SENTRY-1997 - Bump sqoop dependency version to 1.99.7. Colm O hEigeartaigh, reviewed by Sergio Pena.
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/e23fc4ef Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/e23fc4ef Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/e23fc4ef Branch: refs/heads/akolb-cli Commit: e23fc4ef88b1ba2170d97aaa563bedc9ba521c7e Parents: a001e44 Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Nov 7 16:56:45 2017 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Nov 7 16:56:45 2017 +0000 ---------------------------------------------------------------------- pom.xml | 2 +- sentry-tests/sentry-tests-sqoop/pom.xml | 69 +--- .../e2e/sqoop/AbstractSqoopSentryTestBase.java | 7 +- .../tests/e2e/sqoop/JettySqoopRunner.java | 239 ++++++++++++++ .../tests/e2e/sqoop/TestConnectorEndToEnd.java | 11 +- .../tests/e2e/sqoop/TestGrantPrivilege.java | 70 ++-- .../sentry/tests/e2e/sqoop/TestJobEndToEnd.java | 139 ++++---- .../tests/e2e/sqoop/TestLinkEndToEnd.java | 96 +++--- .../tests/e2e/sqoop/TestOwnerPrivilege.java | 59 ++-- .../tests/e2e/sqoop/TestRevokePrivilege.java | 56 ++-- .../e2e/sqoop/TestServerScopeEndToEnd.java | 75 +++-- .../tests/e2e/sqoop/TestShowPrivilege.java | 14 +- .../tests/e2e/sqoop/TomcatSqoopRunner.java | 318 ------------------- 13 files changed, 553 insertions(+), 602 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index af54480..bea2c5f 100644 --- a/pom.xml +++ b/pom.xml @@ -91,7 +91,7 @@ limitations under the License. <shiro.version>1.4.0</shiro.version> <slf4j.version>1.7.25</slf4j.version> <solr.version>4.10.2</solr.version> - <sqoop.version>1.99.6</sqoop.version> + <sqoop.version>1.99.7</sqoop.version> <surefire.version>2.20.1</surefire.version> <test.sentry.hadoop.classpath>${maven.test.classpath}</test.sentry.hadoop.classpath> <zookeeper.version>3.4.5</zookeeper.version> http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-sqoop/pom.xml b/sentry-tests/sentry-tests-sqoop/pom.xml index 6723c4d..7a1ac1c 100644 --- a/sentry-tests/sentry-tests-sqoop/pom.xml +++ b/sentry-tests/sentry-tests-sqoop/pom.xml @@ -42,6 +42,12 @@ limitations under the License. <dependency> <groupId>org.apache.sqoop</groupId> <artifactId>test</artifactId> + <exclusions> + <exclusion> + <groupId>org.testng</groupId> + <artifactId>testng</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.hadoop</groupId> @@ -116,56 +122,15 @@ limitations under the License. <version>${datanucleus-jdo.version}</version> </dependency> </dependencies> - <profiles> - <profile> - <id>download-sqoop2</id> - <activation> - <activeByDefault>true</activeByDefault> - <property> - <name>!skipTests</name> - </property> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-dependency-plugin</artifactId> - <executions> - <execution> - <id>download-deps</id> - <phase>generate-resources</phase> - <goals> - <goal>copy</goal> - </goals> - <configuration> - <artifactItems> - <artifactItem> - <groupId>org.apache.tomcat</groupId> - <artifactId>tomcat</artifactId> - <version>7.0.81</version> - <type>zip</type> - <overWrite>true</overWrite> - <outputDirectory>target/thirdparty</outputDirectory> - </artifactItem> - <artifactItem> - <groupId>org.apache.sqoop</groupId> - <artifactId>sqoop-server</artifactId> - <version>2.0.0-SNAPSHOT</version> - <type>war</type> - <overWrite>true</overWrite> - <outputDirectory>target/thirdparty</outputDirectory> - </artifactItem> - </artifactItems> - <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename> - <overWriteSnapshots>true</overWriteSnapshots> - <overWriteIfNewer>true</overWriteIfNewer> - <stripVersion>true</stripVersion> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <reuseForks>false</reuseForks> + </configuration> + </plugin> + </plugins> + </build> </project> http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/AbstractSqoopSentryTestBase.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/AbstractSqoopSentryTestBase.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/AbstractSqoopSentryTestBase.java index 2971bf8..714eeae 100644 --- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/AbstractSqoopSentryTestBase.java +++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/AbstractSqoopSentryTestBase.java @@ -83,7 +83,7 @@ public class AbstractSqoopSentryTestBase { protected static final String ROLE5 = StaticUserGroupRole.ROLE_5; protected static SentryService server; - protected static TomcatSqoopRunner sqoopServerRunner; + protected static JettySqoopRunner sqoopServerRunner; protected static File baseDir; protected static File sqoopDir; @@ -92,6 +92,9 @@ public class AbstractSqoopSentryTestBase { protected static PolicyFile policyFile; + protected static String JDBC_CONNECTOR_NAME = "generic-jdbc-connector"; + protected static String HDFS_CONNECTOR_NAME = "hdfs-connector"; + @BeforeClass public static void beforeTestEndToEnd() throws Exception { setupConf(); @@ -163,7 +166,7 @@ public class AbstractSqoopSentryTestBase { public static void startSqoopWithSentryEnable() throws Exception { File sentrySitePath = new File(baseDir, "sentry-site.xml"); getClientConfig().writeXml(new FileOutputStream(sentrySitePath)); - sqoopServerRunner = new TomcatSqoopRunner(sqoopDir.toString(), SQOOP_SERVER_NAME, + sqoopServerRunner = new JettySqoopRunner(sqoopDir.toString(), SQOOP_SERVER_NAME, sentrySitePath.toURI().toURL().toString()); sqoopServerRunner.start(); } http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/JettySqoopRunner.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/JettySqoopRunner.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/JettySqoopRunner.java new file mode 100644 index 0000000..0069ab7 --- /dev/null +++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/JettySqoopRunner.java @@ -0,0 +1,239 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.tests.e2e.sqoop; + +import static org.junit.Assert.assertEquals; + +import java.net.MalformedURLException; +import java.net.URL; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +import org.apache.sqoop.client.SqoopClient; +import org.apache.sqoop.common.test.db.DatabaseProvider; +import org.apache.sqoop.common.test.db.DatabaseProviderFactory; +import org.apache.sqoop.common.test.db.TableName; +import org.apache.sqoop.common.test.utils.NetworkUtils; +import org.apache.sqoop.model.MConfigList; +import org.apache.sqoop.model.MJob; +import org.apache.sqoop.model.MLink; +import org.apache.sqoop.server.SqoopJettyServer; +import org.apache.sqoop.test.minicluster.SqoopMiniCluster; +import org.apache.sqoop.test.utils.SqoopUtils; +import org.apache.sqoop.validation.Status; + +import com.google.common.base.Joiner; + +public class JettySqoopRunner { + private SqoopServerEnableSentry server; + private DatabaseProvider provider; + private String temporaryPath; + + public JettySqoopRunner(String temporaryPath, String serverName, String sentrySite) + throws Exception { + this.temporaryPath = temporaryPath; + this.server = new SqoopServerEnableSentry(temporaryPath, serverName, sentrySite); + this.provider = DatabaseProviderFactory.getProvider(System.getProperties()); + } + + public void start() throws Exception { + server.start(); + provider.start(); + } + + public void stop() throws Exception { + server.stop(); + provider.stop(); + } + + /** + * save link. + * + * With asserts to make sure that it was created correctly. + * @param sqoopClient + * @param link + */ + public void saveLink(SqoopClient client, MLink link) { + assertEquals(Status.OK, client.saveLink(link)); + } + + /** + * update link. + * + * With asserts to make sure that it was created correctly. + * @param sqoopClient + * @param link + * @param oldLinkName + */ + public void updateLink(SqoopClient client, MLink link, String oldLinkName) { + assertEquals(Status.OK, client.updateLink(link, oldLinkName)); + } + + + /** + * save job. + * + * With asserts to make sure that it was created correctly. + * + * @param job + */ + public void saveJob(SqoopClient client, MJob job) { + assertEquals(Status.OK, client.saveJob(job)); + } + + /** + * fill link. + * + * With asserts to make sure that it was filled correctly. + * + * @param link + */ + public void fillHdfsLink(MLink link) { + MConfigList configs = link.getConnectorLinkConfig(); + configs.getStringInput("linkConfig.confDir").setValue(server.getConfigurationPath()); + } + + /** + * Fill link config based on currently active provider. + * + * @param link MLink object to fill + */ + public void fillRdbmsLinkConfig(MLink link) { + MConfigList configs = link.getConnectorLinkConfig(); + configs.getStringInput("linkConfig.jdbcDriver").setValue(provider.getJdbcDriver()); + configs.getStringInput("linkConfig.connectionString").setValue(provider.getConnectionUrl()); + configs.getStringInput("linkConfig.username").setValue(provider.getConnectionUsername()); + configs.getStringInput("linkConfig.password").setValue(provider.getConnectionPassword()); + } + + public void fillHdfsFromConfig(MJob job) { + MConfigList fromConfig = job.getFromJobConfig(); + fromConfig.getStringInput("fromJobConfig.inputDirectory").setValue(temporaryPath + "/output"); + } + + public void fillRdbmsToConfig(MJob job) { + MConfigList toConfig = job.getToJobConfig(); + toConfig.getStringInput("toJobConfig.tableName").setValue(provider. + escapeTableName(new TableName(getClass().getSimpleName()).getTableName())); + } + + /** + * get a sqoopClient for specific user + * @param user + */ + public SqoopClient getSqoopClient(String user) { + setAuthenticationUser(user); + return new SqoopClient(server.getServerUrl()); + } + + /** + * Set the mock user in the Sqoop simple authentication + * @param user + */ + private void setAuthenticationUser(String user) { + System.setProperty("user.name", user); + } + + private static class SqoopServerEnableSentry extends SqoopMiniCluster { + private Integer port; + private String sentrySite; + private String serverName; + private SqoopJettyServer sqoopJettyServer; + + SqoopServerEnableSentry(String temporaryPath, String serverName, String sentrySite) + throws Exception { + super(temporaryPath); + this.serverName = serverName; + this.sentrySite = sentrySite; + // Random port + this.port = NetworkUtils.findAvailablePort(); + } + + @Override + public Map<String, String> getSecurityConfiguration() { + Map<String, String> properties = new HashMap<String, String>(); + configureAuthentication(properties); + configureSentryAuthorization(properties); + properties.put("org.apache.sqoop.jetty.port", port.toString()); + return properties; + } + + private void configureAuthentication(Map<String, String> properties) { + properties.put("org.apache.sqoop.authentication.type", "SIMPLE"); + properties.put("org.apache.sqoop.authentication.handler", + "org.apache.sqoop.security.SimpleAuthenticationHandler"); + } + + private void configureSentryAuthorization(Map<String, String> properties) { + properties.put("org.apache.sqoop.security.authorization.handler", + "org.apache.sentry.sqoop.authz.SentryAuthorizationHandler"); + properties.put("org.apache.sqoop.security.authorization.access_controller", + "org.apache.sentry.sqoop.authz.SentryAccessController"); + properties.put("org.apache.sqoop.security.authorization.validator", + "org.apache.sentry.sqoop.authz.SentryAuthorizationValidator"); + properties.put("org.apache.sqoop.security.authorization.server_name", serverName); + properties.put("sentry.sqoop.site.url", sentrySite); + List<String> extraClassPath = new LinkedList<String>(); + for (String jar : System.getProperty("java.class.path").split(":")) { + if ((jar.contains("sentry") || jar.contains("shiro-core") || jar.contains("libthrift")) + && jar.endsWith("jar")) { + extraClassPath.add(jar); + } + } + properties.put("org.apache.sqoop.classpath.extra", Joiner.on(":").join(extraClassPath)); + } + + @Override + public void start() throws Exception { + prepareTemporaryPath(); + sqoopJettyServer = new SqoopJettyServer(); + sqoopJettyServer.startServer(); + } + + /** {@inheritDoc} */ + @Override + public void stop() throws Exception { + if (sqoopJettyServer != null) { + sqoopJettyServer.stopServerForTest(); + } + } + + /** + * Return server URL. + */ + @Override + public String getServerUrl() { + if (sqoopJettyServer != null) { + String serverUrl = sqoopJettyServer.getServerUrl(); + // Replace the hostname of server url with FQDN + String host; + try { + host = new URL(serverUrl).getHost(); + } catch (MalformedURLException e) { + throw new RuntimeException("Invalid sqoop server url: " + serverUrl); + } + + String fqdn = SqoopUtils.getLocalHostName(); + return serverUrl.replaceFirst(host, fqdn); + } + throw new RuntimeException("Jetty server wasn't started."); + } + } + +} http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestConnectorEndToEnd.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestConnectorEndToEnd.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestConnectorEndToEnd.java index 27f1420..2aaf25b 100644 --- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestConnectorEndToEnd.java +++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestConnectorEndToEnd.java @@ -20,6 +20,7 @@ import static org.junit.Assert.assertTrue; import org.apache.sentry.core.model.sqoop.SqoopActionConstant; import org.apache.sqoop.client.SqoopClient; +import org.apache.sqoop.common.SqoopProtocolConstants; import org.apache.sqoop.model.MConnector; import org.apache.sqoop.model.MPrincipal; import org.apache.sqoop.model.MPrivilege; @@ -30,10 +31,10 @@ import org.junit.Test; import com.google.common.collect.Lists; public class TestConnectorEndToEnd extends AbstractSqoopSentryTestBase { - private static String JDBC_CONNECTOR_NAME = "generic-jdbc-connector"; - private static String HDFS_CONNECTOR_NAME = "hdfs-connector"; + // TODO Re-enable once https://issues.apache.org/jira/browse/SQOOP-3251 is fixed @Test + @org.junit.Ignore public void testShowAllConnector() throws Exception { // USER3 at firstly has no privilege on any Sqoop resource SqoopClient client = sqoopServerRunner.getSqoopClient(USER3); @@ -45,7 +46,7 @@ public class TestConnectorEndToEnd extends AbstractSqoopSentryTestBase { client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole role3 = new MRole(ROLE3); MPrincipal group3 = new MPrincipal(GROUP3, MPrincipal.TYPE.GROUP); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); + MResource allConnector = new MResource(SqoopProtocolConstants.ALL, MResource.TYPE.CONNECTOR); MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); client.createRole(role3); client.grantRole(Lists.newArrayList(role3), Lists.newArrayList(group3)); @@ -75,7 +76,7 @@ public class TestConnectorEndToEnd extends AbstractSqoopSentryTestBase { MRole role1 = new MRole(ROLE1); MPrincipal group1 = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP); - MPrivilege readHdfsPriv = new MPrivilege(new MResource(String.valueOf(hdfsConnector.getPersistenceId()), MResource.TYPE.CONNECTOR), + MPrivilege readHdfsPriv = new MPrivilege(new MResource(hdfsConnector.getUniqueName(), MResource.TYPE.CONNECTOR), SqoopActionConstant.READ, false); client.createRole(role1); client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1)); @@ -84,7 +85,7 @@ public class TestConnectorEndToEnd extends AbstractSqoopSentryTestBase { MRole role2 = new MRole(ROLE2); MPrincipal group2 = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP); - MPrivilege readJdbcPriv = new MPrivilege(new MResource(String.valueOf(jdbcConnector.getPersistenceId()), MResource.TYPE.CONNECTOR), + MPrivilege readJdbcPriv = new MPrivilege(new MResource(String.valueOf(jdbcConnector.getUniqueName()), MResource.TYPE.CONNECTOR), SqoopActionConstant.READ, false); client.createRole(role2); client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2)); http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestGrantPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestGrantPrivilege.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestGrantPrivilege.java index 8c7753e..9a47ab3 100644 --- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestGrantPrivilege.java +++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestGrantPrivilege.java @@ -39,8 +39,8 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase { public void testNotSupportGrantPrivilegeToUser() throws Exception { SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MPrincipal user1 = new MPrincipal("not_support_grant_user_1", MPrincipal.TYPE.GROUP); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); try { client.grantPrivilege(Lists.newArrayList(user1), Lists.newArrayList(readPriv)); fail("expected not support exception happend"); @@ -53,8 +53,8 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase { public void testNotSupportGrantPrivilegeToGroup() throws Exception { SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MPrincipal group1 = new MPrincipal("not_support_grant_group_1", MPrincipal.TYPE.GROUP); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); try { client.grantPrivilege(Lists.newArrayList(group1), Lists.newArrayList(readPriv)); fail("expected not support exception happend"); @@ -68,21 +68,21 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase { /** * user1 belongs to group group1 * admin user grant role role1 to group group1 - * admin user grant read privilege on connector all to role role1 + * admin user grant read privilege on connector HDFS_CONNECTOR_NAME to role role1 */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole role1 = new MRole(ROLE1); MPrincipal group1Princ = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP); MPrincipal role1Princ = new MPrincipal(ROLE1, MPrincipal.TYPE.ROLE); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); client.createRole(role1); client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1Princ)); client.grantPrivilege(Lists.newArrayList(role1Princ), Lists.newArrayList(readPrivilege)); // check user1 has privilege on role1 client = sqoopServerRunner.getSqoopClient(USER1); - assertTrue(client.getPrivilegesByPrincipal(role1Princ, allConnector).size() == 1); + assertTrue(client.getPrivilegesByPrincipal(role1Princ, hdfsConnector).size() == 1); } @Test @@ -90,21 +90,21 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase { /** * user2 belongs to group group2 * admin user grant role role2 to group group2 - * admin user grant write privilege on connector all to role role2 + * admin user grant write privilege on connector HDFS_CONNECTOR_NAME to role role2 */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole role2 = new MRole(ROLE2); MPrincipal group2Princ = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP); MPrincipal role2Princ = new MPrincipal(ROLE2, MPrincipal.TYPE.ROLE); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege writePrivilege = new MPrivilege(allConnector, SqoopActionConstant.WRITE, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege writePrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.WRITE, false); client.createRole(role2); client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2Princ)); client.grantPrivilege(Lists.newArrayList(role2Princ), Lists.newArrayList(writePrivilege)); // check user2 has one privilege on role2 client = sqoopServerRunner.getSqoopClient(USER2); - assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 1); + assertTrue(client.getPrivilegesByPrincipal(role2Princ, hdfsConnector).size() == 1); // grant privilege to role role2 again client = sqoopServerRunner.getSqoopClient(ADMIN_USER); @@ -112,7 +112,7 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase { // check user2 has only one privilege on role2 client = sqoopServerRunner.getSqoopClient(USER2); - assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 1); + assertTrue(client.getPrivilegesByPrincipal(role2Princ, hdfsConnector).size() == 1); } @Test @@ -120,23 +120,23 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase { /** * user3 belongs to group group3 * admin user grant role role3 to group group3 - * admin user grant all privilege on connector all to role role3 + * admin user grant all privilege on connector HDFS_CONNECTOR_NAME to role role3 */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole role3 = new MRole(ROLE3); MPrincipal group3Princ = new MPrincipal(GROUP3, MPrincipal.TYPE.GROUP); MPrincipal role3Princ = new MPrincipal(ROLE3, MPrincipal.TYPE.ROLE); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege allPrivilege = new MPrivilege(allConnector, SqoopActionConstant.ALL_NAME, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege allPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.ALL_NAME, false); client.createRole(role3); client.grantRole(Lists.newArrayList(role3), Lists.newArrayList(group3Princ)); client.grantPrivilege(Lists.newArrayList(role3Princ), Lists.newArrayList(allPrivilege)); // check user3 has one privilege on role3 client = sqoopServerRunner.getSqoopClient(USER3); - assertTrue(client.getPrivilegesByPrincipal(role3Princ, allConnector).size() == 1); + assertTrue(client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).size() == 1); // user3 has the all action on role3 - MPrivilege user3Privilege = client.getPrivilegesByPrincipal(role3Princ, allConnector).get(0); + MPrivilege user3Privilege = client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).get(0); assertEquals(user3Privilege.getAction(), SqoopActionConstant.ALL_NAME); /** @@ -145,13 +145,13 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase { * no impact on the role3 */ client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false); + MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); client.grantPrivilege(Lists.newArrayList(role3Princ), Lists.newArrayList(readPrivilege)); // check user3 has only one privilege on role3 client = sqoopServerRunner.getSqoopClient(USER3); - assertTrue(client.getPrivilegesByPrincipal(role3Princ, allConnector).size() == 1); + assertTrue(client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).size() == 1); // user3 has the all action on role3 - user3Privilege = client.getPrivilegesByPrincipal(role3Princ, allConnector).get(0); + user3Privilege = client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).get(0); assertEquals(user3Privilege.getAction(), SqoopActionConstant.ALL_NAME); } @@ -160,38 +160,38 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase { /** * user4 belongs to group group4 * admin user grant role role4 to group group4 - * admin user grant read privilege on connector all to role role4 + * admin user grant read privilege on connector HDFS_CONNECTOR_NAME to role role4 */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole role4 = new MRole(ROLE4); MPrincipal group4Princ = new MPrincipal(GROUP4, MPrincipal.TYPE.GROUP); MPrincipal role4Princ = new MPrincipal(ROLE4, MPrincipal.TYPE.ROLE); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); client.createRole(role4); client.grantRole(Lists.newArrayList(role4), Lists.newArrayList(group4Princ)); client.grantPrivilege(Lists.newArrayList(role4Princ), Lists.newArrayList(readPrivilege)); // check user4 has one privilege on role1 client = sqoopServerRunner.getSqoopClient(USER4); - assertTrue(client.getPrivilegesByPrincipal(role4Princ, allConnector).size() == 1); + assertTrue(client.getPrivilegesByPrincipal(role4Princ, hdfsConnector).size() == 1); // user4 has the read action on collector all - MPrivilege user4Privilege = client.getPrivilegesByPrincipal(role4Princ, allConnector).get(0); + MPrivilege user4Privilege = client.getPrivilegesByPrincipal(role4Princ, hdfsConnector).get(0); assertEquals(user4Privilege.getAction().toLowerCase(), SqoopActionConstant.READ); /** - * admin user grant write privilege on connector all to role role4 + * admin user grant write privilege on connector HDFS_CONNECTOR_NAME to role role4 */ client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - MPrivilege writePrivilege = new MPrivilege(allConnector, SqoopActionConstant.WRITE, false); + MPrivilege writePrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.WRITE, false); client.grantPrivilege(Lists.newArrayList(role4Princ), Lists.newArrayList(writePrivilege)); // check user4 has two privileges on role1 client = sqoopServerRunner.getSqoopClient(USER4); - assertTrue(client.getPrivilegesByPrincipal(role4Princ, allConnector).size() == 2); - // user4 has the read and write action on collector all + assertTrue(client.getPrivilegesByPrincipal(role4Princ, hdfsConnector).size() == 2); + // user4 has the read and write action on collector HDFS_CONNECTOR_NAME List<String> actions = Lists.newArrayList(); - for (MPrivilege privilege : client.getPrivilegesByPrincipal(role4Princ, allConnector)) { + for (MPrivilege privilege : client.getPrivilegesByPrincipal(role4Princ, hdfsConnector)) { actions.add(privilege.getAction().toLowerCase()); } assertEquals(2, actions.size()); @@ -199,19 +199,19 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase { assertTrue(actions.contains(SqoopActionConstant.WRITE)); /** - * admin user grant all privilege on connector all to role role4 + * admin user grant all privilege on connector HDFS_CONNECTOR_NAME to role role4 * because the all privilege includes the read and write privileges, these privileges will * be removed */ client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - MPrivilege allPrivilege = new MPrivilege(allConnector, SqoopActionConstant.ALL_NAME, false); + MPrivilege allPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.ALL_NAME, false); client.grantPrivilege(Lists.newArrayList(role4Princ), Lists.newArrayList(allPrivilege)); // check user4 has only privilege on role1 client = sqoopServerRunner.getSqoopClient(USER4); - assertTrue(client.getPrivilegesByPrincipal(role4Princ, allConnector).size() == 1); + assertTrue(client.getPrivilegesByPrincipal(role4Princ, hdfsConnector).size() == 1); // user4 has the all action on role3 - user4Privilege = client.getPrivilegesByPrincipal(role4Princ, allConnector).get(0); + user4Privilege = client.getPrivilegesByPrincipal(role4Princ, hdfsConnector).get(0); assertEquals(user4Privilege.getAction(), SqoopActionConstant.ALL_NAME); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestJobEndToEnd.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestJobEndToEnd.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestJobEndToEnd.java index 636e269..e993905 100644 --- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestJobEndToEnd.java +++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestJobEndToEnd.java @@ -16,6 +16,7 @@ */ package org.apache.sentry.tests.e2e.sqoop; +import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -39,28 +40,31 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { * ADMIN_USER create two links and one job */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - MLink rdbmsLink = client.createLink("generic-jdbc-connector"); + MLink rdbmsLink = client.createLink(JDBC_CONNECTOR_NAME); sqoopServerRunner.fillRdbmsLinkConfig(rdbmsLink); + rdbmsLink.setName("JDBC_link1"); sqoopServerRunner.saveLink(client, rdbmsLink); - MLink hdfsLink = client.createLink("hdfs-connector"); + MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME); sqoopServerRunner.fillHdfsLink(hdfsLink); + hdfsLink.setName("HDFS_link1"); sqoopServerRunner.saveLink(client, hdfsLink); - MJob job1 = client.createJob(hdfsLink.getPersistenceId(), rdbmsLink.getPersistenceId()); + MJob job1 = client.createJob(hdfsLink.getName(), rdbmsLink.getName()); // set HDFS "FROM" config for the job, since the connector test case base class only has utilities for HDFS! sqoopServerRunner.fillHdfsFromConfig(job1); // set the RDBM "TO" config here sqoopServerRunner.fillRdbmsToConfig(job1); // create job + job1.setName("HDFS_JDBS_job1"); sqoopServerRunner.saveJob(client, job1); /** - * ADMIN_USER grant read privilege on all job to role1 + * ADMIN_USER grant read privilege on "HDFS_JDBS_job1" job to role1 */ MRole role1 = new MRole(ROLE1); MPrincipal group1 = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP); - MResource allJob = new MResource(SqoopActionConstant.ALL, MResource.TYPE.JOB); - MPrivilege readAllPrivilege = new MPrivilege(allJob,SqoopActionConstant.READ, false); + MResource hdfsJdbcJob = new MResource("HDFS_JDBS_job1", MResource.TYPE.JOB); + MPrivilege readAllPrivilege = new MPrivilege(hdfsJdbcJob, SqoopActionConstant.READ, false); client.createRole(role1); client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1)); client.grantPrivilege(Lists.newArrayList(new MPrincipal(role1.getName(), MPrincipal.TYPE.ROLE)), @@ -71,7 +75,7 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { */ MRole role2 = new MRole(ROLE2); MPrincipal group2 = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP); - MResource job1Resource = new MResource(String.valueOf(job1.getPersistenceId()), MResource.TYPE.JOB); + MResource job1Resource = new MResource(String.valueOf(job1.getName()), MResource.TYPE.JOB); MPrivilege readJob1Privilege = new MPrivilege(job1Resource,SqoopActionConstant.READ, false); client.createRole(role2); client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2)); @@ -82,7 +86,7 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { client = sqoopServerRunner.getSqoopClient(USER1); try { assertTrue(client.getJobs().size() == 1); - assertTrue(client.getJob(job1.getPersistenceId()) != null); + assertTrue(client.getJob(job1.getName()) != null); } catch (Exception e) { fail("unexpected Authorization exception happend"); } @@ -91,23 +95,22 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { client = sqoopServerRunner.getSqoopClient(USER2); try { assertTrue(client.getJobs().size() == 1); - assertTrue(client.getJob(job1.getPersistenceId()) != null); + assertTrue(client.getJob(job1.getName()) != null); } catch (Exception e) { fail("unexpected Authorization exception happend"); } // user3 can't show job1 client = sqoopServerRunner.getSqoopClient(USER3); + assertTrue(client.getJobs().size() == 0); try { - assertTrue(client.getJobs().size() == 0); - client.getJob(job1.getPersistenceId()); - fail("expected Authorization exception happend"); - } catch (Exception e) { - assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); + assertNull(client.getJob(job1.getName())); + } catch (IndexOutOfBoundsException ex) { + // This try statement can be removed when https://issues.apache.org/jira/browse/SQOOP-3250 is fixed } client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - client.deleteJob(job1.getPersistenceId()); + client.deleteJob(job1.getName()); } @Test @@ -116,64 +119,77 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { * ADMIN_USER create two links and one job */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - MLink rdbmsLink = client.createLink("generic-jdbc-connector"); + MLink rdbmsLink = client.createLink(JDBC_CONNECTOR_NAME); sqoopServerRunner.fillRdbmsLinkConfig(rdbmsLink); rdbmsLink.setName("rdbm_testUpdateJob"); sqoopServerRunner.saveLink(client, rdbmsLink); - MLink hdfsLink = client.createLink("hdfs-connector"); + MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME); sqoopServerRunner.fillHdfsLink(hdfsLink); hdfsLink.setName("hdfs_testUpdateJob"); sqoopServerRunner.saveLink(client, hdfsLink); - MJob job2 = client.createJob(hdfsLink.getPersistenceId(), rdbmsLink.getPersistenceId()); + MJob job2 = client.createJob(hdfsLink.getName(), rdbmsLink.getName()); // set HDFS "FROM" config for the job, since the connector test case base class only has utilities for HDFS! sqoopServerRunner.fillHdfsFromConfig(job2); // set the RDBM "TO" config here sqoopServerRunner.fillRdbmsToConfig(job2); // create job + job2.setName("HDFS_RDBM_job1"); sqoopServerRunner.saveJob(client, job2); /** * ADMIN_USER grant update privilege on job2 to role4 - * ADMIN_USER grant read privilege on all connector to role4 - * ADMIN_USER grant read privilege on all link to role4 + * ADMIN_USER grant read privilege on the HDFS_CONNECTOR_NAME and JDBC_CONNECTOR_NAME connector to role4 + * ADMIN_USER grant read privilege on "rdbm_testUpdateJob" and "hdfs_testUpdateJob" link to role4 */ MRole role4 = new MRole(ROLE4); MPrincipal group4 = new MPrincipal(GROUP4, MPrincipal.TYPE.GROUP); - MResource job2Resource = new MResource(String.valueOf(job2.getPersistenceId()), MResource.TYPE.JOB); - MPrivilege writeJob2Privilege = new MPrivilege(job2Resource,SqoopActionConstant.WRITE, false); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readConnectorPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); - MResource allLink = new MResource(SqoopActionConstant.ALL, MResource.TYPE.LINK); - MPrivilege readLinkPriv = new MPrivilege(allLink,SqoopActionConstant.READ, false); + MResource job2Resource = new MResource(String.valueOf(job2.getName()), MResource.TYPE.JOB); + MPrivilege writeJob2Privilege = new MPrivilege(job2Resource, SqoopActionConstant.WRITE, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MResource jdbcConnector = new MResource(JDBC_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readConnectorPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); + MPrivilege readConnectorPriv2 = new MPrivilege(jdbcConnector, SqoopActionConstant.READ, false); + MResource rdbmLink = new MResource("rdbm_testUpdateJob", MResource.TYPE.LINK); + MResource hdfsLinkResource = new MResource("hdfs_testUpdateJob", MResource.TYPE.LINK); + MPrivilege readLinkPriv = new MPrivilege(rdbmLink, SqoopActionConstant.READ, false); + MPrivilege readLinkPriv2 = new MPrivilege(hdfsLinkResource, SqoopActionConstant.READ, false); client.createRole(role4); client.grantRole(Lists.newArrayList(role4), Lists.newArrayList(group4)); client.