http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceIntegrationBase.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceIntegrationBase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceIntegrationBase.java deleted file mode 100644 index 94cade1..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceIntegrationBase.java +++ /dev/null @@ -1,73 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.service.thrift; - -import java.security.PrivilegedExceptionAction; -import java.util.Set; - -import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; -import org.junit.After; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class SentryGenericServiceIntegrationBase extends SentryServiceIntegrationBase { - private static final Logger LOGGER = LoggerFactory.getLogger(SentryGenericServiceIntegrationBase.class); - protected static final String SOLR = "SOLR"; - protected SentryGenericServiceClient client; - - /** - * use the generic client to connect sentry service - */ - @Override - public void connectToSentryService() throws Exception { - // The client should already be logged in when running in solr - // therefore we must manually login in the integration tests - if (kerberos) { - this.client = clientUgi.doAs( new PrivilegedExceptionAction<SentryGenericServiceClient>() { - @Override - public SentryGenericServiceClient run() throws Exception { - return SentryGenericServiceClientFactory.create(conf); - } - }); - } else { - this.client = SentryGenericServiceClientFactory.create(conf); - } - } - - @After - public void after() { - try { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - Set<TSentryRole> tRoles = client.listAllRoles(ADMIN_USER, SOLR); - for (TSentryRole tRole : tRoles) { - client.dropRole(ADMIN_USER, tRole.getRoleName(), SOLR); - } - if(client != null) { - client.close(); - } - } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } finally { - policyFilePath.delete(); - } - } -}
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestAuditLogForSentryGenericService.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestAuditLogForSentryGenericService.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestAuditLogForSentryGenericService.java deleted file mode 100644 index fbf8af3..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestAuditLogForSentryGenericService.java +++ /dev/null @@ -1,296 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.generic.service.thrift; - -import static org.hamcrest.core.Is.is; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import java.security.PrivilegedExceptionAction; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; - -import org.apache.log4j.Level; -import org.apache.log4j.Logger; -import org.apache.sentry.provider.db.log.appender.AuditLoggerTestAppender; -import org.apache.sentry.provider.db.log.util.CommandUtil; -import org.apache.sentry.provider.db.log.util.Constants; -import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; -import org.codehaus.jettison.json.JSONObject; -import org.junit.After; -import org.junit.BeforeClass; -import org.junit.Test; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.Lists; -import com.google.common.collect.Sets; - -public class TestAuditLogForSentryGenericService extends SentryServiceIntegrationBase { - - private SentryGenericServiceClient client; - private static final String COMPONENT = "SQOOP"; - private static final org.slf4j.Logger LOGGER = LoggerFactory - .getLogger(TestAuditLogForSentryGenericService.class); - - @BeforeClass - public static void setup() throws Exception { - SentryServiceIntegrationBase.setup(); - Logger logger = Logger.getLogger("sentry.generic.authorization.ddl.logger"); - AuditLoggerTestAppender testAppender = new AuditLoggerTestAppender(); - logger.addAppender(testAppender); - logger.setLevel(Level.INFO); - } - - @Override - @After - public void after() { - try { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - Set<TSentryRole> tRoles = client.listAllRoles(ADMIN_USER, COMPONENT); - for (TSentryRole tRole : tRoles) { - client.dropRole(ADMIN_USER, tRole.getRoleName(), COMPONENT); - } - if (client != null) { - client.close(); - } - } - }); - } catch (Exception e) { - // log the exception - LOGGER.warn("Exception happened after test case.", e); - } finally { - policyFilePath.delete(); - } - } - - /** - * use the generic client to connect sentry service - */ - @Override - public void connectToSentryService() throws Exception { - if (kerberos) { - this.client = clientUgi.doAs(new PrivilegedExceptionAction<SentryGenericServiceClient>() { - @Override - public SentryGenericServiceClient run() throws Exception { - return SentryGenericServiceClientFactory.create(conf); - } - }); - } else { - this.client = SentryGenericServiceClientFactory.create(conf); - } - } - - @Test - public void testAuditLogForGenericModel() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - String roleName = "admin_r"; - String testGroupName = "g1"; - String action = "all"; - String service = "sentryService"; - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - - // test the audit log for create role, success - client.createRole(requestorUserName, roleName, COMPONENT); - Map<String, String> fieldValueMap = new HashMap<String, String>(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_CREATE_ROLE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "CREATE ROLE " + roleName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - - // test the audit log for create role, failed - try { - client.createRole(requestorUserName, roleName, COMPONENT); - fail("Exception should have been thrown"); - } catch (Exception e) { - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_CREATE_ROLE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "CREATE ROLE " + roleName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - } - - // test the audit log for add role to group, success - client.grantRoleToGroups(requestorUserName, roleName, COMPONENT, - Sets.newHashSet(testGroupName)); - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_ADD_ROLE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT ROLE " + roleName - + " TO GROUP " + testGroupName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - - // test the audit log for add role to group, failed - try { - client.grantRoleToGroups(requestorUserName, "invalidRole", COMPONENT, - Sets.newHashSet(testGroupName)); - fail("Exception should have been thrown"); - } catch (Exception e) { - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_ADD_ROLE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT ROLE invalidRole TO GROUP " - + testGroupName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - } - - // test the audit log for grant privilege, success - TSentryPrivilege privilege = new TSentryPrivilege(COMPONENT, service, Lists.newArrayList( - new TAuthorizable("resourceType1", "resourceName1"), new TAuthorizable("resourceType2", - "resourceName2")), action); - client.grantPrivilege(requestorUserName, roleName, COMPONENT, privilege); - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, - "GRANT ALL ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE " - + roleName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - - // for error audit log - TSentryPrivilege invalidPrivilege = new TSentryPrivilege(COMPONENT, service, - Lists.newArrayList(new