Repository: incubator-sentry Updated Branches: refs/heads/master a337480eb -> 0e07e9bf9
SENTRY-177: Sentry Policy Service does not treat role names as case insensitive (Sravya Tirukkovalur via Prasad Mujumdar) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/0e07e9bf Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/0e07e9bf Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/0e07e9bf Branch: refs/heads/master Commit: 0e07e9bf90a6101d13135d94d82a3dfc55b63151 Parents: a337480 Author: Prasad Mujumdar <[email protected]> Authored: Tue Apr 22 09:15:26 2014 -0700 Committer: Prasad Mujumdar <[email protected]> Committed: Tue Apr 22 09:15:26 2014 -0700 ---------------------------------------------------------------------- .../db/service/persistent/SentryStore.java | 55 ++++++++++---------- .../db/service/persistent/TestSentryStore.java | 46 ++++++++++++---- 2 files changed, 63 insertions(+), 38 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0e07e9bf/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java index ac6c6f7..33c8d1a 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java @@ -18,23 +18,13 @@ package org.apache.sentry.provider.db.service.persistent; -import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_JOINER; -import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER; - -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Properties; -import java.util.Set; -import java.util.UUID; - -import javax.jdo.JDOHelper; -import javax.jdo.PersistenceManager; -import javax.jdo.PersistenceManagerFactory; -import javax.jdo.Query; -import javax.jdo.Transaction; - +import com.google.common.annotations.VisibleForTesting; +import com.google.common.base.Preconditions; +import com.google.common.base.Strings; +import com.google.common.collect.HashMultimap; +import com.google.common.collect.Lists; +import com.google.common.collect.SetMultimap; +import com.google.common.collect.Sets; import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.model.db.AccessConstants; @@ -50,16 +40,24 @@ import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet; import org.apache.sentry.provider.db.service.thrift.TSentryGroup; import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; import org.apache.sentry.provider.db.service.thrift.TSentryRole; -import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; +import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; -import com.google.common.annotations.VisibleForTesting; -import com.google.common.base.Preconditions; -import com.google.common.base.Strings; -import com.google.common.collect.HashMultimap; -import com.google.common.collect.Lists; -import com.google.common.collect.SetMultimap; -import com.google.common.collect.Sets; +import javax.jdo.JDOHelper; +import javax.jdo.PersistenceManager; +import javax.jdo.PersistenceManagerFactory; +import javax.jdo.Query; +import javax.jdo.Transaction; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.Set; +import java.util.UUID; + +import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_JOINER; +import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER; /** * SentryStore is the data access object for Sentry data. Strings @@ -238,6 +236,7 @@ public class SentryStore { TSentryPrivilege tPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException { boolean rollbackTransaction = true; PersistenceManager pm = null; + roleName = roleName.trim().toLowerCase(); try { pm = openTransaction(); Query query = pm.newQuery(MSentryRole.class); @@ -424,6 +423,7 @@ public class SentryStore { throws SentryNoSuchObjectException { boolean rollbackTransaction = true; PersistenceManager pm = null; + roleName = roleName.trim().toLowerCase(); try { pm = openTransaction(); Query query = pm.newQuery(MSentryRole.class); @@ -440,9 +440,10 @@ public class SentryStore { query.setUnique(true); List<MSentryGroup> groups = Lists.newArrayList(); for (TSentryGroup tGroup : groupNames) { - MSentryGroup group = (MSentryGroup) query.execute(tGroup.getGroupName()); + String groupName = tGroup.getGroupName().trim().toLowerCase(); + MSentryGroup group = (MSentryGroup) query.execute(groupName); if (group == null) { - group = new MSentryGroup(tGroup.getGroupName(), System.currentTimeMillis(), + group = new MSentryGroup(groupName, System.currentTimeMillis(), grantorPrincipal, Sets.newHashSet(role)); } group.appendRole(role); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0e07e9bf/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java index 40b9460..7f3415e 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java @@ -18,14 +18,9 @@ package org.apache.sentry.provider.db.service.persistent; -import static junit.framework.Assert.assertEquals; -import static junit.framework.Assert.fail; - -import java.io.File; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - +import com.google.common.collect.Iterables; +import com.google.common.collect.Sets; +import com.google.common.io.Files; import org.apache.commons.io.FileUtils; import org.apache.hadoop.conf.Configuration; import org.apache.sentry.core.model.db.AccessConstants; @@ -41,9 +36,13 @@ import org.junit.After; import org.junit.Before; import org.junit.Test; -import com.google.common.collect.Iterables; -import com.google.common.collect.Sets; -import com.google.common.io.Files; +import java.io.File; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import static junit.framework.Assert.assertEquals; +import static junit.framework.Assert.fail; public class TestSentryStore { @@ -68,6 +67,31 @@ public class TestSentryStore { FileUtils.deleteQuietly(dataDir); } } + @Test + public void testCaseInsensitiveRoleAndGroups() throws Exception { + String roleName = "newRole"; + String grantor = "g1"; + Set<TSentryGroup> groups = Sets.newHashSet(); + TSentryGroup group = new TSentryGroup(); + group.setGroupName("test-groups-g1"); + groups.add(group); + + TSentryPrivilege privilege = new TSentryPrivilege(); + privilege.setPrivilegeScope("TABLE"); + privilege.setServerName("server1"); + privilege.setDbName("default"); + privilege.setTableName("table1"); + privilege.setAction(AccessConstants.ALL); + privilege.setGrantorPrincipal(grantor); + privilege.setCreateTime(System.currentTimeMillis()); + privilege.setPrivilegeName(SentryStore.constructPrivilegeName(privilege)); + + long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId(); + assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId()); + assertEquals(seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups).getSequenceId()); + assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege).getSequenceId()); + assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege).getSequenceId()); + } @Test public void testCreateDuplicateRole() throws Exception {
