Repository: incubator-sentry Updated Branches: refs/heads/sentry-hdfs-sync 0eb6645e8 -> f60a7c595
SENTRY-432: Rebase diff on master Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/f60a7c59 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/f60a7c59 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/f60a7c59 Branch: refs/heads/sentry-hdfs-sync Commit: f60a7c5954524421436b8a3b896e3b110afcd3b3 Parents: 0eb6645 Author: Sravya Tirukkovalur <[email protected]> Authored: Tue Sep 16 14:20:51 2014 -0700 Committer: Sravya Tirukkovalur <[email protected]> Committed: Tue Sep 16 14:20:51 2014 -0700 ---------------------------------------------------------------------- .../hdfs/SentryAuthorizationProvider.java | 288 ++++------ .../hdfs/TestSentryAuthorizationProvider.java | 2 +- .../org/apache/sentry/hdfs/DummyAdapter.java | 39 -- .../apache/sentry/hdfs/DummyAuthzSource.java | 60 --- .../org/apache/sentry/hdfs/DummyHMSClient.java | 79 --- .../sentry/hdfs/TestAuthzPathCacheOld.java | 523 ------------------- .../apache/sentry/hdfs/TestAuthzPermCache.java | 64 --- .../db/service/persistent/SentryStore.java | 4 +- .../thrift/SentryPolicyStoreProcessor.java | 4 +- 9 files changed, 103 insertions(+), 960 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java b/sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java index 2375d1b..ebd063f 100644 --- a/sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java +++ b/sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java @@ -17,26 +17,21 @@ */ package org.apache.sentry.hdfs; -import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import java.util.Map; -import java.util.Set; import org.apache.hadoop.conf.Configurable; import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.UnresolvedLinkException; import org.apache.hadoop.fs.permission.AclEntry; import org.apache.hadoop.fs.permission.AclEntryScope; import org.apache.hadoop.fs.permission.AclEntryType; -import org.apache.hadoop.fs.permission.FsAction; import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.hdfs.server.namenode.AclFeature; -import org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider; -import org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider; -import org.apache.hadoop.security.AccessControlException; +import org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider; +import org.apache.hadoop.hdfs.server.namenode.INodeAttributes; +import org.apache.hadoop.hdfs.server.namenode.XAttrFeature; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -44,7 +39,7 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.ImmutableList; public class SentryAuthorizationProvider - implements AuthorizationProvider, Configurable { + extends INodeAttributeProvider implements Configurable { static class SentryAclFeature extends AclFeature { public SentryAclFeature(ImmutableList<AclEntry> entries) { @@ -57,10 +52,9 @@ public class SentryAuthorizationProvider private boolean started; private Configuration conf; - private AuthorizationProvider defaultAuthzProvider; private String user; private String group; - private FsPermission permission; + private short permission; private boolean originalAuthzAsAcl; private SentryAuthorizationInfo authzInfo; @@ -94,8 +88,6 @@ public class SentryAuthorizationProvider throw new RuntimeException("HDFS ACLs must be enabled"); } - defaultAuthzProvider = new DefaultAuthorizationProvider(); - defaultAuthzProvider.start(); // Configuration is read from hdfs-sentry.xml and NN configuration, in // that order of precedence. Configuration conf = new Configuration(this.conf); @@ -104,10 +96,9 @@ public class SentryAuthorizationProvider SentryAuthorizationConstants.HDFS_USER_DEFAULT); group = conf.get(SentryAuthorizationConstants.HDFS_GROUP_KEY, SentryAuthorizationConstants.HDFS_GROUP_DEFAULT); - permission = FsPermission.createImmutable( - (short) conf.getLong(SentryAuthorizationConstants.HDFS_PERMISSION_KEY, - SentryAuthorizationConstants.HDFS_PERMISSION_DEFAULT) - ); + permission = (short) conf.getLong( + SentryAuthorizationConstants.HDFS_PERMISSION_KEY, + SentryAuthorizationConstants.HDFS_PERMISSION_DEFAULT); originalAuthzAsAcl = conf.getBoolean( SentryAuthorizationConstants.INCLUDE_HDFS_AUTHZ_AS_ACL_KEY, SentryAuthorizationConstants.INCLUDE_HDFS_AUTHZ_AS_ACL_DEFAULT); @@ -130,142 +121,104 @@ public class SentryAuthorizationProvider public synchronized void stop() { LOG.debug("Stopping"); authzInfo.stop(); - defaultAuthzProvider.stop(); - defaultAuthzProvider = null; } - @Override - public void setSnaphottableDirs(Map<INodeAuthorizationInfo, Integer> - snapshotableDirs) { - defaultAuthzProvider.setSnaphottableDirs(snapshotableDirs); - } - - @Override - public void addSnapshottable(INodeAuthorizationInfo dir) { - defaultAuthzProvider.addSnapshottable(dir); - } - - @Override - public void removeSnapshottable(INodeAuthorizationInfo dir) { - defaultAuthzProvider.removeSnapshottable(dir); - } + private static final AclFeature EMPTY_ACL_FEATURE = + new AclFeature(AclFeature.EMPTY_ENTRY_LIST); + + private class INodeAttributesX implements INodeAttributes { + private boolean useDefault; + private INodeAttributes node; + private AclFeature aclFeature; + + public INodeAttributesX(boolean useDefault, INodeAttributes node, + AclFeature aclFeature) { + this.node = node; + this.useDefault = useDefault; + this.aclFeature = aclFeature; + } + + @Override + public boolean isDirectory() { + return node.isDirectory(); + } - @Override - public void createSnapshot(INodeAuthorizationInfo dir, int snapshotId) - throws IOException{ - defaultAuthzProvider.createSnapshot(dir, snapshotId); - } + @Override + public byte[] getLocalNameBytes() { + return node.getLocalNameBytes(); + } - @Override - public void removeSnapshot(INodeAuthorizationInfo dir, int snapshotId) - throws IOException { - defaultAuthzProvider.removeSnapshot(dir, snapshotId); - } + public String getUserName() { + return (useDefault) ? node.getUserName() : user; + } - @Override - public void checkPermission(String user, Set<String> groups, - INodeAuthorizationInfo[] inodes, int snapshotId, - boolean doCheckOwner, FsAction ancestorAccess, FsAction parentAccess, - FsAction access, FsAction subAccess, boolean ignoreEmptyDir) - throws AccessControlException, UnresolvedLinkException { - defaultAuthzProvider.checkPermission(user, groups, inodes, snapshotId, - doCheckOwner, ancestorAccess, parentAccess, access, subAccess, - ignoreEmptyDir); - } + @Override + public String getGroupName() { + return (useDefault) ? node.getGroupName() : group; + } - private static final String[] EMPTY_STRING_ARRAY = new String[0]; - - private String[] getPathElements(INodeAuthorizationInfo node) { - return getPathElements(node, 0); - } + @Override + public FsPermission getFsPermission() { + return (useDefault) ? node.getFsPermission() + : new FsPermission(getFsPermissionShort()); + } - private String[] getPathElements(INodeAuthorizationInfo node, int idx) { - String[] paths; - INodeAuthorizationInfo parent = node.getParent(); - if (parent == null) { - paths = (idx > 0) ? new String[idx] : EMPTY_STRING_ARRAY; - } else { - paths = getPathElements(parent, idx + 1); - paths[paths.length - 1 - idx] = node.getLocalName(); + @Override + public short getFsPermissionShort() { + return (useDefault) ? node.getFsPermissionShort() + : (short) getPermissionLong(); } - return paths; - } - @Override - public void setUser(INodeAuthorizationInfo