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)), - Lists.newArrayList(writeJob2Privilege, readConnectorPriv, readLinkPriv)); + Lists.newArrayList(writeJob2Privilege, readConnectorPriv, readConnectorPriv2, readLinkPriv, readLinkPriv2)); // user4 can't show job2 client = sqoopServerRunner.getSqoopClient(USER4); + assertTrue(client.getJobs().size() == 0); try { - assertTrue(client.getJobs().size() == 0); - client.getJob(job2.getPersistenceId()); - fail("expected Authorization exception happend"); - } catch (Exception e) { - assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); + assertNull(client.getJob(job2.getName())); + } catch (IndexOutOfBoundsException ex) { + // This try statement can be removed when https://issues.apache.org/jira/browse/SQOOP-3250 is fixed } + // user4 can update job2 - try { - job2.setName("job2_update_user4_1"); - client.updateJob(job2); - } catch (Exception e) { - fail("unexpected Authorization exception happend"); - } + String oldJobName = job2.getName(); + job2.setName("job2_update_user4_1"); + client.updateJob(job2, oldJobName); + + // Update back to the old name again + SqoopClient adminClient = sqoopServerRunner.getSqoopClient(ADMIN_USER); + MResource job2UpdatedResource = new MResource("job2_update_user4_1", MResource.TYPE.JOB); + MPrivilege writeJob2UpdatedPrivilege = new MPrivilege(job2UpdatedResource, SqoopActionConstant.WRITE, false); + adminClient.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)), + Lists.newArrayList(writeJob2UpdatedPrivilege)); + + job2.setName(oldJobName); + client.updateJob(job2, "job2_update_user4_1"); + // user3 can't update job2 client = sqoopServerRunner.getSqoopClient(USER3); try { assertTrue(client.getJobs().size() == 0); job2.setName("job2_update_user3_1"); - client.updateJob(job2); + client.updateJob(job2, oldJobName); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); @@ -181,7 +197,7 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { // user3 can't delete job2 try { - client.deleteJob(job2.getPersistenceId()); + client.deleteJob(oldJobName); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); @@ -190,7 +206,7 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { //user4 can delete job2 because user4 has write privilege on job2 client = sqoopServerRunner.getSqoopClient(USER4); try { - client.deleteJob(job2.getPersistenceId()); + client.deleteJob(oldJobName); } catch (Exception e) { fail("unexpected Authorization exception happend"); } @@ -205,41 +221,46 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { * ADMIN_USER create two links and one job */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - MLink rdbmsLink = client.createLink("generic-jdbc-connector"); + MLink rdbmsLink = client.createLink(JDBC_CONNECTOR_NAME); sqoopServerRunner.fillRdbmsLinkConfig(rdbmsLink); rdbmsLink.setName("rdbm_testEnableAndStartJob"); sqoopServerRunner.saveLink(client, rdbmsLink); - MLink hdfsLink = client.createLink("hdfs-connector"); + MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME); sqoopServerRunner.fillHdfsLink(hdfsLink); hdfsLink.setName("hdfs_testEnableAndStartJob"); sqoopServerRunner.saveLink(client, hdfsLink); - MJob job2 = client.createJob(hdfsLink.getPersistenceId(), rdbmsLink.getPersistenceId()); + MJob job2 = client.createJob(hdfsLink.getName(), rdbmsLink.getName()); // set HDFS "FROM" config for the job, since the connector test case base class only has utilities for HDFS! sqoopServerRunner.fillHdfsFromConfig(job2); // set the RDBM "TO" config here sqoopServerRunner.fillRdbmsToConfig(job2); // create job + job2.setName("HDFS_RDBM_job1"); sqoopServerRunner.saveJob(client, job2); /** * ADMIN_USER grant update privilege on job2 to role4 - * ADMIN_USER grant read privilege on all connector to role4 - * ADMIN_USER grant read privilege on all link to role4 + * ADMIN_USER grant read privilege on HDFS_CONNECTOR_NAME and JDBC_CONNECTOR_NAME connector to role4 + * ADMIN_USER grant read privilege on "rdbm_testEnableAndStartJob" and "hdfs_testEnableAndStartJob" link to role4 */ MRole role4 = new MRole(ROLE4); MPrincipal group4 = new MPrincipal(GROUP4, MPrincipal.TYPE.GROUP); - MResource job2Resource = new MResource(String.valueOf(job2.getPersistenceId()), MResource.TYPE.JOB); + MResource job2Resource = new MResource(String.valueOf(job2.getName()), MResource.TYPE.JOB); MPrivilege writeJob2Privilege = new MPrivilege(job2Resource,SqoopActionConstant.WRITE, false); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readConnectorPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); - MResource allLink = new MResource(SqoopActionConstant.ALL, MResource.TYPE.LINK); - MPrivilege readLinkPriv = new MPrivilege(allLink,SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MResource jdbcConnector = new MResource(JDBC_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readConnectorPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); + MPrivilege readConnectorPriv2 = new MPrivilege(jdbcConnector, SqoopActionConstant.READ, false); + MResource rdbmLink = new MResource("rdbm_testEnableAndStartJob", MResource.TYPE.LINK); + MResource hdfsLinkResource = new MResource("hdfs_testEnableAndStartJob", MResource.TYPE.LINK); + MPrivilege readLinkPriv = new MPrivilege(rdbmLink, SqoopActionConstant.READ, false); + MPrivilege readLinkPriv2 = new MPrivilege(hdfsLinkResource, SqoopActionConstant.READ, false); client.createRole(role4); client.grantRole(Lists.newArrayList(role4), Lists.newArrayList(group4)); client.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)), - Lists.newArrayList(writeJob2Privilege, readConnectorPriv, readLinkPriv)); + Lists.newArrayList(writeJob2Privilege, readConnectorPriv, readConnectorPriv2, readLinkPriv, readLinkPriv2)); /** @@ -258,14 +279,14 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { // user5 can't enable and start job2 client = sqoopServerRunner.getSqoopClient(USER5); try { - client.enableJob(job2.getPersistenceId(), true); + client.enableJob(job2.getName(), true); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); } try { - client.startJob(job2.getPersistenceId()); + client.startJob(job2.getName()); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); @@ -274,14 +295,14 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { // user3 can't enable and start job2 client = sqoopServerRunner.getSqoopClient(USER3); try { - client.enableJob(job2.getPersistenceId(), true); + client.enableJob(job2.getName(), true); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); } try { - client.startJob(job2.getPersistenceId()); + client.startJob(job2.getName()); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); @@ -290,9 +311,9 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase { // user4 can enable or start job2 client = sqoopServerRunner.getSqoopClient(USER4); try { - client.enableJob(job2.getPersistenceId(), false); - client.enableJob(job2.getPersistenceId(), true); - client.deleteJob(job2.getPersistenceId()); + client.enableJob(job2.getName(), false); + client.enableJob(job2.getName(), true); + client.deleteJob(job2.getName()); } catch (Exception e) { fail("unexpected Authorization exception happend"); } http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestLinkEndToEnd.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestLinkEndToEnd.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestLinkEndToEnd.java index 8c8a91d..e29493c 100644 --- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestLinkEndToEnd.java +++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestLinkEndToEnd.java @@ -16,6 +16,7 @@ */ package org.apache.sentry.tests.e2e.sqoop; +import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -48,29 +49,28 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase { * ADMIN_USER create a hdfs link */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - MLink hdfsLink = client.createLink("hdfs-connector"); + MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME); sqoopServerRunner.fillHdfsLink(hdfsLink); + hdfsLink.setName("hdfs-link1"); sqoopServerRunner.saveLink(client, hdfsLink); /** - * ADMIN_USER grant read privilege on all link to role1 + * ADMIN_USER grant read privilege on "hdfs-link1" link to role1 */ MRole role1 = new MRole(ROLE1); MPrincipal group1 = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP); - MResource allLink = new MResource(SqoopActionConstant.ALL, MResource.TYPE.LINK); - MPrivilege readAllPrivilege = new MPrivilege(allLink,SqoopActionConstant.READ, false); + MResource hdfsLinkResource = new MResource("hdfs-link1", MResource.TYPE.LINK); + MPrivilege readHdfsLinkPrivilege = new MPrivilege(hdfsLinkResource, SqoopActionConstant.READ, false); dropAndCreateRole(client, role1); client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1)); client.grantPrivilege(Lists.newArrayList(new MPrincipal(role1.getName(), MPrincipal.TYPE.ROLE)), - Lists.newArrayList(readAllPrivilege)); + Lists.newArrayList(readHdfsLinkPrivilege)); /** * ADMIN_USER grant read privilege on hdfs link to role2 */ MRole role2 = new MRole(ROLE2); MPrincipal group2 = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP); - MResource hdfsLinkResource = new MResource(String.valueOf(hdfsLink.getPersistenceId()), MResource.TYPE.LINK); - MPrivilege readHdfsLinkPrivilege = new MPrivilege(hdfsLinkResource,SqoopActionConstant.READ, false); dropAndCreateRole(client, role2); client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2)); client.grantPrivilege(Lists.newArrayList(new MPrincipal(role2.getName(), MPrincipal.TYPE.ROLE)), @@ -80,7 +80,7 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase { client = sqoopServerRunner.getSqoopClient(USER1); try { assertTrue(client.getLinks().size() == 1); - assertTrue(client.getLink(hdfsLink.getPersistenceId()) != null); + assertTrue(client.getLink(hdfsLink.getName()) != null); } catch (Exception e) { fail("unexpected Authorization exception happend"); } @@ -89,23 +89,22 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase { client = sqoopServerRunner.getSqoopClient(USER2); try { assertTrue(client.getLinks().size() == 1); - assertTrue(client.getLink(hdfsLink.getPersistenceId()) != null); + assertTrue(client.getLink(hdfsLink.getName()) != null); } catch (Exception e) { fail("unexpected Authorization exception happend"); } // user3 can't show hdfs link client = sqoopServerRunner.getSqoopClient(USER3); + assertTrue(client.getLinks().size() == 0); try { - assertTrue(client.getLinks().size() == 0); - client.getLink(hdfsLink.getPersistenceId()); - fail("expected Authorization exception happend"); - } catch (Exception e) { - assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); + assertNull(client.getLink(hdfsLink.getName())); + } catch (IndexOutOfBoundsException ex) { + // This try statement can be removed when https://issues.apache.org/jira/browse/SQOOP-3250 is fixed } client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - client.deleteLink(hdfsLink.getPersistenceId()); + client.deleteLink(hdfsLink.getName()); } @Test @@ -114,55 +113,69 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase { * ADMIN_USER create a hdfs link */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - MLink hdfsLink = client.createLink("hdfs-connector"); + MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME); sqoopServerRunner.fillHdfsLink(hdfsLink); + hdfsLink.setName("hdfs-link1"); sqoopServerRunner.saveLink(client, hdfsLink); /** * ADMIN_USER grant update privilege on hdfs link to role4 - * ADMIN_USER grant read privilege on all connector to role4 + * ADMIN_USER grant read privilege on HDFS_CONNECTOR_NAME connector to role4 */ MRole role4 = new MRole(ROLE4); MPrincipal group4 = new MPrincipal(GROUP4, MPrincipal.TYPE.GROUP); - MResource hdfsLinkResource = new MResource(String.valueOf(hdfsLink.getPersistenceId()), MResource.TYPE.LINK); + MResource hdfsLinkResource = new MResource(String.valueOf(hdfsLink.getName()), MResource.TYPE.LINK); MPrivilege writeHdfsPrivilege = new MPrivilege(hdfsLinkResource,SqoopActionConstant.WRITE, false); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readConnectorPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readConnectorPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); dropAndCreateRole(client, role4); client.grantRole(Lists.newArrayList(role4), Lists.newArrayList(group4)); client.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)), Lists.newArrayList(writeHdfsPrivilege, readConnectorPriv)); // user4 can't show hdfs link + client = sqoopServerRunner.getSqoopClient(USER4); + assertTrue(client.getLinks().size() == 0); try { - assertTrue(client.getLinks().size() == 0); - client.getLink(hdfsLink.getPersistenceId()); - fail("expected Authorization exception happend"); - } catch (Exception e) { - assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); + assertNull(client.getLink(hdfsLink.getName())); + } catch (IndexOutOfBoundsException ex) { + // This try statement can be removed when https://issues.apache.org/jira/browse/SQOOP-3250 is fixed } + // user4 can update hdfs link try { hdfsLink.setName("hdfs_link_update_user4_1"); - client.updateLink(hdfsLink); + client.updateLink(hdfsLink, "hdfs-link1"); + + MResource updatedHdfsLinkResource = new MResource("hdfs_link_update_user4_1", MResource.TYPE.LINK); + MPrivilege updatedWriteHdfsPrivilege = new MPrivilege(updatedHdfsLinkResource, SqoopActionConstant.WRITE, false); + SqoopClient adminClient = sqoopServerRunner.getSqoopClient(ADMIN_USER); + adminClient.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)), + Lists.newArrayList(updatedWriteHdfsPrivilege)); + + // Now update it back + hdfsLink.setName("hdfs-link1"); + client.updateLink(hdfsLink, "hdfs_link_update_user4_1"); } catch (Exception e) { fail("unexpected Authorization exception happend"); } + // user3 can't update hdfs link client = sqoopServerRunner.getSqoopClient(USER3); try { assertTrue(client.getLinks().size() == 0); hdfsLink.setName("hdfs_link_update_user3_1"); - client.updateLink(hdfsLink); + client.updateLink(hdfsLink, "hdfs-link1"); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); + hdfsLink.setName("hdfs-link1"); } // user3 can't delete hdfs link try { - client.deleteLink(hdfsLink.getPersistenceId()); + client.deleteLink(hdfsLink.getName()); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); @@ -171,7 +184,7 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase { //user4 can delete hdfs link because user4 has write privilege on hdfs link client = sqoopServerRunner.getSqoopClient(USER4); try { - client.deleteLink(hdfsLink.getPersistenceId()); + client.deleteLink(hdfsLink.getName()); } catch (Exception e) { fail("unexpected Authorization exception happend"); } @@ -186,20 +199,21 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase { * ADMIN_USER create a hdfs link */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); - MLink hdfsLink = client.createLink("hdfs-connector"); + MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME); sqoopServerRunner.fillHdfsLink(hdfsLink); + hdfsLink.setName("hdfs-link1"); sqoopServerRunner.saveLink(client, hdfsLink); /** * ADMIN_USER grant read privilege on hdfs link to role4 - * ADMIN_USER grant read privilege on all connector to role4 + * ADMIN_USER grant read privilege on HDFS_CONNECTOR_NAME connector to role4 */ MRole role4 = new MRole(ROLE4); MPrincipal group4 = new MPrincipal(GROUP4, MPrincipal.TYPE.GROUP); - MResource hdfsLinkResource = new MResource(String.valueOf(hdfsLink.getPersistenceId()), MResource.TYPE.LINK); + MResource hdfsLinkResource = new MResource(String.valueOf(hdfsLink.getName()), MResource.TYPE.LINK); MPrivilege readHdfsPrivilege = new MPrivilege(hdfsLinkResource,SqoopActionConstant.READ, false); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readConnectorPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readConnectorPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); dropAndCreateRole(client, role4); client.grantRole(Lists.newArrayList(role4), Lists.newArrayList(group4)); client.