http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java new file mode 100644 index 0000000..56cb4c2 --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizable.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.model.solr; + +import org.apache.sentry.core.common.Authorizable; + +import com.google.common.annotations.VisibleForTesting; + +public abstract class SolrModelAuthorizable implements Authorizable { + + public enum AuthorizableType { + Collection, + Field, + Admin, + Config, + Schema + }; + + private final AuthorizableType type; + private final String name; + + protected SolrModelAuthorizable(AuthorizableType type, String name) { + this.type = type; + this.name = name; + } + + @Override + public String getTypeName() { + return type.name(); + } + + @Override + public String getName() { + return name; + } + + @VisibleForTesting + public AuthorizableType getAuthzType() { + return type; + } + + @Override + public String toString() { + return String.format("%s[name=%s]", getTypeName(), name); + } +}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java new file mode 100644 index 0000000..7979b33 --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAuthorizables.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.model.solr; + +import org.apache.sentry.core.common.utils.KeyValue; +import org.apache.sentry.core.model.solr.SolrModelAuthorizable.AuthorizableType; + +public class SolrModelAuthorizables { + + private SolrModelAuthorizables() { + // Make constructor private to avoid instantiation + } + + public static SolrModelAuthorizable from(KeyValue keyValue) { + String prefix = keyValue.getKey().toLowerCase(); + String name = keyValue.getValue().toLowerCase(); + SolrModelAuthorizable result = null; + for(AuthorizableType type : AuthorizableType.values()) { + if(prefix.equalsIgnoreCase(type.name())) { + switch (type) { + case Collection: + result = new Collection(name); + break; + case Admin: + result = new AdminOperation(name); + break; + case Config: + result = new Config(name); + break; + case Schema: + result = new Schema(name); + break; + default: + break; + } + } + } + return result; + } + + public static SolrModelAuthorizable from(String s) { + return from(new KeyValue(s)); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java new file mode 100644 index 0000000..60d8e0f --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrPrivilegeModel.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.model.solr; + +import com.google.common.collect.ImmutableList; +import org.apache.sentry.core.common.BitFieldActionFactory; +import org.apache.sentry.core.common.ImplyMethodType; +import org.apache.sentry.core.common.Model; +import org.apache.sentry.core.common.validator.PrivilegeValidator; +import org.apache.sentry.core.model.solr.validator.SolrPrivilegeValidator; + +import java.util.HashMap; +import java.util.Map; + +/** + * This class provides the concrete implementation of Sentry authorization model + * for Apache Solr. + */ +public class SolrPrivilegeModel implements Model { + + private Map<String, ImplyMethodType> implyMethodMap; + private BitFieldActionFactory bitFieldActionFactory; + private static SolrPrivilegeModel solrPrivilegeModel = new SolrPrivilegeModel(); + + private SolrPrivilegeModel() { + implyMethodMap = new HashMap<String, ImplyMethodType>(); + bitFieldActionFactory = new SolrActionFactory(); + + implyMethodMap.put(SolrModelAuthorizable.AuthorizableType.Collection.name().toLowerCase(), ImplyMethodType.STRING); + implyMethodMap.put(SolrModelAuthorizable.AuthorizableType.Config.name().toLowerCase(), ImplyMethodType.STRING); + implyMethodMap.put(SolrModelAuthorizable.AuthorizableType.Schema.name().toLowerCase(), ImplyMethodType.STRING); + implyMethodMap.put(SolrModelAuthorizable.AuthorizableType.Admin.name().toLowerCase(), ImplyMethodType.STRING); + } + + @Override + public Map<String, ImplyMethodType> getImplyMethodMap() { + return implyMethodMap; + } + + @Override + public BitFieldActionFactory getBitFieldActionFactory() { + return bitFieldActionFactory; + } + + public static SolrPrivilegeModel getInstance() { + return solrPrivilegeModel; + } + + public ImmutableList<PrivilegeValidator> getPrivilegeValidators() { + return ImmutableList.<PrivilegeValidator>of(new SolrPrivilegeValidator()); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java new file mode 100644 index 0000000..4d28db9 --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.sentry.core.model.solr.validator; + +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.sentry.core.common.utils.SentryConstants; +import org.apache.sentry.core.common.validator.PrivilegeValidator; +import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; +import org.apache.sentry.core.model.solr.AdminOperation; +import org.apache.sentry.core.model.solr.SolrConstants; +import org.apache.shiro.config.ConfigurationException; + +/** + * This class provides the privilege validation functionality for + * Sentry/Solr permissions. + */ +public class SolrPrivilegeValidator implements PrivilegeValidator { + private static final Pattern PRIVILEGE_AUTHORIZABLE_REGEX = + Pattern.compile("^(collection|admin|schema|config)\\s*=\\s*(\\S+)$", Pattern.CASE_INSENSITIVE);; + private static final Pattern PRIVILEGE_ACTION_REGEX = + Pattern.compile("^action\\s*=\\s*(query|update|\\*)$", Pattern.CASE_INSENSITIVE); + + private String entityType; + private String entityName; + private String actionName; + + @Override + public void validate(PrivilegeValidatorContext context) throws ConfigurationException { + try { + validate(context.getPrivilege(), false); + } catch (IllegalArgumentException ex) { + throw new ConfigurationException(ex.getMessage()); + } + } + + public void validate (String privilegeStr, boolean actionRequired) { + String[] components = privilegeStr.split(SentryConstants.AUTHORIZABLE_SEPARATOR); + Matcher authMatcher = PRIVILEGE_AUTHORIZABLE_REGEX.matcher(components[0].trim()); + + if (!authMatcher.matches()) { + throw new IllegalArgumentException("Invalid privilege String: " + privilegeStr); + } + + entityType = authMatcher.group(1).toLowerCase(); + entityName = authMatcher.group(2).toLowerCase(); + actionName = null; + + if (components.length > 1) { + Matcher actionMactcher = PRIVILEGE_ACTION_REGEX.matcher(components[1].trim()); + if (actionMactcher.matches()) { + actionName = actionMactcher.group(1).toLowerCase(); + } else { + throw new IllegalArgumentException("Invalid privilege String: " + privilegeStr); + } + } + + if (actionRequired && actionName == null) { + throw new IllegalArgumentException("Privilege is invalid: action required but not specified."); + } + + extraPrivilegeValidation (entityType, entityName, actionName); + } + + private void extraPrivilegeValidation(String entityType, String entityName, String actionName) { + if ("admin".equals(entityType)) { + if (!AdminOperation.ENTITY_NAMES.contains(entityName)) { + throw new IllegalArgumentException( + "Invalid entity name specified for the admin entity type. Valid names are " + AdminOperation.ENTITY_NAMES); + } else if (AdminOperation.METRICS.getName().equals(entityName) && !SolrConstants.QUERY.equals(actionName)) { + throw new IllegalArgumentException( + "Invalid action specified for the metrics entity of type admin. Valid actions are [" + SolrConstants.QUERY + "]" ); + } + } + } + + public String getEntityType() { + return entityType; + } + + public String getEntityName() { + return entityName; + } + + public String getActionName() { + return actionName; + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java b/sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java new file mode 100644 index 0000000..df21958 --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestCollection.java @@ -0,0 +1,49 @@ +package org.apache.sentry.core.solr; +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import org.apache.sentry.core.model.solr.Collection; +import org.junit.Assert; +import org.junit.Test; + +public class TestCollection { + + @Test + public void testSimple() { + String name = "simple"; + Collection simple = new Collection(name); + Assert.assertEquals(simple.getName(), name); + } + + @Test + public void testCollectionAuthzType() { + Collection collection1 = new Collection("collection1"); + Collection collection2 = new Collection("collection2"); + Assert.assertEquals(collection1.getAuthzType(), collection2.getAuthzType()); + Assert.assertEquals(collection1.getTypeName(), collection2.getTypeName()); + } + + // just test it doesn't throw NPE + @Test + public void testNullCollection() { + Collection nullCollection = new Collection(null); + nullCollection.getName(); + nullCollection.toString(); + nullCollection.getAuthzType(); + nullCollection.getTypeName(); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java b/sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java new file mode 100644 index 0000000..214ee0d --- /dev/null +++ b/sentry-core/sentry-core-model-solr/src/test/java/org/apache/sentry/core/solr/TestSolrBitFieldAction.java @@ -0,0 +1,73 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.solr; + +import org.apache.sentry.core.model.solr.SolrActionFactory; +import org.apache.sentry.core.model.solr.SolrConstants; +import org.apache.sentry.core.model.solr.SolrActionFactory.SolrAction; +import org.apache.sentry.core.model.solr.SolrActionFactory.SolrBitFieldAction; +import org.junit.Test; + +import com.google.common.collect.Lists; + +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertEquals; + +public class TestSolrBitFieldAction { + SolrActionFactory actionFactory = new SolrActionFactory(); + + @Test + public void testImpliesAction() { + SolrBitFieldAction updateAction = new SolrBitFieldAction(SolrAction.UPDATE); + SolrBitFieldAction queryAction = new SolrBitFieldAction(SolrAction.QUERY); + SolrBitFieldAction allAction = new SolrBitFieldAction(SolrAction.ALL); + + assertTrue(allAction.implies(queryAction)); + assertTrue(allAction.implies(updateAction)); + assertTrue(allAction.implies(allAction)); + assertTrue(updateAction.implies(updateAction)); + assertTrue(queryAction.implies(queryAction)); + + assertFalse(queryAction.implies(updateAction)); + assertFalse(queryAction.implies(allAction)); + assertFalse(updateAction.implies(queryAction)); + assertFalse(updateAction.implies(allAction)); + } + + @Test + public void testGetActionByName() throws Exception { + SolrBitFieldAction updateAction = (SolrBitFieldAction)actionFactory.getActionByName(SolrConstants.UPDATE); + SolrBitFieldAction queryAction = (SolrBitFieldAction)actionFactory.getActionByName(SolrConstants.QUERY); + SolrBitFieldAction allAction = (SolrBitFieldAction)actionFactory.getActionByName(SolrConstants.ALL); + + assertTrue(updateAction.equals(new SolrBitFieldAction(SolrAction.UPDATE))); + assertTrue(queryAction.equals(new SolrBitFieldAction(SolrAction.QUERY))); + assertTrue(allAction.equals(new SolrBitFieldAction(SolrAction.ALL))); + } + + @Test + public void testGetActionsByCode() throws Exception { + SolrBitFieldAction updateAction = new SolrBitFieldAction(SolrAction.UPDATE); + SolrBitFieldAction queryAction = new SolrBitFieldAction(SolrAction.QUERY); + + assertEquals(Lists.newArrayList(updateAction, queryAction), actionFactory.getActionsByCode(SolrAction.ALL.getCode())); + assertEquals(Lists.newArrayList(updateAction), actionFactory.getActionsByCode(SolrAction.UPDATE.getCode())); + assertEquals(Lists.newArrayList(queryAction), actionFactory.getActionsByCode(SolrAction.QUERY.getCode())); + } +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-dist/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-dist/pom.xml b/sentry-dist/pom.xml index 2d7f57e..69f4fcc 100644 --- a/sentry-dist/pom.xml +++ b/sentry-dist/pom.xml @@ -40,7 +40,7 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-model-search</artifactId> + <artifactId>sentry-core-model-solr</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> @@ -64,14 +64,6 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>solr-sentry-core</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>solr-sentry-handlers</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> <artifactId>sentry-provider-common</artifactId> </dependency> <dependency> @@ -96,6 +88,10 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> + <artifactId>solr-sentry-handlers</artifactId> + </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> <artifactId>sentry-hdfs-dist</artifactId> </dependency> </dependencies> http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/pom.xml b/sentry-provider/sentry-provider-db/pom.xml index cd19032..00c59b6 100644 --- a/sentry-provider/sentry-provider-db/pom.xml +++ b/sentry-provider/sentry-provider-db/pom.xml @@ -108,7 +108,7 @@ limitations under the License. </dependency> <dependency> <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-model-search</artifactId> + <artifactId>sentry-core-model-solr</artifactId> </dependency> <dependency> <groupId>org.apache.sentry</groupId> @@ -238,6 +238,19 @@ limitations under the License. <groupId>org.apache.hive</groupId> <artifactId>hive-metastore</artifactId> <version>${hive.version}</version> + <exclusions> + <!