http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestNotificationHandlerInvoker.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestNotificationHandlerInvoker.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestNotificationHandlerInvoker.java deleted file mode 100644 index 92f3f8b..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestNotificationHandlerInvoker.java +++ /dev/null @@ -1,102 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.api.service.thrift; - -import org.apache.hadoop.conf.Configuration; -import org.junit.Before; -import org.junit.Test; -import org.mockito.Mockito; - -import com.google.common.collect.Lists; - -public class TestNotificationHandlerInvoker { - - private Configuration conf; - private NotificationHandler handler; - private NotificationHandlerInvoker invoker; - - @Before - public void setup() throws Exception { - conf = new Configuration(false); - handler = Mockito.spy(new NotificationHandler(conf) {}); - invoker = new NotificationHandlerInvoker(conf, - Lists.newArrayList(new ThrowingNotificationHandler(conf), handler)); - } - - @Test - public void testCreateSentryRole() throws Exception { - TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); - TCreateSentryRoleResponse response = new TCreateSentryRoleResponse(); - invoker.create_sentry_role(request, response); - Mockito.verify(handler).create_sentry_role(request, response); - } - - @Test - public void testDropSentryRole() throws Exception { - TDropSentryRoleRequest request = new TDropSentryRoleRequest(); - TDropSentryRoleResponse response = new TDropSentryRoleResponse(); - invoker.drop_sentry_role(request, response); - Mockito.verify(handler).drop_sentry_role(request, response); - } - - - - @Test - public void testAlterSentryRoleAddGroups() throws Exception { - TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest(); - TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse(); - invoker.alter_sentry_role_add_groups(request, response); - Mockito.verify(handler).alter_sentry_role_add_groups(request, response); - } - - @Test - public void testAlterSentryRoleDeleteGroups() throws Exception { - TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest(); - TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse(); - invoker.alter_sentry_role_delete_groups(request, response); - Mockito.verify(handler).alter_sentry_role_delete_groups(request, response); - } - - public static class ThrowingNotificationHandler extends NotificationHandler { - public ThrowingNotificationHandler(Configuration config) throws Exception { - super(config); - } - @Override - public void create_sentry_role(TCreateSentryRoleRequest request, - TCreateSentryRoleResponse response) { - throw new RuntimeException(); - } - public void drop_sentry_role(TDropSentryRoleRequest request, - TDropSentryRoleResponse response) { - throw new RuntimeException(); - } - @Override - public void alter_sentry_role_add_groups( - TAlterSentryRoleAddGroupsRequest request, - TAlterSentryRoleAddGroupsResponse response) { - throw new RuntimeException(); - } - @Override - public void alter_sentry_role_delete_groups( - TAlterSentryRoleDeleteGroupsRequest request, - TAlterSentryRoleDeleteGroupsResponse response) { - throw new RuntimeException(); - } - } -}
http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyServiceClient.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyServiceClient.java deleted file mode 100644 index e845936..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyServiceClient.java +++ /dev/null @@ -1,64 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.api.service.thrift; - -import java.util.Set; - -import org.apache.sentry.service.thrift.SentryServiceFactory; -import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.Sets; - -public class TestSentryPolicyServiceClient extends SentryServiceIntegrationBase { - - @BeforeClass - public static void setup() throws Exception { - beforeSetup(); - setupConf(); - startSentryService(); - afterSetup(); - kerberos = false; - } - - @Test - public void testConnectionWhenReconnect() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - String roleName = "admin_r"; - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - - client.dropRoleIfExists(requestorUserName, roleName); - client.createRole(requestorUserName, roleName); - client.listAllRoles(requestorUserName); - stopSentryService(); - server = SentryServiceFactory.create(conf); - startSentryService(); - client.listAllRoles(requestorUserName); - client.dropRole(requestorUserName, roleName); - } - }); - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java deleted file mode 100644 index efacf19..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java +++ /dev/null @@ -1,81 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.api.service.thrift; - -import org.apache.sentry.api.common.ThriftConstants; -import org.apache.sentry.core.common.exception.SentrySiteConfigurationException; -import org.junit.Assert; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.core.common.exception.SentryThriftAPIMismatchException; -import org.apache.sentry.core.common.utils.PolicyStoreConstants.PolicyStoreServerConfig; -import org.junit.Before; -import org.junit.Test; - -public class TestSentryPolicyStoreProcessor { - - private Configuration conf; - - @Before - public void setup() { - conf = new Configuration(false); - } - @Test(expected=SentrySiteConfigurationException.class) - public void testConfigNotNotificationHandler() throws Exception { - conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, Object.class.getName()); - SentryPolicyStoreProcessor.createHandlers(conf); - } - @Test(expected=SentrySiteConfigurationException.class) - public void testConfigCannotCreateNotificationHandler() throws Exception { - conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, - ExceptionInConstructorNotificationHandler.class.getName()); - SentryPolicyStoreProcessor.createHandlers(conf); - } - @Test(expected=SentrySiteConfigurationException.class) - public void testConfigNotAClassNotificationHandler() throws Exception { - conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, "junk"); - SentryPolicyStoreProcessor.createHandlers(conf); - } - @Test - public void testConfigMultipleNotificationHandlers() throws Exception { - conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, - NoopNotificationHandler.class.getName() + "," + - NoopNotificationHandler.class.getName() + " " + - NoopNotificationHandler.class.getName()); - Assert.assertEquals(3, SentryPolicyStoreProcessor.createHandlers(conf).size()); - } - public static class ExceptionInConstructorNotificationHandler extends NotificationHandler { - public ExceptionInConstructorNotificationHandler(Configuration config) throws Exception { - super(config); - throw new Exception(); - } - } - public static class NoopNotificationHandler extends NotificationHandler { - public NoopNotificationHandler(Configuration config) throws Exception { - super(config); - } - } - @Test(expected=SentryThriftAPIMismatchException.class) - public void testSentryThriftAPIMismatch() throws Exception { - SentryPolicyStoreProcessor.validateClientVersion(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT -1); - } - @Test - public void testSentryThriftAPIMatchVersion() throws Exception { - SentryPolicyStoreProcessor.validateClientVersion(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerForPoolWithoutKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerForPoolWithoutKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerForPoolWithoutKerberos.java deleted file mode 100644 index 7330204..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerForPoolWithoutKerberos.java +++ /dev/null @@ -1,35 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless createRequired by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.api.service.thrift; - -import org.junit.BeforeClass; - -public class TestSentryServerForPoolWithoutKerberos extends TestSentryServerWithoutKerberos { - - @BeforeClass - public static void setup() throws Exception { - kerberos = false; - pooled = true; - beforeSetup(); - setupConf(); - startSentryService(); - afterSetup(); - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerLogLevel.