.currentTimeMillis()); + + // Generate the permission add update authzObj "db1.tbl1" + PermissionsUpdate addUpdate = new PermissionsUpdate(0, false); + addUpdate.addPrivilegeUpdate(authzObj).putToAddPrivileges( + roleName, privilege.getAction().toUpperCase()); + + // Grant the privilege to role test-privilege and verify it has been persisted. + Map<TSentryPrivilege, DeltaTransactionBlock> addPrivilegesUpdateMap = Maps.newHashMap(); + addPrivilegesUpdateMap.put(privilege, new DeltaTransactionBlock(addUpdate)); + sentryStore.alterSentryRoleGrantPrivileges(grantor, roleName, Sets.newHashSet(privilege), addPrivilegesUpdateMap); + MSentryRole role = sentryStore.getMSentryRoleByName(roleName); + Set<MSentryPrivilege> privileges = role.getPrivileges(); + assertEquals(privileges.toString(), 1, privileges.size()); + + // Query the persisted perm change and ensure it equals to the original one + long lastChangeID = sentryStore.getLastProcessedPermChangeID(); + MSentryPermChange addPermChange = sentryStore.getMSentryPermChangeByID(lastChangeID); + assertEquals(addUpdate.JSONSerialize(), addPermChange.getPermChange()); + + // Generate the permission delete update authzObj "db1.tbl1" + PermissionsUpdate delUpdate = new PermissionsUpdate(0, false); + delUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges( + roleName, privilege.getAction().toUpperCase()); + + // Revoke the same privilege and verify it has been removed. + Map<TSentryPrivilege, DeltaTransactionBlock> delPrivilegesUpdateMap = Maps.newHashMap(); + delPrivilegesUpdateMap.put(privilege, new DeltaTransactionBlock(delUpdate)); + sentryStore.alterSentryRoleRevokePrivileges(grantor, roleName, Sets.newHashSet(privilege), delPrivilegesUpdateMap); + role = sentryStore.getMSentryRoleByName(roleName); + privileges = role.getPrivileges(); + assertEquals(0, privileges.size()); + + // Query the persisted perm change and ensure it equals to the original one + MSentryPermChange delPermChange = sentryStore.getMSentryPermChangeByID(lastChangeID + 1); + assertEquals(delUpdate.JSONSerialize(), delPermChange.getPermChange()); + } + + @Test + public void testAddDeleteGroupsWithPermUpdate() throws Exception { + String roleName = "test-groups"; + String grantor = "g1"; + createRole(roleName); + + Set<TSentryGroup> groups = Sets.newHashSet(); + TSentryGroup group = new TSentryGroup(); + group.setGroupName("test-groups-g1"); + groups.add(group); + group = new TSentryGroup(); + group.setGroupName("test-groups-g2"); + groups.add(group); + + // Generate the permission add update for role "test-groups" + PermissionsUpdate addUpdate = new PermissionsUpdate(0, false); + TRoleChanges addrUpdate = addUpdate.addRoleUpdate(roleName); + for (TSentryGroup g : groups) { + addrUpdate.addToAddGroups(g.getGroupName()); + } + + // Assign the role "test-groups" to the groups and verify. + sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups, + new DeltaTransactionBlock(addUpdate)); + MSentryRole role = sentryStore.getMSentryRoleByName(roleName); + assertEquals(2, role.getGroups().size()); + + // Query the persisted perm change and ensure it equals to the original one + long lastChangeID = sentryStore.getLastProcessedPermChangeID(); + MSentryPermChange addPermChange = sentryStore.getMSentryPermChangeByID(lastChangeID); + assertEquals(addUpdate.JSONSerialize(), addPermChange.getPermChange()); + + // Generate the permission add update for role "test-groups" + PermissionsUpdate delUpdate = new PermissionsUpdate(0, false); + TRoleChanges delrUpdate = delUpdate.addRoleUpdate(roleName); + for (TSentryGroup g : groups) { + delrUpdate.addToDelGroups(g.getGroupName()); + } + + // Revoke the role "test-groups" to the groups and verify. + sentryStore.alterSentryRoleDeleteGroups(roleName, groups, + new DeltaTransactionBlock(delUpdate)); + role = sentryStore.getMSentryRoleByName(roleName); + assertEquals(Collections.emptySet(), role.getGroups()); + + // Query the