http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java deleted file mode 100644 index 0f4bb62..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java +++ /dev/null @@ -1,534 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.generic.tools; - -import com.google.common.io.Files; -import com.google.common.collect.Sets; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileOutputStream; -import java.io.PrintStream; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.tools.SentryShellCommon; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; - -public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { - private File confDir; - private File confPath; - private static String TEST_ROLE_NAME_1 = "testRole1"; - private static String TEST_ROLE_NAME_2 = "testRole2"; - private String requestorName = ""; - private String service = "service1"; - - @Before - public void prepareForTest() throws Exception { - confDir = Files.createTempDir(); - confPath = new File(confDir, "sentry-site.xml"); - if (confPath.createNewFile()) { - FileOutputStream to = new FileOutputStream(confPath); - conf.writeXml(to); - to.close(); - } - requestorName = clientUgi.getShortUserName();//System.getProperty("user.name", ""); - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorName, requestorUserGroupNames); - // add ADMIN_USER for the after() in SentryServiceIntegrationBase - setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames); - writePolicyFile(); - } - - @After - public void clearTestData() throws Exception { - FileUtils.deleteQuietly(confDir); - } - - @Test - public void testCreateDropRole() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // test: create role with -cr - String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - // test: create role with --create_role - args = new String[] { "--create_role", "-r", TEST_ROLE_NAME_2, "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - - // validate the result, list roles with -lr - args = new String[] { "-lr", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); - - // validate the result, list roles with --list_role - args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); - - // test: drop role with -dr - args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - // test: drop role with --drop_role - args = new String[] { "--drop_role", "-r", TEST_ROLE_NAME_2, "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - - // validate the result - Set<TSentryRole> roles = client.listAllRoles(requestorName, SOLR); - assertEquals("Incorrect number of roles", 0, roles.size()); - } - }); - } - - @Test - public void testAddDeleteRoleForGroup() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // Group names are case sensitive - mixed case names should work - String TEST_GROUP_1 = "testGroup1"; - String TEST_GROUP_2 = "testGroup2"; - String TEST_GROUP_3 = "testGroup3"; - - // create the role for test - client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR); - client.createRole(requestorName, TEST_ROLE_NAME_2, SOLR); - // test: add role to group with -arg - String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - // test: add role to multiple groups - args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3, - "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - // test: add role to group with --add_role_group - args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1, - "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - - // validate the result list roles with -lr and -g - args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); - - // list roles with --list_role and -g - args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1); - - args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1); - - // List the groups and roles via listGroups - args = new String[] { "--list_group", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - Set<String> groups = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals(3, groups.size()); - assertTrue(groups.contains("testGroup3 = testrole1")); - assertTrue(groups.contains("testGroup2 = testrole1")); - assertTrue(groups.contains("testGroup1 = testrole2, testrole1")); - - // test: delete role from group with -drg - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - // test: delete role to multiple groups - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3, - "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - // test: delete role from group with --delete_role_group - args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1, - "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - - // validate the result - Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1, SOLR); - assertEquals("Incorrect number of roles", 0, roles.size()); - roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, SOLR); - assertEquals("Incorrect number of roles", 0, roles.size()); - roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, SOLR); - assertEquals("Incorrect number of roles", 0, roles.size()); - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR); - client.dropRole(requestorName, TEST_ROLE_NAME_2, SOLR); - } - }); - } - - @Test - public void testCaseSensitiveGroupName() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - - // create the role for test - client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR); - // add role to a group (lower case) - String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "group1", "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - - // validate the roles when group name is same case as above - args = new String[] { "-lr", "-g", "group1", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1); - - // roles should be empty when group name is different case than above - args = new String[] { "-lr", "-g", "GROUP1", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames); - } - }); - } - - public static String grant(boolean shortOption) { - return shortOption ? "-gpr" : "--grant_privilege_role"; - } - - public static String revoke(boolean shortOption) { - return shortOption ? "-rpr" : "--revoke_privilege_role"; - } - - public static String list(boolean shortOption) { - return shortOption ? "-lp" : "--list_privilege"; - } - - private void assertGrantRevokePrivilege(final