Repository: incubator-sentry Updated Branches: refs/heads/master 0ec663f51 -> 437e6c4dc
SENTRY-354: Test for update.distrib phase overriding (Gregory Chanan via Vamsee Yarlagadda) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/437e6c4d Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/437e6c4d Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/437e6c4d Branch: refs/heads/master Commit: 437e6c4dc3fb963f81a82ee4ab653cd84e48005d Parents: 0ec663f Author: Vamsee <[email protected]> Authored: Fri Jul 25 14:40:29 2014 -0700 Committer: Vamsee <[email protected]> Committed: Fri Jul 25 14:40:29 2014 -0700 ---------------------------------------------------------------------- pom.xml | 2 +- .../e2e/solr/AbstractSolrSentryTestBase.java | 23 ++++++--- .../tests/e2e/solr/TestUpdateOperations.java | 54 ++++++++++++++++++++ .../solr/sentry/test-authz-provider.ini | 2 +- 4 files changed, 72 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/437e6c4d/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 2833cf0..0acf3f4 100644 --- a/pom.xml +++ b/pom.xml @@ -79,7 +79,7 @@ limitations under the License. <shiro.version>1.2.1</shiro.version> <slf4j.version>1.6.1</slf4j.version> <solr.version>4.8.0</solr.version> - <solr.sentry.handlers.version>4.4.0-cdh5.1.0-SNAPSHOT</solr.sentry.handlers.version> + <solr.sentry.handlers.version>4.4.0-cdh5.2.0-SNAPSHOT</solr.sentry.handlers.version> <zookeeper.version>3.4.5-cdh5.1.0-SNAPSHOT</zookeeper.version> <pig.version>0.12.0-cdh5.1.0-SNAPSHOT</pig.version> </properties> http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/437e6c4d/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java index ad9cf9b..6d2550b 100644 --- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java +++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java @@ -724,16 +724,13 @@ public class AbstractSolrSentryTestBase { } /** - * Make a raw http request + * Make a raw http request to specific cluster node. Node is of the format + * host:port/context, i.e. "localhost:8983/solr" */ - protected String makeHttpRequest(CloudSolrServer server, String httpMethod, + protected String makeHttpRequest(CloudSolrServer server, String node, String httpMethod, String path, byte [] content, String contentType) throws Exception { HttpClient httpClient = server.getLbServer().getHttpClient(); - Set<String> liveNodes = - server.getZkStateReader().getClusterState().getLiveNodes(); - assertTrue("Expected at least one live node", !liveNodes.isEmpty()); - String firstServer = liveNodes.toArray(new String[0])[0].replace("_solr", "/solr"); - URI uri = new URI("http://"; + firstServer + path); + URI uri = new URI("http://"; + node + path); HttpRequestBase method = null; if ("GET".equals(httpMethod)) { method = new HttpGet(uri); @@ -785,6 +782,18 @@ public class AbstractSolrSentryTestBase { return retValue; } + /** + * Make a raw http request (not specifying cluster node) + */ + protected String makeHttpRequest(CloudSolrServer server, String httpMethod, + String path, byte [] content, String contentType) throws Exception { + Set<String> liveNodes = + server.getZkStateReader().getClusterState().getLiveNodes(); + assertTrue("Expected at least one live node", !liveNodes.isEmpty()); + String firstServer = liveNodes.toArray(new String[0])[0].replace("_solr", "/solr"); + return makeHttpRequest(server, firstServer, httpMethod, path, content, contentType); + } + protected static void waitForRecoveriesToFinish(String collection, CloudSolrServer solrServer, boolean verbose) throws Exception { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/437e6c4d/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java index b439a91..2b246b5 100644 --- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java +++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java @@ -21,9 +21,13 @@ import org.slf4j.LoggerFactory; import org.junit.Test; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import org.apache.solr.update.processor.DistributedUpdateProcessor.DistribPhase; import org.apache.solr.client.solrj.impl.CloudSolrServer; +import org.apache.solr.common.cloud.ClusterState; +import org.apache.solr.common.cloud.Slice; import java.io.File; import java.io.PrintWriter; @@ -111,4 +115,54 @@ public class TestUpdateOperations extends AbstractSolrSentryTestBase { server.shutdown(); } } + + private void checkUpdateDistribPhase(CloudSolrServer server, String collectionName, + String userName, DistribPhase distribPhase) throws Exception { + String path = "/" + collectionName + "/update?commit=true"; + String updateDistribParam=""; + if (distribPhase != null) { + updateDistribParam = distribPhase.toString(); + path += "&update.distrib="+updateDistribParam; + } + String docId = "testUpdateDistribDoc"+updateDistribParam; + String body = "<add><doc><field name=\"id\">"+docId+"</field></doc></add>"; + + String node = null; + ClusterState clusterState = server.getZkStateReader().getClusterState(); + for (Slice slice : clusterState.getActiveSlices(collectionName)) { + if(slice.getRange().includes(docId.hashCode())) { + node = slice.getLeader().getNodeName().replace("_solr", "/solr"); + } + } + assertNotNull("Expected to find leader node for document", node); + + String ret = makeHttpRequest(server, node, "POST", path, body.getBytes("UTF-8"), "text/xml"); + assertTrue("Expected sentry exception", + ret.contains("SentrySolrAuthorizationException: " + + "User " + userName + " does not have privileges for " + collectionName)); + } + + @Test + public void testUpdateDistribPhase() throws Exception { + final String collectionName = "testUpdateDistribPhase"; + final String userName = "junit"; + // Upload configs to ZK + uploadConfigDirToZk(RESOURCES_DIR + File.separator + DEFAULT_COLLECTION + + File.separator + "conf"); + setupCollection(collectionName); + + setAuthenticationUser(userName); + CloudSolrServer server = getCloudSolrServer(collectionName); + try { + // ensure user can't update collection + checkUpdateDistribPhase(server, collectionName, userName, null); + + // now, try to update collection, setting update.distrib to possible values + for ( DistribPhase phase : DistribPhase.values() ) { + checkUpdateDistribPhase(server, collectionName, userName, phase); + } + } finally { + server.shutdown(); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/437e6c4d/sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini b/sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini index 702cd5a..34a030d 100644 --- a/sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini +++ b/sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini @@ -31,7 +31,7 @@ admin_all_group = admin_all_role [roles] junit_role = collection=admin, collection=collection1, collection=docLevelCollection, collection=allRolesCollection, collection=testUpdateDeleteOperations docLevel_role = collection=docLevelCollection, collection=testUpdateDeleteOperations -admin_role = collection=admin, collection=collection1, collection=sentryCollection, collection=sentryCollection_underlying1, collection=sentryCollection_underlying2, collection=docLevelCollection, collection=allRolesCollection, collection=testInvariantCollection, collection=testUpdateDeleteOperations, collection=testIndexlevelDoclevelOperations +admin_role = collection=admin, collection=collection1, collection=sentryCollection, collection=sentryCollection_underlying1, collection=sentryCollection_underlying2, collection=docLevelCollection, collection=allRolesCollection, collection=testInvariantCollection, collection=testUpdateDeleteOperations, collection=testIndexlevelDoclevelOperations, collection=testUpdateDistribPhase sentryCollection_query_role = collection=sentryCollection->action=query sentryCollection_update_role = collection=sentryCollection->action=update sentryCollection_query_update_role = collection=sentryCollection->action=query, collection=sentryCollection->action=update