persisted perm change and ensure it equals to the original one + MSentryPermChange delPermChange = sentryStore.getMSentryPermChangeByID(lastChangeID + 1); + assertEquals(delUpdate.JSONSerialize(), delPermChange.getPermChange()); + } + + @Test + public void testCreateDropRoleWithPermUpdate() throws Exception { + String roleName = "test-drop-role"; + createRole(roleName); + + // Generate the permission del update for dropping role "test-drop-role" + PermissionsUpdate delUpdate = new PermissionsUpdate(0, false); + delUpdate.addPrivilegeUpdate(PermissionsUpdate.ALL_AUTHZ_OBJ).putToDelPrivileges( + roleName, PermissionsUpdate.ALL_AUTHZ_OBJ); + delUpdate.addRoleUpdate(roleName).addToDelGroups(PermissionsUpdate.ALL_GROUPS); + + // Drop the role and verify. + sentryStore.dropSentryRole(roleName, new DeltaTransactionBlock(delUpdate)); + checkRoleDoesNotExist(roleName); + + // Query the persisted perm change and ensure it equals to the original one + long lastChangeID = sentryStore.getLastProcessedPermChangeID(); + MSentryPermChange delPermChange = sentryStore.getMSentryPermChangeByID(lastChangeID); + assertEquals(delUpdate.JSONSerialize(), delPermChange.getPermChange()); + } + + @Test + public void testDropObjWithPermUpdate() throws Exception { + String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2"; + String grantor = "g1"; + sentryStore.createSentryRole(roleName1); + sentryStore.createSentryRole(roleName2); + + String authzObj = "db1.tbl1"; + TSentryPrivilege privilege_tbl1 = new TSentryPrivilege(); + privilege_tbl1.setPrivilegeScope("TABLE"); + privilege_tbl1.setServerName("server1"); + privilege_tbl1.setDbName("db1"); + privilege_tbl1.setTableName("tbl1"); + privilege_tbl1.setCreateTime(System.currentTimeMillis()); + privilege_tbl1.setAction("SELECT"); + + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1); + + // Generate the permission drop update for dropping privilege for "db1.tbl1" + PermissionsUpdate dropUpdate = new PermissionsUpdate(0, false); + dropUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges(PermissionsUpdate.ALL_ROLES, + PermissionsUpdate.ALL_ROLES); + + // Drop the privilege and verify. + sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1), + new DeltaTransactionBlock(dropUpdate)); + assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1).size()); + assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName2).size()); + + // Query the persisted perm change and ensure it equals to the original one + long lastChangeID = sentryStore.getLastProcessedPermChangeID(); + MSentryPermChange dropPermChange = sentryStore.getMSentryPermChangeByID(lastChangeID); + assertEquals(dropUpdate.JSONSerialize(), dropPermChange.getPermChange()); + } + + @Test + public void testRenameObjWithPermUpdate() throws Exception { + String roleName1 = "role1", roleName2 = "role2", roleName3 = "role3"; + String grantor = "g1"; + String table1 = "tbl1", table2 = "tbl2"; + + sentryStore.createSentryRole(roleName1); + + TSentryPrivilege privilege_tbl1 = new TSentryPrivilege(); + privilege_tbl1.setPrivilegeScope("TABLE"); + privilege_tbl1.setServerName("server1"); + privilege_tbl1.setDbName("db1"); + privilege_tbl1.setTableName(table1); + privilege_tbl1.setCreateTime(System.currentTimeMillis()); + privilege_tbl1.setAction(AccessConstants.ALL); + + sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1); + + // Generate the permission rename update for renaming privilege for "db1.tbl1" + String oldAuthz = "db1.tbl1"; + String newAuthz = "db1.tbl2"; + PermissionsUpdate renameUpdate = new PermissionsUpdate(0, false); + TPrivilegeChanges privUpdate = renameUpdate.