boolean shortOption) throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // create the role for test - client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR); - client.createRole(requestorName, TEST_ROLE_NAME_2, SOLR); - - String [] privs = { - "Collection=*->action=*", - "Collection=collection2->action=update", - "Collection=collection3->action=query", - }; - for (int i = 0; i < privs.length; ++i) { - // test: grant privilege to role - String [] args = new String [] { grant(shortOption), "-r", TEST_ROLE_NAME_1, "-p", - privs[ i ], - "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - } - - // test the list privilege - String [] args = new String[] { list(shortOption), "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of privileges", privs.length, privilegeStrs.size()); - for (int i = 0; i < privs.length; ++i) { - assertTrue("Expected privilege: " + privs[ i ], privilegeStrs.contains(privs[ i ])); - } - - for (int i = 0; i < privs.length; ++i) { - args = new String[] { revoke(shortOption), "-r", TEST_ROLE_NAME_1, "-p", - privs[ i ], "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric.main(args); - Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName, - TEST_ROLE_NAME_1, SOLR, service); - assertEquals("Incorrect number of privileges", privs.length - (i + 1), privileges.size()); - } - - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR); - client.dropRole(requestorName, TEST_ROLE_NAME_2, SOLR); - } - }); - } - - - @Test - public void testGrantRevokePrivilegeWithShortOption() throws Exception { - assertGrantRevokePrivilege(true); - } - - @Test - public void testGrantRevokePrivilegeWithLongOption() throws Exception { - assertGrantRevokePrivilege(false); - } - - - @Test - public void testNegativeCaseWithInvalidArgument() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR); - // test: create duplicate role with -cr - String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for creating duplicate role"); - } catch (SentryUserException e) { - // expected exception - } - - // test: drop non-exist role with -dr - args = new String[] { "-dr", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for dropping non-exist role"); - } catch (SentryUserException e) { - // excepted exception - } - - // test: add non-exist role to group with -arg - args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for granting non-exist role to group"); - } catch (SentryUserException e) { - // excepted exception - } - - // test: drop group from non-exist role with -drg - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for drop group from non-exist role"); - } catch (SentryUserException e) { - // excepted exception - } - - // test: grant privilege to role with the error privilege format - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=*", - "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for the error privilege format, invalid key value."); - } catch (IllegalArgumentException e) { - // excepted exception - } - - // test: grant privilege to role with the error privilege hierarchy - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->table=tbl1->column=col2->action=insert", "-conf", - confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for the error privilege format, invalid key value."); - } catch (IllegalArgumentException e) { - // expected exception - } - - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR); - } - }); - } - - @Test - public void testNegativeCaseWithoutRequiredArgument() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - String strOptionConf = "conf"; - client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR); - // test: the conf is required argument - String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-t", "solr" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + strOptionConf); - - // test: -r is required when create role - args = new String[] { "-cr", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -r is required when drop role - args = new String[] { "-dr", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -r is required when add role to group - args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -g is required when add role to group - args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME); - - // test: -r is required when delete role from group - args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -g is required when delete role from group - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME); - - // test: -r is required when grant privilege to role - args = new String[] { "-gpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -p is required when grant privilege to role - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE); - - // test: action is required in privilege - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-p", "collection=collection1", "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected IllegalArgumentException"); - } catch (IllegalArgumentException e) { - assertEquals("Privilege is invalid: action required but not specified.", e.getMessage()); - } - - // test: -r is required when revoke privilege from role - args = new String[] { "-rpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -p is required when revoke privilege from role - args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE); - - // test: command option is required for shell - args = new String[] {"-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsgsContains(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[", - "-arg Add role to group", - "-cr Create role", - "-rpr Revoke privilege from role", - "-drg Delete role from group", - "-lr List role", - "-lp List privilege", - "-gpr Grant privilege to role", - "-dr Drop role"); - - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR); - } - }); - } - - // redirect the System.out to ByteArrayOutputStream, then execute the command and parse the result. - private Set<String> getShellResultWithOSRedirect(SentryShellGeneric sentryShell, - String[] args, boolean expectedExecuteResult) throws Exception { - PrintStream oldOut = System.out; - ByteArrayOutputStream outContent = new ByteArrayOutputStream(); - System.setOut(new PrintStream(outContent)); - assertEquals(expectedExecuteResult, sentryShell.executeShell(args)); - Set<String> resultSet = Sets.newHashSet(outContent.toString().split("\n")); - System.setOut(oldOut); - return resultSet; - } - - private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) { - if (expectedRoleNames != null && expectedRoleNames.length > 0) { - assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length, - expectedRoleNames.length, roleNames.size()); - Set<String> lowerCaseRoles = new HashSet<String>(); - for (String role : roleNames) { - lowerCaseRoles.add(role.toLowerCase()); - } - - for (String expectedRole : expectedRoleNames) { - assertTrue("Expected role: " + expectedRole, - lowerCaseRoles.contains(expectedRole.toLowerCase())); - } - } - } - - private void validateMissingParameterMsg(SentryShellGeneric sentryShell, String[] args, - String expectedErrorMsg) throws Exception { - Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false); - assertTrue("Expected error message: " + expectedErrorMsg, errorMsgs.contains(expectedErrorMsg)); - } - - private void validateMissingParameterMsgsContains(SentryShellGeneric sentryShell, String[] args, - String ... expectedErrorMsgsContains) throws Exception { - Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false); - boolean foundAllMessages = false; - Iterator<String> it = errorMsgs.iterator(); - while (it.hasNext()) { - String errorMessage = it.next(); - boolean missingExpected = false; - for (String expectedContains : expectedErrorMsgsContains) { - if (!errorMessage.contains(expectedContains)) { - missingExpected = true; - break; - } - } - if (!missingExpected) { - foundAllMessages = true; - break; - } - } - assertTrue(foundAllMessages); - } -}
http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSqoop.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSqoop.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSqoop.java deleted file mode 100644 index cdba442..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSqoop.java +++ /dev/null @@ -1,532 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.generic.tools; - -import com.google.common.collect.Sets; -import com.google.common.io.Files; -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.provider.common.AuthorizationComponent; -import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole; -import org.apache.sentry.provider.db.tools.SentryShellCommon; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; - -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileOutputStream; -import java.io.PrintStream; -import java.util.Arrays; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import static org.junit.Assert.*; - -public class TestSentryShellSqoop extends SentryGenericServiceIntegrationBase { - private File confDir; - private File confPath; - private static String TEST_ROLE_NAME_1 = "testRole1"; - private static String TEST_ROLE_NAME_2 = "testRole2"; - private String requestorName = ""; - private String service = "sqoopServer1"; - - @Before - public void prepareForTest() throws Exception { - confDir = Files.createTempDir(); - confPath = new File(confDir, "sentry-site.xml"); - if (confPath.createNewFile()) { - FileOutputStream to = new FileOutputStream(confPath); - conf.writeXml(to); - to.close(); - } - requestorName = clientUgi.getShortUserName();//.getProperty("user.name", ""); - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorName, requestorUserGroupNames); - // add ADMIN_USER for the after() in SentryServiceIntegrationBase - setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames); - writePolicyFile(); - } - - @After - public void clearTestData() throws Exception { - FileUtils.deleteQuietly(confDir); - } - - @Test - public void testCreateDropRole() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // test: create role with -cr - String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - // test: create role with --create_role - args = new String[] { "--create_role", "-r", TEST_ROLE_NAME_2, "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - - // validate the result, list roles with -lr - args = new String[] { "-lr", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); - - // validate the result, list roles with --list_role - args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); - - // test: drop role with -dr - args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - // test: drop role with --drop_role - args = new String[] { "--drop_role", "-r", TEST_ROLE_NAME_2, "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - - // validate the result - Set<TSentryRole> roles = client.listAllRoles(requestorName, AuthorizationComponent.SQOOP); - assertEquals("Incorrect number of roles", 0, roles.size()); - } - }); - } - - @Test - public void testAddDeleteRoleForGroup() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // Group names are case sensitive - mixed case names should work - String TEST_GROUP_1 = "testGroup1"; - String TEST_GROUP_2 = "testGroup2"; - String TEST_GROUP_3 = "testGroup3"; - - // create the role for test - client.createRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP); - client.createRole(requestorName, TEST_ROLE_NAME_2, AuthorizationComponent.SQOOP); - // test: add role to group with -arg - String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - // test: add role to multiple groups - args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3, - "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - // test: add role to group with --add_role_group - args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1, - "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - - // validate the result list roles with -lr and -g - args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); - - // list roles with --list_role and -g - args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1); - - args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1); - - // List the groups and roles via listGroups - args = new String[] { "--list_group", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - Set<String> groups = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals(3, groups.size()); - assertTrue(groups.contains("testGroup3 = testrole1")); - assertTrue(groups.contains("testGroup2 = testrole1")); - assertTrue(groups.contains("testGroup1 = testrole2, testrole1")); - - // test: delete role from group with -drg - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - // test: delete role to multiple groups - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3, - "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - // test: delete role from group with --delete_role_group - args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1, - "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - - // validate the result - Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1, AuthorizationComponent.SQOOP); - assertEquals("Incorrect number of roles", 0, roles.size()); - roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, AuthorizationComponent.SQOOP); - assertEquals("Incorrect number of roles", 0, roles.size()); - roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, AuthorizationComponent.SQOOP); - assertEquals("Incorrect number of roles", 0, roles.size()); - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP); - client.dropRole(requestorName, TEST_ROLE_NAME_2, AuthorizationComponent.SQOOP); - } - }); - } - - @Test - public void testCaseSensitiveGroupName() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - - // create the role for test - client.createRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP); - // add role to a group (lower case) - String[] args = {"-arg", "-r", TEST_ROLE_NAME_1, "-g", "group1", "-conf", - confPath.getAbsolutePath(), "-t", "sqoop"}; - SentryShellGeneric.main(args); - - // validate the roles when group name is same case as above - args = new String[]{"-lr", "-g", "group1", "-conf", confPath.getAbsolutePath(), "-t", "sqoop"}; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1); - - // roles should be empty when group name is different case than above - args = new String[]{"-lr", "-g", "GROUP1", "-conf", confPath.getAbsolutePath(), "-t", "sqoop"}; - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames); - } - }); - } - - public static String grant(boolean shortOption) { - return shortOption ? "-gpr" : "--grant_privilege_role"; - } - - public static String revoke(boolean shortOption) { - return shortOption ? "-rpr" : "--revoke_privilege_role"; - } - - public static String list(boolean shortOption) { - return shortOption ? "-lp" : "--list_privilege"; - } - - private void assertGrantRevokePrivilege(final boolean shortOption) throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // create the role for test - client.createRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP); - client.createRole(requestorName, TEST_ROLE_NAME_2, AuthorizationComponent.SQOOP); - - String [] privs = { - "SERVER=sqoopserver1->CONNECTOR=c1->action=read", - "SERVER=sqoopserver1->JOB=j1->action=write", - "SERVER=sqoopserver1->LINK=l1->action=read", - }; - for (int i = 0; i < privs.length; ++i) { - // test: grant privilege to role - String [] args = new String [] { grant(shortOption), "-r", TEST_ROLE_NAME_1, "-p", - privs[ i ], - "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - } - - // test the list privilege - String [] args = new String[] { list(shortOption), "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true); - - assertEquals("Incorrect number of privileges", privs.length, privilegeStrs.size()); - for (int i = 0; i < privs.length; ++i) { - assertTrue("Expected privilege: " + privs[i] + " in " + Arrays.toString(privilegeStrs.toArray()), privilegeStrs.contains(privs[i])); - } - - for (int i = 0; i < privs.length; ++i) { - args = new String[] { revoke(shortOption), "-r", TEST_ROLE_NAME_1, "-p", - privs[ i ], "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric.main(args); - Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName, - TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP, service); - assertEquals("Incorrect number of privileges. Received privileges: " + Arrays.toString(privileges.toArray()), privs.length - (i + 1), privileges.size()); - } - - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP); - client.dropRole(requestorName, TEST_ROLE_NAME_2, AuthorizationComponent.SQOOP); - } - }); - } - - - @Test - public void testGrantRevokePrivilegeWithShortOption() throws Exception { - assertGrantRevokePrivilege(true); - } - - @Test - public void testGrantRevokePrivilegeWithLongOption() throws Exception { - assertGrantRevokePrivilege(false); - } - - @Test - public void testNegativeCaseWithInvalidArgument() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - client.createRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP); - // test: create duplicate role with -cr - String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for creating duplicate role"); - } catch (SentryUserException e) { - // expected exception - } catch (Exception e) { - fail ("Unexpected exception received. " + e); - } - - // test: drop non-exist role with -dr - args = new String[] { "-dr", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for dropping non-exist role"); - } catch (SentryUserException e) { - // excepted exception - } catch (Exception e) { - fail ("Unexpected exception received. " + e); - } - - // test: add non-exist role to group with -arg - args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for granting non-exist role to group"); - } catch (SentryUserException e) { - // excepted exception - } catch (Exception e) { - fail ("Unexpected exception received. " + e); - } - - // test: drop group from non-exist role with -drg - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", - confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for drop group from non-exist role"); - } catch (SentryUserException e) { - // excepted exception - } catch (Exception e) { - fail ("Unexpected exception received. " + e); - } - - // test: grant privilege to role with the error privilege format - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=all", - "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for the error privilege format, invalid key value."); - } catch (IllegalArgumentException e) { - // excepted exception - } catch (Exception e) { - fail ("Unexpected exception received. " + e); - } - - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP); - } - }); - } - - @Test - public void