TAuthorizable("resourceType1", "resourceName1")), - "invalidAction"); - // test the audit log for grant privilege, failed - try { - client.grantPrivilege(requestorUserName, roleName, COMPONENT, invalidPrivilege); - fail("Exception should have been thrown"); - } catch (Exception e) { - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, - "GRANT INVALIDACTION ON resourceType1 resourceName1 TO ROLE " + roleName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - } - - // test the audit log for revoke privilege, success - client.revokePrivilege(requestorUserName, roleName, COMPONENT, privilege); - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, - "REVOKE ALL ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE " - + roleName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - - // test the audit log for revoke privilege, failed - try { - client.revokePrivilege(requestorUserName, "invalidRole", COMPONENT, invalidPrivilege); - fail("Exception should have been thrown"); - } catch (Exception e) { - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, - "REVOKE INVALIDACTION ON resourceType1 resourceName1 FROM ROLE invalidRole"); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - } - - // test the audit log for delete role from group, success - client.revokeRoleFromGroups(requestorUserName, roleName, COMPONENT, - Sets.newHashSet(testGroupName)); - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DELETE_ROLE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "REVOKE ROLE " + roleName - + " FROM GROUP " + testGroupName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - // test the audit log for delete role from group, failed - try { - client.revokeRoleFromGroups(requestorUserName, "invalidRole", COMPONENT, - Sets.newHashSet(testGroupName)); - fail("Exception should have been thrown"); - } catch (Exception e) { - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DELETE_ROLE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, - "REVOKE ROLE invalidRole FROM GROUP " + testGroupName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - } - // test the audit log for drop role, success - client.dropRole(requestorUserName, roleName, COMPONENT); - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DROP_ROLE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "DROP ROLE " + roleName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - // test the audit log for drop role, failed - try { - client.dropRole(requestorUserName, roleName, COMPONENT); - fail("Exception should have been thrown"); - } catch (Exception e) { - fieldValueMap.clear(); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DROP_ROLE); - fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT); - fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "DROP ROLE " + roleName); - fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE); - fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null); - assertAuditLog(fieldValueMap); - } - } - }); - } - - private void assertAuditLog(Map<String, String> fieldValueMap) throws Exception { - assertThat(AuditLoggerTestAppender.getLastLogLevel(), is(Level.INFO)); - JSONObject jsonObject = new JSONObject(AuditLoggerTestAppender.getLastLogEvent()); - if (fieldValueMap != null) { - for (Map.Entry<String, String> entry : fieldValueMap.entrySet()) { - String entryKey = entry.getKey(); - if (Constants.LOG_FIELD_IP_ADDRESS.equals(entryKey)) { - assertTrue(CommandUtil.assertIPInAuditLog(jsonObject.get(entryKey).toString())); - } else { - assertTrue(entry.getValue().equalsIgnoreCase(jsonObject.get(entryKey).toString())); - } - } - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java deleted file mode 100644 index cc72b33..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java +++ /dev/null @@ -1,364 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.service.thrift; - -import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyListOf; -import static org.mockito.Matchers.anySetOf; -import static org.mockito.Matchers.anyString; - -import java.util.*; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.core.common.Authorizable; -import org.apache.sentry.core.common.exception.SentrySiteConfigurationException; -import org.apache.sentry.core.model.solr.Collection; -import org.apache.sentry.core.model.solr.Field; -import org.apache.sentry.core.model.solr.SolrConstants; -import org.apache.sentry.core.common.exception.SentryAlreadyExistsException; -import org.apache.sentry.core.common.exception.SentryGrantDeniedException; -import org.apache.sentry.core.common.exception.SentryInvalidInputException; -import org.apache.sentry.core.common.exception.SentryNoSuchObjectException; -import org.apache.sentry.provider.common.GroupMappingService; -import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject; -import org.apache.sentry.provider.db.generic.service.persistent.SentryStoreLayer; -import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.Builder; -import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege; -import org.apache.sentry.provider.db.service.model.MSentryRole; -import org.apache.sentry.core.common.utils.PolicyStoreConstants; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; -import org.apache.sentry.service.thrift.Status; -import org.apache.sentry.service.thrift.TSentryResponseStatus; -import org.junit.Before; -import org.junit.Test; -import org.mockito.Mockito; - -import com.google.common.collect.Sets; - -public class TestSentryGenericPolicyProcessor extends org.junit.Assert { - private static final String ADMIN_GROUP = "admin_group"; - private static final String ADMIN_USER = "admin_user"; - private static final String NOT_ADMIN_USER = "not_admin_user"; - private static final String NOT_ADMIN_GROUP = "not_admin_group"; - private static final String NO_GROUP_USER = "no_group_user"; - - private SentryStoreLayer mockStore = Mockito.mock(SentryStoreLayer.class); - private SentryGenericPolicyProcessor processor; - - @Before - public void setup() throws Exception { - Configuration conf = new Configuration(); - conf.set(ServerConfig.ADMIN_GROUPS, ADMIN_GROUP); - conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, MockGroupMapping.class.getName()); - processor = new SentryGenericPolicyProcessor(conf, mockStore); - } - - @Test - public void testNotAdminOperation() throws Exception { - String requestUser = NOT_ADMIN_USER; - Status validateStatus = Status.ACCESS_DENIED; - testOperation(requestUser, validateStatus); - } - - private void testOperation(String requestUser, Status validateStatus) throws Exception { - TCreateSentryRoleRequest createrequest = new TCreateSentryRoleRequest(); - createrequest.setRequestorUserName(requestUser); - createrequest.setRoleName("r1"); - assertEquals(validateStatus, fromTSentryStatus(processor.create_sentry_role(createrequest).getStatus())); - - TDropSentryRoleRequest dropRequest = new TDropSentryRoleRequest(); - dropRequest.setRequestorUserName(requestUser); - dropRequest.setRoleName("r1"); - assertEquals(validateStatus, fromTSentryStatus(processor.drop_sentry_role(dropRequest).getStatus())); - - TAlterSentryRoleAddGroupsRequest addRequest = new TAlterSentryRoleAddGroupsRequest(); - addRequest.setRequestorUserName(requestUser); - addRequest.setRoleName("r1"); - addRequest.setGroups(Sets.newHashSet("g1")); - assertEquals(validateStatus, fromTSentryStatus(processor.alter_sentry_role_add_groups(addRequest).getStatus())); - - TAlterSentryRoleDeleteGroupsRequest