node, String user) { - defaultAuthzProvider.setUser(node, user); - } + @Override + public long getPermissionLong() { + return (useDefault) ? node.getPermissionLong() : permission; + } - @Override - public String getUser(INodeAuthorizationInfo node, int snapshotId) { - String user; - String[] pathElements = getPathElements(node); - if (!authzInfo.isManaged(pathElements)) { - user = defaultAuthzProvider.getUser(node, snapshotId); - } else { - if (!authzInfo.isStale()) { - if (authzInfo.doesBelongToAuthzObject(pathElements)) { - user = this.user; - } else { - user = defaultAuthzProvider.getUser(node, snapshotId); + @Override + public AclFeature getAclFeature() { + AclFeature feature; + if (useDefault) { + feature = node.getAclFeature(); + if (feature == null) { + feature = EMPTY_ACL_FEATURE; } } else { - user = this.user; + feature = aclFeature; } + return feature; } - return user; - } - @Override - public void setGroup(INodeAuthorizationInfo node, String group) { - defaultAuthzProvider.setGroup(node, group); - } + @Override + public XAttrFeature getXAttrFeature() { + return node.getXAttrFeature(); + } - @Override - public String getGroup(INodeAuthorizationInfo node, int snapshotId) { - String group; - String[] pathElements = getPathElements(node); - if (!authzInfo.isManaged(pathElements)) { - group = defaultAuthzProvider.getGroup(node, snapshotId); - } else { - if (!authzInfo.isStale()) { - if (authzInfo.doesBelongToAuthzObject(pathElements)) { - group = this.group; - } else { - group = defaultAuthzProvider.getGroup(node, snapshotId); - } - } else { - group = this.group; - } + @Override + public long getModificationTime() { + return node.getModificationTime(); } - return group; - } - @Override - public void setPermission(INodeAuthorizationInfo node, - FsPermission permission) { - defaultAuthzProvider.setPermission(node, permission); + @Override + public long getAccessTime() { + return node.getAccessTime(); + } } - + @Override - public FsPermission getFsPermission( - INodeAuthorizationInfo node, int snapshotId) { - FsPermission permission; - String[] pathElements = getPathElements(node); - if (!authzInfo.isManaged(pathElements)) { - permission = defaultAuthzProvider.getFsPermission(node, snapshotId); - } else { - if (!authzInfo.isStale()) { + public INodeAttributes getAttributes(String[] pathElements, + INodeAttributes node) { + if (authzInfo.isManaged(pathElements)) { + boolean stale = authzInfo.isStale(); + AclFeature aclFeature = getAclFeature(pathElements, node, stale); + if (!stale) { if (authzInfo.doesBelongToAuthzObject(pathElements)) { - permission = this.permission; - } else { - permission = defaultAuthzProvider.getFsPermission(node, snapshotId); + node = new INodeAttributesX(false, node, aclFeature); } } else { - permission = this.permission; + node = new INodeAttributesX(true, node, aclFeature); } } - return permission; + return node; } private List<AclEntry> createAclEntries(String user, String group, @@ -291,50 +244,30 @@ public class SentryAuthorizationProvider return list; } - @Override - public AclFeature getAclFeature(INodeAuthorizationInfo node, int snapshotId) { + public AclFeature getAclFeature(String[] pathElements, INodeAttributes node, + boolean stale) { AclFeature f = null; - String[] pathElements = getPathElements(node); String p = Arrays.toString(pathElements); - boolean isManaged = false; - boolean isStale = false; boolean hasAuthzObj = false; - if (!authzInfo.isManaged(pathElements)) { - isManaged = false; - f = defaultAuthzProvider.getAclFeature(node, snapshotId); - } else { - isManaged = true; - List<AclEntry> list = new ArrayList<AclEntry>(); - if (originalAuthzAsAcl) { - String user = defaultAuthzProvider.getUser(node, snapshotId); - String