http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java deleted file mode 100644 index aea44f7..0000000 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.solr.handler.admin; - -import java.util.Map; - -import org.apache.solr.handler.RequestHandlerBase; -import org.apache.solr.cloud.CloudDescriptor; -import org.apache.solr.common.SolrException; -import org.apache.solr.core.SolrCore; -import org.apache.solr.sentry.SentryTestBase; -import org.apache.solr.request.SolrQueryRequest; -import org.apache.solr.request.SolrRequestHandler; -import org.apache.solr.response.SolrQueryResponse; -import org.apache.solr.sentry.SentrySingletonTestInstance; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -public class SecureAdminHandlersTest extends SentryTestBase { - - private static SolrCore core; - private static CloudDescriptor cloudDescriptor; - - @BeforeClass - public static void beforeClass() throws Exception { - core = createCore("solrconfig-secureadmin.xml", "schema-minimal.xml"); - // store the CloudDescriptor, because we will overwrite it with a mock - // and restore it later - cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor(); - // ensure SentrySingletonTestInstance is initialized - SentrySingletonTestInstance.getInstance(); - } - - @AfterClass - public static void afterClass() throws Exception { - closeCore(core, cloudDescriptor); - core = null; - cloudDescriptor = null; - } - - @Override - public void setUp() throws Exception { - super.setUp(core); - } - - @Test - public void testAllAdminHandlersSecured() throws Exception { - int numFound = 0; - for (Map.Entry<String, SolrRequestHandler> entry : core.getRequestHandlers().entrySet() ) { - // see note about ShowFileRequestHandler below - if (entry.getKey().startsWith("/admin/") && !(entry.getValue() instanceof ShowFileRequestHandler)) { - assertTrue(entry.getValue().getClass().getEnclosingClass().equals(SecureAdminHandlers.class)); - ++numFound; - } - } - assertTrue(numFound > 0); - } - - @Test - public void testSecureAdminHandlers() throws Exception { - verifyLuke(); - verifyMBeans(); - verifyPlugins(); - verifyThreads(); - verifyProperties(); - verifyLogging(); - verifyFile(); - } - - private void verifyAuthorized(RequestHandlerBase handler, String collection, String user) throws Exception { - SolrQueryRequest req = getRequest(); - prepareCollAndUser(core, req, collection, user, false); - // just ensure we don't get an unauthorized exception - try { - handler.handleRequestBody(req, new SolrQueryResponse()); - } catch (SolrException ex) { - assertFalse(ex.code() == SolrException.ErrorCode.UNAUTHORIZED.code); - } catch (Throwable t) { - // okay, we only want to verify we didn't get an Unauthorized exception, - // going to treat each handler as a black box. - } - } - - private void verifyUnauthorized(RequestHandlerBase handler, - String collection, String user, boolean shouldFailAdmin) throws Exception { - String exMsgContains = "User " + user + " does not have privileges for " + (shouldFailAdmin?"admin":collection); - SolrQueryRequest req = getRequest(); - prepareCollAndUser(core, req, collection, user, false); - try { - handler.handleRequestBody(req, new SolrQueryResponse()); - Assert.fail("Expected SolrException"); - } catch (SolrException ex) { - assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code); - assertTrue(ex.getMessage().contains(exMsgContains)); - } - } - - private void verifyQueryAccess(RequestHandlerBase handler, boolean checkCollection) throws Exception { - verifyAuthorized(handler, "collection1", "junit"); - verifyAuthorized(handler, "queryCollection", "junit"); - if (checkCollection) { - verifyUnauthorized(handler, "bogusCollection", "junit", false); - verifyUnauthorized(handler, "updateCollection", "junit", false); - } else { - verifyUnauthorized(handler, "collection1", "bogusUser", true); - } - } - - private void verifyQueryAccess(String path, boolean checkCollection) throws Exception { - RequestHandlerBase handler = - (RequestHandlerBase)core.getRequestHandlers().get(path); - verifyQueryAccess(handler, checkCollection); - } - - private void verifyQueryUpdateAccess(String path, boolean checkCollection) throws Exception { - RequestHandlerBase handler = - (RequestHandlerBase)core.getRequestHandlers().get(path); - verifyAuthorized(handler, "collection1", "junit"); - verifyUnauthorized(handler, "collection1", "bogusUser", true); - if (checkCollection) { - verifyUnauthorized(handler, "queryCollection", "junit", false); - verifyUnauthorized(handler, "bogusCollection", "junit", false); - verifyUnauthorized(handler, "updateCollection", "junit", false); - } - } - - private void verifyLuke() throws Exception { - verifyQueryAccess("/admin/luke", true); - } - - private void verifyMBeans() throws Exception { - verifyQueryAccess("/admin/mbeans", true); - } - - private void verifyPlugins() throws Exception { - verifyQueryAccess("/admin/plugins", true); - } - - private void verifyThreads() throws Exception { - verifyQueryAccess("/admin/threads", false); - } - - private void verifyProperties() throws Exception { - verifyQueryAccess("/admin/properties", false); - } - - private void verifyLogging() throws Exception { - verifyQueryUpdateAccess("/admin/logging", false); - } - - private void verifyFile() throws Exception { - // file handler is built-in for backwards compatibility reasons. Thus, - // handler will not be secure, so let's create one to test. - String path = "/admin/file"; - RequestHandlerBase handler = (RequestHandlerBase)core.getRequestHandlers().get(path); - assertFalse(handler instanceof SecureAdminHandlers.SecureShowFileRequestHandler); - handler = new SecureAdminHandlers.SecureShowFileRequestHandler(); - verifyQueryAccess(handler, true); - } -}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java deleted file mode 100644 index 218302e..0000000 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.solr.handler.admin; - -import org.apache.solr.cloud.CloudDescriptor; -import org.apache.solr.core.SolrCore; -import org.apache.solr.common.params.CoreAdminParams; -import org.apache.solr.common.params.CollectionParams.CollectionAction; -import org.apache.solr.common.params.ModifiableSolrParams; -import org.apache.solr.request.SolrQueryRequest; -import org.apache.solr.sentry.SentryTestBase; -import org.apache.solr.sentry.SentrySingletonTestInstance; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; - -public class SecureCollectionsHandlerTest extends SentryTestBase { - - private static SolrCore core; - private static CloudDescriptor cloudDescriptor; - - @BeforeClass - public static void beforeClass() throws Exception { - core = createCore("solrconfig-secureadmin.xml", "schema-minimal.xml"); - // store the CloudDescriptor, because we will overwrite it with a mock - // and restore it later - cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor(); - // ensure SentrySingletonTestInstance is initialized - SentrySingletonTestInstance.getInstance(); - } - - @AfterClass - public static void afterClass() throws Exception { - closeCore(core, cloudDescriptor); - core = null; - cloudDescriptor = null; - } - - @Override - public void setUp() throws Exception { - super.setUp(core); - } - - private SolrQueryRequest getCollectionsRequest(String collection, String user, - CollectionAction action) throws Exception { - SolrQueryRequest req = getRequest(); - prepareCollAndUser(core, req, collection, user, false); - ModifiableSolrParams modParams = new ModifiableSolrParams(req.getParams()); - modParams.set(CoreAdminParams.ACTION, action.name()); - modParams.set("name", collection); - modParams.set("collection", collection); - req.setParams(modParams); - return req; - } - - private void verifyUpdateAccess(CollectionAction action) throws Exception { - CollectionsHandler handler = new