testNegativeCaseWithoutRequiredArgument() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - String strOptionConf = "conf"; - client.createRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP); - // test: the conf is required argument - String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-t", "sqoop" }; - SentryShellGeneric sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + strOptionConf); - - // test: -r is required when create role - args = new String[] { "-cr", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -r is required when drop role - args = new String[] { "-dr", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -r is required when add role to group - args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -g is required when add role to group - args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME); - - // test: -r is required when delete role from group - args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -g is required when delete role from group - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME); - - // test: -r is required when grant privilege to role - args = new String[] { "-gpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -p is required when grant privilege to role - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE); - - // test: action is required in privilege - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-p", "Server=sqoopServer1->Connector", "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected IllegalArgumentException"); - } catch (IllegalArgumentException e) { - // expected - } catch (Exception e) { - fail ("Unexpected exception received. " + e); - } - - // test: -r is required when revoke privilege from role - args = new String[] { "-rpr", "-p", "Server=sqoopServer1->Connector->action=*", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -p is required when revoke privilege from role - args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE); - - // test: command option is required for shell - args = new String[] {"-conf", confPath.getAbsolutePath(), "-t", "sqoop" }; - sentryShell = new SentryShellGeneric(); - validateMissingParameterMsgsContains(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[", - "-arg Add role to group", - "-cr Create role", - "-rpr Revoke privilege from role", - "-drg Delete role from group", - "-lr List role", - "-lp List privilege", - "-gpr Grant privilege to role", - "-dr Drop role"); - - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP); - } - }); - } - - // redirect the System.out to ByteArrayOutputStream, then execute the command and parse the result. - private Set<String> getShellResultWithOSRedirect(SentryShellGeneric sentryShell, - String[] args, boolean expectedExecuteResult) throws Exception { - PrintStream oldOut = System.out; - ByteArrayOutputStream outContent = new ByteArrayOutputStream(); - System.setOut(new PrintStream(outContent)); - assertEquals(expectedExecuteResult, sentryShell.executeShell(args)); - Set<String> resultSet = Sets.newHashSet(outContent.toString().split("\n")); - System.setOut(oldOut); - return resultSet; - } - - private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) { - if (expectedRoleNames != null && expectedRoleNames.length > 0) { - assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length, - expectedRoleNames.length, roleNames.size()); - Set<String> lowerCaseRoles = new HashSet<String>(); - for (String role : roleNames) { - lowerCaseRoles.add(role.toLowerCase()); - } - - for (String expectedRole : expectedRoleNames) { - assertTrue("Expected role: " + expectedRole, - lowerCaseRoles.contains(expectedRole.toLowerCase())); - } - } - } - - private void validateMissingParameterMsg(SentryShellGeneric sentryShell, String[] args, - String expectedErrorMsg) throws Exception { - Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false); - assertTrue("Expected error message: " + expectedErrorMsg, errorMsgs.contains(expectedErrorMsg)); - } - - private void validateMissingParameterMsgsContains(SentryShellGeneric sentryShell, String[] args, - String ... expectedErrorMsgsContains) throws Exception { - Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false); - boolean foundAllMessages = false; - Iterator<String> it = errorMsgs.iterator(); - while (it.hasNext()) { - String errorMessage = it.next(); - boolean missingExpected = false; - for (String expectedContains : expectedErrorMsgsContains) { - if (!errorMessage.contains(expectedContains)) { - missingExpected = true; - break; - } - } - if (!missingExpected) { - foundAllMessages = true; - break; - } - } - assertTrue(foundAllMessages); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java deleted file mode 100644 index 68abf27..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java +++ /dev/null @@ -1,94 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.tools; - -import java.io.File; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.provider.db.service.persistent.SentryStoreSchemaInfo; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; -import org.junit.Before; -import org.junit.Test; - -import com.google.common.io.Files; - -public class TestSentrySchemaTool { - private Configuration sentryConf; - private SentrySchemaTool schemaTool; - - private static final String OLDEST_INIT_VERSION = "1.4.0"; - - @Before - public void defaultSetup() throws Exception { - sentryConf = new Configuration(); - File dbDir = new File(Files.createTempDir(), "sentry_policy_db"); - sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_URL, - "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true"); - sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); - schemaTool = new SentrySchemaTool("./src/main/resources", sentryConf, - "derby"); - } - - private void nonDefaultsetup() throws Exception { - sentryConf = new Configuration(); - File dbDir = new File(Files.createTempDir(), "sentry_policy_db"); - sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_URL, - "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true"); - sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); - schemaTool = new SentrySchemaTool("./src/main/resources", sentryConf, - "derby"); - } - - @Test - public void testInitNonDefault() throws Exception { - nonDefaultsetup(); - schemaTool.doInit(); - schemaTool.verifySchemaVersion(); - } - - @Test - public void testInit() throws Exception { - schemaTool.doInit(); - schemaTool.verifySchemaVersion(); - } - - @Test - public void testInitTo() throws Exception { - schemaTool.doInit(SentryStoreSchemaInfo.getSentryVersion()); - schemaTool.verifySchemaVersion(); - } - - @Test(expected = SentryUserException.class) - public void testDryRun() throws Exception { - schemaTool.setDryRun(true); - schemaTool.doInit(); - schemaTool.setDryRun(false); - // verification should fail since dryRun didn't create the actual schema - schemaTool.verifySchemaVersion(); - } - - @Test - public void testUpgrade() throws Exception { - schemaTool.doInit(OLDEST_INIT_VERSION); - schemaTool.doUpgrade(); - schemaTool.verifySchemaVersion(); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java deleted file mode 100644 index de8f043..