group = defaultAuthzProvider.getGroup(node, snapshotId); - INodeAuthorizationInfo pNode = node.getParent(); - while (group == null || pNode != null) { - group = defaultAuthzProvider.getGroup(pNode, snapshotId); - pNode = pNode.getParent(); - } - FsPermission perm = defaultAuthzProvider.getFsPermission(node, snapshotId); - list.addAll(createAclEntries(user, group, perm)); - } - if (!authzInfo.isStale()) { - isStale = false; - if (authzInfo.doesBelongToAuthzObject(pathElements)) { - hasAuthzObj = true; - list.addAll(authzInfo.getAclEntries(pathElements)); - f = new SentryAclFeature(ImmutableList.copyOf(list)); - } else { - hasAuthzObj = false; - f = defaultAuthzProvider.getAclFeature(node, snapshotId); - } - } else { - isStale = true; + List<AclEntry> list = new ArrayList<AclEntry>(); + if (originalAuthzAsAcl) { + String user = node.getUserName(); + String group = node.getGroupName(); + FsPermission perm = node.getFsPermission(); + list.addAll(createAclEntries(user, group, perm)); + } + if (!stale) { + if (authzInfo.doesBelongToAuthzObject(pathElements)) { + hasAuthzObj = true; + list.addAll(authzInfo.getAclEntries(pathElements)); f = new SentryAclFeature(ImmutableList.copyOf(list)); } + } else { + f = new SentryAclFeature(ImmutableList.copyOf(list)); } if (LOG.isDebugEnabled()) { - LOG.debug("### getAclEntry [" + (p == null ? "null" : p) + "] : [" - + "isManaged=" + isManaged - + ",isStale=" + isStale + LOG.debug("### getAclEntry [" + p + "] : [" + + "isStale=" + stale + ",hasAuthzObj=" + hasAuthzObj + ",origAtuhzAsAcl=" + originalAuthzAsAcl + "]" + "[" + (f == null ? "null" : f.getEntries()) + "]"); @@ -342,29 +275,4 @@ public class SentryAuthorizationProvider return f; } - @Override - public void removeAclFeature(INodeAuthorizationInfo node) { - AclFeature aclFeature = node.getAclFeature(CURRENT_STATE_ID); - if (aclFeature.getClass() != SentryAclFeature.class) { - defaultAuthzProvider.removeAclFeature(node); - } - } - - @Override - public void addAclFeature(INodeAuthorizationInfo node, AclFeature f) { - String[] pathElements = getPathElements(node); - if (!authzInfo.isManaged(pathElements)) { - defaultAuthzProvider.addAclFeature(node, f); - } - } - - @Override - public boolean doesAllowChanges(INodeAuthorizationInfo node) { - String[] pathElements = getPathElements(node); - if (!authzInfo.isManaged(pathElements)) { - return defaultAuthzProvider.doesAllowChanges(node); - } - return !authzInfo.doesBelongToAuthzObject(getPathElements(node)); - } - } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs-int/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs-int/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java b/sentry-hdfs-int/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java index 67919fa..c9bd9a3 100644 --- a/sentry-hdfs-int/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java +++ b/sentry-hdfs-int/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java @@ -56,7 +56,7 @@ public class TestSentryAuthorizationProvider { public Void run() throws Exception { System.setProperty(MiniDFSCluster.PROP_TEST_BUILD_DATA, "target/test/data"); Configuration conf = new HdfsConfiguration(); - conf.set(DFSConfigKeys.DFS_NAMENODE_AUTHORIZATION_PROVIDER_KEY, + conf.set(DFSConfigKeys.DFS_NAMENODE_INODE_ATTRIBUTES_PROVIDER_KEY, MockSentryAuthorizationProvider.class.getName()); conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true); EditLogFileOutputStream.setShouldSkipFsyncForTesting(true); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAdapter.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAdapter.java b/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAdapter.java deleted file mode 100644 index 24c63a5..0000000 --- a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAdapter.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.hdfs; - -//import org.apache.sentry.provider.db.service.thrift.UpdateForwarder; - -public class DummyAdapter { -//public class DummyAdapter<K extends UpdateForwarder.Update> { -// -// private final UpdateForwarder<K> destCache; -// private final UpdateForwarder<K> srcCache; -// -// public DummyAdapter(UpdateForwarder<K> destCache, UpdateForwarder<K> srcCache) { -// super(); -// this.destCache = destCache; -// this.srcCache = srcCache; -// } -// -// public void getDestToPullUpdatesFromSrc() { -// for (K update : srcCache.getAllUpdatesFrom(destCache.getLastCommitted() + 1)) { -// destCache.handleUpdateNotification(update); -// } -// } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAuthzSource.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAuthzSource.java b/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAuthzSource.java deleted file mode 100644 index 57299c8..0000000 --- a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAuthzSource.java +++ /dev/null @@ -1,60 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.hdfs; - -//import org.apache.sentry.hdfs.old.AuthzPermCache.AuthzSource; -//import org.apache.sentry.hdfs.old.AuthzPermCache.PrivilegeInfo; -//import org.apache.sentry.hdfs.old.AuthzPermCache.RoleInfo; - -public class DummyAuthzSource { -//public class DummyAuthzSource implements AuthzSource{ -// -// public Map<String, PrivilegeInfo> privs = new HashMap<String, PrivilegeInfo>(); -// public Map<String, RoleInfo> roles = new HashMap<String, RoleInfo>(); -// -// @Override -// public PrivilegeInfo loadPrivilege(String authzObj) throws Exception { -// return privs.get(authzObj); -// } -// -// @Override -// public RoleInfo loadGroupsForRole(String group) throws Exception { -// return roles.get(group); -// } -// -// @Override -// public PermissionsUpdate createFullImage(long seqNum) { -// PermissionsUpdate retVal = new PermissionsUpdate(seqNum, true); -// for (Map.Entry<String, PrivilegeInfo> pE : privs.entrySet()) { -// PrivilegeChanges pUpdate = retVal.addPrivilegeUpdate(pE.getKey()); -// PrivilegeInfo pInfo = pE.getValue(); -// for (Map.Entry<String, FsAction> ent : pInfo.roleToPermission.entrySet()) { -// pUpdate.addPrivilege(ent.getKey(), ent.getValue().SYMBOL); -// } -// } -// for (Map.Entry<String, RoleInfo> rE : roles.entrySet()) { -// RoleChanges rUpdate = retVal.addRoleUpdate(rE.getKey()); -// RoleInfo rInfo = rE.getValue(); -// for (String role : rInfo.groups) { -// rUpdate.addGroup(role); -// } -// } -// return retVal; -// } - -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyHMSClient.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyHMSClient.java b/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyHMSClient.java deleted file mode 100644 index 3f66c87..0000000 --- a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyHMSClient.java +++ /dev/null @@ -1,79 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.hdfs; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; - -import org.apache.hadoop.hive.metastore.api.Database; -import org.apache.hadoop.hive.metastore.api.Partition; -import org.apache.hadoop.hive.metastore.api.StorageDescriptor; -import org.apache.hadoop.hive.metastore.api.Table; -import org.apache.sentry.hdfs.MetastoreClient; - -public class DummyHMSClient implements MetastoreClient { - - private HashMap<Database, HashMap<Table, HashSet<Partition>>> hmsData = - new HashMap<Database, HashMap<Table, HashSet<Partition>>>(); - - @Override - public List<Database> getAllDatabases() { - return new ArrayList<Database>(hmsData.keySet()); - } - - @Override - public