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerLogLevel.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerLogLevel.java deleted file mode 100644 index 6290fb7..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerLogLevel.java +++ /dev/null @@ -1,100 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.api.service.thrift; - -import org.apache.commons.io.IOUtils; -import org.apache.log4j.LogManager; -import org.apache.log4j.Logger; -import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; -import org.junit.*; - -import java.net.HttpURLConnection; -import java.net.URL; - -public class TestSentryServerLogLevel extends SentryServiceIntegrationBase { - private final String CLASS_NAME = "org.eclipse.jetty.server.handler.ContextHandler"; - - @BeforeClass - public static void setup() throws Exception { - webServerEnabled = true; - webSecurity = false; - SentryServiceIntegrationBase.setup(); - } - - @Override - @Before - public void before() throws Exception { - } - - @Override - @After - public void after() { - } - - /** - * Get the log level for the specified class - * @param className: Name of class - * @return - * Log level of the class - */ - private String getLogLevel(String className) { - Logger logInstance = LogManager.getLogger(className); - return logInstance.getEffectiveLevel().toString(); - } - - /** - * Send log level and class name via the HTTP interface and verify that it is set at the loogger. - * @throws Exception - */ - @Test - public void testSetLogLevel() throws Exception { - final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/admin/logLevel?log=" - + CLASS_NAME + "&level=INFO"); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); - String response = IOUtils.toString(conn.getInputStream()); - Assert.assertTrue(response.contains("INFO")); - Assert.assertEquals("INFO", getLogLevel(CLASS_NAME)); - } - - /** - * Send class name via the HTTP interface and verify that it is get at the loogger. - * @throws Exception - */ - @Test - public void testGetLogLevel() throws Exception { - final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/admin/logLevel?log=" + CLASS_NAME); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); - String response = IOUtils.toString(conn.getInputStream()); - Assert.assertTrue(response.contains("INFO")); - Assert.assertEquals("INFO", getLogLevel(CLASS_NAME)); - } - - /** - * Send class name and invalid log level via the HTTP interface and verify that it returns error response. - * @throws Exception - */ - @Test - public void testInvalidLogLevel() throws Exception { - final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/admin/logLevel?log=" - + CLASS_NAME + "&level=ABCD"); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - Assert.assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, conn.getResponseCode()); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerPubSub.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerPubSub.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerPubSub.java deleted file mode 100644 index 716109f..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerPubSub.java +++ /dev/null @@ -1,181 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.api.service.thrift; - -import org.apache.sentry.core.common.utils.PubSub; -import org.apache.sentry.core.common.utils.PubSub.Topic; -import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; - -import org.junit.*; - -import java.net.HttpURLConnection; -import java.net.URL; - -public class TestSentryServerPubSub extends SentryServiceIntegrationBase { - - private static final Topic[] topics = Topic.values(); - private static final String[] messages = { "message1", "message2", "message3", "" }; - - private static volatile String REQUEST_URL; - - private final TestSubscriber testSubscriber = new TestSubscriber(); - - private static final class TestSubscriber implements PubSub.Subscriber { - private volatile Topic topic; - private volatile String message; - private volatile int count; - @Override - public void onMessage(Topic topic, String message) { - this.topic = topic; - this.message = message; - this.count++; - } - } - - @BeforeClass - public static void setup() throws Exception { - webServerEnabled = true; - webSecurity = false; - SentryServiceIntegrationBase.setup(); - REQUEST_URL= "http://"; + SERVER_HOST + ":" + webServerPort + "/admin/publishMessage?topic=%s&message=%s"; - } - - @Override - @Before - public void before() throws Exception { - - // Subscribe to all defined topics. - // After each successfull HTTP-GET, testSubscriber.onMessage() - // will be called and "topic" and "message" fields will be - // set according to HTTP-GET parameters. - testSubscriber.count = 0; - for (Topic topic : topics) { - PubSub.getInstance().subscribe(topic, testSubscriber); - } - Assert.assertEquals("Unexpected number of registered topics", topics.length, PubSub.getInstance().getTopics().size()); - } - - @Override - @After - public void after() { - // unsubscribe - for (Topic topic : topics) { - PubSub.getInstance().unsubscribe(topic, testSubscriber); - } - testSubscriber.count = 0; - Assert.assertTrue("Topics should have been removed after unsubscribe()", PubSub.getInstance().getTopics().isEmpty()); - } - - /** - * Successfully publish notifications - * @throws Exception - */ - @Test - public void testPubSub() throws Exception { - int count = 0; - for (Topic topic : topics) { - for (String message : messages) { - URL url = new URL(String.format(REQUEST_URL, topic.getName(), message)); - HttpURLConnection conn = null; - try { - conn = (HttpURLConnection) url.openConnection(); - Assert.assertEquals("Unexpected response code", HttpURLConnection.HTTP_OK, conn.getResponseCode()); - } finally { - safeClose(conn); - } - Assert.assertEquals("Unexpected topic", topic, testSubscriber.topic); - if (message.isEmpty()) { - Assert.assertEquals("Unexpected message", null, testSubscriber.message); - } else { - Assert.assertEquals("Unexpected message", message, testSubscriber.message); - } - Assert.assertEquals("Unexpected number of PubSub.onMessage() callbacks", ++count, testSubscriber.count); - } - } - } - - /** - * Submit empty topic. It's ok, generates form page. - * @throws Exception - */ - @Test - public void testPubSubEmptyTopic() throws Exception { - URL url = new URL(String.format(REQUEST_URL, "", "message")); - HttpURLConnection conn = null; - try { - conn = (HttpURLConnection) url.openConnection(); - Assert.assertEquals("Unexpected response code", HttpURLConnection.HTTP_OK, conn.getResponseCode()); - } finally { - safeClose(conn); - } - Assert.assertEquals("Unexpected number of PubSub.onMessage() callbacks", 0, testSubscriber.count); - } - - /** - * Submit invalid topic - * @throws Exception - */ - @Test - public void testPubSubInvalidTopic() throws Exception { - String[] invalid_topics = { "invalid_topic_1", "invalid_topic_2", "invalid_topic_3" }; - for (String topic : invalid_topics) { - URL url = new URL(String.format(REQUEST_URL, topic, "message")); - HttpURLConnection conn = null; - try { - conn = (HttpURLConnection) url.openConnection(); - Assert.assertEquals("Unexpected response code", HttpURLConnection.HTTP_BAD_REQUEST, conn.getResponseCode()); - } finally { - safeClose(conn); - } - Assert.assertEquals("Unexpected number of PubSub.onMessage() callbacks", 0, testSubscriber.count); - } - } - - /** - * Submit topic that has no subscribers. - * @throws Exception - */ - @Test - public void testPubSubNonSubscribedTopic() throws Exception { - // At this point all valid Topic values have been subscribed to - // in before() method. - // Unsubscribe from one topic and then try publishing to it. - PubSub.getInstance().unsubscribe(Topic.HDFS_SYNC_HMS, testSubscriber); - Assert.assertEquals("Unexpected number of registered topics", topics.length-1, PubSub.getInstance().getTopics().size()); - - URL url = new URL(String.format(REQUEST_URL, Topic.HDFS_SYNC_HMS.getName(), "message")); - HttpURLConnection conn = null; - try { - conn = (HttpURLConnection) url.openConnection(); - Assert.assertEquals("Unexpected response code", HttpURLConnection.HTTP_BAD_REQUEST, conn.getResponseCode()); - } finally { - safeClose(conn); - } - // re-subscribe, not to upset after() method which expects all topics to be subscribed to - PubSub.getInstance().subscribe(Topic.HDFS_SYNC_HMS, testSubscriber); - } - - private static void safeClose(HttpURLConnection conn) { - if (conn != null) { - try { - conn.disconnect(); - } catch (Exception ignore) { - } - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerWithoutKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerWithoutKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerWithoutKerberos.java deleted file mode 100644 index 3deadab..