http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java new file mode 100644 index 0000000..8de54f6 --- /dev/null +++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.policy.solr; + +import java.io.File; +import java.io.IOException; + +import org.junit.Assert; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FileSystem; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.hdfs.MiniDFSCluster; +import org.apache.sentry.core.common.utils.PolicyFiles; +import org.junit.AfterClass; +import org.junit.BeforeClass; + +public class TestSolrPolicyEngineDFS extends AbstractTestSolrPolicyEngine { + + private static MiniDFSCluster dfsCluster; + private static FileSystem fileSystem; + private static Path root; + private static Path etc; + + @BeforeClass + public static void setupLocalClazz() throws IOException { + File baseDir = getBaseDir(); + Assert.assertNotNull(baseDir); + File dfsDir = new File(baseDir, "dfs"); + Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs()); + Configuration conf = new Configuration(); + conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath()); + dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build(); + fileSystem = dfsCluster.getFileSystem(); + root = new Path(fileSystem.getUri().toString()); + etc = new Path(root, "/etc"); + fileSystem.mkdirs(etc); + } + + @AfterClass + public static void teardownLocalClazz() { + if(dfsCluster != null) { + dfsCluster.shutdown(); + } + } + + @Override + protected void afterSetup() throws IOException { + fileSystem.delete(etc, true); + fileSystem.mkdirs(etc); + PolicyFiles.copyToDir(fileSystem, etc, "solr-policy-test-authz-provider.ini"); + setPolicy(SolrPolicyTestUtil.createPolicyEngineForTest(new Path(etc, + "solr-policy-test-authz-provider.ini").toString())); + } + + @Override + protected void beforeTeardown() throws IOException { + fileSystem.delete(etc, true); + } +}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java new file mode 100644 index 0000000..d138053 --- /dev/null +++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.policy.solr; + +import java.io.File; +import java.io.IOException; + +import org.junit.Assert; + +import org.apache.commons.io.FileUtils; +import org.apache.sentry.core.common.utils.PolicyFiles; + +public class TestSolrPolicyEngineLocalFS extends AbstractTestSolrPolicyEngine { + + @Override + protected void afterSetup() throws IOException { + File baseDir = getBaseDir(); + Assert.assertNotNull(baseDir); + Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs()); + PolicyFiles.copyToDir(baseDir, "solr-policy-test-authz-provider.ini"); + setPolicy(SolrPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "solr-policy-test-authz-provider.ini").getPath())); + } + @Override + protected void beforeTeardown() throws IOException { + File baseDir = getBaseDir(); + Assert.assertNotNull(baseDir); + FileUtils.deleteQuietly(baseDir); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java new file mode 100644 index 0000000..ec72136 --- /dev/null +++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.policy.solr; + +import java.io.File; +import java.io.IOException; +import java.util.Collections; + +import org.junit.Assert; + +import org.apache.commons.io.FileUtils; +import org.apache.sentry.core.common.ActiveRoleSet; +import org.apache.sentry.policy.common.PolicyEngine; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.base.Charsets; +import com.google.common.collect.ImmutableSet; +import com.google.common.collect.Sets; +import com.google.common.io.Files; + +public class TestSolrPolicyNegative { + + @SuppressWarnings("unused") + private static final Logger LOGGER = LoggerFactory + .getLogger(TestSolrPolicyNegative.class); + + private File baseDir; + private File globalPolicyFile; + private File otherPolicyFile; + + @Before + public void setup() { + baseDir = Files.createTempDir(); + globalPolicyFile = new File(baseDir, "global.ini"); + otherPolicyFile = new File(baseDir, "other.ini"); + } + + @After + public void teardown() { + if(baseDir != null) { + FileUtils.deleteQuietly(baseDir); + } + } + + private void append(String from, File to) throws IOException { + Files.append(from + "\n", to, Charsets.UTF_8); + } + + @Test + public void testPerDbFileException() throws Exception { + append("[databases]", globalPolicyFile); + append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile); + append("[groups]", otherPolicyFile); + append("other_group = some_role", otherPolicyFile); + append("[roles]", otherPolicyFile); + append("some_role = collection=c1", otherPolicyFile); + PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); + Assert.assertEquals(Collections.emptySet(), + policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL)); + } + + @Test + public void testCollectionRequiredInRole() throws Exception { + append("[groups]", globalPolicyFile); + append("group = some_role", globalPolicyFile); + append("[roles]", globalPolicyFile); + append("some_role = action=query", globalPolicyFile); + PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); + ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); + Assert.assertTrue(permissions.toString(), permissions.isEmpty()); + } + + @Test + public void testGroupIncorrect() throws Exception { + append("[groups]", globalPolicyFile); + append("group = malicious_role", globalPolicyFile); + append("[roles]", globalPolicyFile); + append("malicious_role = collection=*", globalPolicyFile); + PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); + ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL); + Assert.assertTrue(permissions.toString(), permissions.isEmpty()); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java deleted file mode 100644 index de6d6e0..0000000 --- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.privilege.solr; - -import org.apache.sentry.core.common.Model; -import org.apache.sentry.core.common.utils.KeyValue; -import org.apache.sentry.core.common.utils.SentryConstants; -import org.apache.sentry.core.model.search.SearchConstants; -import org.apache.sentry.core.model.search.SearchPrivilegeModel; -import org.apache.sentry.policy.common.CommonPrivilege; -import org.apache.sentry.policy.common.Privilege; -import org.junit.Before; -import org.junit.Test; - -import java.util.List; - -import static junit.framework.Assert.assertFalse; -import static