SecureCollectionsHandler(h.getCoreContainer()); - verifyAuthorized(handler, getCollectionsRequest("collection1", "junit", action)); - verifyAuthorized(handler, getCollectionsRequest("updateCollection", "junit", action)); - verifyUnauthorized(handler, getCollectionsRequest("queryCollection", "junit", action), "queryCollection", "junit"); - verifyUnauthorized(handler, getCollectionsRequest("bogusCollection", "junit", action), "bogusCollection", "junit"); - } - - @Test - public void testSecureCollectionsHandler() throws Exception { - for (CollectionAction action : CollectionAction.values()) { - verifyUpdateAccess(action); - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java deleted file mode 100644 index f93fb65..0000000 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.solr.handler.admin; - -import java.lang.reflect.Method; -import java.util.Arrays; -import java.util.List; -import java.util.Map; - -import net.sf.cglib.proxy.Enhancer; -import net.sf.cglib.proxy.MethodInterceptor; -import net.sf.cglib.proxy.MethodProxy; - -import org.apache.solr.cloud.CloudDescriptor; -import org.apache.solr.common.params.CoreAdminParams; -import org.apache.solr.common.params.ModifiableSolrParams; -import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction; -import org.apache.solr.core.CoreContainer; -import org.apache.solr.core.SolrCore; -import org.apache.solr.request.SolrQueryRequest; -import org.apache.solr.sentry.SentryTestBase; -import org.apache.solr.sentry.SentrySingletonTestInstance; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; - -public class SecureCoreAdminHandlerTest extends SentryTestBase { - - private static SolrCore core; - private static CloudDescriptor cloudDescriptor; - - public final static List<CoreAdminAction> QUERY_ACTIONS = Arrays.asList( - CoreAdminAction.STATUS, - CoreAdminAction.REQUESTSTATUS); - public final static List<CoreAdminAction> UPDATE_ACTIONS = Arrays.asList( - CoreAdminAction.LOAD, - CoreAdminAction.UNLOAD, - CoreAdminAction.CREATE, - CoreAdminAction.PERSIST, - CoreAdminAction.SWAP, - CoreAdminAction.RENAME, - CoreAdminAction.MERGEINDEXES, - CoreAdminAction.SPLIT, - CoreAdminAction.PREPRECOVERY, - CoreAdminAction.REQUESTRECOVERY, - CoreAdminAction.REQUESTSYNCSHARD, - CoreAdminAction.CREATEALIAS, - CoreAdminAction.DELETEALIAS, - CoreAdminAction.REQUESTAPPLYUPDATES, - CoreAdminAction.REQUESTBUFFERUPDATES, - CoreAdminAction.LOAD_ON_STARTUP, - CoreAdminAction.TRANSIENT, - CoreAdminAction.OVERSEEROP, - // RELOAD needs to go last, because our bogus calls leaves things in a bad state for later calls. - // We could handle this more cleanly at the cost of a lot more creating and deleting cores. - CoreAdminAction.RELOAD - ); - - // These actions require that the collection is specified on the request. - public final static List<CoreAdminAction> REQUIRES_COLLECTION = Arrays.asList( - CoreAdminAction.CREATE - ); - - // actions which don't check the actual collection - public final static List<CoreAdminAction> NO_CHECK_COLLECTIONS = Arrays.asList( - CoreAdminAction.STATUS, - CoreAdminAction.REQUESTSTATUS, - CoreAdminAction.LOAD, - CoreAdminAction.PERSIST, - CoreAdminAction.CREATEALIAS, - CoreAdminAction.DELETEALIAS, - CoreAdminAction.LOAD_ON_STARTUP, - CoreAdminAction.REQUESTBUFFERUPDATES, - CoreAdminAction.OVERSEEROP, - CoreAdminAction.TRANSIENT - ); - - @BeforeClass - public static void beforeClass() throws Exception { - core = createCore("solrconfig-secureadmin.xml", "schema-minimal.xml"); - // store the CloudDescriptor, because we will overwrite it with a mock - // and restore it later - cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor(); - // ensure the SentrySingletonTestInstance is initialized - SentrySingletonTestInstance.getInstance(); - } - - @AfterClass - public static void afterClass() throws Exception { - closeCore(core, cloudDescriptor); - core = null; - cloudDescriptor = null; - } - - @Override - public void setUp() throws Exception { - super.setUp(core); - } - - private SolrQueryRequest getCoreAdminRequest(String collection, String user, - CoreAdminAction action) throws Exception { - SolrQueryRequest req = getRequest(); - prepareCollAndUser(core, req, collection, user, false); - ModifiableSolrParams modParams = new ModifiableSolrParams(req.getParams()); - modParams.set(CoreAdminParams.ACTION, action.name()); - modParams.set(CoreAdminParams.COLLECTION, ""); - modParams.set(CoreAdminParams.CORE, ""); - modParams.set(CoreAdminParams.NAME, ""); - for (SolrCore core : h.getCoreContainer().getCores()) { - if(core.getCoreDescriptor().getCloudDescriptor().getCollectionName().equals(collection)) { - modParams.set(CoreAdminParams.CORE, core.getName()); - modParams.set(CoreAdminParams.NAME, core.getName()); - break; - } - } - if (REQUIRES_COLLECTION.contains(action)) { - modParams.set(CoreAdminParams.COLLECTION, collection); - modParams.set(CoreAdminParams.CORE, core.getName()); - modParams.set(CoreAdminParams.NAME, core.getName()); - } - req.setParams(modParams); - return req; - } - - private void verifyQueryAccess(CoreAdminAction action, boolean checkCollection) throws Exception { - CoreContainer cc = getCleanCoreContainer(action); - CoreAdminHandler handler = new SecureCoreAdminHandler(cc); - verifyAuthorized(handler, getCoreAdminRequest("collection1", "junit", action)); - verifyAuthorized(handler, getCoreAdminRequest("queryCollection", "junit", action)); - if (!checkCollection) { - verifyAuthorized(handler, getCoreAdminRequest("bogusCollection", "junit", action)); - verifyAuthorized(handler, getCoreAdminRequest("updateCollection", "junit", action)); - } else { - verifyUnauthorized(handler, getCoreAdminRequest("bogusCollection", "junit", action), "bogusCollection", "junit"); - verifyUnauthorized(handler, getCoreAdminRequest("updateCollection", "junit", action), "updateCollection", "junit"); - } - } - - private void verifyUpdateAccess(CoreAdminAction action, boolean checkCollection) throws Exception { - CoreContainer cc = getCleanCoreContainer(action); - CoreAdminHandler handler = new SecureCoreAdminHandler(cc); - verifyAuthorized(handler, getCoreAdminRequest("collection1", "junit", action)); - verifyAuthorized(handler, getCoreAdminRequest("updateCollection", "junit", action)); - verifyUnauthorized(handler, getCoreAdminRequest("bogusCollection", "bogusUser", action), "bogusCollection", "bogusUser", true); - if (checkCollection) { - verifyUnauthorized(handler, getCoreAdminRequest("queryCollection", "junit", action), "queryCollection", "junit"); - } - } - - private CoreContainer getZkAwareCoreContainer(final CoreContainer cc) { - Enhancer e = new Enhancer(); - e.setClassLoader(cc.getClass().getClassLoader()); - e.setSuperclass(CoreContainer.class); - e.setCallback(new MethodInterceptor() { - public Object intercept(Object obj, Method method, Object [] args, MethodProxy proxy) throws Throwable { - if (method.getName().equals("isZooKeeperAware")) { - return Boolean.TRUE; - } - return method.invoke(cc, args); - } - }); - return (CoreContainer)e.create(); - } - - private CoreContainer getCleanCoreContainer(CoreAdminAction action) { - // Ensure CoreContainer is empty - for (String coreName : h.getCoreContainer().getCoreNames()) { - h.getCoreContainer().unload(coreName); - } - for (Map.Entry entry : h.getCoreContainer().getCoreInitFailures().entrySet()) { - String coreName = entry.getKey().toString(); - h.getCoreContainer().unload(coreName); - } - // actions that require the collection attempt to read the collection off the CloudDescriptor, which is only - // present when the CoreContainer is ZkAware. - return REQUIRES_COLLECTION.contains(action) ? getZkAwareCoreContainer(h.getCoreContainer()) : h.getCoreContainer(); - } - - @Test - public void testSecureAdminHandler() throws Exception { - for (CoreAdminAction action : QUERY_ACTIONS) { - verifyQueryAccess(action, !NO_CHECK_COLLECTIONS.contains(action)); - } - for (CoreAdminAction action : UPDATE_ACTIONS) { - verifyUpdateAccess(action, !NO_CHECK_COLLECTIONS.contains(action)); - } - } - - @Test - public void testAllActionsChecked() throws Exception { - for (CoreAdminAction action : CoreAdminAction.values()) { - assertTrue(QUERY_ACTIONS.contains(action) || UPDATE_ACTIONS.contains(action)); - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java deleted file mode 100644 index 54784f4..0000000 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.solr.handler.admin; - -import org.apache.solr.cloud.CloudDescriptor; -import org.apache.solr.core.SolrCore; -import org.apache.solr.request.SolrQueryRequest; -import org.apache.solr.sentry.SentryTestBase; -import org.apache.solr.sentry.SentrySingletonTestInstance; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; - -public class SecureInfoHandlerTest extends SentryTestBase { - - private static SolrCore core; - private static CloudDescriptor cloudDescriptor; - - @BeforeClass - public static void beforeClass() throws Exception { - core = createCore("solrconfig-secureadmin.xml", "schema-minimal.xml"); - // store the CloudDescriptor, because we will overwrite it with a mock - // and restore it later - cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor(); - SentrySingletonTestInstance.getInstance(); - } - - @AfterClass - public static void afterClass() throws Exception { - closeCore(core, cloudDescriptor); - core = null; - cloudDescriptor = null; - } - - @Override - public void setUp() throws Exception { - super.setUp(core); - } - - private SolrQueryRequest getInfoRequest(String collection, String user, String path) - throws Exception { - SolrQueryRequest req = getRequest(); - prepareCollAndUser(core, req, collection, user, false); - req.getContext().put("path", path); - return req; - } - - @Test - public void testSecureInfoHandlers() throws Exception { - verifyThreadDumpHandler(); - verifyPropertiesHandler(); - verifyLoggingHandler(); - verifySystemInfoHandler(); - } - - private void verifyQueryAccess(String path) throws Exception { - InfoHandler handler = new SecureInfoHandler(h.getCoreContainer()); - verifyAuthorized(handler, getInfoRequest("collection1", "junit", path)); - verifyAuthorized(handler, getInfoRequest("queryCollection", "junit", path)); - verifyUnauthorized(handler, getInfoRequest("bogusCollection", "bogusUser", path), "bogusCollection", "bogusUser", true); - verifyUnauthorized(handler, getInfoRequest("updateCollection", "updateOnlyAdmin", path), "updateCollection", "updateOnlyAdmin", true); - } - - private void verifyQueryUpdateAccess(String path) throws Exception { - InfoHandler handler = new SecureInfoHandler(h.getCoreContainer()); - verifyAuthorized(handler, getInfoRequest("collection1", "junit", path)); - verifyUnauthorized(handler, getInfoRequest("queryCollection", "queryOnlyAdmin", path), "queryCollection", "queryOnlyAdmin", true); - verifyUnauthorized(handler, getInfoRequest("bogusCollection", "bogusUser", path), "bogusCollection", "bogusUser", true); - verifyUnauthorized(handler, getInfoRequest("updateCollection", "updateOnlyAdmin", path), "updateCollection", "updateOnlyAdmin", true); - } - - private void verifyThreadDumpHandler() throws Exception { - verifyQueryAccess("info/threads"); - } - - private void verifyPropertiesHandler() throws Exception { - verifyQueryAccess("info/properties"); - } - - private void verifyLoggingHandler() throws Exception { - verifyQueryUpdateAccess("info/logging"); - } - - private void verifySystemInfoHandler() throws Exception { - verifyQueryAccess("info/system"); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java deleted file mode 100644 index 1f44628..0000000 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java +++ /dev/null @@ -1,265 +0,0 @@ -package org.apache.solr.handler.component; -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; - -import org.apache.solr.common.params.ModifiableSolrParams; -import org.apache.solr.common.SolrException; -import org.apache.solr.common.params.SolrParams; -import org.apache.solr.common.util.NamedList; -import org.apache.solr.core.SolrCore; -import org.apache.solr.sentry.SentryTestBase; -import org.apache.solr.sentry.SentryIndexAuthorizationSingleton; -import org.apache.solr.sentry.SentrySingletonTestInstance; -import org.apache.solr.request.SolrQueryRequest; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -/** - * Test for QueryIndexAuthorizationComponent - */ -public class QueryDocAuthorizationComponentTest extends SentryTestBase { - private static SolrCore core; - private static SentryIndexAuthorizationSingleton sentryInstance; - - @BeforeClass - public static void beforeClass() throws Exception { - core = createCore("solrconfig.xml", "schema-minimal.xml"); - // store the CloudDescriptor, because we will overwrite it with a mock - // and restore it later - sentryInstance = SentrySingletonTestInstance.getInstance().getSentryInstance(); - } - - @AfterClass - public static void afterClass() throws Exception { - closeCore(core, null); - core = null; - } - - @Override - public void setUp() throws Exception { - super.setUp(core); - } - - private String getClause(String authField, String value) { - StringBuilder builder = new StringBuilder(); - builder.append(" {!raw f=").append(authField) - .append(" v=").append(value).append("}"); - return builder.toString(); - } - - private ResponseBuilder getResponseBuilder() { - SolrQueryRequest request = getRequest(); - return new ResponseBuilder(request, null, null); - } - - private ResponseBuilder runComponent(String user, NamedList args, SolrParams params) - throws Exception { - ResponseBuilder builder = getResponseBuilder(); - prepareCollAndUser(core, builder.req, "collection1", user); - - if (params != null) { - builder.req.setParams(params); - } else { - builder.req.setParams(new ModifiableSolrParams()); - } - - QueryDocAuthorizationComponent component = - new QueryDocAuthorizationComponent(sentryInstance); - component.init(args); - component.prepare(builder); - return builder; - } - - // Clauses are treated as OR, so order does not matter. - private void assertEqualClausesOrderIndependent(String expected, String actual) { - Set<String> expectedSet = new HashSet<String>(Arrays.asList(expected.split("}"))); - Set<String> actualSet = new HashSet<String>(Arrays.asList(actual.split("}"))); - assertEquals(expectedSet, actualSet); - } - - private void checkParams(String[] expected, ResponseBuilder builder) { - final String fieldName = "fq"; - final String [] params = builder.req.getParams().getParams(fieldName); - if (expected == null) { - assertEquals(null, params); - } else { - assertNotNull(params); - assertEquals(expected.length, params.length); - for (int i = 0; i < params.length; ++i) { - assertEqualClausesOrderIndependent(expected[ i ], params[ i ]); - } - } - } - - @Test - public void testSimple() throws Exception { - NamedList args = new NamedList(); - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true"); - ResponseBuilder builder = runComponent("junit", args, null); - - String expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role"); - checkParams(new String[] {expect}, builder); - } - - @Test - public void testEnabled() throws Exception { - // Test empty args - NamedList args = new NamedList(); - ResponseBuilder builder = runComponent("junit", args, null); - checkParams(null, builder); - - // Test enabled false - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "false"); - builder = runComponent("junit", args, null); - checkParams(null, builder); - } - - @Test - public void testAuthFieldNonDefault() throws Exception { - String authField = "nonDefaultAuthField"; - NamedList args = new NamedList(); - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true"); - args.add(QueryDocAuthorizationComponent.AUTH_FIELD_PROP, authField); - ResponseBuilder builder = runComponent("junit", args, null); - - String expect = getClause(authField, "junit_role"); - checkParams(new String[] {expect}, builder); - } - - @Test - public void testSuperUser() throws Exception { - String superUser = (System.getProperty("solr.authorization.superuser", "solr")); - NamedList args = new NamedList(); - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true"); - ResponseBuilder builder = runComponent(superUser, args, null); - prepareCollAndUser(core, builder.req, "collection1", superUser); - - checkParams(null, builder); - } - - @Test - public void testExistingFilterQuery() throws Exception { - ModifiableSolrParams newParams = new ModifiableSolrParams(); - String existingFq = "bogusField:(bogusUser)"; - newParams.add("fq", existingFq); - NamedList args = new NamedList(); - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true"); - ResponseBuilder builder = runComponent("junit", args, newParams); - - String expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role"); - checkParams(new String[] {existingFq, expect} , builder); - } - - /** - * Test a request from a user coming from an empty group. - * This request should be rejected because otherwise document-level - * filtering will be skipped. - */ - @Test - public void testEmptyGroup() throws Exception { - String user = "bogusUser"; - try { - NamedList args = new NamedList(); - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true"); - ResponseBuilder builder = runComponent(user, args, null); - - checkParams(null, builder); - Assert.fail("Expected SolrException"); - } catch (SolrException ex) { - assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code); - assertTrue(ex.getMessage().contains( - user + " rejected because user is not associated with any roles")); - } - } - - /** - * Test a request from a user coming from an empty role. - * This request should be rejected because otherwise document-level - * filtering will be skipped. - */ - @Test - public void testEmptyRole() throws Exception { - String user = "undefinedRoleUser"; - try { - NamedList args = new NamedList(); - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true"); - ResponseBuilder builder = runComponent(user, args, null); - - checkParams(null, builder); - Assert.fail("Expected SolrException"); - } catch (SolrException ex) { - assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code); - assertTrue(ex.getMessage().contains( - user + " rejected because user is not associated with any roles")); - } - } - - @Test - public void testMultipleRoles() throws Exception { - NamedList args = new NamedList(); - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true"); - ResponseBuilder builder = runComponent("multiGroupUser", args, null); - - String expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role") - + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "queryOnlyAdmin_role") - + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "updateOnlyAdmin_role"); - checkParams(new String[] {expect}, builder); - } - - @Test - public void testAllRolesToken() throws Exception { - // test no arg - NamedList args = new NamedList(); - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true"); - ResponseBuilder builder = runComponent("junit", args, null); - String expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role"); - checkParams(new String[] {expect}, builder); - - // test empty string arg - args = new NamedList(); - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true"); - args.add(QueryDocAuthorizationComponent.ALL_ROLES_TOKEN_PROP, ""); - builder = runComponent("junit", args, null); - expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role"); - checkParams(new String[] {expect}, builder); - - String allRolesToken = "specialAllRolesToken"; - args = new NamedList(); - args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true"); - args.add(QueryDocAuthorizationComponent.ALL_ROLES_TOKEN_PROP, allRolesToken); - - // test valid single group - builder = runComponent("junit", args, null); - expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role") - + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, allRolesToken); - checkParams(new String[] {expect}, builder); - - // test valid multiple group - builder = runComponent("multiGroupUser", args, null); - expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role") - + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "queryOnlyAdmin_role") - + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "updateOnlyAdmin_role") - + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, allRolesToken); - checkParams(new String[] {expect}, builder); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java deleted file mode 100644 index a1f3760..0000000 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.apache.solr.handler.component; -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import org.apache.solr.cloud.CloudDescriptor; -import org.apache.solr.common.SolrException; -import org.apache.solr.core.SolrCore; -import org.apache.solr.sentry.SentryIndexAuthorizationSingleton; -import org.apache.solr.sentry.SentryTestBase; -import org.apache.solr.sentry.SentrySingletonTestInstance; -import org.apache.solr.request.SolrQueryRequest; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -/** - * Test for QueryIndexAuthorizationComponent - */ -public class QueryIndexAuthorizationComponentTest extends SentryTestBase { - private static SolrCore core; - private static CloudDescriptor cloudDescriptor; - private static SentryIndexAuthorizationSingleton sentryInstance; - - @BeforeClass - public static void beforeClass() throws Exception { - core = createCore("solrconfig.xml", "schema-minimal.xml"); - // store the CloudDescriptor, because we will overwrite it with a mock - // and restore it later - cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor(); - sentryInstance = SentrySingletonTestInstance.getInstance().getSentryInstance(); - } - - @AfterClass - public static void afterClass() throws Exception { - closeCore(core, cloudDescriptor); - core = null; - cloudDescriptor = null; - } - - @Override - public void setUp() throws Exception { - super.setUp(core); - } - - private void doExpectUnauthorized(SearchComponent component, - ResponseBuilder rb, String msgContains) throws Exception { - try { - component.prepare(rb); - Assert.fail("Expected SolrException"); - } catch (SolrException ex) { - assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code); - assertTrue(ex.getMessage().contains(msgContains)); - } - } - - private void doExpectComponentUnauthorized(SearchComponent component, - String collection, String user) throws Exception { - ResponseBuilder responseBuilder = getResponseBuilder(); - prepareCollAndUser(core, responseBuilder.req, collection, user); - doExpectUnauthorized(component, responseBuilder, - "User " + user + " does not have privileges for " + collection); - } - - private ResponseBuilder getResponseBuilder() { - SolrQueryRequest request = getRequest(); - return new ResponseBuilder(request, null, null); - } - - /** - * Test the QueryIndexAuthorizationComponent on a collection that - * the user has ALL access - */ - @Test - public void testQueryComponentAccessAll() throws Exception { - ResponseBuilder responseBuilder = getResponseBuilder(); - prepareCollAndUser(core, responseBuilder.req, "collection1", "junit"); - QueryIndexAuthorizationComponent query = new QueryIndexAuthorizationComponent(sentryInstance); - query.prepare(responseBuilder); - } - - /** - * Test the QueryIndexAuthorizationComponent on a collection that - * the user has QUERY only access - */ - @Test - public void testQueryComponentAccessQuery() throws Exception { - ResponseBuilder responseBuilder = getResponseBuilder(); - prepareCollAndUser(core, responseBuilder.req, "queryCollection", "junit"); - QueryIndexAuthorizationComponent query = new QueryIndexAuthorizationComponent(sentryInstance); - query.prepare(responseBuilder); - } - - /** - * Test the QueryIndexAuthorizationComponent on a collection that - * the user has UPDATE only access - */ - @Test - public void testQueryComponentAccessUpdate() throws Exception { - doExpectComponentUnauthorized(new QueryIndexAuthorizationComponent(sentryInstance), - "updateCollection", "junit"); - } - - /** - * Test the QueryIndexAuthorizationComponent on a collection that - * the user has no access - */ - @Test - public void testQueryComponentAccessNone() throws