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServerWithoutKerberos.java +++ /dev/null @@ -1,214 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless createRequired by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.api.service.thrift; -import static org.junit.Assert.assertEquals; - -import java.util.ArrayList; -import java.util.HashSet; -import java.util.Set; - -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.common.Authorizable; -import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.core.model.db.Database; -import org.apache.sentry.core.model.db.Server; -import org.apache.sentry.core.model.db.Table; -import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.Lists; -import com.google.common.collect.Sets; - -public class TestSentryServerWithoutKerberos extends SentryServiceIntegrationBase { - - @BeforeClass - public static void setup() throws Exception { - kerberos = false; - beforeSetup(); - setupConf(); - startSentryService(); - afterSetup(); - } - - @Test - public void testCreateRole() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - String roleName = "admin_r"; - client.dropRoleIfExists(requestorUserName, roleName); - client.createRole(requestorUserName, roleName); - client.dropRole(requestorUserName, roleName); - } - - @Test - public void testQueryPushDown() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - - String roleName1 = "admin_r1"; - String roleName2 = "admin_r2"; - - String group1 = "g1"; - String group2 = "g2"; - - client.dropRoleIfExists(requestorUserName, roleName1); - client.createRole(requestorUserName, roleName1); - client.grantRoleToGroup(requestorUserName, group1, roleName1); - - client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL"); - - client.dropRoleIfExists(requestorUserName, roleName2); - client.createRole(requestorUserName, roleName2); - client.grantRoleToGroup(requestorUserName, group1, roleName2); - client.grantRoleToGroup(requestorUserName, group2, roleName2); - - client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName2, "server", "db3", "table5", "ALL"); - - Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, null); - assertEquals("Privilege not assigned to role2 !!", 5, listPrivilegesByRoleName.size()); - - listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, new ArrayList<Authorizable>()); - assertEquals("Privilege not assigned to role2 !!", 5, listPrivilegesByRoleName.size()); - - listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"))); - assertEquals("Privilege not assigned to role2 !!", 2, listPrivilegesByRoleName.size()); - - listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db2"), new Table("table1"))); - assertEquals("Privilege not assigned to role2 !!", 0, listPrivilegesByRoleName.size()); - - listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"), new Table("table1"))); - assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size()); - - listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db3"))); - assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size()); - - Set<String> listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, ActiveRoleSet.ALL, new Server("server"), new Database("db2")); - assertEquals("Privilege not correctly assigned to roles !!", - Sets.newHashSet("server=server->db=db2->table=table4->action=all", "server=server->db=db2->table=table3->action=all"), - listPrivilegesForProvider); - - listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, ActiveRoleSet.ALL, new Server("server"), new Database("db3")); - assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider); - - listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3")); - assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider); - - listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1")); - assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider); - } - - - - /** - * Create role, add privileges and grant it to a group drop the role and - * verify the privileges are no longer visible recreate the role with same - * name and verify the privileges again. - * @throws Exception - */ - @Test - public void testDropRole() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - String roleName = "admin_r"; - - // create role and add privileges - client.dropRoleIfExists(requestorUserName, roleName); - client.createRole(requestorUserName, roleName); - client.grantRoleToGroup(requestorUserName, ADMIN_GROUP, roleName); - client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); - client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL"); - assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, null, - ActiveRoleSet.ALL).size()); - - // drop role and verify privileges - client.dropRole(requestorUserName, roleName); - assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, - ActiveRoleSet.ALL).size()); - - // recreate the role - client.createRole(requestorUserName, roleName); - client.grantRoleToGroup(requestorUserName, ADMIN_GROUP, roleName); - assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, - ActiveRoleSet.ALL).size()); - - // grant different privileges and verify - client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); - assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, null, - ActiveRoleSet.ALL).size()); - client.dropRole(requestorUserName, roleName); - assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, - ActiveRoleSet.ALL).size()); - assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null, - ActiveRoleSet.ALL).size()); - } - - @Test - public void testDropRoleOnUser() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - Set<String> requestorUserNames = Sets.newHashSet(ADMIN_USER); - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - String roleName = "admin_r"; - - // create role and add privileges - client.dropRoleIfExists(requestorUserName, roleName); - client.createRole(requestorUserName, roleName); - client.grantRoleToUser(requestorUserName, ADMIN_USER, roleName); - client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); - client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL"); - assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, - ActiveRoleSet.ALL).size()); - - // drop role and verify privileges - client.dropRole(requestorUserName, roleName); - assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, - ActiveRoleSet.ALL).size()); - - // recreate the role - client.createRole(requestorUserName, roleName); - client.grantRoleToGroup(requestorUserName, ADMIN_GROUP, roleName); - assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, - ActiveRoleSet.ALL).size()); - - // grant different privileges and verify - client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); - assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, - ActiveRoleSet.ALL).size()); - client.dropRole(requestorUserName, roleName); - assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, - ActiveRoleSet.ALL).size()); - assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames, - ActiveRoleSet.ALL).size()); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceClientPool.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceClientPool.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceClientPool.java deleted file mode 100644 index 6c88955..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceClientPool.java +++ /dev/null @@ -1,111 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.api.service.thrift; - -import static org.junit.Assert.assertTrue; - -import java.security.PrivilegedExceptionAction; -import java.util.ArrayList; -import java.util.List; -import java.util.Set; -import java.util.concurrent.Callable; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.Future; -import java.util.concurrent.FutureTask; - -import org.apache.sentry.core.common.exception.SentryUserException; -import org.apache.sentry.service.thrift.SentryServiceFactory; -import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; -import org.junit.Test; - -import com.google.common.collect.Sets; - -public class TestSentryServiceClientPool extends SentryServiceIntegrationBase { - - @Test - public void testConnectionWhenReconnect() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - String roleName = "admin_r"; - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - - client.dropRoleIfExists(requestorUserName, roleName); - client.createRole(requestorUserName, roleName); - client.listAllRoles(requestorUserName); - stopSentryService(); - server = SentryServiceFactory.create(conf); - startSentryService(); - client.listAllRoles(requestorUserName); - client.dropRole(requestorUserName, roleName); - } - }); - } - - @Test - public void testConnectionWithMultipleRetries() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - List<Future<Boolean>> tasks = new ArrayList<Future<Boolean>>(); - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - String roleName = "admin_r"; - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - - client.dropRoleIfExists(requestorUserName, roleName); - client.createRole(requestorUserName, roleName); - - ExecutorService executorService = Executors.newFixedThreadPool(20); - - Callable<Boolean> func = new Callable<Boolean>() { - public Boolean call() throws Exception { - return clientUgi.doAs(new PrivilegedExceptionAction<Boolean>() { - @Override - public Boolean run() throws Exception { - try { - client.listAllRoles(ADMIN_USER); - return true; - } catch (SentryUserException sue) { - return false; - } - } - }); - } - }; - - for (int i = 0; i < 30; i++) { - FutureTask<Boolean> task = new FutureTask<Boolean>(func); - tasks.add(task); - executorService.submit(task); - } - - for (Future<Boolean> task : tasks) { - Boolean result = task.get(); - assertTrue("Some tasks are failed.", result); - } - } - }); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceFailureCase.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceFailureCase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceFailureCase.java deleted file mode 100644 index fa67f27..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceFailureCase.java +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.api.service.thrift; - -import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; -import org.apache.sentry.service.common.ServiceConstants.ServerConfig; -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Strings; - -public class TestSentryServiceFailureCase extends SentryServiceIntegrationBase { - private static final Logger LOGGER = LoggerFactory.getLogger(TestSentryServiceFailureCase.class); - private static final String PEER_CALLBACK_FAILURE = "Peer indicated failure: Problem with callback handler"; - - @BeforeClass - public static void setup() throws Exception { - kerberos = true; - beforeSetup(); - setupConf(); - conf.set(ServerConfig.ALLOW_CONNECT, ""); - startSentryService(); - afterSetup(); - } - - @Override - @Before - public void before() throws Exception { - } - - @Override - @After - public void after() { - } - - @Test - public void testClientServerConnectionFailure() throws Exception { - try { - connectToSentryService(); - String requestorUserName = ADMIN_USER; - client.listAllRoles(requestorUserName); - Assert.fail("Failed to receive Exception"); - } catch(Exception e) { - LOGGER.info("Excepted exception", e); - Throwable cause = e.getCause(); - if (cause == null) { - throw e; - } - String msg = "Exception message: " + cause.getMessage(); - Assert.assertTrue(msg, Strings.nullToEmpty(cause.getMessage()) - .contains(PEER_CALLBACK_FAILURE)); - } - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceForPoolWithKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceForPoolWithKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceForPoolWithKerberos.java deleted file mode 100644 index aa156f2..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceForPoolWithKerberos.java +++ /dev/null @@ -1,35 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless createRequired by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.api.service.thrift; - -import org.junit.BeforeClass; - -public class TestSentryServiceForPoolWithKerberos extends TestSentryServiceWithKerberos { - - @BeforeClass - public static void setup() throws Exception { - kerberos = true; - pooled = true; - beforeSetup(); - setupConf(); - startSentryService(); - afterSetup(); - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sentry/blob/7db84b2f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceImportExport.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceImportExport.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceImportExport.java deleted file mode 100644 index cf1fdab..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceImportExport.java +++ /dev/null @@ -1,751 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.api.service.thrift; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import java.util.Map; -import java.util.Set; - -import org.apache.sentry.core.common.utils.SentryConstants; -import org.apache.sentry.core.common.utils.PolicyFileConstants; -import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.Maps; -import com.google.common.collect.Sets; - -public class TestSentryServiceImportExport extends SentryServiceIntegrationBase { - - // define the privileges - public static String PRIVILIEGE1 = "server=server1"; - public static String PRIVILIEGE2 = "server=server1->action=select->grantoption=false"; - public static String PRIVILIEGE3 = "server=server1->db=db2->action=insert->grantoption=true"; - public static String PRIVILIEGE4 = "server=server1->db=db1->table=tbl1->action=insert"; - public static String PRIVILIEGE5 = "server=server1->db=db1->table=tbl2->column=col1->action=insert"; - public static String PRIVILIEGE6 = "server=server1->db=db1->table=tbl3->column=col1->action=*->grantoption=true"; - public static String PRIVILIEGE7 = "server=server1->db=db1->table=tbl4->column=col1->action=all->grantoption=true"; - public static String PRIVILIEGE8 = "server=server1->uri=hdfs://testserver:9999/path2->action=insert"; - public static String PRIVILIEGE9 = "server=server1->db=db2->table=tbl1->action=insert"; - - @BeforeClass - public static void setup() throws Exception { - kerberos = false; - setupConf(); - startSentryService(); - } - - @Before - public void preparePolicyFile() throws Exception { - super.before(); - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - } - - // Befor import, database is empty. - // The following information is imported: - // group1=role1,role2,role3 - // group2=role1,role2,role3 - // group3=role1,role2,role3 - // role1=privilege1,privilege2,privilege3,privilege4,privilege5,privilege6,privilege7,privilege8 - // role2=privilege1,privilege2,privilege3,privilege4,privilege5,privilege6,privilege7,privilege8 - // role3=privilege1,privilege2,privilege3,privilege4,privilege5,privilege6,privilege7,privilege8 - // Both import API importPolicy and export API exportPoicy are tested. - @Test - public void testImportExportPolicy1() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); - Set<String> roles = Sets.newHashSet("role1", "role2", "role3"); - groupRolesMap.put("group1", roles); - groupRolesMap.put("group2", roles); - groupRolesMap.put("group3", roles); - Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap(); - for (String roleName : roles) { - rolePrivilegesMap.put(roleName, Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, - PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - } - policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); - policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap); - client.importPolicy(policyFileMappingData, ADMIN_USER, false); - - Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER, null); - validateSentryMappingData(sentryMappingData, - policyFileMappingData); - } - }); - } - - // call import twice, and there has no duplicate data: - // The data for 1st import: - // group1=role1 - // role1=privilege1,privilege2,privilege3,privilege4 - // The data for 2nd import: - // group2=role2,role3 - // group3=role2,role3 - // role2=privilege5,privilege6,privilege7,privilege8 - // role3=privilege5,privilege6,privilege7,privilege8 - // Both import API importPolicy and export API exportPoicy are tested. - @Test - public void testImportExportPolicy2() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - Map<String, Map<String, Set<String>>> policyFileMappingData1 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap1 = Maps.newHashMap(); - groupRolesMap1.put("group1", Sets.newHashSet("role1")); - Map<String, Set<String>> rolePrivilegesMap1 = Maps.newHashMap(); - rolePrivilegesMap1.put("role1", - Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4)); - policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); - policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); - client.importPolicy(policyFileMappingData1, ADMIN_USER, false); - - Map<String, Map<String, Set<String>>> policyFileMappingData2 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap2 = Maps.newHashMap(); - groupRolesMap2.put("group2", Sets.newHashSet("role2", "role3")); - groupRolesMap2.put("group3", Sets.newHashSet("role2", "role3")); - Map<String, Set<String>> rolePrivilegesMap2 = Maps.newHashMap(); - rolePrivilegesMap2.put("role2", - Sets.newHashSet(PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - rolePrivilegesMap2.put("role3", - Sets.newHashSet(PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - policyFileMappingData2.put(PolicyFileConstants.GROUPS, groupRolesMap2); - policyFileMappingData2.put(PolicyFileConstants.ROLES, rolePrivilegesMap2); - client.importPolicy(policyFileMappingData2, ADMIN_USER, false); - - Map<String, Map<String, Set<String>>> exceptedMappingData = Maps.newHashMap(); - // for exceptedMappingData, combine policyFileMappingData1 and policyFileMappingData2 - exceptedMappingData.put(PolicyFileConstants.GROUPS, - policyFileMappingData1.get(PolicyFileConstants.GROUPS)); - exceptedMappingData.get(PolicyFileConstants.GROUPS).putAll( - policyFileMappingData2.get(PolicyFileConstants.GROUPS)); - exceptedMappingData.put(PolicyFileConstants.ROLES, - policyFileMappingData1.get(PolicyFileConstants.ROLES)); - exceptedMappingData.get(PolicyFileConstants.ROLES).putAll( - policyFileMappingData2.get(PolicyFileConstants.ROLES)); - - Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER, null); - validateSentryMappingData(sentryMappingData, exceptedMappingData); - } - }); - } - - // Call import twice, and there has overlapping groups - // The data for 1st import: - // group1=role1, role2 - // group2=role1, role2 - // group3=role1, role2 - // role1=privilege1,privilege2,privilege3,privilege4,privilege5 - // role2=privilege1,privilege2,privilege3,privilege4,privilege5 - // The data for 2nd import: - // group1=role2,role3 - // group2=role2,role3 - // group3=role2,role3 - // role2=privilege4,privilege5,privilege6,privilege7,privilege8 - // role3=privilege4,privilege5,privilege6,privilege7,privilege8 - // Both import API importPolicy and export API exportPoicy are tested. - @Test - public void testImportExportPolicy3() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - Map<String, Map<String, Set<String>>> policyFileMappingData1 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap1 = Maps.newHashMap(); - groupRolesMap1.put("group1", Sets.newHashSet("role1", "role2")); - groupRolesMap1.put("group2", Sets.newHashSet("role1", "role2")); - groupRolesMap1.put("group3", Sets.newHashSet("role1", "role2")); - Map<String, Set<String>> rolePrivilegesMap1 = Maps.newHashMap(); - rolePrivilegesMap1.put("role1", - Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE5)); - rolePrivilegesMap1.put("role2", - Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE5)); - policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); - policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); - client.importPolicy(policyFileMappingData1, ADMIN_USER, false); - - Map<String, Map<String, Set<String>>> policyFileMappingData2 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap2 = Maps.newHashMap(); - groupRolesMap2.put("group1", Sets.newHashSet("role2", "role3")); - groupRolesMap2.put("group2", Sets.newHashSet("role2", "role3")); - groupRolesMap2.put("group3", Sets.newHashSet("role2", "role3")); - Map<String, Set<String>> rolePrivilegesMap2 = Maps.newHashMap(); - rolePrivilegesMap2.put("role2", - Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - rolePrivilegesMap2.put("role3", - Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - policyFileMappingData2.put(PolicyFileConstants.GROUPS, groupRolesMap2); - policyFileMappingData2.put(PolicyFileConstants.ROLES, rolePrivilegesMap2); - client.importPolicy(policyFileMappingData2, ADMIN_USER, false); - - Map<String, Map<String, Set<String>>> exceptedMappingData = Maps.newHashMap(); - Map<String, Set<String>> exceptedRolesMap = Maps.newHashMap(); - exceptedRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3")); - exceptedRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3")); - exceptedRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3")); - Map<String, Set<String>> exceptedPrivilegesMap = Maps.newHashMap(); - exceptedPrivilegesMap.put("role1", - Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE5)); - exceptedPrivilegesMap.put("role2", Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, - PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - exceptedPrivilegesMap.put("role3", - Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - exceptedMappingData.put(PolicyFileConstants.GROUPS, exceptedRolesMap); - exceptedMappingData.put(PolicyFileConstants.ROLES, exceptedPrivilegesMap); - - Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER, null); - validateSentryMappingData(sentryMappingData, exceptedMappingData); - } - }); - } - - // Only mapping data for [group,role] is imported: - // group1=role1,role2 - @Test - public void testImportExportPolicy4() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); - Set<String> roles = Sets.newHashSet("role1", "role2"); - groupRolesMap.put("group1", roles); - Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap(); - policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); - policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap); - client.importPolicy(policyFileMappingData, ADMIN_USER, false); - - Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER, null); - validateSentryMappingData(sentryMappingData, - policyFileMappingData); - } - }); - } - - // call import twice, and there has no duplicate data, the import will be with the overwrite mode: - // The data for 1st import: - // group1=role1 - // role1=privilege1 - // The data for 2nd import: - // group2=role2,role3 - // group3=role2,role3 - // role2=privilege2 - // role3=privilege2 - // Both import API importSentryMetaData and export APIs getRolesMap, getGroupsMap, - // getPrivilegesList are tested. - @Test - public void testImportExportPolicy5() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - Map<String, Map<String, Set<String>>> policyFileMappingData1 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap1 = Maps.newHashMap(); - groupRolesMap1.put("group1", Sets.newHashSet("role1")); - Map<String, Set<String>> rolePrivilegesMap1 = Maps.newHashMap(); - rolePrivilegesMap1.put("role1", Sets.newHashSet(PRIVILIEGE1)); - policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); - policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); - client.importPolicy(policyFileMappingData1, ADMIN_USER, true); - - Map<String, Map<String, Set<String>>> policyFileMappingData2 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap2 = Maps.newHashMap(); - groupRolesMap2.put("group2", Sets.newHashSet("role2", "role3")); - groupRolesMap2.put("group3", Sets.newHashSet("role2", "role3")); - Map<String, Set<String>> rolePrivilegesMap2 = Maps.newHashMap(); - rolePrivilegesMap2.put("role2", Sets.newHashSet(PRIVILIEGE2)); - rolePrivilegesMap2.put("role3", Sets.newHashSet(PRIVILIEGE2)); - policyFileMappingData2.put(PolicyFileConstants.GROUPS, groupRolesMap2); - policyFileMappingData2.put(PolicyFileConstants.ROLES, rolePrivilegesMap2); - client.importPolicy(policyFileMappingData2, ADMIN_USER, true); - - Map<String, Map<String, Set<String>>> exceptedMappingData = Maps.newHashMap(); - Map<String, Set<String>> exceptedRolesMap = Maps.newHashMap(); - exceptedRolesMap.put("group1", Sets.newHashSet("role1")); - exceptedRolesMap.put("group2", Sets.newHashSet("role2", "role3")); - exceptedRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - Map<String, Set<String>> exceptedPrivilegesMap = Maps.newHashMap(); - exceptedPrivilegesMap.put("role1", Sets.newHashSet(PRIVILIEGE1)); - exceptedPrivilegesMap.put("role2", Sets.newHashSet(PRIVILIEGE2)); - exceptedPrivilegesMap.put("role3", Sets.newHashSet(PRIVILIEGE2)); - exceptedMappingData.put(PolicyFileConstants.GROUPS, exceptedRolesMap); - exceptedMappingData.put(PolicyFileConstants.ROLES, exceptedPrivilegesMap); - - Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER, null); - validateSentryMappingData(sentryMappingData, exceptedMappingData); - } - }); - } - - // call import twice, and there has data overlap, the import will be with the overwrite mode: - // The data for 1st import: - // group1=role1, role2 - // group2=role1, role2 - // group3=role1, role2 - // role1=privilege1,privilege2,privilege3,privilege4,privilege5 - // role2=privilege1,privilege2,privilege3,privilege4,privilege5 - // The data for 2nd import: - // group1=role2,role3 - // group2=role2,role3 - // group3=role2,role3 - // role2=privilege4,privilege5,privilege6,privilege7,privilege8 - // role3=privilege4,privilege5,privilege6,privilege7,privilege8 - // Both import API importSentryMetaData and export APIs getRolesMap, getGroupsMap, - // getPrivilegesList are tested. - @Test - public void testImportExportPolicy6() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - Map<String, Map<String, Set<String>>> policyFileMappingData1 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap1 = Maps.newHashMap(); - groupRolesMap1.put("group1", Sets.newHashSet("role1", "role2")); - groupRolesMap1.put("group2", Sets.newHashSet("role1", "role2")); - groupRolesMap1.put("group3", Sets.newHashSet("role1", "role2")); - Map<String, Set<String>> rolePrivilegesMap1 = Maps.newHashMap(); - rolePrivilegesMap1.put("role1", - Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE5)); - rolePrivilegesMap1.put("role2", - Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE5)); - policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); - policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); - client.importPolicy(policyFileMappingData1, ADMIN_USER, true); - - Map<String, Map<String, Set<String>>> policyFileMappingData2 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap2 = Maps.newHashMap(); - groupRolesMap2.put("group1", Sets.newHashSet("role2", "role3")); - groupRolesMap2.put("group2", Sets.newHashSet("role2", "role3")); - groupRolesMap2.put("group3", Sets.newHashSet("role2", "role3")); - Map<String, Set<String>> rolePrivilegesMap2 = Maps.newHashMap(); - rolePrivilegesMap2.put("role2", - Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - rolePrivilegesMap2.put("role3", - Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - policyFileMappingData2.put(PolicyFileConstants.GROUPS, groupRolesMap2); - policyFileMappingData2.put(PolicyFileConstants.ROLES, rolePrivilegesMap2); - client.importPolicy(policyFileMappingData2, ADMIN_USER, true); - - Map<String, Map<String, Set<String>>> exceptedMappingData = Maps.newHashMap(); - Map<String, Set<String>> exceptedRolesMap = Maps.newHashMap(); - exceptedRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3")); - exceptedRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3")); - exceptedRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3")); - Map<String, Set<String>> exceptedPrivilegesMap = Maps.newHashMap(); - exceptedPrivilegesMap.put("role1", - Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE5)); - exceptedPrivilegesMap.put("role2", - Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - exceptedPrivilegesMap.put("role3", - Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - exceptedMappingData.put(PolicyFileConstants.GROUPS, exceptedRolesMap); - exceptedMappingData.put(PolicyFileConstants.ROLES, exceptedPrivilegesMap); - - Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER, null); - validateSentryMappingData(sentryMappingData, exceptedMappingData); - } - }); - } - - // test the import privileges with the action: All, *, select, insert - // All and * should replace the select and insert - // The data for import: - // group1=role1, role2 - // role1=testPrivilege1,testPrivilege2,testPrivilege3,testPrivilege4 - // role2=testPrivilege5, testPrivilege6,testPrivilege7,testPrivilege8 - @Test - public void testImportExportPolicy7() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - String testPrivilege1 = "server=server1->db=db1->table=tbl1->action=select->grantoption=true"; - String testPrivilege2 = "server=server1->db=db1->table=tbl1->action=insert->grantoption=false"; - String testPrivilege3 = "server=server1->db=db1->table=tbl1->action=all->grantoption=true"; - String testPrivilege4 = "server=server1->db=db1->table=tbl1->action=insert->grantoption=true"; - String testPrivilege5 = "server=server1->db=db1->table=tbl2->action=select->grantoption=true"; - String testPrivilege6 = "server=server1->db=db1->table=tbl2->action=insert->grantoption=false"; - String testPrivilege7 = "server=server1->db=db1->table=tbl2->action=*->grantoption=true"; - String testPrivilege8 = "server=server1->db=db1->table=tbl2->action=insert->grantoption=true"; - - Map<String, Map<String, Set<String>>> policyFileMappingData1 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap1 = Maps.newHashMap(); - groupRolesMap1.put("group1", Sets.newHashSet("role1", "role2")); - Map<String, Set<String>> rolePrivilegesMap1 = Maps.newHashMap(); - rolePrivilegesMap1.put("role1", - Sets.newHashSet(testPrivilege1, testPrivilege2, testPrivilege3, testPrivilege4)); - rolePrivilegesMap1.put("role2", - Sets.newHashSet(testPrivilege5, testPrivilege6, testPrivilege7, testPrivilege8)); - policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); - policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); - client.importPolicy(policyFileMappingData1, ADMIN_USER, true); - - Map<String, Map<String, Set<String>>> exceptedMappingData = Maps.newHashMap(); - Map<String, Set<String>> exceptedRolesMap = Maps.newHashMap(); - exceptedRolesMap.put("group1", Sets.newHashSet("role1", "role2")); - Map<String, Set<String>> exceptedPrivilegesMap = Maps.newHashMap(); - exceptedPrivilegesMap.put("role1", Sets.newHashSet(testPrivilege2, testPrivilege3)); - exceptedPrivilegesMap.put("role2", Sets.newHashSet(testPrivilege6, testPrivilege7)); - exceptedMappingData.put(PolicyFileConstants.GROUPS, exceptedRolesMap); - exceptedMappingData.put(PolicyFileConstants.ROLES, exceptedPrivilegesMap); - - Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER, null); - validateSentryMappingData(sentryMappingData, exceptedMappingData); - } - }); - } - - // Call