-- This dependency needs to be excluded to avoid compilation errors in the Eclipse build. + Without this change, the Eclipse build classpath contains this jar file ahead of + datanucleus javax.jdo*.jar. This error can not be reproduced with the maven build. + Cause of compilation error : PersistenceManager class provided as part of this version, + does not implement java.lang.AutoClosable interface. This breaks the usage of + PersistenceManager inside try-with-resources clause in Sentry TransactionManager class. + --> + <exclusion> + <groupId>javax.jdo</groupId> + <artifactId>jdo-api</artifactId> + </exclusion> + </exclusions> </dependency> </dependencies> http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java index d8b4887..c13e000 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java @@ -35,7 +35,7 @@ import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.BitFieldAction; import org.apache.sentry.core.common.BitFieldActionFactory; import org.apache.sentry.core.model.kafka.KafkaActionFactory; -import org.apache.sentry.core.model.search.SearchActionFactory; +import org.apache.sentry.core.model.solr.SolrActionFactory; import org.apache.sentry.core.model.sqoop.SqoopActionFactory; import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.Builder; import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege; @@ -67,7 +67,7 @@ public class PrivilegeOperatePersistence { private static final Logger LOGGER = LoggerFactory.getLogger(PrivilegeOperatePersistence.class); private static final Map<String, BitFieldActionFactory> actionFactories = Maps.newHashMap(); static{ - actionFactories.put("solr", new SearchActionFactory()); + actionFactories.put("solr", new SolrActionFactory()); actionFactories.put("sqoop", new SqoopActionFactory()); actionFactories.put("kafka", KafkaActionFactory.getInstance()); } http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java index 51d6df9..c65b66d 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java @@ -38,8 +38,8 @@ import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; import org.apache.sentry.core.model.kafka.KafkaAuthorizable; import org.apache.sentry.core.model.kafka.KafkaModelAuthorizables; import org.apache.sentry.core.model.kafka.KafkaPrivilegeModel; -import org.apache.sentry.core.model.search.SearchModelAuthorizables; -import org.apache.sentry.core.model.search.SearchPrivilegeModel; +import org.apache.sentry.core.model.solr.SolrModelAuthorizables; +import org.apache.sentry.core.model.solr.SolrPrivilegeModel; import org.apache.sentry.core.model.sqoop.SqoopModelAuthorizables; import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; import org.apache.sentry.provider.common.AuthorizationComponent; @@ -162,7 +162,7 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter { if (AuthorizationComponent.KAFKA.equals(component)) { return KafkaPrivilegeModel.getInstance().getPrivilegeValidators(); } else if ("SOLR".equals(component)) { - return SearchPrivilegeModel.getInstance().getPrivilegeValidators(); + return SolrPrivilegeModel.getInstance().getPrivilegeValidators(); } else if (AuthorizationComponent.SQOOP.equals(component)) { return SqoopPrivilegeModel.getInstance().getPrivilegeValidators(service); } @@ -174,7 +174,7 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter { if (AuthorizationComponent.KAFKA.equals(component)) { return KafkaModelAuthorizables.from(keyValue); } else if ("SOLR".equals(component)) { - return SearchModelAuthorizables.from(keyValue); + return SolrModelAuthorizables.from(keyValue); } else if (AuthorizationComponent.SQOOP.equals(component)) { return SqoopModelAuthorizables.from(keyValue); } http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java index 77d3919..5649f43 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java @@ -29,7 +29,7 @@ import org.apache.sentry.core.common.Action; import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.common.utils.KeyValue; import org.apache.sentry.core.common.utils.SentryConstants; -import org.apache.sentry.core.model.search.SearchPrivilegeModel; +import org.apache.sentry.core.model.solr.SolrPrivilegeModel; import org.apache.sentry.provider.common.ProviderBackend; import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; @@ -92,7 +92,7 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon { SimpleFileProviderBackend policyFileBackend = new SimpleFileProviderBackend(conf, policyFile); ProviderBackendContext context = new ProviderBackendContext(); - context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators()); + context.setValidators(SolrPrivilegeModel.getInstance().getPrivilegeValidators()); policyFileBackend.initialize(context); if (validate) { validatePolicy(policyFileBackend); http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java index 34c2107..95fc2fb 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java @@ -29,9 +29,9 @@ import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.BitFieldAction; import org.apache.sentry.core.common.BitFieldActionFactory; -import org.apache.sentry.core.model.search.Collection; -import org.apache.sentry.core.model.search.Field; -import org.apache.sentry.core.model.search.SearchConstants; +import org.apache.sentry.core.model.solr.Collection; +import org.apache.sentry.core.model.solr.Field; +import org.apache.sentry.core.model.solr.SolrConstants; import org.apache.sentry.core.model.sqoop.SqoopActionConstant; import org.apache.sentry.core.common.exception.SentryGrantDeniedException; import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.Builder; @@ -89,7 +89,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject queryPrivilegeWithOption = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) @@ -103,7 +103,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject queryPrivilegeWithNoOption = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(false) @@ -117,7 +117,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject queryPrivilegeWithNullGrant = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(null) @@ -145,7 +145,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase String grantor = ADMIN_USER; PrivilegeObject allPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.ALL) + .setAction(SolrConstants.ALL) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); @@ -162,7 +162,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName))); PrivilegeObject queryPrivilege = new Builder(allPrivilege) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .build(); /** @@ -191,13 +191,13 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); PrivilegeObject updatePrivilege = new Builder(queryPrivilege) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .build(); sentryStore.createRole(SEARCH, roleName1, grantor); @@ -216,7 +216,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); PrivilegeObject allPrivilege = new Builder(queryPrivilege) - .setAction(SearchConstants.ALL) + .setAction(SolrConstants.ALL) .build(); /** @@ -255,7 +255,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase */ PrivilegeObject queryPrivilege1 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) @@ -270,7 +270,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase */ PrivilegeObject queryPrivilege2 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(false).build(); @@ -347,7 +347,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) @@ -383,13 +383,13 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase String grantor = ADMIN_USER; PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))) .build(); PrivilegeObject updatePrivilege = new Builder(queryPrivilege) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .build(); sentryStore.createRole(SEARCH, roleName, grantor); @@ -419,13 +419,13 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase String grantor = ADMIN_USER; PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME),new Field(FIELD_NAME))) .build(); PrivilegeObject updatePrivilege = new Builder(queryPrivilege) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .build(); sentryStore.createRole(SEARCH, roleName, grantor); @@ -439,7 +439,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase * revoke all privilege */ PrivilegeObject allPrivilege = new Builder(queryPrivilege) - .setAction(SearchConstants.ALL) + .setAction(SolrConstants.ALL) .build(); sentryStore.alterRoleRevokePrivilege(SEARCH, roleName, allPrivilege, grantor); @@ -461,7 +461,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase String grantor = ADMIN_USER; PrivilegeObject allPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.ALL) + .setAction(SolrConstants.ALL) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))) .build(); @@ -476,11 +476,11 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase * revoke update privilege */ PrivilegeObject updatePrivilege = new Builder(allPrivilege) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .build(); PrivilegeObject queryPrivilege = new Builder(allPrivilege) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .build(); sentryStore.alterRoleRevokePrivilege(SEARCH, roleName, updatePrivilege, grantor); @@ -503,17 +503,17 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase String grantor = ADMIN_USER; PrivilegeObject allPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.ALL) + .setAction(SolrConstants.ALL) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))) .build(); PrivilegeObject updatePrivilege = new Builder(allPrivilege) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .build(); PrivilegeObject queryPrivilege = new Builder(allPrivilege) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .build(); sentryStore.createRole(SEARCH, roleName, grantor); @@ -550,21 +550,21 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase String grantor = ADMIN_USER; PrivilegeObject updatePrivilege1 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))) .build(); PrivilegeObject queryPrivilege1 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME),new Field(FIELD_NAME))) .build(); PrivilegeObject queryPrivilege2 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(NOT_COLLECTION_NAME))) .build(); @@ -580,7 +580,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase */ PrivilegeObject allPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.ALL) + .setAction(SolrConstants.ALL) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); @@ -605,7 +605,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) @@ -645,13 +645,13 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))) .build(); PrivilegeObject updatePrivilege = new Builder(queryPrivilege) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .build(); /** @@ -685,7 +685,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase * drop ALL privilege */ PrivilegeObject allPrivilege = new Builder(queryPrivilege) - .setAction(SearchConstants.ALL) + .setAction(SolrConstants.ALL) .build(); sentryStore.dropPrivilege(SEARCH, allPrivilege, grantor); @@ -706,7 +706,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject parentPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.ALL) + .setAction(SolrConstants.ALL) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); @@ -727,33 +727,33 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject oldQueryPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(oldAuthoriables) .build(); PrivilegeObject oldUpdatePrivilege = new Builder(oldQueryPrivilege) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .build(); PrivilegeObject oldALLPrivilege = new Builder(oldQueryPrivilege) - .setAction(SearchConstants.ALL) + .setAction(SolrConstants.ALL) .build(); PrivilegeObject newQueryPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(newAuthoriables) .build(); PrivilegeObject newUpdatePrivilege = new Builder(newQueryPrivilege) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .build(); PrivilegeObject newALLPrivilege = new Builder(newQueryPrivilege) - .setAction(SearchConstants.ALL) + .setAction(SolrConstants.ALL) .build(); @@ -826,7 +826,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); @@ -837,7 +837,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject updatePrivilege = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); @@ -863,28 +863,28 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject queryPrivilege1 