Exception { - doExpectComponentUnauthorized(new QueryIndexAuthorizationComponent(sentryInstance), - "noAccessCollection", "junit"); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java deleted file mode 100644 index c294cf3..0000000 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java +++ /dev/null @@ -1,256 +0,0 @@ -package org.apache.solr.sentry; -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import java.lang.reflect.Constructor; -import java.util.Collection; -import java.util.EnumSet; -import java.util.Set; - -import org.apache.commons.collections.CollectionUtils; -import org.apache.sentry.core.model.search.SearchModelAction; -import org.apache.sentry.core.common.exception.SentryGroupNotFoundException; -import org.apache.solr.cloud.CloudDescriptor; -import org.apache.solr.common.SolrException; -import org.apache.solr.common.params.ModifiableSolrParams; -import org.apache.solr.core.SolrCore; -import org.apache.solr.request.LocalSolrQueryRequest; -import org.apache.solr.request.SolrQueryRequest; -import org.apache.solr.request.SolrQueryRequestBase; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.ImmutableSet; - -/** - * Test for SentryIndexAuthorizationSingleton - */ -public class SentryIndexAuthorizationSingletonTest extends SentryTestBase { - - private static SolrCore core; - private static CloudDescriptor cloudDescriptor; - private static SentryIndexAuthorizationSingleton sentryInstance; - - private static final String OPERATION_NAME = "myOperation"; - - @BeforeClass - public static void beforeClass() throws Exception { - core = createCore("solrconfig.xml", "schema-minimal.xml"); - // store the CloudDescriptor, because we will overwrite it with a mock - // and restore it later - cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor(); - sentryInstance = SentrySingletonTestInstance.getInstance().getSentryInstance(); - } - - @AfterClass - public static void afterClass() throws Exception { - closeCore(core, cloudDescriptor); - core = null; - cloudDescriptor = null; - } - - @Override - public void setUp() throws Exception { - super.setUp(core); - } - - /** - * Expect an unauthorized SolrException with a message that contains - * msgContains. - */ - private void doExpectUnauthorized(SolrQueryRequest request, - Set<SearchModelAction> actions, String msgContains) throws Exception { - doExpectUnauthorized(sentryInstance, request, actions, msgContains); - } - - private void doExpectUnauthorized(SentryIndexAuthorizationSingleton singleton, SolrQueryRequest request, - Set<SearchModelAction> actions, String msgContains) throws Exception { - try { - singleton.authorizeCollectionAction(request, actions, OPERATION_NAME); - Assert.fail("Expected SolrException"); - } catch (SolrException ex) { - assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code); - assertTrue(ex.getMessage().contains(msgContains)); - } - } - - private void doExpectExceptionWithoutGroup(SentryIndexAuthorizationSingleton singleton, - SolrQueryRequest request, Set<SearchModelAction> actions) - throws Exception { - try { - singleton.authorizeCollectionAction(request, actions, OPERATION_NAME); - Assert.fail("Expected SentryGroupNotFoundException"); - } catch (SentryGroupNotFoundException ex) { - // excepted exception, do nothing - } - } - - @Test - public void testNoBinding() throws Exception { - // Use reflection to construct a non-singleton version of SentryIndexAuthorizationSingleton - // in order to get an instance without a binding - Constructor ctor = - SentryIndexAuthorizationSingleton.class.getDeclaredConstructor(String.class); - ctor.setAccessible(true); - SentryIndexAuthorizationSingleton nonSingleton = - (SentryIndexAuthorizationSingleton)ctor.newInstance(""); - doExpectUnauthorized(nonSingleton, null, null, "binding"); - - // test getUserName - try { - nonSingleton.getUserName(null); - Assert.fail("Expected Solr exception"); - } catch (SolrException ex) { - assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code); - } - - Collection<String> groups = nonSingleton.getRoles("junit"); - assertEquals(null, groups); - } - - @Test - public void testNoHttpRequest() throws Exception { - SolrQueryRequest request = getRequest(); - doExpectUnauthorized(request, null, "HttpServletRequest"); - } - - @Test - public void testNullUserName() throws Exception { - SolrQueryRequest request = getRequest(); - prepareCollAndUser(core, request, "collection1", null); - doExpectExceptionWithoutGroup(sentryInstance, request, EnumSet.of(SearchModelAction.ALL)); - } - - @Test - public void testEmptySuperUser() throws Exception { - System.setProperty("solr.authorization.superuser", ""); - SolrQueryRequest request = getRequest(); - prepareCollAndUser(core, request, "collection1", "solr"); - doExpectExceptionWithoutGroup(sentryInstance, request, EnumSet.of(SearchModelAction.ALL)); - } - - /** - * User name matches super user, should have access otherwise - */ - @Test - public void testSuperUserAccess() throws Exception { - System.setProperty("solr.authorization.superuser", "junit"); - SolrQueryRequest request = getRequest(); - prepareCollAndUser(core, request, "collection1", "junit"); - - sentryInstance.authorizeCollectionAction( - request, EnumSet.of(SearchModelAction.ALL), OPERATION_NAME); - } - - /** - * User name matches super user, should not have access otherwise - */ - @Test - public void testSuperUserNoAccess() throws Exception { - System.setProperty("solr.authorization.superuser", "junit"); - SolrQueryRequest request = getRequest(); - prepareCollAndUser(core, request, "bogusCollection", "junit"); - - sentryInstance.authorizeCollectionAction( - request, EnumSet.of(SearchModelAction.ALL), OPERATION_NAME); - } - - /** - * Test getting the user name. - */ - @Test - public void testUserName() throws Exception { - SolrQueryRequest request = null; - try { - // no http request - request = new SolrQueryRequestBase( core, new ModifiableSolrParams() ) {}; - try { - sentryInstance.getUserName(request); - Assert.fail("Expected SolrException"); - } catch (SolrException ex) { - assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code); - } - - // no http request, but LocalSolrQueryRequest - LocalSolrQueryRequest localRequest = null; - try { - localRequest = new LocalSolrQueryRequest(null, new ModifiableSolrParams()); - String superUser = (System.getProperty("solr.authorization.superuser", "solr")); - String localName = sentryInstance.getUserName(localRequest); - assertEquals(superUser, localName); - } finally { - if (localRequest != null) { - localRequest.close(); - } - } - - // null userName - SolrQueryRequest sqr = getRequest(); - prepareCollAndUser(core, sqr, "collection", null, true); - String nullName = sentryInstance.getUserName(sqr); - assertEquals(null, nullName); - - // standard userName - String userName = "foobar"; - prepareCollAndUser(core, sqr, "collection", userName, true); - String returnedName = sentryInstance.getUserName(sqr); - assertEquals(userName, returnedName); - } finally { - if (request != null) { - request.close(); - } - } - } - - /** - * Test getting the roles from user name - */ - @Test - public void testGetRoles() throws Exception { - Collection<String> emptyCollection = ImmutableSet.<String>of(); - - // null user - try { - sentryInstance.getRoles(null); - Assert.fail("Excepted SentryGroupNotFoundException"); - } catch (SentryGroupNotFoundException e) { - } - - // no group - try { - sentryInstance.getRoles("withoutGroupUser"); - Assert.fail("Excepted SentryGroupNotFoundException"); - } catch (SentryGroupNotFoundException e) { - } - - // no role - Collection<String> roles = sentryInstance.getRoles("undefinedRoleUser"); - assertTrue(CollectionUtils.isEqualCollection(emptyCollection, roles)); - - // single member - Collection<String> singleRole = ImmutableSet.<String>of("junit_role"); - roles = sentryInstance.getRoles("junit"); - assertTrue(CollectionUtils.isEqualCollection(singleRole, roles)); - - // multiple members - Collection<String> multipleRoles = ImmutableSet.