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java +++ /dev/null @@ -1,613 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.tools; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileOutputStream; -import java.io.PrintStream; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.service.thrift.TSentryRole; -import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; - -import com.google.common.collect.Sets; -import com.google.common.io.Files; - -public class TestSentryShellHive extends SentryServiceIntegrationBase { - - private File confDir; - private File confPath; - private static String TEST_ROLE_NAME_1 = "testRole1"; - private static String TEST_ROLE_NAME_2 = "testRole2"; - private String requestorName = ""; - - @Before - public void prepareForTest() throws Exception { - confDir = Files.createTempDir(); - confPath = new File(confDir, "sentry-site.xml"); - if (confPath.createNewFile()) { - FileOutputStream to = new FileOutputStream(confPath); - conf.writeXml(to); - to.close(); - } - requestorName = clientUgi.getShortUserName(); - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorName, requestorUserGroupNames); - // add ADMIN_USER for the after() in SentryServiceIntegrationBase - setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames); - writePolicyFile(); - } - - @After - public void clearTestData() throws Exception { - FileUtils.deleteQuietly(confDir); - } - - @Test - public void testCreateDropRole() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // test: create role with -cr - String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - // test: create role with --create_role - args = new String[] { "--create_role", "-r", TEST_ROLE_NAME_2, "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - - // validate the result, list roles with -lr - args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() }; - SentryShellHive sentryShell = new SentryShellHive(); - Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); - - // validate the result, list roles with --list_role - args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); - - // test: drop role with -dr - args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - // test: drop role with --drop_role - args = new String[] { "--drop_role", "-r", TEST_ROLE_NAME_2, "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - - // validate the result - Set<TSentryRole> roles = client.listAllRoles(requestorName); - assertEquals("Incorrect number of roles", 0, roles.size()); - } - }); - } - - @Test - public void testAddDeleteRoleForGroup() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // create the role for test - client.createRole(requestorName, TEST_ROLE_NAME_1); - client.createRole(requestorName, TEST_ROLE_NAME_2); - // test: add role to group with -arg - String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - // test: add role to multiple groups - args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup2,testGroup3", - "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - // test: add role to group with --add_role_group - args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", - "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - - // validate the result list roles with -lr and -g - args = new String[] { "-lr", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; - SentryShellHive sentryShell = new SentryShellHive(); - Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); - - - // list roles with --list_role and -g - args = new String[] { "--list_role", "-g", "testGroup2", "-conf", - confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1); - - args = new String[] { "--list_role", "-g", "testGroup3", "-conf", - confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - validateRoleNames(roleNames, TEST_ROLE_NAME_1); - - // List the groups and roles via listGroups - args = new String[] { "--list_group", "-conf", confPath.getAbsolutePath()}; - sentryShell = new SentryShellHive(); - Set<String> groups = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals(3, groups.size()); - assertTrue(groups.contains("testGroup3 = testrole1")); - assertTrue(groups.contains("testGroup2 = testrole1")); - assertTrue(groups.contains("testGroup1 = testrole2, testrole1")); - - // test: delete role from group with -drg - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - // test: delete role to multiple groups - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup2,testGroup3", - "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - // test: delete role from group with --delete_role_group - args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", - "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - - // validate the result - Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, "testGroup1"); - assertEquals("Incorrect number of roles", 0, roles.size()); - roles = client.listRolesByGroupName(requestorName, "testGroup2"); - assertEquals("Incorrect number of roles", 0, roles.size()); - roles = client.listRolesByGroupName(requestorName, "testGroup3"); - assertEquals("Incorrect number of roles", 0, roles.size()); - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1); - client.dropRole(requestorName, TEST_ROLE_NAME_2); - } - }); - } - - @Test - public void testGrantRevokePrivilegeWithShortOption() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // create the role for test - client.createRole(requestorName, TEST_ROLE_NAME_1); - client.createRole(requestorName, TEST_ROLE_NAME_2); - - // test: grant privilege to role with -gpr - String[] args = { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->action=*", - "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->action=select", "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->action=insert", "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->column=col1->action=insert", "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true", - "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - - // test the list privilege with -lp - args = new String[] { "-lp", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() }; - SentryShellHive sentryShell = new SentryShellHive(); - Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true); - // validate the result for -lp - assertEquals("Incorrect number of privileges", 6, privilegeStrs.size()); - assertTrue(privilegeStrs.contains("server=server1->action=*")); - assertTrue(privilegeStrs.contains("server=server1->db=db1->action=select")); - assertTrue(privilegeStrs.contains("server=server1->db=db1->table=tbl1->action=insert")); - assertTrue(privilegeStrs - .contains("server=server1->db=db1->table=tbl1->column=col1->action=insert")); - assertTrue(privilegeStrs - .contains("server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true")); - assertTrue(privilegeStrs.contains("server=server1->uri=hdfs://path/testuri->action=*")); - - // test: revoke privilege from role with -rpr - args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->column=col1->action=insert", "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName, - TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 5, privileges.size()); - - args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true", - "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 4, privileges.size()); - - args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 3, privileges.size()); - - args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->action=insert", "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 2, privileges.size()); - - args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->action=select", "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 1, privileges.size()); - - args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p", "server=server1->action=*", - "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 0, privileges.size()); - - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1); - client.dropRole(requestorName, TEST_ROLE_NAME_2); - } - }); - } - - @Test - public void testGrantRevokePrivilegeWithLongOption() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // create the role for test - client.createRole(requestorName, TEST_ROLE_NAME_1); - client.createRole(requestorName, TEST_ROLE_NAME_2); - - // test: grant privilege to role with -gpr - String[] args = { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->action=*", "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->action=select", "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->action=insert", "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->column=col1->action=insert", "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true", - "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - - // test the list privilege with -lp - args = new String[] { "--list_privilege", "-r", TEST_ROLE_NAME_1, "-conf", - confPath.getAbsolutePath() }; - SentryShellHive sentryShell = new SentryShellHive(); - Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true); - // validate the result for -lp - assertEquals("Incorrect number of privileges", 6, privilegeStrs.size()); - assertTrue(privilegeStrs.contains("server=server1->action=*")); - assertTrue(privilegeStrs.contains("server=server1->db=db1->action=select")); - assertTrue(privilegeStrs.contains("server=server1->db=db1->table=tbl1->action=insert")); - assertTrue(privilegeStrs - .contains("server=server1->db=db1->table=tbl1->column=col1->action=insert")); - assertTrue(privilegeStrs - .contains("server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true")); - assertTrue(privilegeStrs.contains("server=server1->uri=hdfs://path/testuri->action=*")); - - // test: revoke privilege from role with -rpr - args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->column=col1->action=insert", "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName, - TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 5, privileges.size()); - - args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true", - "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 4, privileges.size()); - - args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 3, privileges.size()); - - args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->table=tbl1->action=insert", "-conf", - confPath.getAbsolutePath() }; - SentryShellHive.main(args); - privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 2, privileges.size()); - - args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->db=db1->action=select", "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 1, privileges.size()); - - args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->action=*", "-conf", confPath.getAbsolutePath() }; - SentryShellHive.main(args); - privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1); - assertEquals("Incorrect number of privileges", 0, privileges.size()); - - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1); - client.dropRole(requestorName, TEST_ROLE_NAME_2); - } - }); - } - - @Test - public void testNegativeCaseWithInvalidArgument() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - client.createRole(requestorName, TEST_ROLE_NAME_1); - // test: create duplicate role with -cr - String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() }; - SentryShellHive sentryShell = new SentryShellHive(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for creating duplicate role"); - } catch (SentryUserException e) { - // excepted exception - } - - // test: drop non-exist role with -dr - args = new String[] { "-dr", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for dropping non-exist