delRequest = new TAlterSentryRoleDeleteGroupsRequest(); - delRequest.setRequestorUserName(requestUser); - delRequest.setRoleName("r1"); - delRequest.setGroups(Sets.newHashSet("g1")); - assertEquals(validateStatus, fromTSentryStatus(processor.alter_sentry_role_delete_groups(delRequest).getStatus())); - - TDropPrivilegesRequest dropPrivRequest = new TDropPrivilegesRequest(); - dropPrivRequest.setRequestorUserName(requestUser); - dropPrivRequest.setPrivilege(new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test")); - assertEquals(validateStatus, fromTSentryStatus(processor.drop_sentry_privilege(dropPrivRequest).getStatus())); - - TRenamePrivilegesRequest renameRequest = new TRenamePrivilegesRequest(); - renameRequest.setRequestorUserName(requestUser); - assertEquals(validateStatus, fromTSentryStatus(processor.rename_sentry_privilege(renameRequest).getStatus())); - } - - private Status fromTSentryStatus(TSentryResponseStatus status) { - return Status.fromCode(status.getValue()); - } - - @Test - public void testAdminOperation() throws Exception { - testOperation(ADMIN_USER, Status.OK); - } - - @Test - public void testGrantAndRevokePrivilege() throws Exception { - setup(); - - TSentryPrivilege tprivilege = new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test"); - tprivilege.setGrantOption(TSentryGrantOption.UNSET); - - TAlterSentryRoleGrantPrivilegeRequest grantRequest = new TAlterSentryRoleGrantPrivilegeRequest(); - grantRequest.setRequestorUserName(ADMIN_USER); - grantRequest.setRoleName("r1"); - grantRequest.setPrivilege(tprivilege); - assertEquals(Status.OK, fromTSentryStatus(processor.alter_sentry_role_grant_privilege(grantRequest).getStatus())); - - TAlterSentryRoleRevokePrivilegeRequest revokeRequest = new TAlterSentryRoleRevokePrivilegeRequest(); - revokeRequest.setRequestorUserName(ADMIN_USER); - revokeRequest.setRoleName("r1"); - revokeRequest.setPrivilege(tprivilege); - assertEquals(Status.OK, fromTSentryStatus(processor.alter_sentry_role_revoke_privilege(revokeRequest).getStatus())); - } - - @Test - public void testOperationWithException() throws Exception { - String roleName = anyString(); - Mockito.when(mockStore.createRole(anyString(), roleName, anyString())) - .thenThrow(new SentryAlreadyExistsException("Role: " + roleName)); - - roleName = anyString(); - Mockito.when(mockStore.dropRole(anyString(), roleName, anyString())) - .thenThrow(new SentryNoSuchObjectException("Role: " + roleName )); - - roleName = anyString(); - Mockito.when(mockStore.alterRoleAddGroups(anyString(), roleName, anySetOf(String.class),anyString())) - .thenThrow(new SentryNoSuchObjectException("Role: " + roleName)); - - roleName = anyString(); - Mockito.when(mockStore.alterRoleDeleteGroups(anyString(), roleName, anySetOf(String.class), anyString())) - .thenThrow(new SentryNoSuchObjectException("Role: " + roleName)); - - roleName = anyString(); - Mockito.when(mockStore.alterRoleGrantPrivilege(anyString(), roleName, any(PrivilegeObject.class), anyString())) - .thenThrow(new SentryGrantDeniedException("Role: " + roleName + " is not allowed to do grant")); - - roleName = anyString(); - Mockito.when(mockStore.alterRoleRevokePrivilege(anyString(), roleName, any(PrivilegeObject.class), anyString())) - .thenThrow(new SentryGrantDeniedException("Role: " + roleName + " is not allowed to do grant")); - - Mockito.when(mockStore.dropPrivilege(anyString(), any(PrivilegeObject.class), anyString())) - .thenThrow(new SentryInvalidInputException("Invalid input privilege object")); - - Mockito.when(mockStore.renamePrivilege(anyString(), anyString(), anyListOf(Authorizable.class), - anyListOf(Authorizable.class), anyString())) - .thenThrow(new RuntimeException("Unknown error")); - - setup(); - - TCreateSentryRoleRequest createrequest = new TCreateSentryRoleRequest(); - createrequest.setRequestorUserName(ADMIN_USER); - createrequest.setRoleName("r1"); - assertEquals(Status.ALREADY_EXISTS, fromTSentryStatus(processor.create_sentry_role(createrequest).getStatus())); - - TDropSentryRoleRequest dropRequest = new TDropSentryRoleRequest(); - dropRequest.setRequestorUserName(ADMIN_USER); - dropRequest.setRoleName("r1"); - assertEquals(Status.NO_SUCH_OBJECT, fromTSentryStatus(processor.drop_sentry_role(dropRequest).getStatus())); - - TAlterSentryRoleAddGroupsRequest addRequest = new TAlterSentryRoleAddGroupsRequest(); - addRequest.setRequestorUserName(ADMIN_USER); - addRequest.setRoleName("r1"); - addRequest.setGroups(Sets.newHashSet("g1")); - assertEquals(Status.NO_SUCH_OBJECT, fromTSentryStatus(processor.alter_sentry_role_add_groups(addRequest).getStatus())); - - TAlterSentryRoleDeleteGroupsRequest delRequest = new TAlterSentryRoleDeleteGroupsRequest(); - delRequest.setRequestorUserName(ADMIN_USER); - delRequest.setRoleName("r1"); - delRequest.setGroups(Sets.newHashSet("g1")); - assertEquals(Status.NO_SUCH_OBJECT, fromTSentryStatus(processor.alter_sentry_role_delete_groups(delRequest).getStatus())); - - TDropPrivilegesRequest dropPrivRequest = new TDropPrivilegesRequest(); - dropPrivRequest.setRequestorUserName(ADMIN_USER); - dropPrivRequest.setPrivilege(new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test")); - assertEquals(Status.INVALID_INPUT, fromTSentryStatus(processor.drop_sentry_privilege(dropPrivRequest).getStatus())); - - TRenamePrivilegesRequest renameRequest = new TRenamePrivilegesRequest(); - renameRequest.setRequestorUserName(ADMIN_USER); - assertEquals(Status.RUNTIME_ERROR, fromTSentryStatus(processor.rename_sentry_privilege(renameRequest).getStatus())); - - TSentryPrivilege tprivilege = new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test"); - tprivilege.setGrantOption(TSentryGrantOption.UNSET); - - TAlterSentryRoleGrantPrivilegeRequest grantRequest = new TAlterSentryRoleGrantPrivilegeRequest(); - grantRequest.setRequestorUserName(ADMIN_USER); - grantRequest.setRoleName("r1"); - grantRequest.setPrivilege(tprivilege); - assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_grant_privilege(grantRequest).getStatus())); - - TAlterSentryRoleRevokePrivilegeRequest revokeRequest = new TAlterSentryRoleRevokePrivilegeRequest(); - revokeRequest.setRequestorUserName(ADMIN_USER); - revokeRequest.setRoleName("r1"); - revokeRequest.setPrivilege(tprivilege); - assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_revoke_privilege(revokeRequest).getStatus())); - } - - @Test - public void testUserWithNoGroup() throws Exception { - setup(); - - TCreateSentryRoleRequest createrequest = new TCreateSentryRoleRequest(); - createrequest.setRequestorUserName(NO_GROUP_USER); - createrequest.setRoleName("r1"); - assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.create_sentry_role(createrequest).getStatus())); - - TDropSentryRoleRequest dropRequest = new TDropSentryRoleRequest(); - dropRequest.setRequestorUserName(NO_GROUP_USER); - dropRequest.setRoleName("r1"); - assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.drop_sentry_role(dropRequest).getStatus())); - - TAlterSentryRoleAddGroupsRequest addRequest = new TAlterSentryRoleAddGroupsRequest(); - addRequest.setRequestorUserName(NO_GROUP_USER); - addRequest.setRoleName("r1"); - addRequest.setGroups(Sets.newHashSet("g1")); - assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_add_groups(addRequest).getStatus())); - - TAlterSentryRoleDeleteGroupsRequest