import twice, and there has overlapping actions, all and * should replace the select and - // insert - // The data for 1st import: - // group1=role1, role2 - // role1=privilege1(with select action),privilege2(with insert action) - // role2=privilege4(with select action),privilege5(with insert action) - // The data for 2nd import: - // group1=role1, role2 - // role1=privilege3(with all action) - // role2=privilege6(with * action) - @Test - public void testImportExportPolicy8() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - String testPrivilege1 = "server=server1->db=db1->table=tbl1->action=select->grantoption=true"; - String testPrivilege2 = "server=server1->db=db1->table=tbl1->action=insert->grantoption=true"; - String testPrivilege3 = "server=server1->db=db1->table=tbl1->action=all->grantoption=true"; - String testPrivilege4 = "server=server1->db=db1->table=tbl2->action=select->grantoption=true"; - String testPrivilege5 = "server=server1->db=db1->table=tbl2->action=insert->grantoption=true"; - String testPrivilege6 = "server=server1->db=db1->table=tbl2->action=*->grantoption=true"; - - Map<String, Map<String, Set<String>>> policyFileMappingData1 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap1 = Maps.newHashMap(); - groupRolesMap1.put("group1", Sets.newHashSet("role1", "role2")); - Map<String, Set<String>> rolePrivilegesMap1 = Maps.newHashMap(); - rolePrivilegesMap1.put("role1", Sets.newHashSet(testPrivilege1, testPrivilege2)); - rolePrivilegesMap1.put("role2", Sets.newHashSet(testPrivilege4, testPrivilege5)); - policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); - policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); - client.importPolicy(policyFileMappingData1, ADMIN_USER, false); - - Map<String, Map<String, Set<String>>> policyFileMappingData2 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap2 = Maps.newHashMap(); - groupRolesMap2.put("group1", Sets.newHashSet("role1", "role2")); - Map<String, Set<String>> rolePrivilegesMap2 = Maps.newHashMap(); - rolePrivilegesMap2.put("role1", Sets.newHashSet(testPrivilege3)); - rolePrivilegesMap2.put("role2", Sets.newHashSet(testPrivilege6)); - policyFileMappingData2.put(PolicyFileConstants.GROUPS, groupRolesMap2); - policyFileMappingData2.put(PolicyFileConstants.ROLES, rolePrivilegesMap2); - client.importPolicy(policyFileMappingData2, ADMIN_USER, false); - - Map<String, Map<String, Set<String>>> exceptedMappingData = policyFileMappingData2; - Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER, null); - // all and * should replace the select and insert - validateSentryMappingData(sentryMappingData, exceptedMappingData); - } - }); - } - - // test the user not in the admin group can't do the import/export - @Test - public void testImportExportPolicy9() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - Map<String, Map<String, Set<String>>> policyFileMappingData1 = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap1 = Maps.newHashMap(); - Map<String, Set<String>> rolePrivilegesMap1 = Maps.newHashMap(); - policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); - policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); - try { - client.importPolicy(policyFileMappingData1, "no-admin-user", false); - fail("non-admin can't do the import."); - } catch (Exception e) { - // excepted exception - } - - try { - client.exportPolicy("no-admin-user", null); - fail("non-admin can't do the export."); - } catch (Exception e) { - // excepted exception - } - } - }); - } - - // The following data is imported: - // group1=role1 - // group2=role1,role2 - // group3=role2,role3 - // group4=role1,role2,role3 - // role1=privilege3,privilege4,privilege9 - // role2=privilege3,privilege4,privilege5,privilege6,privilege7 - // role3=privilege4,privilege5,privilege6,privilege7,privilege8 - // Export APIs getRoleNameTPrivilegesMap, getGroupNameRoleNamesMap are tested. - @Test - public void testExportPolicyWithSpecificObject() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - // import the test data - Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); - groupRolesMap.put("group1", Sets.newHashSet("role1")); - groupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); - groupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - groupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); - Map<String, Set<String>> rolePrivilegesMap1 = Maps.newHashMap(); - rolePrivilegesMap1.put("role1", - Sets.newHashSet(PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE9)); - rolePrivilegesMap1.put("role2", - Sets.newHashSet(PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE5, - PRIVILIEGE6, PRIVILIEGE7)); - rolePrivilegesMap1.put("role3", - Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, - PRIVILIEGE7, PRIVILIEGE8)); - policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); - policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); - client.importPolicy(policyFileMappingData, ADMIN_USER, true); - - // verify the rolePrivilegesMap and groupRolesMap with null objectPath - Map<String, Map<String, Set<String>>> expectedMappingData = Maps.newHashMap(); - Map<String, Set<String>> expectedGroupRoles = Maps.newHashMap(); - expectedGroupRoles.put("group1", Sets.newHashSet("role1")); - expectedGroupRoles.put("group2", Sets.newHashSet("role1", "role2")); - expectedGroupRoles.put("group3", Sets.newHashSet("role2", "role3")); - expectedGroupRoles.put("group4", Sets.newHashSet("role1", "role2", "role3")); - Map<String, Set<String>> expectedRolePrivileges = Maps.newHashMap(); - expectedRolePrivileges.put("role1", Sets.newHashSet( - PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE9)); - expectedRolePrivileges.put("role2", Sets.newHashSet(PRIVILIEGE3, PRIVILIEGE4, - PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7)); - expectedRolePrivileges.put("role3", Sets.newHashSet(PRIVILIEGE4, - PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - expectedMappingData.put(PolicyFileConstants.GROUPS, expectedGroupRoles); - expectedMappingData.put(PolicyFileConstants.ROLES, expectedRolePrivileges); - - Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER, null); - validateSentryMappingData(sentryMappingData, expectedMappingData); - - // verify the rolePrivilegesMap and groupRolesMap with empty objectPath - expectedMappingData = Maps.newHashMap(); - expectedGroupRoles = Maps.newHashMap(); - expectedGroupRoles.put("group1", Sets.newHashSet("role1")); - expectedGroupRoles.put("group2", Sets.newHashSet("role1", "role2")); - expectedGroupRoles.put("group3", Sets.newHashSet("role2", "role3")); - expectedGroupRoles.put("group4", Sets.newHashSet("role1", "role2", "role3")); - expectedRolePrivileges = Maps.newHashMap(); - expectedRolePrivileges.put("role1", Sets.newHashSet( - PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE9)); - expectedRolePrivileges.put("role2", Sets.newHashSet(PRIVILIEGE3, PRIVILIEGE4, - PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7)); - expectedRolePrivileges.put("role3", Sets.newHashSet(PRIVILIEGE4, - PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); - expectedMappingData.put(PolicyFileConstants.GROUPS, expectedGroupRoles); - expectedMappingData.put(PolicyFileConstants.ROLES, expectedRolePrivileges); - - sentryMappingData = client.exportPolicy(ADMIN_USER, ""); - validateSentryMappingData(sentryMappingData, expectedMappingData); - - // verify the rolePrivilegesMap and groupRolesMap for db=db1 - expectedMappingData = Maps.newHashMap(); - expectedGroupRoles = Maps.newHashMap(); - expectedGroupRoles.put("group1", Sets.newHashSet("role1")); - expectedGroupRoles.put("group2", Sets.newHashSet("role1", "role2")); - expectedGroupRoles.put("group3", Sets.newHashSet("role2", "role3")); - expectedGroupRoles.put("group4", Sets.newHashSet("role1", "role2", "role3")); - expectedRolePrivileges = Maps.newHashMap(); - expectedRolePrivileges.put("role1", Sets.newHashSet(PRIVILIEGE4)); - expectedRolePrivileges.put("role2", Sets.newHashSet(PRIVILIEGE4, - PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7)); - expectedRolePrivileges.put("role3", Sets.newHashSet(PRIVILIEGE4, - PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7)); - expectedMappingData.put(PolicyFileConstants.GROUPS, expectedGroupRoles); - expectedMappingData.put(PolicyFileConstants.ROLES, expectedRolePrivileges); - - sentryMappingData = client.exportPolicy(ADMIN_USER, "db=db1"); - validateSentryMappingData(sentryMappingData, expectedMappingData); - - // verify the rolePrivilegesMap and groupRolesMap for db=db2 - expectedMappingData = Maps.newHashMap(); - expectedGroupRoles = Maps.newHashMap(); - expectedGroupRoles.put("group1", Sets.newHashSet("role1")); - expectedGroupRoles.put("group2", Sets.newHashSet("role1", "role2")); - expectedGroupRoles.put("group3", Sets.newHashSet("role2")); - expectedGroupRoles.put("group4", Sets.newHashSet("role1", "role2")); - expectedRolePrivileges = Maps.newHashMap(); - expectedRolePrivileges.put("role1", Sets.newHashSet(PRIVILIEGE3, PRIVILIEGE9)); - expectedRolePrivileges.put("role2", Sets.newHashSet(PRIVILIEGE3)); - expectedMappingData.put(PolicyFileConstants.GROUPS, expectedGroupRoles); - expectedMappingData.put(PolicyFileConstants.ROLES, expectedRolePrivileges); - - sentryMappingData = client.exportPolicy(ADMIN_USER, "db=db2"); - validateSentryMappingData(sentryMappingData, expectedMappingData); - - // verify the rolePrivilegesMap and groupRolesMap for db=db1->table=tbl1 - expectedMappingData = Maps.newHashMap(); - expectedGroupRoles = Maps.newHashMap(); - expectedGroupRoles.put("group1", Sets.newHashSet("role1")); - expectedGroupRoles.put("group2", Sets.newHashSet("role1", "role2")); - expectedGroupRoles.put("group3", Sets.newHashSet("role2", "role3")); - expectedGroupRoles.put("group4", Sets.newHashSet("role1", "role2", "role3")); - expectedRolePrivileges = Maps.newHashMap(); - expectedRolePrivileges.put("role1", Sets.newHashSet(PRIVILIEGE4)); - expectedRolePrivileges.put("role2", Sets.newHashSet(PRIVILIEGE4)); - expectedRolePrivileges.put("role3", Sets.newHashSet(PRIVILIEGE4)); - expectedMappingData.put(PolicyFileConstants.GROUPS, expectedGroupRoles); - expectedMappingData.put(PolicyFileConstants.ROLES, expectedRolePrivileges); - - sentryMappingData = client.exportPolicy(ADMIN_USER, "db=db1->table=tbl1"); - validateSentryMappingData(sentryMappingData, expectedMappingData); - - // verify the rolePrivilegesMap and groupRolesMap for db=db1->table=tbl2 - expectedMappingData = Maps.newHashMap(); - expectedGroupRoles = Maps.newHashMap(); - expectedGroupRoles.put("group2", Sets.newHashSet("role2")); - expectedGroupRoles.put("group3", Sets.newHashSet("role2", "role3")); - expectedGroupRoles.put("group4", Sets.newHashSet("role2", "role3")); - expectedRolePrivileges = Maps.newHashMap(); - expectedRolePrivileges.put("role2", Sets.newHashSet(PRIVILIEGE5)); - expectedRolePrivileges.put("role3", Sets.newHashSet(PRIVILIEGE5)); - expectedMappingData.put(PolicyFileConstants.GROUPS, expectedGroupRoles); - expectedMappingData.put(PolicyFileConstants.ROLES, expectedRolePrivileges); - - sentryMappingData = client.exportPolicy(ADMIN_USER, "db=db1->table=tbl2"); - validateSentryMappingData(sentryMappingData, expectedMappingData); - - // verify the rolePrivilegesMap and groupRolesMap for db=db1->table=tbl1 - expectedMappingData = Maps.newHashMap(); - expectedGroupRoles = Maps.newHashMap(); - expectedGroupRoles.put("group1", Sets.newHashSet("role1")); - expectedGroupRoles.put("group2", Sets.newHashSet("role1", "role2")); - expectedGroupRoles.put("group3", Sets.newHashSet("role2", "role3")); - expectedGroupRoles.put("group4", Sets.newHashSet("role1", "role2", "role3")); - expectedRolePrivileges = Maps.newHashMap(); - expectedRolePrivileges.put("role1", Sets.newHashSet(PRIVILIEGE4, PRIVILIEGE9)); - expectedRolePrivileges.put("role2", Sets.newHashSet(PRIVILIEGE4)); - expectedRolePrivileges.put("role3", Sets.newHashSet(PRIVILIEGE4)); - expectedMappingData.put(PolicyFileConstants.GROUPS, expectedGroupRoles); - expectedMappingData.put(PolicyFileConstants.ROLES, expectedRolePrivileges); - - sentryMappingData = client.exportPolicy(ADMIN_USER, "table=tbl1"); - validateSentryMappingData(sentryMappingData, expectedMappingData); - - // verify the invalid exportObject string - try { - client.exportPolicy(ADMIN_USER, "invalidString"); - fail("RuntimeException should be thrown."); - } catch (RuntimeException sue) { - // excepted exception - } - } - }); - } - - // Befor import, database is empty. - // The following information is imported: - // group1=role1,role2,role3 - // group2=role1,role2,role3 - // user1=role1,role2,role3 - // user2=role1,role2,role3 - // role1=privilege1,privilege2,privilege3,privilege4 - // role2=privilege1,privilege2,privilege3,privilege4 - // role3=privilege1,privilege2,privilege3,privilege4 - @Test - public void testImportExportPolicyWithUser() throws Exception { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); - Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); - Map<String, Set<String>> userRolesMap = Maps.newHashMap(); - Set<String> roles = Sets.newHashSet("role1", "role2", "role3"); - groupRolesMap.put("group1", roles); - groupRolesMap.put("group2", roles); - userRolesMap.put("user1", roles); - userRolesMap.put("user2", roles); - Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap(); - for (String roleName : roles) { - rolePrivilegesMap.put(roleName, Sets.newHashSet(PRIVILIEGE1, - PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4)); - } - policyFileMappingData.put(PolicyFileConstants.USER_ROLES, userRolesMap); - policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); - policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap); - client.importPolicy(policyFileMappingData, ADMIN_USER, false); - - Map<String, Map<String, Set<String>>> sentryMappingData = - client.exportPolicy(ADMIN_USER, null); - // validate the [user, role] mapping - validateRolesMap(sentryMappingData.get(PolicyFileConstants.USER_ROLES), - policyFileMappingData.get(PolicyFileConstants.USER_ROLES)); - validateSentryMappingData(sentryMappingData, - policyFileMappingData); - } - }); - } - - // verify the mapping data - public void validateSentryMappingData( - Map<String, Map<String, Set<String>>> actualMappingData, - Map<String, Map<String, Set<String>>> expectedMappingData) { - validateRolesMap(actualMappingData.get(PolicyFileConstants.GROUPS), - expectedMappingData.get(PolicyFileConstants.GROUPS)); - validateRolePrivilegesMap(actualMappingData.get(PolicyFileConstants.ROLES), - expectedMappingData.get(PolicyFileConstants.ROLES)); - } - - // verify the mapping data for [group,role] and [user,role] - private void validateRolesMap(Map<String, Set<String>> actualMap, - Map<String, Set<String>> expectedMap) { - assertEquals(expectedMap.keySet().size(), actualMap.keySet().size()); - for (String name : actualMap.keySet()) { - Set<String> actualRoles = actualMap.get(name); - Set<String> expectedRoles = expectedMap.get(name); - assertEquals(actualRoles.size(), expectedRoles.size()); - assertTrue(actualRoles.equals(expectedRoles)); - } - } - - // verify the mapping data for [role,privilege] - private void validateRolePrivilegesMap(Map<String, Set<String>> actualMap, - Map<String, Set<String>> expectedMap) { - assertEquals(expectedMap.keySet().size(), actualMap.keySet().size()); - for (String roleName : actualMap.keySet()) { - Set<String> actualPrivileges = actualMap.get(roleName); - Set<String> exceptedPrivileges = expectedMap.get(roleName); - assertEquals(exceptedPrivileges.size(), actualPrivileges.size()); - for (String actualPrivilege : actualPrivileges) { - boolean isFound = exceptedPrivileges.contains(actualPrivilege); - if (!isFound) { - String withOptionPrivilege = SentryConstants.AUTHORIZABLE_JOINER.join(actualPrivilege, - SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, - "false")); - isFound = exceptedPrivileges.contains(withOptionPrivilege); - } - assertTrue(isFound); - } - } - } -}