List<Table> getAllTablesOfDatabase(Database db) { - if (hmsData.containsKey(db)) { - return new ArrayList<Table>(hmsData.get(db).keySet()); - } - return new ArrayList<Table>(); - } - - @Override - public List<Partition> listAllPartitions(Database db, Table tbl) { - if (hmsData.containsKey(db)) { - if (hmsData.get(db).containsKey(tbl)) { - return new ArrayList<Partition>(hmsData.get(db).get(tbl)); - } - } - return new ArrayList<Partition>(); - } - - public Database addDb(String dbName, String location) { - Database db = new Database(dbName, null, location, null); - hmsData.put(db, new HashMap<Table, HashSet<Partition>>()); - return db; - } - - public Table addTable(Database db, String tblName, String location) { - Table tbl = - new Table(tblName, db.getName(), null, 0, 0, 0, - new StorageDescriptor(null, location, null, null, false, 0, null, null, null, null), - null, null, null, null, null); - hmsData.get(db).put(tbl, new HashSet<Partition>()); - return tbl; - } - - public void addPartition(Database db, Table tbl, String partitionPath) { - Partition part = new Partition(null, db.getName(), tbl.getTableName(), 0, 0, - new StorageDescriptor(null, partitionPath, null, null, false, 0, null, null, null, null), null); - hmsData.get(db).get(tbl).add(part); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPathCacheOld.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPathCacheOld.java b/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPathCacheOld.java deleted file mode 100644 index ca3ebfe..0000000 --- a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPathCacheOld.java +++ /dev/null @@ -1,523 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.hdfs; - - -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.hive.metastore.api.Database; -import org.apache.hadoop.hive.metastore.api.Table; -//import org.apache.sentry.hdfs.old.AuthzPathCacheOld; -import org.junit.Assert; -import org.junit.Test; - -import java.util.Arrays; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.fail; - -public class TestAuthzPathCacheOld { - -// @Test -// public void testGetPathElements() { -// String[] as2 = AuthzPathCacheOld.getPathElements(new String("/a/b")); -// String[] as1 = AuthzPathCacheOld.getPathElements(new String("/a/b")); -// Assert.assertArrayEquals(as1, as2); -// -// String[] as = AuthzPathCacheOld.getPathElements(new String("/a/b")); -// Assert.assertArrayEquals(new String[] {"a", "b"}, as); -// -// as = AuthzPathCacheOld.getPathElements(new String("//a/b")); -// Assert.assertArrayEquals(new String[]{"a", "b"}, as); -// -// as = AuthzPathCacheOld.getPathElements(new String("/a//b")); -// Assert.assertArrayEquals(new String[]{"a", "b"}, as); -// -// as = AuthzPathCacheOld.getPathElements(new String("/a/b/")); -// Assert.assertArrayEquals(new String[]{"a", "b"}, as); -// -// as = AuthzPathCacheOld.getPathElements(new String("//a//b//")); -// Assert.assertArrayEquals(new String[]{"a", "b"}, as); -// } -// -// @Test -// public void testGetPathsElements() { -// String[][] as1 = AuthzPathCacheOld.gePathsElements( -// new String[]{new String("/a/b")}); -// String[][] as2 = AuthzPathCacheOld.gePathsElements( -// new String[]{new String("/a/b")}); -// Assert.assertEquals(as1.length, as2.length); -// Assert.assertArrayEquals(as1[0], as2[0]); -// } -// -// @Test -// public void testEntryType() { -// Assert.assertTrue(AuthzPathCacheOld.EntryType.DIR.isRemoveIfDangling()); -// Assert.assertFalse(AuthzPathCacheOld.EntryType.PREFIX.isRemoveIfDangling()); -// Assert.assertTrue( -// AuthzPathCacheOld.EntryType.AUTHZ_OBJECT.isRemoveIfDangling()); -// } -// -// @Test -// public void