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(service1) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); PrivilegeObject updatePrivilege1 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .setService(service1) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))) .build(); PrivilegeObject queryPrivilege2 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(service1) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); PrivilegeObject updatePrivilege2 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .setService(service1) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))) .build(); @@ -928,28 +928,28 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject queryPrivilege1 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(service1) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); PrivilegeObject updatePrivilege1 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .setService(service1) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))) .build(); PrivilegeObject queryPrivilege2 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(service1) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); PrivilegeObject updatePrivilege2 = new Builder() .setComponent(SEARCH) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .setService(service1) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))) .build(); @@ -1018,7 +1018,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase String grantor = ADMIN_USER; PrivilegeObject queryPrivilege = new Builder() .setComponent(component) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Collections.singletonList(new Collection(COLLECTION_NAME))) .withGrantOption(null) @@ -1032,7 +1032,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject queryPrivilegeWithOption = new Builder() .setComponent(component) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Collections.singletonList(new Collection(COLLECTION_NAME))) .withGrantOption(true) @@ -1045,7 +1045,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase PrivilegeObject queryPrivilegeWithNoOption = new Builder() .setComponent(component) - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Collections.singletonList(new Collection(COLLECTION_NAME))) .withGrantOption(false) @@ -1066,7 +1066,7 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase public enum MyComponentActionType { FOO("foo", 1), BAR("bar", 2), - QUERY(SearchConstants.QUERY, 4), + QUERY(SolrConstants.QUERY, 4), ALL("*", FOO.getCode() | BAR.getCode() | QUERY.getCode()); private String name; http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java index 258721e..03abb4e 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryGMPrivilege.java @@ -24,9 +24,9 @@ import static org.junit.Assert.fail; import java.util.Arrays; import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.core.model.search.Collection; -import org.apache.sentry.core.model.search.Field; -import org.apache.sentry.core.model.search.SearchConstants; +import org.apache.sentry.core.model.solr.Collection; +import org.apache.sentry.core.model.solr.Field; +import org.apache.sentry.core.model.solr.SolrConstants; import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege; import org.junit.Test; @@ -36,21 +36,21 @@ public class TestSentryGMPrivilege { public void testValidateAuthorizables() throws Exception { try { new MSentryGMPrivilege("solr", - "service1", Arrays.asList(new Collection("c1"), new Field("f1")),SearchConstants.QUERY, false); + "service1", Arrays.asList(new Collection("c1"), new Field("f1")),SolrConstants.QUERY, false); } catch (IllegalStateException e) { fail("unexpect happend: it is a validated privilege"); } try { new MSentryGMPrivilege("solr", - "service1", Arrays.asList(new Collection(""), new Field("f1")),SearchConstants.QUERY, false); + "service1", Arrays.asList(new Collection(""), new Field("f1")),SolrConstants.QUERY, false); fail("unexpect happend: it is not a validated privilege, The empty name of authorizable can't be empty"); } catch (IllegalStateException e) { } try { new MSentryGMPrivilege("solr", - "service1", Arrays.asList(null, new Field("f1")),SearchConstants.QUERY, false); + "service1", Arrays.asList(null, new Field("f1")),SolrConstants.QUERY, false); fail("unexpect happend: it is not a validated privilege, The authorizable can't be null"); } catch (IllegalStateException e) { } @@ -60,24 +60,24 @@ public class TestSentryGMPrivilege { public void testImpliesWithServerScope() throws Exception { //The persistent privilege is server scope MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr", - "service1", null,SearchConstants.QUERY, false); + "service1", null,SolrConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); assertTrue(serverPrivilege.implies(collectionPrivilege)); MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); assertTrue(serverPrivilege.implies(fieldPrivilege)); assertTrue(collectionPrivilege.implies(fieldPrivilege)); - serverPrivilege.setAction(SearchConstants.UPDATE); + serverPrivilege.setAction(SolrConstants.UPDATE); assertFalse(serverPrivilege.implies(collectionPrivilege)); assertFalse(serverPrivilege.implies(fieldPrivilege)); - serverPrivilege.setAction(SearchConstants.ALL); + serverPrivilege.setAction(SolrConstants.ALL); assertTrue(serverPrivilege.implies(collectionPrivilege)); assertTrue(serverPrivilege.implies(fieldPrivilege)); } @@ -91,15 +91,15 @@ public class TestSentryGMPrivilege { * Test the scope of persistent privilege is the larger than the requested privilege */ MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr", - "service1", null, SearchConstants.QUERY, false); + "service1", null, SolrConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); assertTrue(serverPrivilege.implies(collectionPrivilege)); assertTrue(serverPrivilege.implies(fieldPrivilege)); assertTrue(collectionPrivilege.implies(fieldPrivilege)); @@ -116,7 +116,7 @@ public class TestSentryGMPrivilege { */ MSentryGMPrivilege fieldAllPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field(AccessConstants.ALL)), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); assertTrue(fieldAllPrivilege.implies(collectionPrivilege)); @@ -125,11 +125,11 @@ public class TestSentryGMPrivilege { */ MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c2"), new Field("f2")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); assertFalse(fieldPrivilege1.implies(fieldPrivilege2)); } @@ -141,30 +141,30 @@ public class TestSentryGMPrivilege { public void testSearchImpliesEqualAuthorizable() throws Exception { MSentryGMPrivilege serverPrivilege1 = new MSentryGMPrivilege("solr", - "service1", null,SearchConstants.QUERY, false); + "service1", null,SolrConstants.QUERY, false); MSentryGMPrivilege serverPrivilege2 = new MSentryGMPrivilege("solr", - "service2", null,SearchConstants.QUERY, false); + "service2", null,SolrConstants.QUERY, false); assertFalse(serverPrivilege1.implies(serverPrivilege2)); MSentryGMPrivilege collectionPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c2")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); assertFalse(collectionPrivilege1.implies(collectionPrivilege2)); MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); assertFalse(fieldPrivilege1.implies(fieldPrivilege2)); @@ -185,23 +185,23 @@ public class TestSentryGMPrivilege { */ MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), - SearchConstants.QUERY, false); + SolrConstants.QUERY, false); assertTrue(fieldPrivilege1.implies(fieldPrivilege2)); /** * action isn't equal */ - fieldPrivilege2.setAction(SearchConstants.UPDATE); + fieldPrivilege2.setAction(SolrConstants.UPDATE); assertFalse(fieldPrivilege1.implies(fieldPrivilege2)); /** * action isn't equal,but the persistent privilege has the ALL action */ - fieldPrivilege1.setAction(SearchConstants.ALL); + fieldPrivilege1.setAction(SolrConstants.ALL); assertTrue(fieldPrivilege1.implies(fieldPrivilege2)); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java index 9be4a8b..61a74c3 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java @@ -33,7 +33,7 @@ import javax.jdo.Query; import javax.jdo.Transaction; import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.model.search.Collection; +import org.apache.sentry.core.model.solr.Collection; import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege; import org.apache.sentry.provider.db.service.model.MSentryPrivilege; import org.apache.sentry.provider.db.service.model.MSentryRole; http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java index b7f0774..6597a7c 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java @@ -27,14 +27,14 @@ import java.util.*; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.exception.SentrySiteConfigurationException; -import org.apache.sentry.core.model.search.Collection; -import org.apache.sentry.core.model.search.Field; -import org.apache.sentry.core.model.search.SearchConstants; -import org.apache.sentry.provider.common.GroupMappingService; +import org.apache.sentry.core.model.solr.Collection; +import org.apache.sentry.core.model.solr.Field; +import org.apache.sentry.core.model.solr.SolrConstants; import org.apache.sentry.core.common.exception.SentryAlreadyExistsException; import org.apache.sentry.core.common.exception.SentryGrantDeniedException; import org.apache.sentry.core.common.exception.SentryInvalidInputException; import org.apache.sentry.core.common.exception.SentryNoSuchObjectException; +import org.apache.sentry.provider.common.GroupMappingService; import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject; import org.apache.sentry.provider.db.generic.service.persistent.SentryStoreLayer; import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.Builder; @@ -222,17 +222,17 @@ public class TestSentryGenericPolicyProcessor extends org.junit.Assert { String groupName = "g1"; PrivilegeObject queryPrivilege = new Builder() .setComponent("SOLR") - .setAction(SearchConstants.QUERY) + .setAction(SolrConstants.QUERY) .setService("service1") .setAuthorizables(Arrays.asList(new Collection("c1"), new Field("f1"))) .build(); PrivilegeObject updatePrivilege = new Builder(queryPrivilege) - .setAction(SearchConstants.UPDATE) + .setAction(SolrConstants.UPDATE) .build(); MSentryGMPrivilege mSentryGMPrivilege = new MSentryGMPrivilege("SOLR", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), - SearchConstants.QUERY, true); + SolrConstants.QUERY, true); MSentryRole role = new MSentryRole("r1", 290); mSentryGMPrivilege.setRoles(Sets.newHashSet(role)); http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java index ac8b2a7..5364d10 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java @@ -29,9 +29,9 @@ import java.util.Set; import org.apache.sentry.core.common.exception.SentryUserException; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; -import org.apache.sentry.core.model.search.Collection; -import org.apache.sentry.core.model.search.Field; -import org.apache.sentry.core.model.search.SearchConstants; +import org.apache.sentry.core.model.solr.Collection; +import org.apache.sentry.core.model.solr.Field; +import org.apache.sentry.core.model.solr.SolrConstants; import org.junit.Test; import com.google.common.collect.Lists; @@ -122,11 +122,11 @@ public class TestSentryGenericServiceIntegration extends SentryGenericServiceInt TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SearchConstants.QUERY); + SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SearchConstants.UPDATE); + SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); client.grantPrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); @@ -156,7 +156,7 @@ public class TestSentryGenericServiceIntegration extends SentryGenericServiceInt TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SearchConstants.QUERY); + SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1, SOLR, "service1"); @@ -215,11 +215,11 @@ public class TestSentryGenericServiceIntegration extends SentryGenericServiceInt TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SearchConstants.QUERY); + SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SearchConstants.UPDATE); + SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName, SOLR, updatePrivilege); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); @@ -247,7 +247,7 @@ public class TestSentryGenericServiceIntegration extends SentryGenericServiceInt TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SearchConstants.QUERY); + SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1").size()); @@ -281,17 +281,17 @@ public class TestSentryGenericServiceIntegration extends SentryGenericServiceInt TSentryPrivilege grantPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"))), - SearchConstants.QUERY); + SolrConstants.QUERY); grantPrivilege.setGrantOption(TSentryGrantOption.TRUE); TSentryPrivilege noGrantPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"))), - SearchConstants.QUERY); + SolrConstants.QUERY); noGrantPrivilege.setGrantOption(TSentryGrantOption.FALSE); TSentryPrivilege testPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SearchConstants.QUERY); + SolrConstants.QUERY); testPrivilege.setGrantOption(TSentryGrantOption.FALSE); client.grantPrivilege(adminUser, grantRole, SOLR, grantPrivilege); @@ -346,11 +346,11 @@ public class TestSentryGenericServiceIntegration extends SentryGenericServiceInt TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SearchConstants.QUERY); + SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c2"), new Field("f2"))), - SearchConstants.UPDATE); + SolrConstants.UPDATE); client.grantPrivilege(adminUser, testRole, SOLR, queryPrivilege); client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege); @@ -405,11 +405,11 @@ public class TestSentryGenericServiceIntegration extends SentryGenericServiceInt TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SearchConstants.QUERY); + SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f2"))), - SearchConstants.UPDATE); + SolrConstants.UPDATE); client.grantPrivilege(adminUser, testRole, SOLR, queryPrivilege); client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege); @@ -464,7 +464,7 @@ public class TestSentryGenericServiceIntegration extends SentryGenericServiceInt TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SearchConstants.QUERY); + SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName, @@ -484,7 +484,7 @@ public class TestSentryGenericServiceIntegration extends SentryGenericServiceInt TSentryPrivilege dropPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c2"), new Field("f2"))), - SearchConstants.QUERY); + SolrConstants.QUERY); client.dropPrivilege(requestorUserName, SOLR, dropPrivilege); http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java index 3685073..9e6ff42 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java @@ -147,7 +147,7 @@ public class TestSentryConfigToolSolr extends SentryGenericServiceIntegrationBas } for (String expectedPrivilege : expectedPrivileges) { - assertTrue("Did not find expected privilege: " + expectedPrivilege, + assertTrue("Did not find expected privilege: " + expectedPrivilege + " in " + privilegeStrs, privilegeStrs.contains(expectedPrivilege)); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java index 55831a4..c3a6a9f 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java @@ -432,7 +432,7 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { getShellResultWithOSRedirect(sentryShell, args, false); fail("Expected IllegalArgumentException"); } catch (IllegalArgumentException e) { - assert("Privilege is invalid: action required but not specified.".equals(e.getMessage())); + assertEquals("Privilege is invalid: action required but not specified.", e.getMessage()); } // test: -r is required when revoke privilege from role http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-solr/pom.xml b/sentry-solr/pom.xml index 133ea60..3b0b041 100644 --- a/sentry-solr/pom.xml +++ b/sentry-solr/pom.xml @@ -31,7 +31,6 @@ limitations under the License. <modules> <module>solr-sentry-handlers</module> - <module>solr-sentry-core</module> </modules> </project> http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-core/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-core/pom.xml b/sentry-solr/solr-sentry-core/pom.xml deleted file mode 100644 index e788262..0000000 --- a/sentry-solr/solr-sentry-core/pom.xml +++ /dev/null @@ -1,58 +0,0 @@ -<?xml version="1.0"?> -<!-- -Licensed to the Apache Software Foundation (ASF) under one or more -contributor license agreements. See the NOTICE file distributed with -this work for additional information regarding copyright ownership. -The ASF licenses this file to You under the Apache License, Version 2.0 -(the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. ---> -<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"; xmlns="http://maven.apache.org/POM/4.0.0"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> - <modelVersion>4.0.0</modelVersion> - - <parent> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-solr</artifactId> - <version>2.0.0-SNAPSHOT</version> - </parent> - - <artifactId>solr-sentry-core</artifactId> - <name>Solr Sentry Core</name> - - <dependencies> - <dependency> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-common</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-core-model-search</artifactId> - </dependency> - <dependency> - <groupId>org.apache.sentry</groupId> - <artifactId>sentry-binding-solr</artifactId> - </dependency> - <dependency> - <groupId>org.apache.solr</groupId> - <artifactId>solr-solrj</artifactId> - </dependency> - <dependency> - <groupId>org.apache.solr</groupId> - <artifactId>solr-core</artifactId> - </dependency> - </dependencies> - -</project> http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java b/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java deleted file mode 100644 index 7f3e391..0000000 --- a/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/AuditLogger.java +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.solr.sentry; - - -import org.apache.lucene.util.Version; -import org.noggit.CharArr; -import org.noggit.JSONWriter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - - -/** - * Writes audit events to the audit log. This helps answer questions such as: - * Who did what action when from where, and what values were changed from what - * to what as a result? - */ -final class AuditLogger { - - public static final int ALLOWED = 1; - public static final int UNAUTHORIZED = 0; - - private final Logger logger; - - private static final boolean IS_ENABLED = - Boolean.valueOf( - System.getProperty(AuditLogger.class.getName() + ".isEnabled", "true")); - - private static final String SOLR_VERSION = Version.LATEST.toString(); - - - public AuditLogger() { - this.logger = LoggerFactory.getLogger(getClass()); - } - - public boolean isLogEnabled() { - return IS_ENABLED && logger.isInfoEnabled(); - } - - public void log( - String userName, - String impersonator, - String ipAddress, - String operation, - String operationParams, - long eventTime, - int allowed, - String collectionName) { - - if (!isLogEnabled()) { - return; - } - CharArr chars = new CharArr(512); - JSONWriter writer = new JSONWriter(chars, -1); - writer.startObject(); - writeField("solrVersion", SOLR_VERSION, writer); - writer.writeValueSeparator(); - writeField("eventTime", eventTime, writer); - writer.writeValueSeparator(); - writeField("allowed", allowed, writer); - writer.writeValueSeparator(); - writeField("collectionName", collectionName, writer); - writer.writeValueSeparator(); - writeField("operation", operation, writer); - writer.writeValueSeparator(); - writeField("operationParams", operationParams, writer); - writer.writeValueSeparator(); - writeField("ipAddress", ipAddress, writer); - writer.writeValueSeparator(); - writeField("username", userName, writer); - writer.writeValueSeparator(); - writeField("impersonator", impersonator, writer); - writer.endObject(); - logger.info("{}", chars); - } - - private void writeField(String key, Object value, JSONWriter writer) { - writer.writeString(key); - writer.writeNameSeparator(); - writer.write(value); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java b/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java deleted file mode 100644 index f749740..0000000 --- a/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/RollingFileWithoutDeleteAppender.java +++ /dev/null @@ -1,175 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.solr.sentry; - -import java.io.File; -import java.io.IOException; -import java.io.InterruptedIOException; -import java.io.Writer; - -import org.apache.log4j.FileAppender; -import org.apache.log4j.Layout; -import org.apache.log4j.helpers.CountingQuietWriter; -import org.apache.log4j.helpers.LogLog; -import org.apache.log4j.helpers.OptionConverter; -import org.apache.log4j.spi.LoggingEvent; - -public class RollingFileWithoutDeleteAppender extends FileAppender { - /** - * The default maximum file size is 10MB. - */ - protected long maxFileSize = 10 * 1024 * 1024; - - private long nextRollover = 0; - - /** - * The default constructor simply calls its {@link FileAppender#FileAppender - * parents constructor}. - */ - public RollingFileWithoutDeleteAppender() { - super(); - } - - /** - * Instantiate a RollingFileAppender and open the file designated by - * <code>filename</code>. The opened filename will become the ouput - * destination for this appender. - * <p> - * If the <code>append</code> parameter is true, the file will be appended to. - * Otherwise, the file desginated by <code>filename</code> will be truncated - * before being opened. - */ - public RollingFileWithoutDeleteAppender(Layout layout, String filename, - boolean append) throws IOException { - super(layout, getLogFileName(filename), append); - } - - /** - * Instantiate a FileAppender and open the file designated by - * <code>filename</code>. The opened filename will become the output - * destination for this appender. - * <p> - * The file will be appended to. - */ - public RollingFileWithoutDeleteAppender(Layout layout, String filename) - throws IOException { - super(layout, getLogFileName(filename)); - } - - /** - * Get the maximum size that the output file is allowed to reach before being - * rolled over to backup files. - */ - public long getMaximumFileSize() { - return maxFileSize; - } - - /** - * Implements the usual roll over behaviour. - * <p> - * <code>File</code> is renamed <code>File.yyyyMMddHHmmss</code> and closed. A - * new <code>File</code> is created to receive further log output. - */ - // synchronization not necessary since doAppend is alreasy synched - public void rollOver() { - if (qw != null) { - long size = ((CountingQuietWriter) qw).getCount(); - LogLog.debug("rolling over count=" + size); - // if operation fails, do not roll again until - // maxFileSize more bytes are written - nextRollover = size + maxFileSize; - } - - this.closeFile(); // keep windows happy. - - String newFileName = getLogFileName(fileName); - try { - // This will also close the file. This is OK since multiple - // close operations are safe. - this.setFile(newFileName, false, bufferedIO, bufferSize); - nextRollover = 0; - } catch (IOException e) { - if (e instanceof InterruptedIOException) { - Thread.currentThread().interrupt(); - } - LogLog.error("setFile(" + newFileName + ", false) call failed.", e); - } - } - - public synchronized void setFile(String fileName, boolean append, - boolean bufferedIO, int bufferSize) throws IOException { - super.setFile(fileName, append, this.bufferedIO, this.bufferSize); - if (append) { - File f = new File(fileName); - ((CountingQuietWriter) qw).setCount(f.length()); - } - } - - /** - * Set the maximum size that the output file is allowed to reach before being - * rolled over to backup files. - * <p> - * This method is equivalent to {@link #setMaxFileSize} except that it is - * required for differentiating the setter taking a <code>long</code> argument - * from the setter taking a <code>String</code> argument by the JavaBeans - * {@link java.beans.Introspector Introspector}. - * - * @see #setMaxFileSize(String) - */ - public void setMaximumFileSize(long maxFileSize) { - this.maxFileSize = maxFileSize; - } - - /** - * Set the maximum size that the output file is allowed to reach before being - * rolled over to backup files. - * <p> - * In configuration files, the <b>MaxFileSize</b> option takes an long integer - * in the range 0 - 2^63. You can specify the value with the suffixes "KB", - * "MB" or "GB" so that the integer is interpreted being expressed - * respectively in kilobytes, megabytes or gigabytes. For example, the value - * "10KB" will be interpreted as 10240. - */ - public void setMaxFileSize(String value) { - maxFileSize = OptionConverter.toFileSize(value, maxFileSize + 1); - } - - protected void setQWForFiles(Writer writer) { - this.qw = new CountingQuietWriter(writer, errorHandler); - } - - /** - * This method differentiates RollingFileAppender from its super class. - */ - protected void subAppend(LoggingEvent event) { - super.subAppend(event); - - if (fileName != null && qw != null) { - long size = ((CountingQuietWriter) qw).getCount(); - if (size >= maxFileSize && size >= nextRollover) { - rollOver(); - } - } - } - - // Mangled file name. Append the current timestamp - private static String getLogFileName(String oldFileName) { - return oldFileName + "." + Long.toString(System.currentTimeMillis()); - } -}