junit.framework.Assert.assertTrue; - -public class TestCommonPrivilegeForSearch { - - private Model searchPrivilegeModel; - - private static final String ALL = SearchConstants.ALL; - - @Before - public void prepareData() { - searchPrivilegeModel = SearchPrivilegeModel.getInstance(); - } - - @Test - public void testSimpleNoAction() throws Exception { - CommonPrivilege collection1 = create(new KeyValue("collection", "coll1")); - CommonPrivilege collection2 = create(new KeyValue("collection", "coll2")); - CommonPrivilege collection1Case = create(new KeyValue("colleCtIon", "coLl1")); - - assertTrue(collection1.implies(collection1, searchPrivilegeModel)); - assertTrue(collection2.implies(collection2, searchPrivilegeModel)); - assertTrue(collection1.implies(collection1Case, searchPrivilegeModel)); - assertTrue(collection1Case.implies(collection1, searchPrivilegeModel)); - - assertFalse(collection1.implies(collection2, searchPrivilegeModel)); - assertFalse(collection1Case.implies(collection2, searchPrivilegeModel)); - assertFalse(collection2.implies(collection1, searchPrivilegeModel)); - assertFalse(collection2.implies(collection1Case, searchPrivilegeModel)); - } - - @Test - public void testSimpleAction() throws Exception { - CommonPrivilege query = - create(new KeyValue("collection", "coll1"), new KeyValue("action", "query")); - CommonPrivilege update = - create(new KeyValue("collection", "coll1"), new KeyValue("action", "update")); - CommonPrivilege queryCase = - create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy")); - - assertTrue(query.implies(query, searchPrivilegeModel)); - assertTrue(update.implies(update, searchPrivilegeModel)); - assertTrue(query.implies(queryCase, searchPrivilegeModel)); - assertTrue(queryCase.implies(query, searchPrivilegeModel)); - - assertFalse(query.implies(update, searchPrivilegeModel)); - assertFalse(queryCase.implies(update, searchPrivilegeModel)); - assertFalse(update.implies(query, searchPrivilegeModel)); - assertFalse(update.implies(queryCase, searchPrivilegeModel)); - } - - @Test - public void testRoleShorterThanRequest() throws Exception { - CommonPrivilege collection1 = create(new KeyValue("collection", "coll1")); - CommonPrivilege query = - create(new KeyValue("collection", "coll1"), new KeyValue("action", "query")); - CommonPrivilege update = - create(new KeyValue("collection", "coll1"), new KeyValue("action", "update")); - CommonPrivilege all = - create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL)); - - assertTrue(collection1.implies(query, searchPrivilegeModel)); - assertTrue(collection1.implies(update, searchPrivilegeModel)); - assertTrue(collection1.implies(all, searchPrivilegeModel)); - - assertFalse(query.implies(collection1, searchPrivilegeModel)); - assertFalse(update.implies(collection1, searchPrivilegeModel)); - assertTrue(all.implies(collection1, searchPrivilegeModel)); - } - - @Test - public void testCollectionAll() throws Exception { - CommonPrivilege collectionAll = create(new KeyValue("collection", ALL)); - CommonPrivilege collection1 = create(new KeyValue("collection", "coll1")); - assertTrue(collectionAll.implies(collection1, searchPrivilegeModel)); - assertTrue(collection1.implies(collectionAll, searchPrivilegeModel)); - - CommonPrivilege allUpdate = - create(new KeyValue("collection", ALL), new KeyValue("action", "update")); - CommonPrivilege allQuery = - create(new KeyValue("collection", ALL), new KeyValue("action", "query")); - CommonPrivilege coll1Update = - create(new KeyValue("collection", "coll1"), new KeyValue("action", "update")); - CommonPrivilege coll1Query = - create(new KeyValue("collection", "coll1"), new KeyValue("action", "query")); - assertTrue(allUpdate.implies(coll1Update, searchPrivilegeModel)); - assertTrue(allQuery.implies(coll1Query, searchPrivilegeModel)); - assertTrue(coll1Update.implies(allUpdate, searchPrivilegeModel)); - assertTrue(coll1Query.implies(allQuery, searchPrivilegeModel)); - assertFalse(allUpdate.implies(coll1Query, searchPrivilegeModel)); - assertFalse(coll1Update.implies(coll1Query, searchPrivilegeModel)); - assertFalse(allQuery.implies(coll1Update, searchPrivilegeModel)); - assertFalse(coll1Query.implies(allUpdate, searchPrivilegeModel)); - assertFalse(allUpdate.implies(allQuery, searchPrivilegeModel)); - assertFalse(allQuery.implies(allUpdate, searchPrivilegeModel)); - assertFalse(coll1Update.implies(coll1Query, searchPrivilegeModel)); - assertFalse(coll1Query.implies(coll1Update, searchPrivilegeModel)); - - // test different length paths - assertTrue(collectionAll.implies(allUpdate, searchPrivilegeModel)); - assertTrue(collectionAll.implies(allQuery, searchPrivilegeModel)); - assertTrue(collectionAll.implies(coll1Update, searchPrivilegeModel)); - assertTrue(collectionAll.implies(coll1Query, searchPrivilegeModel)); - assertFalse(allUpdate.implies(collectionAll, searchPrivilegeModel)); - assertFalse(allQuery.implies(collectionAll, searchPrivilegeModel)); - assertFalse(coll1Update.implies(collectionAll, searchPrivilegeModel)); - assertFalse(coll1Query.implies(collectionAll, searchPrivilegeModel)); - } - - @Test - public void testActionAll() throws Exception { - CommonPrivilege coll1All = - create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL)); - CommonPrivilege coll1Update = - create(new KeyValue("collection", "coll1"), new KeyValue("action", "update")); - CommonPrivilege coll1Query = - create(new KeyValue("collection", "coll1"), new KeyValue("action", "query")); - assertTrue(coll1All.implies(coll1All, searchPrivilegeModel)); - assertTrue(coll1All.implies(coll1Update, searchPrivilegeModel)); - assertTrue(coll1All.implies(coll1Query, searchPrivilegeModel)); - assertFalse(coll1Update.implies(coll1All, searchPrivilegeModel)); - assertFalse(coll1Query.implies(coll1All, searchPrivilegeModel)); - - // test different lengths - CommonPrivilege coll1 = - create(new KeyValue("collection", "coll1")); - assertTrue(coll1All.implies(coll1, searchPrivilegeModel)); - assertTrue(coll1.implies(coll1All, searchPrivilegeModel)); - } - - @Test - public void testUnexpected() throws Exception { - Privilege p = new Privilege() { - @Override - public boolean implies(Privilege p, Model m) { - return false; - } - - @Override - public List<KeyValue> getAuthorizable() { - return null; - } - }; - Privilege collection1 = create(new