delRequest = new TAlterSentryRoleDeleteGroupsRequest(); - delRequest.setRequestorUserName(NO_GROUP_USER); - delRequest.setRoleName("r1"); - delRequest.setGroups(Sets.newHashSet("g1")); - assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_delete_groups(delRequest).getStatus())); - - TDropPrivilegesRequest dropPrivRequest = new TDropPrivilegesRequest(); - dropPrivRequest.setRequestorUserName(NO_GROUP_USER); - dropPrivRequest.setPrivilege(new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test")); - assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.drop_sentry_privilege(dropPrivRequest).getStatus())); - - TRenamePrivilegesRequest renameRequest = new TRenamePrivilegesRequest(); - renameRequest.setRequestorUserName(NO_GROUP_USER); - assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.rename_sentry_privilege(renameRequest).getStatus())); - - // Can't test GrantPrivilege / RevokePrivilege since the authorization happens - // in the persistence layer, which isn't setup in this test. - } - - @Test - public void testGetRolesAndPrivileges() throws Exception { - String roleName = "r1"; - String groupName = "g1"; - PrivilegeObject queryPrivilege = new Builder() - .setComponent("SOLR") - .setAction(SolrConstants.QUERY) - .setService("service1") - .setAuthorizables(Arrays.asList(new Collection("c1"), new Field("f1"))) - .build(); - PrivilegeObject updatePrivilege = new Builder(queryPrivilege) - .setAction(SolrConstants.UPDATE) - .build(); - - MSentryGMPrivilege mSentryGMPrivilege = new MSentryGMPrivilege("SOLR", "service1", - Arrays.asList(new Collection("c1"), new Field("f1")), - SolrConstants.QUERY, true); - - MSentryRole role = new MSentryRole("r1", 290); - mSentryGMPrivilege.setRoles(Sets.newHashSet(role)); - - Mockito.when(mockStore.getRolesByGroups(anyString(), anySetOf(String.class))) - .thenReturn(Sets.newHashSet(roleName)); - - Mockito.when(mockStore.getPrivilegesByProvider(anyString(), anyString(), anySetOf(String.class), - anySetOf(String.class), anyListOf(Authorizable.class))) - .thenReturn(Sets.newHashSet(queryPrivilege, updatePrivilege)); - - Mockito.when(mockStore.getGroupsByRoles(anyString(), anySetOf(String.class))) - .thenReturn(Sets.newHashSet(groupName)); - - Mockito.when(mockStore.getPrivilegesByAuthorizable(anyString(), anyString(), anySetOf(String.class), anyListOf(Authorizable.class))) - .thenReturn(Sets.newHashSet(mSentryGMPrivilege)); - - Mockito.when(mockStore.getAllRoleNames()) - .thenReturn(Sets.newHashSet(roleName)); - - TListSentryPrivilegesRequest request1 = new TListSentryPrivilegesRequest(); - request1.setRoleName(roleName); - request1.setRequestorUserName(ADMIN_USER); - TListSentryPrivilegesResponse response1 = processor.list_sentry_privileges_by_role(request1); - assertEquals(Status.OK, fromTSentryStatus(response1.getStatus())); - assertEquals(2, response1.getPrivileges().size()); - - TListSentryRolesRequest request2 = new TListSentryRolesRequest(); - request2.setRequestorUserName(ADMIN_USER); - request2.setGroupName(groupName); - TListSentryRolesResponse response2 = processor.list_sentry_roles_by_group(request2); - assertEquals(Status.OK, fromTSentryStatus(response2.getStatus())); - assertEquals(1, response2.getRoles().size()); - - TListSentryPrivilegesForProviderRequest request3 = new TListSentryPrivilegesForProviderRequest(); - request3.setGroups(Sets.newHashSet(groupName)); - request3.setRoleSet(new TSentryActiveRoleSet(true, null)); - TListSentryPrivilegesForProviderResponse response3 = processor.list_sentry_privileges_for_provider(request3); - assertEquals(Status.OK, fromTSentryStatus(response3.getStatus())); - assertEquals(2, response3.getPrivileges().size()); - - // Optional parameters activeRoleSet and requested group name are both provided. - TListSentryPrivilegesByAuthRequest request4 = new TListSentryPrivilegesByAuthRequest(); - request4.setGroups(Sets.newHashSet(groupName)); - request4.setRoleSet(new TSentryActiveRoleSet(true, null)); - request4.setRequestorUserName(ADMIN_USER); - Set<String> authorizablesSet = Sets.newHashSet("Collection=c1->Field=f1"); - request4.setAuthorizablesSet(authorizablesSet); - - TListSentryPrivilegesByAuthResponse response4 = processor.list_sentry_privileges_by_authorizable(request4); - assertEquals(Status.OK, fromTSentryStatus(response4.getStatus())); - assertEquals(1, response4.getPrivilegesMapByAuth().size()); - - // Optional parameters activeRoleSet and requested group name are both not provided. - TListSentryPrivilegesByAuthRequest request5 = new TListSentryPrivilegesByAuthRequest(); - request5.setRequestorUserName("not_" + ADMIN_USER); - authorizablesSet = Sets.newHashSet("Collection=c1->Field=f2"); - request5.setAuthorizablesSet(authorizablesSet); - - TListSentryPrivilegesByAuthResponse response5 = processor.list_sentry_privileges_by_authorizable(request5); - assertEquals(Status.OK, fromTSentryStatus(response5.getStatus())); - assertEquals(1, response5.getPrivilegesMapByAuth().size()); - } - - @Test(expected=SentrySiteConfigurationException.class) - public void testConfigCannotCreateNotificationHandler() throws Exception { - Configuration conf = new Configuration(); - conf.set(PolicyStoreConstants.SENTRY_GENERIC_POLICY_NOTIFICATION,"junk"); - SentryGenericPolicyProcessor.createHandlers(conf); - } - - public static class MockGroupMapping implements GroupMappingService { - public MockGroupMapping(Configuration conf, String resource) { //NOPMD - } - @Override - public Set<String> getGroups(String user) { - if (user.equalsIgnoreCase(ADMIN_USER)) { - return Sets.newHashSet(ADMIN_GROUP); - } else if (user.equalsIgnoreCase(NOT_ADMIN_USER)){ - return Sets.newHashSet(NOT_ADMIN_GROUP); - } else { - return Collections.emptySet(); - } - } - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceClient.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceClient.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceClient.java deleted file mode 100644 index 5813626..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceClient.java +++ /dev/null @@ -1,61 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.generic.service.thrift; - -import java.util.Set; - -import org.apache.sentry.service.thrift.SentryServiceFactory; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.Sets; - -public class TestSentryGenericServiceClient extends SentryGenericServiceIntegrationBase { - - @BeforeClass - public static void setup() throws Exception { - beforeSetup(); - setupConf(); - startSentryService(); - afterSetup(); - kerberos = false; - } - - @Test - public void testConnectionWhenReconnect() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - String roleName = "admin_r"; - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - - client.dropRoleIfExists(requestorUserName, roleName, "solr"); - client.createRole(requestorUserName, roleName, "solr"); - stopSentryService(); - server = SentryServiceFactory.create(conf); - startSentryService(); - client.dropRole(requestorUserName, roleName, "solr"); - } - }); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java deleted file mode 100644 index 5364d10..