<String>of("junit_role", "queryOnlyAdmin_role", "updateOnlyAdmin_role"); - roles = sentryInstance.getRoles("multiGroupUser"); - assertTrue(CollectionUtils.isEqualCollection(multipleRoles, roles)); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java deleted file mode 100644 index 579f791..0000000 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.solr.sentry; - -import java.io.File; -import java.lang.reflect.Constructor; - -import org.apache.commons.io.FileUtils; -import org.apache.solr.SolrTestCaseJ4; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import org.apache.commons.codec.Charsets; - -/** - * Provides SentryIndexAuthorizationSingleton instance for use with - * sentry-related unit tests. In the unit tests, the primary - * SentryIndexAuthorizationSingleton will be initialized without a sentry-site, - * thus Sentry checking will not occur. The SentryIndexAuthorizationSingleton - * provided by getInstance in this class will be properly initialized for Sentry checking. - * - * NOTE: this is a hack, as there are multiple "singletons". It may be cleaner - * to just force the Sentry related tests to run in their own JVMs, so they - * will always have the properly-initialized SentryIndexAuthorizationSingleton. - */ -public class SentrySingletonTestInstance { - private static final Logger LOGGER = LoggerFactory.getLogger(SentrySingletonTestInstance.class); - - private static SentrySingletonTestInstance INSTANCE = new SentrySingletonTestInstance(); - private SentryIndexAuthorizationSingleton sentryInstance; - private File sentrySite; - - private void addPropertyToSentry(StringBuilder builder, String name, String value) { - builder.append("<property>\n"); - builder.append("<name>").append(name).append("</name>\n"); - builder.append("<value>").append(value).append("</value>\n"); - builder.append("</property>\n"); - } - - public void setupSentry() throws Exception { - sentrySite = File.createTempFile("sentry-site", "xml"); - File authProviderDir = SolrTestCaseJ4.getFile("sentry-handlers/sentry"); - sentrySite.deleteOnExit(); - - // need to write sentry-site at execution time because we don't know - // the location of sentry.solr.provider.resource beforehand - StringBuilder sentrySiteData = new StringBuilder(); - sentrySiteData.append("<configuration>\n"); - addPropertyToSentry(sentrySiteData, "sentry.provider", - "org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider"); - addPropertyToSentry(sentrySiteData, "sentry.solr.provider.resource", - new File(authProviderDir.toString(), "test-authz-provider.ini").toURI().toURL().toString()); - sentrySiteData.append("</configuration>\n"); - FileUtils.writeStringToFile(sentrySite,sentrySiteData.toString(), Charsets.UTF_8.toString()); - } - - private SentrySingletonTestInstance() { - try { - setupSentry(); - Constructor ctor = - SentryIndexAuthorizationSingleton.class.getDeclaredConstructor(String.class); - ctor.setAccessible(true); - sentryInstance = - (SentryIndexAuthorizationSingleton)ctor.newInstance(sentrySite.toURI().toURL().toString().substring("file:".length())); - // ensure all SecureAdminHandlers use this instance - SecureRequestHandlerUtil.testOverride = sentryInstance; - } catch (Exception ex) { - LOGGER.error("Unable to create SentrySingletonTestInstance", ex); - } - } - - public static SentrySingletonTestInstance getInstance() { - return INSTANCE; - } - - public SentryIndexAuthorizationSingleton getSentryInstance() { - return sentryInstance; - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java deleted file mode 100644 index e1a1ba8..0000000 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java +++ /dev/null @@ -1,187 +0,0 @@ -package org.apache.solr.sentry; -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import javax.servlet.http.HttpServletRequest; - -import org.apache.solr.SolrTestCaseJ4; -import org.apache.solr.cloud.CloudDescriptor; -import org.apache.solr.common.SolrException; -import org.apache.solr.common.params.ModifiableSolrParams; -import org.apache.solr.core.CoreDescriptor; -import org.apache.solr.core.SolrCore; -import org.apache.solr.handler.RequestHandlerBase; -import org.apache.solr.request.SolrQueryRequest; -import org.apache.solr.request.SolrQueryRequestBase; -import org.apache.solr.request.SolrRequestHandler; -import org.apache.solr.response.SolrQueryResponse; -import org.easymock.EasyMock; -import org.easymock.IExpectationSetters; - -import java.lang.reflect.Field; - -import org.junit.Assert; - -import static org.apache.solr.sentry.SentryIndexAuthorizationSingleton.USER_NAME; -import static org.apache.solr.sentry.SentryIndexAuthorizationSingleton.DO_AS_USER_NAME; - -/** - * Base class for Sentry tests - */ -public abstract class SentryTestBase extends SolrTestCaseJ4 { - - private SolrQueryRequest request; - - public void setUp(SolrCore core) throws Exception { - super.setUp(); - request = new SolrQueryRequestBase( core, new ModifiableSolrParams() ) { }; - } - - @Override - public void tearDown() throws Exception { - super.tearDown(); - request.close(); - } - - public static SolrCore createCore(String solrconfig, String schema) throws Exception { - initCore(solrconfig, schema, "sentry-handlers/solr"); - return h.getCoreContainer().getCore("collection1"); - } - - public static void closeCore(SolrCore coreToClose, CloudDescriptor cloudDescriptor) - throws Exception { - if (cloudDescriptor != null) { - CoreDescriptor coreDescriptor = coreToClose.getCoreDescriptor(); - Field cloudDescField = CoreDescriptor.class.getDeclaredField("cloudDesc"); - cloudDescField.setAccessible(true); - cloudDescField.set(coreDescriptor, cloudDescriptor); - } - coreToClose.close(); - } - - protected SolrQueryRequest getRequest() { - return request; - } - - protected SolrQueryRequest prepareCollAndUser(SolrCore core, SolrQueryRequest request, - String collection, String user) throws Exception { - return prepareCollAndUser(core, request, collection, user, true); - } - - protected SolrQueryRequest prepareCollAndUser(SolrCore core, SolrQueryRequest request, - String collection, String user, boolean onlyOnce) throws Exception { - CloudDescriptor mCloudDescriptor = EasyMock.createMock(CloudDescriptor.class); - IExpectationSetters getCollNameExpect = EasyMock.expect(mCloudDescriptor.getCollectionName()).andReturn(collection); - getCollNameExpect.anyTimes(); - IExpectationSetters getShardIdExpect = EasyMock.expect(mCloudDescriptor.getShardId()).andReturn("shard1"); - getShardIdExpect.anyTimes(); - EasyMock.replay(mCloudDescriptor); - CoreDescriptor coreDescriptor = core.getCoreDescriptor(); - Field cloudDescField = CoreDescriptor.class.getDeclaredField("cloudDesc"); - cloudDescField.setAccessible(true); - cloudDescField.set(coreDescriptor, mCloudDescriptor); - - HttpServletRequest httpServletRequest = EasyMock.createMock(HttpServletRequest.class); - IExpectationSetters getAttributeUserExpect = - EasyMock.expect(httpServletRequest.getAttribute(USER_NAME)).andReturn(user); - if (!onlyOnce) { - getAttributeUserExpect.anyTimes(); - } - IExpectationSetters getAttributeDoAsUserExpect = - EasyMock.expect(httpServletRequest.getAttribute(DO_AS_USER_NAME)).andReturn(null); - if (!onlyOnce) { - getAttributeDoAsUserExpect.anyTimes(); - } - EasyMock.replay(httpServletRequest); - request.getContext().put("httpRequest", httpServletRequest); - return request; - } - - private void verifyAuthorized(SolrRequestHandler handler, - RequestHandlerBase handlerBase, SolrQueryRequest req) throws Exception { - assert((handler == null && handlerBase != null) - || (handler != null && handlerBase == null)); - SolrQueryResponse rsp = new SolrQueryResponse(); - // just ensure we don't get an unauthorized exception - try { - if (handler != null) { - handler.handleRequest(req, rsp); - } else { - handlerBase.handleRequestBody(req, rsp); - } - } catch (SolrException ex) { - assertFalse(ex.code() == SolrException.ErrorCode.UNAUTHORIZED.code); - } catch (Exception ex) { - // okay, we only want to verify we didn't get an Unauthorized exception, - // going to treat each handler as a black box. - } - } - - protected void verifyAuthorized(RequestHandlerBase handlerBase, - SolrQueryRequest req) throws Exception { - verifyAuthorized(null, handlerBase, req); - } - - - protected void verifyAuthorized(SolrRequestHandler handler, - SolrQueryRequest req) throws Exception { - verifyAuthorized(handler, null, req); - } - - protected void verifyUnauthorized(SolrRequestHandler handler, - RequestHandlerBase handlerBase, SolrQueryRequest req, String collection, String user, boolean shouldFailAdmin) - throws Exception { - assert((handler == null && handlerBase != null) - || (handler != null && handlerBase == null)); - String exMsgContains = "User " + user + " does not have privileges for " + (shouldFailAdmin?"admin":collection); - SolrQueryResponse rsp = new SolrQueryResponse(); - try { - if (handler!