KeyValue("collection", "coll1")); - assertFalse(collection1.implies(null, searchPrivilegeModel)); - assertFalse(collection1.implies(p, searchPrivilegeModel)); - assertFalse(collection1.equals(null)); - assertFalse(collection1.equals(p)); - } - - @Test(expected=IllegalArgumentException.class) - public void testNullString() throws Exception { - System.out.println(create((String)null)); - } - - @Test(expected=IllegalArgumentException.class) - public void testEmptyString() throws Exception { - System.out.println(create("")); - } - - @Test(expected=IllegalArgumentException.class) - public void testEmptyKey() throws Exception { - System.out.println(create(SentryConstants.KV_JOINER.join("collection", ""))); - } - - @Test(expected=IllegalArgumentException.class) - public void testEmptyValue() throws Exception { - System.out.println(create(SentryConstants.KV_JOINER.join("", "coll1"))); - } - - @Test(expected=IllegalArgumentException.class) - public void testEmptyPart() throws Exception { - System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER. - join(SentryConstants.KV_JOINER.join("collection1", "coll1"), ""))); - } - - @Test(expected=IllegalArgumentException.class) - public void testOnlySeperators() throws Exception { - System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER. - join(SentryConstants.KV_SEPARATOR, SentryConstants.KV_SEPARATOR, - SentryConstants.KV_SEPARATOR))); - } - - static CommonPrivilege create(KeyValue... keyValues) { - return create(SentryConstants.AUTHORIZABLE_JOINER.join(keyValues)); - } - - static CommonPrivilege create(String s) { - return new CommonPrivilege(s); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java new file mode 100644 index 0000000..6782089 --- /dev/null +++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java @@ -0,0 +1,293 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.privilege.solr; + +import org.apache.sentry.core.common.Model; +import org.apache.sentry.core.common.utils.KeyValue; +import org.apache.sentry.core.common.utils.SentryConstants; +import org.apache.sentry.core.model.solr.SolrConstants; +import org.apache.sentry.core.model.solr.SolrPrivilegeModel; +import org.apache.sentry.policy.common.CommonPrivilege; +import org.apache.sentry.policy.common.Privilege; +import org.junit.Before; +import org.junit.Test; + +import java.util.List; + +import static junit.framework.Assert.assertFalse; +import static junit.framework.Assert.assertTrue; + +/** + * This class implements a set of unit tests designed to verify {@linkplain SolrPrivilegeModel} + */ +public class TestCommonPrivilegeForSolr { + + private Model solrPrivilegeModel; + + private static final String ALL = SolrConstants.ALL; + + @Before + public void prepareData() { + solrPrivilegeModel = SolrPrivilegeModel.getInstance(); + } + + @Test + public void testSimpleNoAction() throws Exception { + CommonPrivilege collection1 = create(new KeyValue("collection", "coll1")); + CommonPrivilege collection2 = create(new KeyValue("collection", "coll2")); + CommonPrivilege collection1Case = create(new KeyValue("colleCtIon", "coLl1")); + + assertTrue(collection1.implies(collection1, solrPrivilegeModel)); + assertTrue(collection2.implies(collection2, solrPrivilegeModel)); + assertTrue(collection1.implies(collection1Case, solrPrivilegeModel)); + assertTrue(collection1Case.implies(collection1, solrPrivilegeModel)); + + assertFalse(collection1.implies(collection2, solrPrivilegeModel)); + assertFalse(collection1Case.implies(collection2, solrPrivilegeModel)); + assertFalse(collection2.implies(collection1, solrPrivilegeModel)); + assertFalse(collection2.implies(collection1Case, solrPrivilegeModel)); + } + + @Test + public void testAdminNoAction() throws Exception { + CommonPrivilege globalAdmin = create(new KeyValue("admin", SolrConstants.ALL)); + CommonPrivilege coreAdmin = create(new KeyValue("admin", "core")); + CommonPrivilege collectionAdmin = create(new KeyValue("admin", "collection")); + CommonPrivilege securityAdmin = create(new KeyValue("admin", "security")); + + assertTrue(coreAdmin.implies(coreAdmin, solrPrivilegeModel)); + assertFalse(coreAdmin.implies(collectionAdmin, solrPrivilegeModel)); + assertFalse(coreAdmin.implies(securityAdmin, solrPrivilegeModel)); + // TODO - Check if this is a bug ? + // assertFalse(coreAdmin.implies(globalAdmin, solrPrivilegeModel)); + + assertTrue(collectionAdmin.implies(collectionAdmin, solrPrivilegeModel)); + assertFalse(collectionAdmin.implies(coreAdmin, solrPrivilegeModel)); + assertFalse(collectionAdmin.implies(securityAdmin, solrPrivilegeModel)); + // TODO - Check if this is a bug ? + // assertFalse(collectionAdmin.implies(globalAdmin, solrPrivilegeModel)); + + assertTrue(securityAdmin.implies(securityAdmin, solrPrivilegeModel)); + assertFalse(securityAdmin.implies(collectionAdmin, solrPrivilegeModel)); + assertFalse(securityAdmin.implies(coreAdmin, solrPrivilegeModel)); + // TODO - Check if this is a bug ? + // assertFalse(securityAdmin.implies(globalAdmin, solrPrivilegeModel)); + + assertTrue(globalAdmin.implies(globalAdmin, solrPrivilegeModel)); + assertTrue(globalAdmin.implies(collectionAdmin, solrPrivilegeModel)); + assertTrue(globalAdmin.implies(coreAdmin, solrPrivilegeModel)); + assertTrue(globalAdmin.implies(securityAdmin, solrPrivilegeModel)); + } + + @Test + public void testSimpleAction() throws Exception { + CommonPrivilege query = + create(new KeyValue("collection", "coll1"), new KeyValue("action", "query")); + CommonPrivilege update = + create(new KeyValue("collection", "coll1"), new KeyValue("action", "update")); + CommonPrivilege queryCase = + create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy")); + + assertTrue(query.implies(query, solrPrivilegeModel)); + assertTrue(update.implies(update, solrPrivilegeModel)); + assertTrue(query.implies(queryCase, solrPrivilegeModel)); + assertTrue(queryCase.implies(query, solrPrivilegeModel)); + + assertFalse(query.implies(update, solrPrivilegeModel)); + assertFalse(queryCase.implies(update, solrPrivilegeModel)); + assertFalse(update.implies(query, solrPrivilegeModel)); + assertFalse(update.implies(queryCase, solrPrivilegeModel)); + } + + @Test + public void testAdminAction() throws Exception { + CommonPrivilege query = + create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("action", "query")); + CommonPrivilege update = + create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("action", "update")); + CommonPrivilege queryCase = + create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("AcTiOn", "QuERy")); + + assertTrue(query.implies(query, solrPrivilegeModel)); + assertTrue(update.implies(update, solrPrivilegeModel)); + assertTrue(query.implies(queryCase, solrPrivilegeModel)); + assertTrue(queryCase.implies(query, solrPrivilegeModel)); + + assertFalse(query.implies(update, solrPrivilegeModel)); + assertFalse(queryCase.implies(update, solrPrivilegeModel)); + assertFalse(update.implies(query, solrPrivilegeModel)); + assertFalse(update.implies(queryCase, solrPrivilegeModel)); + } + + @Test + public void testRoleShorterThanRequest() throws Exception { + CommonPrivilege collection1 = create(new KeyValue("collection", "coll1")); + CommonPrivilege query = + create(new KeyValue("collection", "coll1"), new KeyValue("action", "query")); + CommonPrivilege update = + create(new KeyValue("collection", "coll1"), new KeyValue("action", "update")); + CommonPrivilege all = + create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL)); + + assertTrue(collection1.implies(query, solrPrivilegeModel)); + assertTrue(collection1.implies(update, solrPrivilegeModel)); + assertTrue(collection1.implies(all, solrPrivilegeModel)); + + assertFalse(query.implies(collection1, solrPrivilegeModel)); + assertFalse(update.implies(collection1, solrPrivilegeModel)); + assertTrue(all.implies(collection1, solrPrivilegeModel)); + } + + @Test + public void testAdminRoleShorterThanRequest() throws Exception { + CommonPrivilege globalAdmin = create(new KeyValue("admin", "*")); + CommonPrivilege query = + create(new KeyValue("admin", "core"), new KeyValue("action", "query")); + CommonPrivilege update = + create(new KeyValue("admin", "core"), new KeyValue("action", "update")); + CommonPrivilege all = create(new KeyValue("admin", "*"), new KeyValue("action", ALL)); + + assertTrue(globalAdmin.implies(query, solrPrivilegeModel)); + assertTrue(globalAdmin.implies(update, solrPrivilegeModel)); + assertTrue(globalAdmin.implies(all, solrPrivilegeModel)); + + assertFalse(query.implies(globalAdmin, solrPrivilegeModel)); + assertFalse(update.implies(globalAdmin, solrPrivilegeModel)); + assertTrue(all.implies(globalAdmin, solrPrivilegeModel)); + } + + @Test + public void testCollectionAll() throws Exception { + CommonPrivilege collectionAll = create(new KeyValue("collection", ALL)); + CommonPrivilege collection1 = create(new KeyValue("collection", "coll1")); + assertTrue(collectionAll.implies(collection1, solrPrivilegeModel)); + assertTrue(collection1.implies(collectionAll, solrPrivilegeModel)); + + CommonPrivilege allUpdate = + create(new KeyValue("collection", ALL), new KeyValue("action", "update")); + CommonPrivilege allQuery = + create(new KeyValue("collection", ALL), new KeyValue("action", "query")); + CommonPrivilege coll1Update = + create(new KeyValue("collection", "coll1"), new KeyValue("action", "update")); + CommonPrivilege coll1Query = + create(new KeyValue("collection", "coll1"), new KeyValue("action", "query")); + assertTrue(allUpdate.implies(coll1Update, solrPrivilegeModel)); + assertTrue(allQuery.implies(coll1Query, solrPrivilegeModel)); + assertTrue(coll1Update.implies(allUpdate, solrPrivilegeModel)); + assertTrue(coll1Query.implies(allQuery, solrPrivilegeModel)); + assertFalse(allUpdate.implies(coll1Query, solrPrivilegeModel)); + assertFalse(coll1Update.implies(coll1Query, solrPrivilegeModel)); + assertFalse(allQuery.implies(coll1Update, solrPrivilegeModel)); + assertFalse(coll1Query.implies(allUpdate, solrPrivilegeModel)); + assertFalse(allUpdate.implies(allQuery, solrPrivilegeModel)); + assertFalse(allQuery.implies(allUpdate, solrPrivilegeModel)); + assertFalse(coll1Update.implies(coll1Query, solrPrivilegeModel)); + assertFalse(coll1Query.implies(coll1Update, solrPrivilegeModel)); + + // test different length paths + assertTrue(collectionAll.implies(allUpdate, solrPrivilegeModel)); + assertTrue(collectionAll.implies(allQuery, solrPrivilegeModel)); + assertTrue(collectionAll.implies(coll1Update, solrPrivilegeModel)); + assertTrue(collectionAll.implies(coll1Query, solrPrivilegeModel)); + assertFalse(allUpdate.implies(collectionAll, solrPrivilegeModel)); + assertFalse(allQuery.implies(collectionAll, solrPrivilegeModel)); + assertFalse(coll1Update.implies(collectionAll, solrPrivilegeModel)); + assertFalse(coll1Query.implies(collectionAll, solrPrivilegeModel)); + } + + @Test + public void testActionAll() throws Exception { + CommonPrivilege coll1All = + create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL)); + CommonPrivilege coll1Update = + create(new KeyValue("collection", "coll1"), new KeyValue("action", "update")); + CommonPrivilege coll1Query = + create(new KeyValue("collection", "coll1"), new KeyValue("action", "query")); + assertTrue(coll1All.implies(coll1All, solrPrivilegeModel)); + assertTrue(coll1All.implies(coll1Update, solrPrivilegeModel)); + assertTrue(coll1All.implies(coll1Query, solrPrivilegeModel)); + assertFalse(coll1Update.implies(coll1All, solrPrivilegeModel)); + assertFalse(coll1Query.implies(coll1All, solrPrivilegeModel)); + + // test different lengths + CommonPrivilege coll1 = + create(new KeyValue("collection", "coll1")); + assertTrue(coll1All.implies(coll1, solrPrivilegeModel)); + assertTrue(coll1.implies(coll1All, solrPrivilegeModel)); + } + + @Test + public void testUnexpected() throws Exception { + Privilege p = new Privilege() { + @Override + public boolean implies(Privilege p, Model m) { + return false; + } + + @Override + public List<KeyValue> getAuthorizable() { + return null; + } + }; + Privilege collection1 = create(new KeyValue("collection", "coll1")); + assertFalse(collection1.implies(null, solrPrivilegeModel)); + assertFalse(collection1.implies(p, solrPrivilegeModel)); + assertFalse(collection1.equals(null)); + assertFalse(collection1.equals(p)); + } + + @Test(expected=IllegalArgumentException.class) + public void testNullString() throws Exception { + System.out.println(create((String)null)); + } + + @Test(expected=IllegalArgumentException.class) + public void testEmptyString() throws Exception { + System.out.println(create("")); + } + + @Test(expected=IllegalArgumentException.class) + public void testEmptyKey() throws Exception { + System.out.println(create(SentryConstants.KV_JOINER.join("collection", ""))); + } + + @Test(expected=IllegalArgumentException.class) + public void testEmptyValue() throws Exception { + System.out.println(create(SentryConstants.KV_JOINER.join("", "coll1"))); + } + + @Test(expected=IllegalArgumentException.class) + public void testEmptyPart() throws Exception { + System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER. + join(SentryConstants.KV_JOINER.join("collection1", "coll1"), ""))); + } + + @Test(expected=IllegalArgumentException.class) + public void testOnlySeperators() throws Exception { + System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER. + join(SentryConstants.KV_SEPARATOR, SentryConstants.KV_SEPARATOR, + SentryConstants.KV_SEPARATOR))); + } + + static CommonPrivilege create(KeyValue... keyValues) { + return create(SentryConstants.AUTHORIZABLE_JOINER.join(keyValues)); + } + + static CommonPrivilege create(String s) { + return new CommonPrivilege(s); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini b/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini index 56317db..88b6f14 100644 --- a/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini +++ b/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini @@ -22,9 +22,7 @@ general = corporal_role, sergeant_role, general_role undefinedRoleGroup = undefinedRole [roles] -#test that specification of a bogus action doesn't affect further specifications -corporal_role = collection=info->action=FOOBAR, \ - collection=info->action=query +corporal_role = collection=info->action=query sergeant_role = collection=info->action=update general_role = collection=*->action=* http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-core/pom.xml b/sentry-core/pom.xml index 6b91767..b6256b7 100644 --- a/sentry-core/pom.xml +++ b/sentry-core/pom.xml @@ -32,7 +32,7 @@ limitations under the License. <module>sentry-core-common</module> <module>sentry-core-model-db</module> <module>sentry-core-model-indexer</module> - <module>sentry-core-model-search</module> + <module>sentry-core-model-solr</module> <module>sentry-core-model-sqoop</module> <module>sentry-core-model-kafka</module> </modules> http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/pom.xml b/sentry-core/sentry-core-model-search/pom.xml deleted file mode 100644 index 5917a63..0000000 --- a/sentry-core/sentry-core-model-search/pom.xml +++ /dev/null @@ -1,43 +0,0 @@ -<?xml version="1.0"?> -<!-- -Licensed to the Apache Software Foundation (ASF) under one or more -contributor license agreements. See the NOTICE file distributed with -this work for additional information regarding copyright ownership. -The ASF licenses this file to You under the Apache License, Version 2.0 -(the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. ---> -<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"; xmlns="http://maven.apache.org/POM/4.0.0"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> - <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core</artifactId> - <version>2.0.0-SNAPSHOT</version> - </parent> - - <artifactId>sentry-core-model-search</artifactId> - <name>Sentry Core Model Search</name> - - <dependencies> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> - </dependency> - - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - </dependencies> - -</project> http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java deleted file mode 100644 index 26ea287..0000000 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.model.search; - -public class Collection implements SearchModelAuthorizable { - - /** - * Represents all tables - */ - public static final Collection ALL = new Collection(SearchConstants.ALL); - - private final String name; - - public Collection(String name) { - this.name = name; - } - - @Override - public String getName() { - return name; - } - - @Override - public String toString() { - return "Collection [name=" + name + "]"; - } - - @Override - public AuthorizableType getAuthzType() { - return AuthorizableType.Collection; - } - - @Override - public String getTypeName() { - return getAuthzType().name(); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java deleted file mode 100644 index 2dd9065..0000000 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.model.search; - -/** - * Represents the field authorizable in the solr model - */ -public class Field implements SearchModelAuthorizable{ - - private final String name; - /** - * Represents all fields - */ - public static final Field ALL = new Field(SearchConstants.ALL); - - public Field(String name) { - this.name = name; - } - - @Override - public AuthorizableType getAuthzType() { - return AuthorizableType.Field; - } - - @Override - public String toString() { - return "Field [name=" + name + "]"; - } - - @Override - public String getTypeName() { - return getAuthzType().name(); - } - - @Override - public String getName() { - return name; - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java deleted file mode 100644 index 3f10726..0000000 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java +++ /dev/null @@ -1,80 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.model.search; - -import java.util.List; - -import org.apache.sentry.core.common.BitFieldAction; -import org.apache.sentry.core.common.BitFieldActionFactory; - -import com.google.common.collect.Lists; - -public class SearchActionFactory extends BitFieldActionFactory { - public enum SearchAction { - UPDATE(SearchConstants.UPDATE, 0x0001), - QUERY(SearchConstants.QUERY, 0x0002), - ALL(SearchConstants.ALL, 0x0001|0x0002); - - private String name; - private int code; - private SearchAction(String name, int code) { - this.name = name; - this.code = code; - } - public String getName() { - return name; - } - public int getCode() { - return code; - } - } - - public static class SearchBitFieldAction extends BitFieldAction { - public SearchBitFieldAction(SearchAction action) { - super(action.getName(), action.getCode()); - } - } - - private final static SearchAction[] AllActions = SearchAction.values(); - /** - * One bit set action array, includes UPDATE and QUERY - */ - private final static SearchAction[] OneBitActions = new SearchAction[]{SearchAction.UPDATE, SearchAction.QUERY}; - - @Override - public List<? extends BitFieldAction> getActionsByCode(int