Repository: incubator-sentry Updated Branches: refs/heads/master f741870c2 -> b8fd11f4c
SENTRY-290: Handle null pointer in SentryPolicyProcessor(Arun Suresh via Sravya Tirukkovalur) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/b8fd11f4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/b8fd11f4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/b8fd11f4 Branch: refs/heads/master Commit: b8fd11f4cb2ce66bee1a506439d16ada5350d956 Parents: f741870 Author: Sravya Tirukkovalur <[email protected]> Authored: Tue Jun 10 17:18:14 2014 -0700 Committer: Sravya Tirukkovalur <[email protected]> Committed: Tue Jun 10 17:18:14 2014 -0700 ---------------------------------------------------------------------- .../thrift/SentryPolicyStoreProcessor.java | 2 +- .../thrift/TestSentryServerWithoutKerberos.java | 72 ++++++++++++++++++- .../thrift/TestSentryServiceIntegration.java | 75 ++------------------ 3 files changed, 77 insertions(+), 72 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b8fd11f4/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java index b324b43..097056b 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java @@ -384,7 +384,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { Set<String> privilegesForProvider = sentryStore.listSentryPrivilegesForProvider( request.getGroups(), request.getRoleSet(), request.getAuthorizableHierarchy()); response.setPrivileges(privilegesForProvider); - if ((privilegesForProvider == null)||(privilegesForProvider.size() == 0)) { + if (((privilegesForProvider == null)||(privilegesForProvider.size() == 0))&&(request.getAuthorizableHierarchy() != null)) { if (sentryStore.hasAnyServerPrivileges( request.getGroups(), request.getRoleSet(), request.getAuthorizableHierarchy().getServer())) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b8fd11f4/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java index 98784fd..9f89302 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java @@ -17,17 +17,24 @@ */ package org.apache.sentry.provider.db.service.thrift; +import static junit.framework.Assert.assertEquals; import static org.junit.Assert.assertEquals; +import java.util.HashSet; import java.util.Set; +import junit.framework.Assert; + import org.apache.sentry.core.common.ActiveRoleSet; +import org.apache.sentry.core.model.db.Database; +import org.apache.sentry.core.model.db.Server; +import org.apache.sentry.core.model.db.Table; import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; import org.junit.Test; +import com.google.common.collect.Lists; import com.google.common.collect.Sets; - public class TestSentryServerWithoutKerberos extends SentryServiceIntegrationBase { @Override @@ -46,6 +53,69 @@ public class TestSentryServerWithoutKerberos extends SentryServiceIntegrationBas client.createRole(requestorUserName, roleName); client.dropRole(requestorUserName, roleName); } + + @Test + public void testQueryPushDown() throws Exception { + String requestorUserName = ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + + String roleName1 = "admin_r1"; + String roleName2 = "admin_r2"; + + String group1 = "g1"; + String group2 = "g2"; + + client.dropRoleIfExists(requestorUserName, roleName1); + client.createRole(requestorUserName, roleName1); + client.grantRoleToGroup(requestorUserName, group1, roleName1); + + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL"); + + + client.dropRoleIfExists(requestorUserName, roleName2); + client.createRole(requestorUserName, roleName2); + client.grantRoleToGroup(requestorUserName, group1, roleName2); + client.grantRoleToGroup(requestorUserName, group2, roleName2); + + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL"); + client.grantTablePrivilege(requestorUserName, roleName2, "server", "db3", "table5", "ALL"); + + Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"))); + assertEquals("Privilege not assigned to role2 !!", 2, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db2"), new Table("table1"))); + assertEquals("Privilege not assigned to role2 !!", 0, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"), new Table("table1"))); + assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size()); + + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db3"))); + assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size()); + + Set<String> listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), ActiveRoleSet.ALL, new Server("server"), new Database("db2")); + Assert.assertEquals("Privilege not correctly assigned to roles !!", + Sets.newHashSet("server=server->db=db2->table=table4->action=ALL", "server=server->db=db2->table=table3->action=ALL"), + listPrivilegesForProvider); + + listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), ActiveRoleSet.ALL, new Server("server"), new Database("db3")); + Assert.assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=ALL"), listPrivilegesForProvider); + + listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3")); + Assert.assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider); + + listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1")); + Assert.assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider); + } + + /** * Create role, add privileges and grant it to a group drop the role and http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/b8fd11f4/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java index d180430..f0bf127 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java @@ -18,22 +18,16 @@ package org.apache.sentry.provider.db.service.thrift; -import com.google.common.collect.Lists; -import com.google.common.collect.Sets; +import static junit.framework.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import java.util.Set; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.model.db.Database; -import org.apache.sentry.core.model.db.Server; -import org.apache.sentry.core.model.db.Table; import org.apache.sentry.provider.db.service.persistent.SentryStore; import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; import org.junit.Test; -import java.util.HashSet; -import java.util.Set; - -import static junit.framework.Assert.assertEquals; -import static org.junit.Assert.assertTrue; +import com.google.common.collect.Sets; public class TestSentryServiceIntegration extends SentryServiceIntegrationBase { @@ -59,65 +53,6 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase { client.dropRole(requestorUserName, roleName); } - @Test - public void testQueryPushDown() throws Exception { - String requestorUserName = ADMIN_USER; - Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); - setLocalGroupMapping(requestorUserName, requestorUserGroupNames); - writePolicyFile(); - - String roleName1 = "admin_r1"; - String roleName2 = "admin_r2"; - - String group1 = "g1"; - String group2 = "g2"; - - client.dropRoleIfExists(requestorUserName, roleName1); - client.createRole(requestorUserName, roleName1); - client.grantRoleToGroup(requestorUserName, group1, roleName1); - - client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL"); - - - client.dropRoleIfExists(requestorUserName, roleName2); - client.createRole(requestorUserName, roleName2); - client.grantRoleToGroup(requestorUserName, group1, roleName2); - client.grantRoleToGroup(requestorUserName, group2, roleName2); - - client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL"); - client.grantTablePrivilege(requestorUserName, roleName2, "server", "db3", "table5", "ALL"); - - Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"))); - assertEquals("Privilege not assigned to role2 !!", 2, listPrivilegesByRoleName.size()); - - listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db2"), new Table("table1"))); - assertEquals("Privilege not assigned to role2 !!", 0, listPrivilegesByRoleName.size()); - - listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"), new Table("table1"))); - assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size()); - - listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db3"))); - assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size()); - - Set<String> listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), ActiveRoleSet.ALL, new Server("server"), new Database("db2")); - assertEquals("Privilege not correctly assigned to roles !!", - Sets.newHashSet("server=server->db=db2->table=table4->action=ALL", "server=server->db=db2->table=table3->action=ALL"), - listPrivilegesForProvider); - - listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), ActiveRoleSet.ALL, new Server("server"), new Database("db3")); - assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=ALL"), listPrivilegesForProvider); - - listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3")); - assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider); - } - - @Test public void testGranRevokePrivilegeOnTableForRole() throws Exception {