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)), @@ -207,11 +221,11 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase { /** * ADMIN_USER grant write privilege on hdfs link to role5 - * ADMIN_USER grant read privilege on all connector to role5 + * ADMIN_USER grant read privilege on HDFS_CONNECTOR_NAME connector to role5 */ MRole role5 = new MRole(ROLE5); MPrincipal group5 = new MPrincipal(GROUP5, MPrincipal.TYPE.GROUP); - MPrivilege writeHdfsPrivilege = new MPrivilege(hdfsLinkResource,SqoopActionConstant.WRITE, false); + MPrivilege writeHdfsPrivilege = new MPrivilege(hdfsLinkResource, SqoopActionConstant.WRITE, false); dropAndCreateRole(client, role5); client.grantRole(Lists.newArrayList(role5), Lists.newArrayList(group5)); client.grantPrivilege(Lists.newArrayList(new MPrincipal(role5.getName(), MPrincipal.TYPE.ROLE)), @@ -220,22 +234,22 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase { // user4 can't enable hdfs link client = sqoopServerRunner.getSqoopClient(USER4); try { - client.enableLink(hdfsLink.getPersistenceId(), true); + client.enableLink(hdfsLink.getName(), true); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); } - // user5 can enbale hdfs link + // user5 can enable hdfs link client = sqoopServerRunner.getSqoopClient(USER5); try { - client.enableLink(hdfsLink.getPersistenceId(), true); + client.enableLink(hdfsLink.getName(), true); } catch (Exception e) { fail("unexpected Authorization exception happend"); } // user3 can't update hdfs link client = sqoopServerRunner.getSqoopClient(USER3); try { - client.enableLink(hdfsLink.getPersistenceId(), true); + client.enableLink(hdfsLink.getName(), true); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); @@ -248,6 +262,6 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase { } catch (Exception e) { // nothing to do if cleanup fails } - client.deleteLink(hdfsLink.getPersistenceId()); + client.deleteLink(hdfsLink.getName()); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestOwnerPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestOwnerPrivilege.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestOwnerPrivilege.java index abef80c..bdf1d51 100644 --- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestOwnerPrivilege.java +++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestOwnerPrivilege.java @@ -42,34 +42,36 @@ public class TestOwnerPrivilege extends AbstractSqoopSentryTestBase { SqoopClient client = sqoopServerRunner.getSqoopClient(USER1); assertTrue(client.getConnectors().size() == 0); /** - * ADMIN_USER grant read action privilege on connector all to role ROLE1 + * ADMIN_USER grant read action privilege on connector HDFS_CONNECTOR_NAME to role ROLE1 * ADMIN_USER grant role ROLE1 to group GROUP1 */ client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole role1 = new MRole(ROLE1); MPrincipal group1 = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); client.createRole(role1); client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1)); client.grantPrivilege(Lists.newArrayList(new MPrincipal(role1.getName(), MPrincipal.TYPE.ROLE)), Lists.newArrayList(readPriv)); - // check USER1 has the read privilege on all connector + // check USER1 has the read privilege on HDFS_CONNECTOR_NAME connector client = sqoopServerRunner.getSqoopClient(USER1); - assertTrue(client.getConnectors().size() > 0); + assertEquals(client.getConnectors().size(), 1); // USER1 create a new HDFS link - MLink hdfsLink = client.createLink("hdfs-connector"); + MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME); + hdfsLink.setName("HDFS_link1"); sqoopServerRunner.fillHdfsLink(hdfsLink); sqoopServerRunner.saveLink(client, hdfsLink); // USER1 is the owner of HDFS link, so he can show and update HDFS link - assertEquals(client.getLink(hdfsLink.getPersistenceId()), hdfsLink); + assertEquals(client.getLink(hdfsLink.getName()).getName(), hdfsLink.getName()); // USER1 update the name of HDFS link + String oldLinkName = hdfsLink.getName(); hdfsLink.setName("HDFS_update1"); - sqoopServerRunner.updateLink(client, hdfsLink); + sqoopServerRunner.updateLink(client, hdfsLink, oldLinkName); // USER2 has no privilege on HDFS link client = sqoopServerRunner.getSqoopClient(USER2); @@ -77,7 +79,7 @@ public class TestOwnerPrivilege extends AbstractSqoopSentryTestBase { //delete the HDFS link client = sqoopServerRunner.getSqoopClient(USER1); - client.deleteLink(hdfsLink.getPersistenceId()); + client.deleteLink(hdfsLink.getName()); } @Test @@ -86,41 +88,47 @@ public class TestOwnerPrivilege extends AbstractSqoopSentryTestBase { SqoopClient client = sqoopServerRunner.getSqoopClient(USER3); assertTrue(client.getConnectors().size() == 0); /** - * ADMIN_USER grant read action privilege on connector all to role ROLE3 + * ADMIN_USER grant read action privilege on connector HDFS_CONNECTOR_NAME and JDBC_CONNECTOR_NAME to role ROLE3 * ADMIN_USER grant role ROLE3 to group GROUP3 */ client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole role3 = new MRole(ROLE3); MPrincipal group3 = new MPrincipal(GROUP3, MPrincipal.TYPE.GROUP); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MResource jdbcConnector = new MResource(JDBC_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); + MPrivilege readPriv2 = new MPrivilege(jdbcConnector, SqoopActionConstant.READ, false); client.createRole(role3); client.grantRole(Lists.newArrayList(role3), Lists.newArrayList(group3)); client.grantPrivilege(Lists.newArrayList(new MPrincipal(ROLE3, MPrincipal.TYPE.ROLE)), - Lists.newArrayList(readPriv)); + Lists.newArrayList(readPriv, readPriv2)); - // check USER3 has the read privilege on all connector + // check USER3 has the read privilege on the connectors client = sqoopServerRunner.getSqoopClient(USER3); - assertTrue(client.getConnectors().size() > 0); + assertEquals(client.getConnectors().size(), 2); // USER3 create two links: hdfs link and rdbm link - MLink rdbmsLink = client.createLink("generic-jdbc-connector"); + MLink rdbmsLink = client.createLink(JDBC_CONNECTOR_NAME); + rdbmsLink.setName("JDBC_link1"); sqoopServerRunner.fillRdbmsLinkConfig(rdbmsLink); sqoopServerRunner.saveLink(client, rdbmsLink); - MLink hdfsLink = client.createLink("hdfs-connector"); + MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME); + hdfsLink.setName("HDFS_link1"); sqoopServerRunner.fillHdfsLink(hdfsLink); sqoopServerRunner.saveLink(client, hdfsLink); // USER3 is the owner of hdfs and link, so he can show and update hdfs link assertTrue(client.getLinks().size() == 2); + String oldLinkName = hdfsLink.getName(); hdfsLink.setName("HDFS_update2"); - client.updateLink(hdfsLink); + client.updateLink(hdfsLink, oldLinkName); + oldLinkName = rdbmsLink.getName(); rdbmsLink.setName("RDBM_update"); - client.updateLink(rdbmsLink); + client.updateLink(rdbmsLink, oldLinkName); // USER_3 create a job: transfer date from HDFS to RDBM - MJob job1 = client.createJob(hdfsLink.getPersistenceId(), rdbmsLink.getPersistenceId()); + MJob job1 = client.createJob(hdfsLink.getName(), rdbmsLink.getName()); // set HDFS "FROM" config for the job, since the connector test case base class only has utilities for HDFS! sqoopServerRunner.fillHdfsFromConfig(job1); @@ -128,6 +136,7 @@ public class TestOwnerPrivilege extends AbstractSqoopSentryTestBase { sqoopServerRunner.fillRdbmsToConfig(job1); // create job + job1.setName("HDFS_RDBM_job1"); sqoopServerRunner.saveJob(client, job1); /** @@ -137,18 +146,18 @@ public class TestOwnerPrivilege extends AbstractSqoopSentryTestBase { client = sqoopServerRunner.getSqoopClient(USER4); assertTrue(client.getJobs().size() == 0); try { - client.deleteJob(job1.getPersistenceId()); + client.deleteJob(job1.getName()); fail("expected Authorization exception happend"); } catch (Exception e) { assertCausedMessage(e, SecurityError.AUTH_0014.getMessage()); } client = sqoopServerRunner.getSqoopClient(USER3); - assertEquals(client.getJob(job1.getPersistenceId()), job1); - client.deleteJob(job1.getPersistenceId()); + assertEquals(client.getJob(job1.getName()).getName(), job1.getName()); + client.deleteJob(job1.getName()); // delete the HDFS and RDBM links - client.deleteLink(hdfsLink.getPersistenceId()); - client.deleteLink(rdbmsLink.getPersistenceId()); + client.deleteLink(hdfsLink.getName()); + client.deleteLink(rdbmsLink.getName()); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestRevokePrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestRevokePrivilege.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestRevokePrivilege.java index f71595c..29c559c 100644 --- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestRevokePrivilege.java +++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestRevokePrivilege.java @@ -36,8 +36,8 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase { public void testNotSupportRevokePrivilegeFromUser() throws Exception { SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MPrincipal user1 = new MPrincipal("not_support_revoke_user_1", MPrincipal.TYPE.GROUP); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); try { client.revokePrivilege(Lists.newArrayList(user1), Lists.newArrayList(readPriv)); fail("expected not support exception happend"); @@ -50,8 +50,8 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase { public void testNotSupportRevokePrivilegeFromGroup() throws Exception { SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MPrincipal group1 = new MPrincipal("not_support_revoke_group_1", MPrincipal.TYPE.GROUP); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); try { client.revokePrivilege(Lists.newArrayList(group1), Lists.newArrayList(readPriv)); fail("expected not support exception happend"); @@ -65,13 +65,13 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase { SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole testRole = new MRole("noexist_privilege_role1"); MPrincipal testPrinc = new MPrincipal(testRole.getName(), MPrincipal.TYPE.ROLE); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); client.createRole(testRole); - assertTrue(client.getPrivilegesByPrincipal(testPrinc, allConnector).size() == 0); + assertTrue(client.getPrivilegesByPrincipal(testPrinc, hdfsConnector).size() == 0); client.revokePrivilege(Lists.newArrayList(testPrinc), Lists.newArrayList(readPrivilege)); - assertTrue(client.getPrivilegesByPrincipal(testPrinc, allConnector).size() == 0); + assertTrue(client.getPrivilegesByPrincipal(testPrinc, hdfsConnector).size() == 0); } @@ -80,21 +80,21 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase { /** * user1 belongs to group group1 * admin user grant role role1 to group group1 - * admin user grant read privilege on connector all to role role1 + * admin user grant read privilege on connector HDFS_CONNECTOR_NAME to role role1 */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole role1 = new MRole(ROLE1); MPrincipal group1Princ = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP); MPrincipal role1Princ = new MPrincipal(ROLE1, MPrincipal.TYPE.ROLE); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); client.createRole(role1); client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1Princ)); client.grantPrivilege(Lists.newArrayList(role1Princ), Lists.newArrayList(readPrivilege)); // check user1 has privilege on role1 client = sqoopServerRunner.getSqoopClient(USER1); - assertTrue(client.getPrivilegesByPrincipal(role1Princ, allConnector).size() == 1); + assertTrue(client.getPrivilegesByPrincipal(role1Princ, hdfsConnector).size() == 1); // admin user revoke read privilege from role1 client = sqoopServerRunner.getSqoopClient(ADMIN_USER); @@ -102,7 +102,7 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase { // check user1 has no privilege on role1 client = sqoopServerRunner.getSqoopClient(USER1); - assertTrue(client.getPrivilegesByPrincipal(role1Princ, allConnector).size() == 0); + assertTrue(client.getPrivilegesByPrincipal(role1Princ, hdfsConnector).size() == 0); } @Test @@ -110,31 +110,31 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase { /** * user2 belongs to group group2 * admin user grant role role2 to group group2 - * admin user grant read and write privilege on connector all to role role2 + * admin user grant read and write privilege on connector HDFS_CONNECTOR_NAME to role role2 */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole role2 = new MRole(ROLE2); MPrincipal group2Princ = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP); MPrincipal role2Princ = new MPrincipal(ROLE2, MPrincipal.TYPE.ROLE); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege writePrivilege = new MPrivilege(allConnector, SqoopActionConstant.WRITE, false); - MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege writePrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.WRITE, false); + MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); client.createRole(role2); client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2Princ)); client.grantPrivilege(Lists.newArrayList(role2Princ), Lists.newArrayList(writePrivilege, readPrivilege)); // check user2 has two privileges on role2 client = sqoopServerRunner.getSqoopClient(USER2); - assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 2); + assertTrue(client.getPrivilegesByPrincipal(role2Princ, hdfsConnector).size() == 2); // admin user revoke all privilege from role2 - MPrivilege allPrivilege = new MPrivilege(allConnector, SqoopActionConstant.ALL_NAME, false); + MPrivilege allPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.ALL_NAME, false); client = sqoopServerRunner.getSqoopClient(ADMIN_USER); client.revokePrivilege(Lists.newArrayList(role2Princ), Lists.newArrayList(allPrivilege)); // check user2 has no privilege on role2 client = sqoopServerRunner.getSqoopClient(USER2); - assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 0); + assertTrue(client.getPrivilegesByPrincipal(role2Princ, hdfsConnector).size() == 0); } @Test @@ -142,34 +142,34 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase { /** * user3 belongs to group group3 * admin user grant role role3 to group group3 - * admin user grant all privilege on connector all to role role3 + * admin user grant all privilege on connector HDFS_CONNECTOR_NAME to role role3 */ SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER); MRole role3 = new MRole(ROLE3); MPrincipal group3Princ = new MPrincipal(GROUP3, MPrincipal.TYPE.GROUP); MPrincipal role3Princ = new MPrincipal(ROLE3, MPrincipal.TYPE.ROLE); - MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR); - MPrivilege allPrivilege = new MPrivilege(allConnector, SqoopActionConstant.ALL_NAME, false); + MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR); + MPrivilege allPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.ALL_NAME, false); client.createRole(role3); client.grantRole(Lists.newArrayList(role3), Lists.newArrayList(group3Princ)); client.grantPrivilege(Lists.newArrayList(role3Princ), Lists.newArrayList(allPrivilege)); // check user3 has one privilege on role3 client = sqoopServerRunner.getSqoopClient(USER3); - assertTrue(client.getPrivilegesByPrincipal(role3Princ, allConnector).size() == 1); + assertTrue(client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).size() == 1); // user3 has the all action on role3 - MPrivilege user3Privilege = client.getPrivilegesByPrincipal(role3Princ, allConnector).get(0); + MPrivilege user3Privilege = client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).get(0); assertEquals(user3Privilege.getAction(), SqoopActionConstant.ALL_NAME); // admin user revoke the read privilege on connector all from role role3 - MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false); + MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false); client = sqoopServerRunner.getSqoopClient(ADMIN_USER); client.revokePrivilege(Lists.newArrayList(role3Princ), Lists.newArrayList(readPrivilege)); // check user3 has only the write privilege on role3 client = sqoopServerRunner.getSqoopClient(USER3); - assertTrue(client.getPrivilegesByPrincipal(role3Princ, allConnector).size() == 1); - user3Privilege = client.getPrivilegesByPrincipal(role3Princ, allConnector).get(0); + assertTrue(client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).size() == 1); + user3Privilege = client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).get(0); assertEquals(user3Privilege.getAction().toLowerCase(), SqoopActionConstant.WRITE); } }