actionCode) { - List<SearchBitFieldAction> actions = Lists.newArrayList(); - for (SearchAction action : OneBitActions) { - if ((action.code & actionCode) == action.code) { - actions.add(new SearchBitFieldAction(action)); - } - } - return actions; - } - - @Override - public BitFieldAction getActionByName(String name) { - SearchBitFieldAction val = null; - for (SearchAction action : AllActions) { - if (action.name.equalsIgnoreCase(name)) { - return new SearchBitFieldAction(action); - } - } - return val; - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java deleted file mode 100644 index a2b17fc..0000000 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.model.search; - -public final class SearchConstants { - - public static final String ALL = "*"; - public static final String QUERY = "query"; - public static final String UPDATE = "update"; - /** - * The property of sentry.search.service is used to distinguish itself from multiple search services. For example, there are two - * search services: service1 and service2 implemented authorization via sentry, and it must set the value of - * sentry.search.service=service1 or service2 to communicate with sentry service for authorization - */ - public static final String SENTRY_SEARCH_SERVICE_KEY = "sentry.search.service"; - public static final String SENTRY_SEARCH_SERVICE_DEFAULT = "service1"; - - private SearchConstants() { - // Make constructor private to avoid instantiation - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java deleted file mode 100644 index 48ac267..0000000 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.model.search; - -import org.apache.sentry.core.common.Action; - -/** - * Represents actions in the Search model. - */ -public enum SearchModelAction implements Action { - - UPDATE(SearchConstants.UPDATE), - QUERY(SearchConstants.QUERY), - ALL(SearchConstants.ALL); - - private final String value; - private SearchModelAction(String value) { - this.value = value; - } - - @Override - public String getValue() { - return value; - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java deleted file mode 100644 index 5a55963..0000000 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.model.search; - -import org.apache.sentry.core.common.Authorizable; - -public interface SearchModelAuthorizable extends Authorizable { - - public enum AuthorizableType { - Collection, - Field - }; - - AuthorizableType getAuthzType(); -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java deleted file mode 100644 index 2b190e5..0000000 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.model.search; - -import org.apache.sentry.core.model.search.SearchModelAuthorizable.AuthorizableType; -import org.apache.sentry.core.common.utils.KeyValue; - -public class SearchModelAuthorizables { - - private SearchModelAuthorizables() { - // Make constructor private to avoid instantiation - } - - public static SearchModelAuthorizable from(KeyValue keyValue) { - String prefix = keyValue.getKey().toLowerCase(); - String name = keyValue.getValue().toLowerCase(); - for(AuthorizableType type : AuthorizableType.values()) { - if(prefix.equalsIgnoreCase(type.name())) { - return from(type, name); - } - } - return null; - } - public static SearchModelAuthorizable from(String s) { - return from(new KeyValue(s)); - } - - private static SearchModelAuthorizable from(AuthorizableType type, String name) { - switch (type) { - case Collection: - return new Collection(name); - default: - return null; - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java deleted file mode 100644 index 9429a25..0000000 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.model.search; - -import com.google.common.collect.ImmutableList; -import org.apache.sentry.core.common.BitFieldActionFactory; -import org.apache.sentry.core.common.ImplyMethodType; -import org.apache.sentry.core.common.Model; -import org.apache.sentry.core.common.validator.PrivilegeValidator; -import org.apache.sentry.core.model.search.validator.CollectionRequiredInPrivilege; - -import java.util.HashMap; -import java.util.Map; - -public class SearchPrivilegeModel implements Model { - - private Map<String, ImplyMethodType> implyMethodMap; - private BitFieldActionFactory bitFieldActionFactory; - private static SearchPrivilegeModel searchPrivilegeModel = new SearchPrivilegeModel(); - - private SearchPrivilegeModel() { - implyMethodMap = new HashMap<String, ImplyMethodType>(); - bitFieldActionFactory = new SearchActionFactory(); - - implyMethodMap.put(SearchModelAuthorizable.AuthorizableType.Collection.name().toLowerCase(), ImplyMethodType.STRING); - implyMethodMap.put(SearchModelAuthorizable.AuthorizableType.Field.name().toLowerCase(), ImplyMethodType.STRING); - } - - @Override - public Map<String, ImplyMethodType> getImplyMethodMap() { - return implyMethodMap; - } - - @Override - public BitFieldActionFactory getBitFieldActionFactory() { - return bitFieldActionFactory; - } - - public static SearchPrivilegeModel getInstance() { - return searchPrivilegeModel; - } - - public ImmutableList<PrivilegeValidator> getPrivilegeValidators() { - return ImmutableList.<PrivilegeValidator>of(new CollectionRequiredInPrivilege()); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java deleted file mode 100644 index c06131c..0000000 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.model.search.validator; - -import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SPLITTER; -import static org.apache.sentry.core.common.utils.SentryConstants.PRIVILEGE_PREFIX; - -import java.util.List; - -import org.apache.sentry.core.model.search.SearchModelAuthorizable; -import org.apache.sentry.core.common.validator.PrivilegeValidator; -import org.apache.sentry.core.model.search.SearchModelAuthorizables; -import org.apache.shiro.config.ConfigurationException; - -import com.google.common.annotations.VisibleForTesting; -import com.google.common.collect.Lists; - -public abstract class AbstractSearchPrivilegeValidator implements PrivilegeValidator { - - @VisibleForTesting - public static Iterable<SearchModelAuthorizable> parsePrivilege(String string) { - List<SearchModelAuthorizable> result = Lists.newArrayList(); - System.err.println("privilege = " + string); - for(String section : AUTHORIZABLE_SPLITTER.split(string)) { - // XXX this ugly hack is because action is not an authorizable - if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) { - SearchModelAuthorizable authorizable = SearchModelAuthorizables.from(section); - if(authorizable == null) { - String msg = "No authorizable found for " + section; - throw new ConfigurationException(msg); - } - result.add(authorizable); - } - } - return result; - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java deleted file mode 100644 index 93b3861..0000000 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.model.search.validator; - -import org.apache.sentry.core.common.exception.SentryConfigurationException; -import org.apache.sentry.core.model.search.Collection; -import org.apache.sentry.core.model.search.SearchModelAuthorizable; -import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; - -public class CollectionRequiredInPrivilege extends AbstractSearchPrivilegeValidator { - - @Override - public void validate(PrivilegeValidatorContext context) throws SentryConfigurationException { - String privilege = context.getPrivilege(); - Iterable<SearchModelAuthorizable> authorizables = parsePrivilege(privilege); - boolean foundCollectionInAuthorizables = false; - - for(SearchModelAuthorizable authorizable : authorizables) { - if(authorizable instanceof Collection) { - foundCollectionInAuthorizables = true; - break; - } - } - if(!foundCollectionInAuthorizables) { - String msg = "Missing collection object in " + privilege; - throw new SentryConfigurationException(msg); - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java b/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java deleted file mode 100644 index 2311401..0000000 --- a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.apache.sentry.core.search; -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import org.junit.Assert; - -import org.apache.sentry.core.model.search.Collection; -import org.junit.Test; - -public class TestCollection { - - @Test - public void testSimple() { - String name = "simple"; - Collection simple = new Collection(name); - Assert.assertEquals(simple.getName(), name); - } - - @Test - public void testCollectionAuthzType() { - Collection collection1 = new Collection("collection1"); - Collection collection2 = new Collection("collection2"); - Assert.assertEquals(collection1.getAuthzType(), collection2.getAuthzType()); - Assert.assertEquals(collection1.getTypeName(), collection2.getTypeName()); - } - - // just test it doesn't throw NPE - @Test - public void testNullCollection() { - Collection nullCollection = new Collection(null); - nullCollection.getName(); - nullCollection.toString(); - nullCollection.getAuthzType(); - nullCollection.getTypeName(); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java b/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java deleted file mode 100644 index 0056f40..0000000 --- a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java +++ /dev/null @@ -1,73 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.core.search; - -import org.apache.sentry.core.model.search.SearchActionFactory; -import org.apache.sentry.core.model.search.SearchActionFactory.SearchAction; -import org.apache.sentry.core.model.search.SearchActionFactory.SearchBitFieldAction; -import org.apache.sentry.core.model.search.SearchConstants; -import org.junit.Test; - -import com.google.common.collect.Lists; - -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertEquals; - -public class TestSearchBitFieldAction { - SearchActionFactory actionFactory = new SearchActionFactory(); - - @Test - public void testImpliesAction() { - SearchBitFieldAction updateAction = new SearchBitFieldAction(SearchAction.UPDATE); - SearchBitFieldAction queryAction = new SearchBitFieldAction(SearchAction.QUERY); - SearchBitFieldAction allAction = new SearchBitFieldAction(SearchAction.ALL); - - assertTrue(allAction.implies(queryAction)); - assertTrue(allAction.implies(updateAction)); - assertTrue(allAction.implies(allAction)); - assertTrue(updateAction.implies(updateAction)); - assertTrue(queryAction.implies(queryAction)); - - assertFalse(queryAction.implies(updateAction)); - assertFalse(queryAction.implies(allAction)); - assertFalse(updateAction.implies(queryAction)); - assertFalse(updateAction.implies(allAction)); - } - - @Test - public void testGetActionByName() throws Exception { - SearchBitFieldAction updateAction = (SearchBitFieldAction)actionFactory.getActionByName(SearchConstants.UPDATE); - SearchBitFieldAction queryAction = (SearchBitFieldAction)actionFactory.getActionByName(SearchConstants.QUERY); - SearchBitFieldAction allAction = (SearchBitFieldAction)actionFactory.getActionByName(SearchConstants.ALL); - - assertTrue(updateAction.equals(new SearchBitFieldAction(SearchAction.UPDATE))); - assertTrue(queryAction.equals(new SearchBitFieldAction(SearchAction.QUERY))); - assertTrue(allAction.equals(new SearchBitFieldAction(SearchAction.ALL))); - } - - @Test - public void testGetActionsByCode() throws Exception { - SearchBitFieldAction updateAction = new SearchBitFieldAction(SearchAction.UPDATE); - SearchBitFieldAction queryAction = new SearchBitFieldAction(SearchAction.QUERY); - - assertEquals(Lists.newArrayList(updateAction, queryAction), actionFactory.getActionsByCode(SearchAction.ALL.getCode())); - assertEquals(Lists.newArrayList(updateAction), actionFactory.getActionsByCode(SearchAction.UPDATE.getCode())); - assertEquals(Lists.newArrayList(queryAction), actionFactory.getActionsByCode(SearchAction.QUERY.getCode())); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/pom.xml b/sentry-core/sentry-core-model-solr/pom.xml new file mode 100644 index 0000000..58ae2a7 --- /dev/null +++ b/sentry-core/sentry-core-model-solr/pom.xml @@ -0,0 +1,43 @@ +<?xml version="1.0"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"; xmlns="http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-core</artifactId> + <version>2.0.0-SNAPSHOT</version> + </parent> + + <artifactId>sentry-core-model-solr</artifactId> + <name>Sentry Core Model Solr</name> + + <dependencies> + <dependency> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-core-common</artifactId> + </dependency> + + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + +</project> http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java new file mode 100644 index 0000000..c054b7d --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.sentry.core.model.solr; + +import