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java +++ /dev/null @@ -1,503 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.provider.db.generic.service.thrift; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import java.util.Arrays; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.common.Authorizable; -import org.apache.sentry.core.model.solr.Collection; -import org.apache.sentry.core.model.solr.Field; -import org.apache.sentry.core.model.solr.SolrConstants; -import org.junit.Test; - -import com.google.common.collect.Lists; -import com.google.common.collect.Sets; - -public class TestSentryGenericServiceIntegration extends SentryGenericServiceIntegrationBase { - - @Test - public void testCreateDropShowRole() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - String roleName = "admin_r"; - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - - client.dropRoleIfExists(requestorUserName, roleName, SOLR); - - client.createRole(requestorUserName, roleName, SOLR); - - client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(requestorUserGroupNames)); - - Set<TSentryRole> roles = client.listUserRoles(requestorUserName,SOLR); - assertEquals("Incorrect number of roles", 1, roles.size()); - for (TSentryRole role:roles) { - assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); - } - client.dropRole(requestorUserName, roleName, SOLR); - }}); - } - - @Test - public void testAddDeleteRoleToGroup() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - String testGroupName = "g1"; - String roleName = "admin_r"; - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - setLocalGroupMapping(requestorUserName, Sets.newHashSet(testGroupName)); - writePolicyFile(); - - client.dropRoleIfExists(requestorUserName, roleName, SOLR); - - client.createRole(requestorUserName, roleName, SOLR); - - client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(testGroupName)); - - Set<TSentryRole> roles = client.listUserRoles(requestorUserName,SOLR); - assertEquals("Incorrect number of roles", 1, roles.size()); - for (TSentryRole role:roles) { - assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); - assertTrue(role.getGroups().size() == 1); - for (String group :role.getGroups()) { - assertEquals(testGroupName, group); - } - } - - client.revokeRoleFromGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(testGroupName)); - roles = client.listUserRoles(requestorUserName,SOLR); - assertEquals("Incorrect number of roles", 0, roles.size()); - - client.dropRole(requestorUserName, roleName, SOLR); - }}); - } - - @Test - public void testGranRevokePrivilege() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - String roleName1 = "admin_r1"; - String roleName2 = "admin_r2"; - - client.dropRoleIfExists(requestorUserName, roleName1, SOLR); - client.createRole(requestorUserName, roleName1, SOLR); - - client.dropRoleIfExists(requestorUserName, roleName2, SOLR); - client.createRole(requestorUserName, roleName2, SOLR); - - TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SolrConstants.QUERY); - - TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SolrConstants.UPDATE); - - client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); - client.grantPrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); - - client.revokePrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); - client.revokePrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); - }}); - } - - @Test - public void testMultipleRolesSamePrivilege() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - String roleName1 = "admin_r1"; - String roleName2 = "admin_r2"; - - client.dropRoleIfExists(requestorUserName, roleName1, SOLR); - client.createRole(requestorUserName, roleName1, SOLR); - - client.dropRoleIfExists(requestorUserName, roleName2, SOLR); - client.createRole(requestorUserName, roleName2, SOLR); - - TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SolrConstants.QUERY); - - client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); - Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1, SOLR, "service1"); - assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1); - - client.grantPrivilege(requestorUserName, roleName2, SOLR, queryPrivilege); - listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2, SOLR, "service1"); - assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1); - }}); - } - - @Test - public void testShowRoleGrant() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - String roleName = "admin_r1"; - String groupName = "group1"; - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - setLocalGroupMapping(requestorUserName, Sets.newHashSet(groupName)); - writePolicyFile(); - - client.dropRoleIfExists(requestorUserName, roleName, SOLR); - client.createRole(requestorUserName, roleName, SOLR); - client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(groupName)); - - Set<TSentryRole> groupRoles = client.listRolesByGroupName(requestorUserName, groupName,SOLR); - assertTrue(groupRoles.size() == 1); - for (TSentryRole role:groupRoles) { - assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); - assertTrue(role.getGroups().size() == 1); - for (String group :role.getGroups()) { - assertEquals(groupName, group); - } - } - - client.dropRole(requestorUserName, roleName, SOLR); - }}); - } - - @Test - public void testShowGrant() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - String roleName = "admin_r1"; - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - - client.dropRoleIfExists(requestorUserName, roleName, SOLR); - client.createRole(requestorUserName, roleName, SOLR); - - TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SolrConstants.QUERY); - - TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SolrConstants.UPDATE); - - client.grantPrivilege(requestorUserName, roleName, SOLR, updatePrivilege); - client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); - Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); - assertTrue(privileges.size() == 2); - - client.revokePrivilege(requestorUserName, roleName, SOLR, updatePrivilege); - privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); - assertTrue(privileges.size() == 1); - }}); - } - - @Test - public void testSameGrantTwice() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - String roleName = "admin_r1"; - - client.createRole(requestorUserName, roleName, SOLR); - - TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SolrConstants.QUERY); - - client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); - assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1").size()); - }}); - } - - @Test - public void testGrantRevokeWithGrantOption() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String adminUser = ADMIN_USER; - Set<String> adminGroup = Sets.newHashSet(ADMIN_GROUP); - String grantOptionUser = "user1"; - Set<String> grantOptionGroup = Sets.newHashSet("group1"); - String noGrantOptionUser = "user2"; - Set<String> noGrantOptionGroup = Sets.newHashSet("group2"); - - setLocalGroupMapping(adminUser, adminGroup); - setLocalGroupMapping(grantOptionUser, grantOptionGroup); - setLocalGroupMapping(noGrantOptionUser, noGrantOptionGroup); - writePolicyFile(); - - String grantRole = "grant_r"; - String noGrantRole = "no_grant_r"; - String testRole = "test_role"; - - client.createRole(adminUser, grantRole, SOLR); - client.createRole(adminUser, noGrantRole, SOLR); - client.createRole(adminUser, testRole, SOLR); - - TSentryPrivilege grantPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"))), - SolrConstants.QUERY); - grantPrivilege.setGrantOption(TSentryGrantOption.TRUE); - - TSentryPrivilege noGrantPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"))), - SolrConstants.QUERY); - noGrantPrivilege.setGrantOption(TSentryGrantOption.FALSE); - - TSentryPrivilege testPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SolrConstants.QUERY); - testPrivilege.setGrantOption(TSentryGrantOption.FALSE); - - client.grantPrivilege(adminUser, grantRole, SOLR, grantPrivilege); - client.grantPrivilege(adminUser, noGrantRole, SOLR, noGrantPrivilege); - - client.grantRoleToGroups(adminUser, grantRole, SOLR, grantOptionGroup); - client.grantRoleToGroups(adminUser, noGrantRole, SOLR, noGrantOptionGroup); - - try { - client.grantPrivilege(grantOptionUser,testRole,SOLR, testPrivilege); - } catch (SentryUserException e) { - fail("grantOptionUser failed grant privilege to user"); - } - - try { - client.grantPrivilege(noGrantOptionUser, testRole, SOLR, testPrivilege); - fail("noGrantOptionUser can't grant privilege to user"); - } catch (SentryUserException e) { - } - - try { - client.revokePrivilege(grantOptionUser, testRole, SOLR, testPrivilege); - } catch(SentryUserException e) { - fail("grantOptionUser failed revoke privilege to user"); - } - - try { - client.revokePrivilege(noGrantOptionUser, testRole, SOLR, testPrivilege); - fail("noGrantOptionUser can't revoke privilege to user"); - } catch (SentryUserException e) { - } - }}); - } - - @Test - public void testGetPrivilegeByHierarchy() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String adminUser = ADMIN_USER; - Set<String> adminGroup = Sets.newHashSet(ADMIN_GROUP); - String testRole = "role1"; - Set<String> testGroup = Sets.newHashSet("group1"); - String testUser = "user1"; - setLocalGroupMapping(adminUser, adminGroup); - setLocalGroupMapping(testUser, testGroup); - writePolicyFile(); - - - client.createRole(adminUser, testRole, SOLR); - client.grantRoleToGroups(adminUser, testRole, SOLR, testGroup); - - TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SolrConstants.QUERY); - - TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c2"), new Field("f2"))), - SolrConstants.UPDATE); - - client.grantPrivilege(adminUser, testRole, SOLR, queryPrivilege); - client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege); - - assertEquals(2, client.listAllPrivilegesByRoleName(testUser, testRole, SOLR, "service1").size()); - - assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole, - SOLR, "service1", Arrays.asList(new Collection("c1"))).size()); - - assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole, - SOLR, "service1", Arrays.asList(new Collection("c2"))).size()); - - assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole, - SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size()); - - assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole, - SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); - - //test listPrivilegesForProvider by group(testGroup) - ActiveRoleSet roleSet = ActiveRoleSet.ALL; - - assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet, - testGroup, Arrays.asList(new Collection("c1"))).size()); - - assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet, - testGroup, Arrays.asList(new Collection("c2"))).size()); - - assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet, - testGroup, Arrays.asList(new Collection("c1"), new Field("f1"))).size()); - - assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet, - testGroup, Arrays.asList(new Collection("c2"), new Field("f2"))).size()); - }}); - } - - @Test - public void testGetPrivilegeByAuthorizable() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String adminUser = ADMIN_USER; - Set<String> adminGroup = Sets.newHashSet(ADMIN_GROUP); - String testRole = "role1"; - Set<String> testGroup = Sets.newHashSet("group1"); - String testUser = "user1"; - setLocalGroupMapping(adminUser, adminGroup); - setLocalGroupMapping(testUser, testGroup); - writePolicyFile(); - - client.createRole(adminUser, testRole, SOLR); - client.grantRoleToGroups(adminUser, testRole, SOLR, adminGroup); - - TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SolrConstants.QUERY); - - TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f2"))), - SolrConstants.UPDATE); - - client.grantPrivilege(adminUser, testRole, SOLR, queryPrivilege); - client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege); - - //test listPrivilegesbyAuthorizable without requested group and active role set. - assertEquals(1, client.listPrivilegesbyAuthorizable(SOLR, "service1", adminUser, - Sets.newHashSet(new String("Collection=c1->Field=f1")), null, null).size()); - - //test listPrivilegesbyAuthorizable with requested group (testGroup) - Map<String, TSentryPrivilegeMap> privilegeMap = client.listPrivilegesbyAuthorizable(SOLR, - "service1", adminUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), testGroup, null); - TSentryPrivilegeMap actualMap = privilegeMap.get(new String("Collection=c1->Field=f1")); - assertEquals(0, actualMap.getPrivilegeMap().size()); - - //test listPrivilegesbyAuthorizable with active role set. - ActiveRoleSet roleSet = ActiveRoleSet.ALL; - assertEquals(1, client.listPrivilegesbyAuthorizable(SOLR, "service1", adminUser, - Sets.newHashSet(new String("Collection=c1->Field=f1")), null, roleSet).size()); - privilegeMap = client.listPrivilegesbyAuthorizable(SOLR, - "service1", adminUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), null, roleSet); - actualMap = privilegeMap.get(new String("Collection=c1->Field=f1")); - assertEquals(1, actualMap.getPrivilegeMap().size()); - - privilegeMap = client.listPrivilegesbyAuthorizable(SOLR, - "service1", testUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), null, roleSet); - actualMap = privilegeMap.get(new String("Collection=c1->Field=f1")); - assertEquals(0, actualMap.getPrivilegeMap().size()); - - // grant tesRole to testGroup. - client.grantRoleToGroups(adminUser, testRole, SOLR, testGroup); - - privilegeMap = client.listPrivilegesbyAuthorizable(SOLR, - "service1", testUser, Sets.newHashSet(new String("Collection=c1")), null, roleSet); - actualMap = privilegeMap.get(new String("Collection=c1")); - assertEquals(1, actualMap.getPrivilegeMap().size()); - assertEquals(2, actualMap.getPrivilegeMap().get(testRole).size()); - }}); - } - - @Test - public void testDropAndRenamePrivilege() throws Exception { - runTestAsSubject(new TestOperation(){ - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - String roleName = "admin_r1"; - - client.createRole(requestorUserName, roleName, SOLR); - - TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), - SolrConstants.QUERY); - client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); - - assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName, - SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size()); - - assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, - SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); - - client.renamePrivilege(requestorUserName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1")), - Arrays.asList(new Collection("c2"), new