role"); - } catch (SentryUserException e) { - // excepted exception - } - - // test: add non-exist role to group with -arg - args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", - confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for granting non-exist role to group"); - } catch (SentryUserException e) { - // excepted exception - } - - // test: drop group from non-exist role with -drg - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", - confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for drop group from non-exist role"); - } catch (SentryUserException e) { - // excepted exception - } - - // test: grant privilege to role with the error privilege format - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=*", - "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for the error privilege format, invalid key value."); - } catch (IllegalArgumentException e) { - // excepted exception - } - - // test: grant privilege to role with the error privilege hierarchy - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", - "server=server1->table=tbl1->column=col2->action=insert", "-conf", - confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - try { - sentryShell.executeShell(args); - fail("Exception should be thrown for the error privilege format, invalid key value."); - } catch (IllegalArgumentException e) { - // excepted exception - } - - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1); - } - }); - } - - @Test - public void testNegativeCaseWithoutRequiredArgument() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - String strOptionConf = "conf"; - client.createRole(requestorName, TEST_ROLE_NAME_1); - // test: the conf is required argument - String[] args = { "-cr", "-r", TEST_ROLE_NAME_1 }; - SentryShellHive sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + strOptionConf); - - // test: -r is required when create role - args = new String[] { "-cr", "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -r is required when drop role - args = new String[] { "-dr", "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -r is required when add role to group - args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -g is required when add role to group - args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME); - - // test: -r is required when delete role from group - args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -g is required when delete role from group - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME); - - // test: -r is required when grant privilege to role - args = new String[] { "-gpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -p is required when grant privilege to role - args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE); - - // test: -r is required when revoke privilege from role - args = new String[] { "-rpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - - // test: -p is required when revoke privilege from role - args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsg(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE); - - // test: command option is required for shell - args = new String[] {"-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellHive(); - validateMissingParameterMsgsContains(sentryShell, args, - SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[", - "-arg Add role to group", - "-cr Create role", - "-rpr Revoke privilege from role", - "-drg Delete role from group", - "-lr List role", - "-lp List privilege", - "-gpr Grant privilege to role", - "-dr Drop role"); - - // clear the test data - client.dropRole(requestorName, TEST_ROLE_NAME_1); - } - }); - } - - // redirect the System.out to ByteArrayOutputStream, then execute the command and parse the result. - private Set<String> getShellResultWithOSRedirect(SentryShellHive sentryShell, - String[] args, boolean exceptedExecuteResult) throws Exception { - PrintStream oldOut = System.out; - ByteArrayOutputStream outContent = new ByteArrayOutputStream(); - System.setOut(new PrintStream(outContent)); - assertEquals(exceptedExecuteResult, sentryShell.executeShell(args)); - Set<String> resultSet = Sets.newHashSet(outContent.toString().split("\n")); - System.setOut(oldOut); - return resultSet; - } - - private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) { - if (expectedRoleNames != null && expectedRoleNames.length > 0) { - assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length, - expectedRoleNames.length, roleNames.size()); - Set<String> lowerCaseRoles = new HashSet<String>(); - for (String role : roleNames) { - lowerCaseRoles.add(role.toLowerCase()); - } - - for (String expectedRole : expectedRoleNames) { - assertTrue("Expected role: " + expectedRole, - lowerCaseRoles.contains(expectedRole.toLowerCase())); - } - } - } - - private void validateMissingParameterMsg(SentryShellHive sentryShell, String[] args, - String exceptedErrorMsg) throws Exception { - Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false); - assertTrue(errorMsgs.contains(exceptedErrorMsg)); - } - - private void validateMissingParameterMsgsContains(SentryShellHive sentryShell, String[] args, - String ... expectedErrorMsgsContains) throws Exception { - Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false); - boolean foundAllMessages = false; - Iterator<String> it = errorMsgs.iterator(); - while (it.hasNext()) { - String errorMessage = it.next(); - boolean missingExpected = false; - for (String expectedContains : expectedErrorMsgsContains) { - if (!errorMessage.contains(expectedContains)) { - missingExpected = true; - break; - } - } - if (!missingExpected) { - foundAllMessages = true; - break; - } - } - assertTrue(foundAllMessages); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/resources/indexer_case.ini ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/resources/indexer_case.ini b/sentry-provider/sentry-provider-db/src/test/resources/indexer_case.ini deleted file mode 100644 index f1afe1f..0000000 --- a/sentry-provider/sentry-provider-db/src/test/resources/indexer_case.ini +++ /dev/null @@ -1,26 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -[groups] -groupa = RoLe1 -groupb = rOlE1 -groupc = ROLE2 - -[roles] -RoLe1 = indexer=* -rOlE1 = indexer=* -ROLE2 = indexer=*