java.util.Arrays; +import java.util.Collection; + +/** + * This class represents Solr admin operations which includes, + * - Collection admin operations + * - Core admin operations + * - Security configuration management. + * - Reading Solr metrics + * - Solr auto-scaling operations + */ +public class AdminOperation extends SolrModelAuthorizable { + public static Collection<String> ENTITY_NAMES = + Arrays.asList(SolrConstants.ALL, "collections", "cores", "security", "metrics", "autoscaling"); + + public static AdminOperation ALL = new AdminOperation(SolrConstants.ALL); + public static AdminOperation COLLECTIONS = new AdminOperation("collections"); + public static AdminOperation CORES = new AdminOperation("cores"); + public static AdminOperation SECURITY = new AdminOperation("security"); + public static AdminOperation METRICS = new AdminOperation("metrics"); + public static AdminOperation AUTOSCALING = new AdminOperation("autoscaling"); + + public AdminOperation (String name) { + super (AuthorizableType.Admin, name); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java new file mode 100644 index 0000000..0232ec0 --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.model.solr; + +public class Collection extends SolrModelAuthorizable { + + /** + * Represents all tables + */ + public static final Collection ALL = new Collection(SolrConstants.ALL); + + public Collection(String name) { + super (AuthorizableType.Collection, name); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java new file mode 100644 index 0000000..208211e --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.sentry.core.model.solr; + +/** + * This class represents a Solr config-set. + */ +public class Config extends SolrModelAuthorizable { + + public static final Config ALL = new Config(SolrConstants.ALL); + + public Config(String name) { + super (AuthorizableType.Config, name); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java new file mode 100644 index 0000000..554fa08 --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.sentry.core.model.solr; + +/** + * Represents the field authorizable in the solr model + */ +public class Field extends SolrModelAuthorizable { + + /** + * Represents all fields + */ + public static final Field ALL = new Field(SolrConstants.ALL); + + public Field(String name) { + super (AuthorizableType.Field, name); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java new file mode 100644 index 0000000..b5ab6a1 --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.sentry.core.model.solr; + +/** + * This class represents Solr collection/core schema + */ +public class Schema extends SolrModelAuthorizable { + + public static final Schema ALL = new Schema(SolrConstants.ALL); + + public Schema(String name) { + super (AuthorizableType.Schema, name); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java new file mode 100644 index 0000000..567708a --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java @@ -0,0 +1,80 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.model.solr; + +import java.util.List; + +import org.apache.sentry.core.common.BitFieldAction; +import org.apache.sentry.core.common.BitFieldActionFactory; + +import com.google.common.collect.Lists; + +public class SolrActionFactory extends BitFieldActionFactory { + public enum SolrAction { + UPDATE(SolrConstants.UPDATE, 0x0001), + QUERY(SolrConstants.QUERY, 0x0002), + ALL(SolrConstants.ALL, 0x0001|0x0002); + + private String name; + private int code; + private SolrAction(String name, int code) { + this.name = name; + this.code = code; + } + public String getName() { + return name; + } + public int getCode() { + return code; + } + } + + public static class SolrBitFieldAction extends BitFieldAction { + public SolrBitFieldAction(SolrAction action) { + super(action.getName(), action.getCode()); + } + } + + private final static SolrAction[] AllActions = SolrAction.values(); + /** + * One bit set action array, includes UPDATE and QUERY + */ + private final static SolrAction[] OneBitActions = new SolrAction[]{SolrAction.UPDATE, SolrAction.QUERY}; + + @Override + public List<? extends BitFieldAction> getActionsByCode(int actionCode) { + List<SolrBitFieldAction> actions = Lists.newArrayList(); + for (SolrAction action : OneBitActions) { + if ((action.code & actionCode) == action.code) { + actions.add(new SolrBitFieldAction(action)); + } + } + return actions; + } + + @Override + public BitFieldAction getActionByName(String name) { + SolrBitFieldAction val = null; + for (SolrAction action : AllActions) { + if (action.name.equalsIgnoreCase(name)) { + return new SolrBitFieldAction(action); + } + } + return val; + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java new file mode 100644 index 0000000..91dc41e --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.model.solr; + +public final class SolrConstants { + + public static final String ALL = "*"; + public static final String QUERY = "query"; + public static final String UPDATE = "update"; + /** + * The property of sentry.solr.service is used to distinguish itself from multiple solr services. For example, there are two + * solr services: service1 and service2 implemented authorization via sentry, and it must set the value of + * sentry.solr.service=service1 or service2 to communicate with sentry service for authorization + */ + public static final String SENTRY_SOLR_SERVICE_KEY = "sentry.solr.service"; + public static final String SENTRY_SOLR_SERVICE_DEFAULT = "service1"; + + public static final String CORE_ADMIN = "core"; + public static final String COLLECTION_ADMIN = "collection"; + public static final String SECURITY_ADMIN = "security"; + + private SolrConstants() { + // Make constructor private to avoid instantiation + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java new file mode 100644 index 0000000..333ea10 --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.model.solr; + +import org.apache.sentry.core.common.Action; + +/** + * Represents actions in the Solr model. + */ +public enum SolrModelAction implements Action { + + UPDATE(SolrConstants.UPDATE), + QUERY(SolrConstants.QUERY), + ALL(SolrConstants.ALL); + + private final String value; + private SolrModelAction(String value) { + this.value = value; + } + + @Override + public String getValue() { + return value; + } +}