Field("f2"))); - - assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, - SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size()); - - assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName, - SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); - - TSentryPrivilege dropPrivilege = new TSentryPrivilege(SOLR, "service1", - fromAuthorizable(Arrays.asList(new Collection("c2"), new Field("f2"))), - SolrConstants.QUERY); - - client.dropPrivilege(requestorUserName, SOLR, dropPrivilege); - - assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, - SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); - }}); - } - - private List<TAuthorizable> fromAuthorizable(List<? extends Authorizable> authorizables) { - List<TAuthorizable> tAuthorizables = Lists.newArrayList(); - for (Authorizable authorizable : authorizables) { - tAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName())); - } - return tAuthorizables; - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java index b1c2365..307f38e 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java @@ -26,24 +26,24 @@ import java.util.Set; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.provider.db.log.util.Constants; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsResponse; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsResponse; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeResponse; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeResponse; -import org.apache.sentry.provider.db.service.thrift.TCreateSentryRoleRequest; -import org.apache.sentry.provider.db.service.thrift.TCreateSentryRoleResponse; -import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleRequest; -import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleResponse; -import org.apache.sentry.provider.db.service.thrift.TSentryGroup; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; +import org.apache.sentry.api.common.ApiConstants.PrivilegeScope; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleAddGroupsRequest; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleAddGroupsResponse; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleDeleteGroupsRequest; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleDeleteGroupsResponse; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleGrantPrivilegeResponse; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleRevokePrivilegeResponse; +import org.apache.sentry.api.service.thrift.TCreateSentryRoleRequest; +import org.apache.sentry.api.service.thrift.TCreateSentryRoleResponse; +import org.apache.sentry.api.service.thrift.TDropSentryRoleRequest; +import org.apache.sentry.api.service.thrift.TDropSentryRoleResponse; +import org.apache.sentry.api.service.thrift.TSentryGroup; +import org.apache.sentry.api.service.thrift.TSentryPrivilege; import org.apache.sentry.core.common.utils.ThriftUtil; -import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; -import org.apache.sentry.service.thrift.Status; +import org.apache.sentry.service.common.ServiceConstants.ServerConfig; +import org.apache.sentry.api.common.Status; import org.junit.BeforeClass; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java index 4f35a44..8623a09 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java @@ -28,24 +28,24 @@ import java.util.Map; import java.util.Set; import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; -import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest; -import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleResponse; -import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; +import org.apache.sentry.api.generic.thrift.TAlterSentryRoleAddGroupsRequest; +import org.apache.sentry.api.generic.thrift.TAlterSentryRoleAddGroupsResponse; +import org.apache.sentry.api.generic.thrift.TAlterSentryRoleDeleteGroupsRequest; +import org.apache.sentry.api.generic.thrift.TAlterSentryRoleDeleteGroupsResponse; +import org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest; +import org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeResponse; +import org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest; +import org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeResponse; +import org.apache.sentry.api.generic.thrift.TAuthorizable; +import org.apache.sentry.api.generic.thrift.TCreateSentryRoleRequest; +import org.apache.sentry.api.generic.thrift.TCreateSentryRoleResponse; +import org.apache.sentry.api.generic.thrift.TDropSentryRoleRequest; +import org.apache.sentry.api.generic.thrift.TDropSentryRoleResponse; +import org.apache.sentry.api.generic.thrift.TSentryPrivilege; import org.apache.sentry.provider.db.log.util.Constants; import org.apache.sentry.core.common.utils.ThriftUtil; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; -import org.apache.sentry.service.thrift.Status; +import org.apache.sentry.service.common.ServiceConstants.ServerConfig; +import org.apache.sentry.api.common.Status; import org.junit.BeforeClass; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java index 8cf0e70..2b2c411 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java @@ -23,12 +23,12 @@ import java.util.List; import java.util.Set; import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; -import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; +import org.apache.sentry.api.generic.thrift.TAuthorizable; +import org.apache.sentry.api.common.ApiConstants.PrivilegeScope; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; +import org.apache.sentry.api.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; +import org.apache.sentry.api.service.thrift.TSentryGrantOption; +import org.apache.sentry.api.service.thrift.TSentryPrivilege; import org.junit.Assert; import org.junit.Test; @@ -308,9 +308,9 @@ public class TestCommandUtil extends Assert { // generate the command without grant option @Test public void testCreateCmdForGrantOrRevokeGMPrivilege1() { - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); - org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege(); + org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); + org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); + org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = getGMPrivilege(); grantRequest.setPrivilege(privilege); revokeRequest.setPrivilege(privilege); @@ -327,11 +327,11 @@ public class TestCommandUtil extends Assert { // generate the command with grant option @Test public void testCreateCmdForGrantOrRevokeGMPrivilege2() { - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); - org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege(); + org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); + org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); + org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = getGMPrivilege(); privilege - .setGrantOption(org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption.TRUE); + .setGrantOption(org.apache.sentry.api.generic.thrift.TSentryGrantOption.TRUE); grantRequest.setPrivilege(privilege); revokeRequest.setPrivilege(privilege); @@ -379,14 +379,14 @@ public class TestCommandUtil extends Assert { return request; } - private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest getGrantGMPrivilegeRequest() { - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest(); + private org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest getGrantGMPrivilegeRequest() { + org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest request = new org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest(); request.setRoleName("testRole"); return request; } - private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest getRevokeGMPrivilegeRequest() { - org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest(); + private org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest getRevokeGMPrivilegeRequest() { + org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest request = new org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest(); request.setRoleName("testRole"); return request; } @@ -403,8 +403,8 @@ public class TestCommandUtil extends Assert { return privilege; } - private org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege getGMPrivilege() { - org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = new org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege(); + private org.apache.sentry.api.generic.thrift.TSentryPrivilege getGMPrivilege() { + org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = new org.apache.sentry.api.generic.thrift.TSentryPrivilege(); privilege.setAction("ACTION"); privilege.setComponent("COMPONENT"); List<TAuthorizable> authorizables = new ArrayList<TAuthorizable>(); http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java index 4b38635..0c66dd2 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java @@ -54,9 +54,9 @@ import org.apache.sentry.hdfs.UniquePathsUpdate; import org.apache.sentry.service.thrift.SentryHMSClient; import org.apache.sentry.service.thrift.HiveConnectionFactory; import org.apache.sentry.service.thrift.HiveSimpleConnectionFactory; -import org.apache.sentry.service.thrift.ServiceConstants; +import org.apache.sentry.service.common.ServiceConstants; import org.apache.sentry.service.thrift.HMSClient; -import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable; +import org.apache.sentry.api.service.thrift.TSentryAuthorizable; import static org.apache.sentry.hdfs.ServiceConstants.ServerConfig.SENTRY_SERVICE_FULL_UPDATE_PUBSUB; import org.junit.Before; http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java index 91c90f9..4e8a2e6 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java @@ -33,10 +33,10 @@ import org.apache.hadoop.hive.metastore.messaging.EventMessage; import org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType; import org.apache.sentry.binding.metastore.messaging.json.SentryJSONMessageFactory; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; +import org.apache.sentry.api.service.thrift.TSentryPrivilege; import org.apache.sentry.service.thrift.HiveSimpleConnectionFactory; import org.apache.sentry.provider.file.PolicyFile; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; +import org.apache.sentry.service.common.ServiceConstants.ServerConfig; import org.junit.After; import org.junit.AfterClass; import org.junit.Assert; http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestLeaderStatusMonitor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestLeaderStatusMonitor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestLeaderStatusMonitor.java index 395516c..f6592ec 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestLeaderStatusMonitor.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestLeaderStatusMonitor.java @@ -25,7 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import static java.lang.Thread.sleep; -import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM; +import static org.apache.sentry.service.common.ServiceConstants.ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestNotificationProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestNotificationProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestNotificationProcessor.java index 923faff..f227bb4 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestNotificationProcessor.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestNotificationProcessor.java @@ -33,8 +33,8 @@ import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.messaging.EventMessage; import org.apache.sentry.binding.metastore.messaging.json.SentryJSONMessageFactory; import org.apache.sentry.hdfs.UniquePathsUpdate; -import org.apache.sentry.service.thrift.ServiceConstants; -import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable; +import org.apache.sentry.service.common.ServiceConstants; +import org.apache.sentry.api.service.thrift.TSentryAuthorizable; import org.junit.After; import org.junit.BeforeClass; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java index 679a097..152c0ce 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java @@ -64,16 +64,16 @@ import org.apache.sentry.provider.db.service.model.MSentryPermChange; import org.apache.sentry.provider.db.service.model.MSentryPathChange; import org.apache.sentry.provider.db.service.model.MSentryPrivilege; import org.apache.sentry.provider.db.service.model.MSentryRole; -import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet; -import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable; -import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.service.thrift.TSentryGroup; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.db.service.thrift.TSentryRole; +import org.apache.sentry.api.service.thrift.TSentryActiveRoleSet; +import org.apache.sentry.api.service.thrift.TSentryAuthorizable; +import org.apache.sentry.api.service.thrift.TSentryGrantOption; +import org.apache.sentry.api.service.thrift.TSentryGroup; +import org.apache.sentry.api.service.thrift.TSentryPrivilege; +import org.apache.sentry.api.service.thrift.TSentryRole; import org.apache.sentry.provider.file.PolicyFile; -import org.apache.sentry.service.thrift.SentryServiceUtil; -import org.apache.sentry.service.thrift.ServiceConstants; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; +import org.apache.sentry.api.common.SentryServiceUtil; +import org.apache.sentry.service.common.ServiceConstants; +import org.apache.sentry.service.common.ServiceConstants.ServerConfig; import org.junit.After; import org.junit.AfterClass; import org.junit.Before; http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java index b085ac3..ebc8c31 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java @@ -33,13 +33,13 @@ import org.apache.sentry.provider.db.service.model.MSentryGroup; import org.apache.sentry.provider.db.service.model.MSentryPrivilege; import org.apache.sentry.provider.db.service.model.MSentryRole; import org.apache.sentry.provider.db.service.model.MSentryUser; -import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.service.thrift.TSentryMappingData; -import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; +import org.apache.sentry.api.common.ApiConstants.PrivilegeScope; +import org.apache.sentry.api.service.thrift.TSentryGrantOption; +import org.apache.sentry.api.service.thrift.TSentryMappingData; +import org.apache.sentry.api.service.thrift.TSentryPrivilege; import org.apache.sentry.provider.file.PolicyFile; -import org.apache.sentry.service.thrift.SentryServiceUtil; -import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; +import org.apache.sentry.api.common.SentryServiceUtil; +import org.apache.sentry.service.common.ServiceConstants.ServerConfig; import org.junit.After; import org.junit.AfterClass; import org.junit.Before;