= null) { - handler.handleRequest(req, rsp); - if (rsp.getException() != null) { - throw rsp.getException(); - } - } else { - handlerBase.handleRequestBody(req, rsp); - if (rsp.getException() != null) { - throw rsp.getException(); - } - } - Assert.fail("Expected SolrException"); - } catch (SolrException ex) { - assertEquals(SolrException.ErrorCode.UNAUTHORIZED.code, ex.code()); - assertTrue(ex.getMessage().contains(exMsgContains)); - } catch (Exception ex) { - Assert.fail("Expected SolrException"); - } - } - - protected void verifyUnauthorized(RequestHandlerBase handlerBase, - SolrQueryRequest req, String collection, String user, boolean shouldFailAdmin) throws Exception { - verifyUnauthorized(null, handlerBase, req, collection, user, shouldFailAdmin); - } - - protected void verifyUnauthorized(RequestHandlerBase handlerBase, - SolrQueryRequest req, String collection, String user) throws Exception { - verifyUnauthorized(null, handlerBase, req, collection, user, false); - } - - protected void verifyUnauthorized(SolrRequestHandler handler, - SolrQueryRequest req, String collection, String user) throws Exception { - verifyUnauthorized(handler, null, req, collection, user, false); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java deleted file mode 100644 index 630ca7c..0000000 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java +++ /dev/null @@ -1,193 +0,0 @@ -package org.apache.solr.update.processor; -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import java.lang.reflect.Method; -import java.lang.reflect.Modifier; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.TreeSet; - -import org.apache.commons.lang.mutable.MutableInt; -import org.apache.solr.cloud.CloudDescriptor; -import org.apache.solr.common.SolrException; -import org.apache.solr.common.params.MapSolrParams; -import org.apache.solr.core.SolrCore; -import org.apache.solr.request.SolrQueryRequest; -import org.apache.solr.request.SolrQueryRequestBase; -import org.apache.solr.sentry.SentrySingletonTestInstance; -import org.apache.solr.sentry.SentryTestBase; -import org.apache.solr.update.AddUpdateCommand; -import org.apache.solr.update.CommitUpdateCommand; -import org.apache.solr.update.DeleteUpdateCommand; -import org.apache.solr.update.MergeIndexesCommand; -import org.apache.solr.update.RollbackUpdateCommand; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; - -/** - * Test for UpdateIndexAuthorizationProcessor - */ -public class UpdateIndexAuthorizationProcessorTest extends SentryTestBase { - - private List<String> methodNames = Arrays.asList("processAdd", "processDelete", - "processMergeIndexes","processCommit", "processRollback", "finish"); - - private static SolrCore core; - private static CloudDescriptor cloudDescriptor; - - @BeforeClass - public static void beforeClass() throws Exception { - core = createCore("solrconfig.xml", "schema-minimal.xml"); - // store the CloudDescriptor, because we will overwrite it with a mock - // and restore it later - cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor(); - } - - @AfterClass - public static void afterClass() throws Exception { - closeCore(core, cloudDescriptor); - core = null; - cloudDescriptor = null; - } - - @Override - public void setUp() throws Exception { - super.setUp(core); - } - - private void verifyAuthorized(String collection, String user) throws Exception { - SolrQueryRequestBase req = new SolrQueryRequestBase(core, new MapSolrParams(new HashMap())) {}; - getProcessor(collection, user).processAdd(new AddUpdateCommand(req)); - getProcessor(collection, user).processDelete(new DeleteUpdateCommand(req)); - DeleteUpdateCommand deleteByQueryCommand = new DeleteUpdateCommand(req); - deleteByQueryCommand.setQuery("*:*"); - getProcessor(collection, user).processDelete(deleteByQueryCommand); - getProcessor(collection, user).processMergeIndexes(new MergeIndexesCommand(null, req)); - getProcessor(collection, user).processCommit(new CommitUpdateCommand(req, false)); - getProcessor(collection, user).processRollback(new RollbackUpdateCommand(req)); - getProcessor(collection, user).finish(); - } - - private void verifyUnauthorizedException(SolrException ex, String exMsgContains, MutableInt numExceptions) { - assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code); - assertTrue(ex.getMessage().contains(exMsgContains)); - numExceptions.add(1); - } - - private void verifyUnauthorized(String collection, String user) throws Exception { - MutableInt numExceptions = new MutableInt(0); - String contains = "User " + user + " does not have privileges for " + collection; - SolrQueryRequestBase req = new SolrQueryRequestBase(core, new MapSolrParams(new HashMap())) {}; - - try { - getProcessor(collection, user).processAdd(new AddUpdateCommand(req)); - } catch(SolrException ex) { - verifyUnauthorizedException(ex, contains, numExceptions); - } - try { - getProcessor(collection, user).processDelete(new DeleteUpdateCommand(req)); - } catch(SolrException ex) { - verifyUnauthorizedException(ex, contains, numExceptions); - } - try { - getProcessor(collection, user).processMergeIndexes(new MergeIndexesCommand(null, req)); - } catch(SolrException ex) { - verifyUnauthorizedException(ex, contains, numExceptions); - } - try { - getProcessor(collection, user).processCommit(new CommitUpdateCommand(req, false)); - } catch(SolrException ex) { - verifyUnauthorizedException(ex, contains, numExceptions); - } - try { - getProcessor(collection, user).processRollback(new RollbackUpdateCommand(req)); - } catch(SolrException ex) { - verifyUnauthorizedException(ex, contains, numExceptions); - } - try { - getProcessor(collection, user).finish(); - } catch(SolrException ex) { - verifyUnauthorizedException(ex, contains, numExceptions); - } - - assertEquals(methodNames.size(), numExceptions.intValue()); - } - - private UpdateIndexAuthorizationProcessor getProcessor(String collection, String user) - throws Exception { - SolrQueryRequest request = getRequest(); - prepareCollAndUser(core, request, collection, user); - return new UpdateIndexAuthorizationProcessor( - SentrySingletonTestInstance.getInstance().getSentryInstance(), request, null); - } - - /** - * Test the UpdateIndexAuthorizationComponent on a collection that - * the user has ALL access - */ - @Test - public void testUpdateComponentAccessAll() throws Exception { - verifyAuthorized("collection1", "junit"); - } - - /** - * Test the UpdateIndexAuthorizationComponent on a collection that - * the user has UPDATE only access - */ - @Test - public void testUpdateComponentAccessUpdate() throws Exception { - verifyAuthorized("updateCollection", "junit"); - } - - /** - * Test the UpdateIndexAuthorizationComponent on a collection that - * the user has QUERY only access - */ - @Test - public void testUpdateComponentAccessQuery() throws Exception { - verifyUnauthorized("queryCollection", "junit"); - } - - /** - * Test the UpdateIndexAuthorizationComponent on a collection that - * the user has no access - */ - @Test - public void testUpdateComponentAccessNone() throws Exception { - verifyUnauthorized("noAccessCollection", "junit"); - } - - /** - * Ensure no new methods have been added to base class that are not invoking - * Sentry - */ - @Test - public void testAllMethodsChecked() throws Exception { - Method [] methods = UpdateRequestProcessor.class.getDeclaredMethods(); - TreeSet<String> foundNames = new TreeSet<String>(); - for (Method method : methods) { - if (Modifier.isPublic(method.getModifiers())) { - foundNames.add(method.getName()); - } - } - assertEquals(methodNames.size(), foundNames.size()); - assertTrue(foundNames.containsAll(methodNames)); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-solr/pom.xml b/sentry-tests/sentry-tests-solr/pom.xml index 311e441..723fa9d 100644 --- a/sentry-tests/sentry-tests-solr/pom.xml +++ b/sentry-tests/sentry-tests-solr/pom.xml @@ -28,49 +28,141 @@ limitations under the License. <artifactId>sentry-tests-solr</artifactId> <name>Sentry Solr Tests</name> <description>end to end tests for sentry-solr integration</description> + <properties> + <!