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS); + privUpdate.putToAddPrivileges(newAuthz, newAuthz); + privUpdate.putToDelPrivileges(oldAuthz, oldAuthz); + + // Rename the privilege and verify. + TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1); + TSentryAuthorizable newTable = toTSentryAuthorizable(privilege_tbl1); + newTable.setTable(table2); + sentryStore.renamePrivilege(oldTable, newTable, new DeltaTransactionBlock(renameUpdate)); + + Set<TSentryPrivilege> privilegeSet = sentryStore.getAllTSentryPrivilegesByRoleName(roleName1); + assertEquals(1, privilegeSet.size()); + for (TSentryPrivilege privilege : privilegeSet) { + assertTrue(table2.equalsIgnoreCase(privilege.getTableName())); + } + + // Query the persisted perm change and ensure it equals to the original one + long lastChangeID = sentryStore.getLastProcessedPermChangeID(); + MSentryPermChange renamePermChange = sentryStore.getMSentryPermChangeByID(lastChangeID); + assertEquals(renameUpdate.JSONSerialize(), renamePermChange.getPermChange()); + } + protected static void addGroupsToUser(String user, String... groupNames) { policyFile.addGroupsToUser(user, groupNames); } http://git-wip-us.apache.org/repos/asf/sentry/blob/ee2d3f7a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java index 1c3a4f2..3827dc5 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java @@ -504,7 +504,7 @@ public class TestSentryStoreImportExport { sentryStore.importSentryMetaData(tSentryMappingData1, false); // drop the role2, the group2 is orphaned group - sentryStore.dropSentryRole("role2"); + sentryStore.dropSentryRole("role2", null); Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap(); Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap(); http://git-wip-us.apache.org/repos/asf/sentry/blob/ee2d3f7a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java index d601b1e..fd97936 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/TestHMSFollower.java @@ -17,13 +17,11 @@ package org.apache.sentry.service.thrift; import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.hive.metastore.HiveMetaStoreClient; import org.apache.hadoop.hive.metastore.api.*; import org.apache.hive.hcatalog.messaging.HCatEventMessage; import org.apache.sentry.binding.metastore.messaging.json.SentryJSONMessageFactory; import org.apache.sentry.provider.db.service.persistent.SentryStore; import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable; -import org.junit.BeforeClass; import org.junit.Test; import org.mockito.Mockito; @@ -56,8 +54,9 @@ public class TestHMSFollower { authorizable.setServer(hiveInstance); authorizable.setDb("db1"); - verify(sentryStore, times(1)).dropPrivilege(authorizable); + verify(sentryStore, times(1)).dropPrivilege(authorizable, HMSFollower.onDropSentryPrivilege(authorizable)); } + @Test public void testDropDatabase() throws Exception { String dbName = "db1"; @@ -76,7 +75,7 @@ public class TestHMSFollower { authorizable.setServer(hiveInstance); authorizable.setDb("db1"); - verify(sentryStore, times(1)).dropPrivilege(authorizable); + verify(sentryStore, times(1)).dropPrivilege(authorizable, HMSFollower.onDropSentryPrivilege(authorizable)) ; } @Test public void testCreateTable() throws Exception { @@ -100,7 +99,7 @@ public class TestHMSFollower { authorizable.setDb("db1"); authorizable.setTable(tableName); - verify(sentryStore, times(1)).dropPrivilege(authorizable); + verify(sentryStore, times(1)).dropPrivilege(authorizable, HMSFollower.onDropSentryPrivilege(authorizable)); } @Test public void testDropTable() throws Exception { @@ -124,7 +123,7 @@ public class TestHMSFollower { authorizable.setDb("db1"); authorizable.setTable(tableName); - verify(sentryStore, times(1)).dropPrivilege(authorizable); + verify(sentryStore, times(1)).dropPrivilege(authorizable, HMSFollower.onDropSentryPrivilege(authorizable)); } @Test public void testRenameTable() throws Exception { @@ -160,6 +159,6 @@ public class TestHMSFollower { newAuthorizable.setDb(newDbName); newAuthorizable.setTable(newTableName); - verify(sentryStore, times(1)).renamePrivilege(authorizable, newAuthorizable); + verify(sentryStore, times(1)).renamePrivilege(authorizable, newAuthorizable, HMSFollower.onRenameSentryPrivilege(authorizable, newAuthorizable)); } }