-- Harmonize the jetty version with the SOLR version --> + <jettyVersion>9.3.20.v20170531</jettyVersion> + </properties> <dependencies> <dependency> <groupId>org.apache.sentry</groupId> <artifactId>sentry-binding-solr</artifactId> - <type>test-jar</type> + <exclusions> + <exclusion> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-provider-db</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.hive</groupId> + <artifactId>hive-shims</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.hive</groupId> + <artifactId>hive-service</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> - <groupId>org.apache.solr</groupId> - <artifactId>solr-test-framework</artifactId> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-provider-db</artifactId> + <exclusions> + <exclusion> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-core-common</artifactId> + </exclusion> + <exclusion> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-util</artifactId> + </exclusion> + <exclusion> + <groupId>org.eclipse.jetty.aggregate</groupId> + <artifactId>jetty-all</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.hive</groupId> + <artifactId>hive-beeline</artifactId> + </exclusion> + <exclusion> + <groupId>com.codahale.metrics</groupId> + <artifactId>metrics-core</artifactId> + </exclusion> + <exclusion> + <groupId>com.codahale.metrics</groupId> + <artifactId>metrics-jvm</artifactId> + </exclusion> + <exclusion> + <groupId>com.codahale.metrics</groupId> + <artifactId>metrics-servlets</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-mapreduce-client-jobclient</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.hive</groupId> + <artifactId>hive-metastore</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.hive</groupId> + <artifactId>hive-common</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.hive</groupId> + <artifactId>hive-metastore</artifactId> + <exclusions> + <exclusion> + <groupId>org.eclipse.jetty.aggregate</groupId> + <artifactId>jetty-all</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.hbase</groupId> + <artifactId>hbase-client</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.hive</groupId> + <artifactId>hive-common</artifactId> + <exclusions> + <exclusion> + <groupId>org.eclipse.jetty.orbit</groupId> + <artifactId>javax.servlet</artifactId> + </exclusion> + <exclusion> + <groupId>org.eclipse.jetty.aggregate</groupId> + <artifactId>jetty-all</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>solr-sentry-handlers</artifactId> + <artifactId>sentry-core-common</artifactId> + <exclusions> + <exclusion> + <groupId>org.apache.hive.shims</groupId> + <artifactId>hive-shims-0.23</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-provider-db</artifactId> + <artifactId>solr-sentry-handlers</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.apache.solr</groupId> - <artifactId>solr-solrj</artifactId> + <artifactId>solr-test-framework</artifactId> </dependency> - <!-- - Solr is using old Jetty 6.1.26 and Sentry is using more recent Jetty. - Since the test combines Solr and Sentry in the same JVM, here we need to specify - dependency on Jetty 6.1.26, otherwise Solr e2e tests tests are not working properly. - --> <dependency> - <groupId>org.mortbay.jetty</groupId> - <artifactId>jetty-util</artifactId> - <version>6.1.26</version> + <groupId>org.apache.solr</groupId> + <artifactId>solr-solrj</artifactId> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-server</artifactId> - <version>8.1.10.v20130312</version> + <version>${jettyVersion}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-servlet</artifactId> - <version>8.1.10.v20130312</version> + <version>${jettyVersion}</version> + </dependency> + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-util</artifactId> + <version>${jettyVersion}</version> </dependency> <dependency> <groupId>org.apache.hadoop</groupId> @@ -80,37 +172,86 @@ limitations under the License. <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> </exclusion> + <exclusion> + <groupId>org.mortbay.jetty</groupId> + <artifactId>jetty</artifactId> + </exclusion> + <exclusion> + <groupId>org.mortbay.jetty</groupId> + <artifactId>jetty-util</artifactId> + </exclusion> </exclusions> </dependency> <dependency> - <groupId>org.apache.hadoop</groupId> - <artifactId>hadoop-minicluster</artifactId> + <groupId>org.apache.hive</groupId> + <artifactId>hive-service</artifactId> + <version>${hive.version}</version> <exclusions> <exclusion> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> </exclusion> + <exclusion> + <groupId>org.eclipse.jetty.aggregate</groupId> + <artifactId>jetty-all</artifactId> + </exclusion> </exclusions> </dependency> <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-core</artifactId> - <version>${datanucleus-core.version}</version> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-http</artifactId> + <version>${jettyVersion}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>io.dropwizard.metrics</groupId> + <artifactId>metrics-core</artifactId> + <version>3.2.2</version> </dependency> <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-api-jdo</artifactId> - <version>${datanucleus-api-jdo.version}</version> + <groupId>io.dropwizard.metrics</groupId> + <artifactId>metrics-jvm</artifactId> + <version>3.2.2</version> </dependency> <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>datanucleus-rdbms</artifactId> - <version>${datanucleus-rdbms.version}</version> + <groupId>io.dropwizard.metrics</groupId> + <artifactId>metrics-servlets</artifactId> + <version>3.2.2</version> </dependency> <dependency> - <groupId>org.datanucleus</groupId> - <artifactId>javax.jdo</artifactId> - <version>${datanucleus-jdo.version}</version> + <groupId>io.dropwizard.metrics</groupId> + <artifactId>metrics-ganglia</artifactId> + <version>3.2.2</version> + </dependency> + <dependency> + <groupId>io.dropwizard.metrics</groupId> + <artifactId>metrics-graphite</artifactId> + <version>3.2.2</version> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <version>3.1.0</version> + </dependency> + <dependency> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-mapreduce-client-core</artifactId> + <version>${hadoop.version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-yarn-common</artifactId> + </exclusion> + </exclusions> </dependency> </dependencies> <build> @@ -119,7 +260,15 @@ limitations under the License. <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <configuration> - <reuseForks>false</reuseForks> + <reuseForks>false</reuseForks> + <!-- Currently SOLR E2E tests don't work if restarted after the failure --> + <rerunFailingTestsCount>0</rerunFailingTestsCount> + <systemPropertyVariables> + <test.solr.allowed.securerandom>NativePRNG</test.solr.allowed.securerandom> + <!-- Solr test framework randomizes the locale configuration which sometimes + result in test failures due to derby initialization errors --> + <tests.locale>en-US</tests.locale> + </systemPropertyVariables> </configuration> </plugin> </plugins>