testRootEntry() { -// AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false); -// root.toString(); -// Assert.assertNull(root.getParent()); -// Assert.assertEquals(AuthzPathCacheOld.EntryType.DIR, root.getType()); -// // NOTE : This was causing some problems during serialization.. so dissabling -//// Assert.assertNull(root.getPathElement()); -// Assert.assertNull(root.getAuthzObj()); -// Assert.assertEquals(Path.SEPARATOR, root.getFullPath()); -// Assert.assertTrue(root.getChildren().isEmpty()); -// root.delete(); -// try { -// root.find(null, true); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// try { -// root.find(new String[0], true); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// try { -// root.find(null, false); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// try { -// root.find(new String[0], false); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// Assert.assertEquals(root, root.find(new String[]{"a"}, true)); -// Assert.assertNull(root.find(new String[]{"a"}, false)); -// Assert.assertNull(root.findPrefixEntry(new String[]{"a"})); -// -// root.delete(); -// } -// -// @Test -// public void testRootPrefixEntry() { -// AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(true); -// root.toString(); -// -// Assert.assertEquals(root, root.find(new String[]{"a"}, true)); -// Assert.assertEquals(null, root.find(new String[]{"a"}, false)); -// Assert.assertEquals(root, root.findPrefixEntry(new String[]{"a"})); -// Assert.assertEquals(root, root.findPrefixEntry(new String[]{"a", "b"})); -// -// try { -// root.createPrefix(new String[]{"a"}); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// } -// -// @Test -// public void testImmediatePrefixEntry() { -// AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false); -// AuthzPathCacheOld.Entry entry = root.createPrefix(new String[] {"a"}); -// entry.toString(); -// -// Assert.assertEquals(1, root.getChildren().size()); -// -// Assert.assertEquals(root, entry.getParent()); -// Assert.assertEquals(AuthzPathCacheOld.EntryType.PREFIX, entry.getType()); -// Assert.assertEquals("a", entry.getPathElement()); -// Assert.assertNull(entry.getAuthzObj()); -// Assert.assertEquals(Path.SEPARATOR + "a", entry.getFullPath()); -// Assert.assertTrue(entry.getChildren().isEmpty()); -// -// Assert.assertEquals(entry, root.find(new String[]{"a"}, true)); -// Assert.assertEquals(entry, root.find(new String[]{"a"}, false)); -// Assert.assertEquals(entry, root.findPrefixEntry(new String[]{"a"})); -// Assert.assertEquals(entry, root.findPrefixEntry(new String[]{"a", "b"})); -// -// Assert.assertEquals(entry, root.find(new String[]{"a", "b"}, true)); -// Assert.assertEquals(entry, root.find(new String[]{"a", "b", "c"}, true)); -// Assert.assertNull(root.find(new String[]{"a", "b"}, false)); -// -// Assert.assertNull(root.find(new String[]{"b"}, false)); -// Assert.assertNull(root.findPrefixEntry(new String[]{"b"})); -// -// try { -// root.createPrefix(new String[]{"a", "b"}); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// -// try { -// root.createPrefix(new String[]{"a", "b", "c"}); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// -// entry.delete(); -// Assert.assertTrue(root.getChildren().isEmpty()); -// } -// -// @Test -// public void testFurtherPrefixEntry() { -// AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false); -// AuthzPathCacheOld.Entry entry = root.createPrefix(new String[]{"a", "b"}); -// entry.toString(); -// -// Assert.assertEquals(1, root.getChildren().size()); -// -// Assert.assertEquals(root, entry.getParent().getParent()); -// Assert.assertEquals(AuthzPathCacheOld.EntryType.PREFIX, entry.getType()); -// Assert.assertEquals(AuthzPathCacheOld.EntryType.DIR, -// entry.getParent().getType()); -// Assert.assertEquals("b", entry.getPathElement()); -// Assert.assertEquals("a", entry.getParent().getPathElement()); -// Assert.assertNull(entry.getAuthzObj()); -// Assert.assertNull(entry.getParent().getAuthzObj()); -// Assert.assertEquals(Path.SEPARATOR + "a" + Path.SEPARATOR + "b", -// entry.getFullPath()); -// Assert.assertEquals(Path.SEPARATOR + "a", entry.getParent().getFullPath()); -// Assert.assertTrue(entry.getChildren().isEmpty()); -// Assert.assertEquals(1, entry.getParent().getChildren().size()); -// -// Assert.assertEquals(entry, root.find(new String[]{"a", "b"}, true)); -// Assert.assertEquals(entry, root.find(new String[]{"a", "b"}, false)); -// Assert.assertEquals(entry, root.findPrefixEntry(new String[]{"a", "b"})); -// Assert.assertNull(root.findPrefixEntry(new String[]{"a"})); -// -// Assert.assertEquals(entry, root.find(new String[]{"a", "b", "c"}, true)); -// Assert.assertNull(root.find(new String[]{"a", "b", "c"}, false)); -// -// try { -// root.createPrefix(new String[]{"a", "b"}); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// -// try { -// root.createPrefix(new String[]{"a", "b", "c"}); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// -// entry.delete(); -// Assert.assertTrue(root.getChildren().isEmpty()); -// } -// -// @Test -// public void testImmediateAuthzEntry() { -// AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false); -// AuthzPathCacheOld.Entry prefix = root.createPrefix(new String[]{"a", "b"}); -// -// AuthzPathCacheOld.Entry entry = root.createAuthzObjPath( -// new String[]{"a", "b", "p1"}, "A"); -// Assert.assertEquals(prefix, entry.getParent()); -// Assert.assertEquals(AuthzPathCacheOld.EntryType.AUTHZ_OBJECT, entry.getType()); -// Assert.assertEquals("p1", entry.getPathElement()); -// Assert.assertEquals("A", entry.getAuthzObj()); -// Assert.assertEquals(Path.SEPARATOR + "a" + Path.SEPARATOR + "b" + -// Path.SEPARATOR + "p1", entry.getFullPath()); -// -// try { -// root.createPrefix(new String[]{"a", "b", "p1", "c"}); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// -// Assert.assertEquals(entry, root.find(new String[]{"a", "b", "p1"}, true)); -// Assert.assertEquals(entry, root.find(new String[]{"a", "b", "p1"}, false)); -// Assert.assertEquals(entry, root.find(new String[]{"a", "b", "p1", "c"}, -// true)); -// Assert.assertNull(root.find(new String[]{"a", "b", "p1", "c"}, false)); -// Assert.assertEquals(prefix, root.findPrefixEntry( -// new String[]{"a", "b", "p1"})); -// -// root.find(new String[]{"a", "b", "p1"}, true).delete(); -// Assert.assertNull(root.find(new String[]{"a", "b", "p1"}, false)); -// Assert.assertNotNull(root.find(new String[]{"a", "b"}, false)); -// Assert.assertEquals(prefix, root.findPrefixEntry( -// new String[]{"a", "b", "p1"})); -// -// } -// -// @Test -// public void testFurtherAuthzEntry() { -// AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false); -// AuthzPathCacheOld.Entry prefix = root.createPrefix(new String[]{"a", "b"}); -// -// AuthzPathCacheOld.Entry entry = root.createAuthzObjPath( -// new String[]{"a", "b", "t", "p1"}, "A"); -// Assert.assertEquals(prefix, entry.getParent().getParent()); -// Assert.assertEquals(AuthzPathCacheOld.EntryType.AUTHZ_OBJECT, entry.getType()); -// Assert.assertEquals("p1", entry.getPathElement()); -// Assert.assertEquals("A", entry.getAuthzObj()); -// Assert.assertEquals(Path.SEPARATOR + "a" + Path.SEPARATOR + "b" + -// Path.SEPARATOR + "t" + Path.SEPARATOR + "p1", entry.getFullPath()); -// -// try { -// root.createPrefix(new String[]{"a", "b", "p1", "t", "c"}); -// Assert.fail(); -// } catch (IllegalArgumentException ex) { -// //NOP -// } -// -// AuthzPathCacheOld.Entry ep2 = root.createAuthzObjPath( -// new String[]{"a", "b", "t", "p1", "p2"}, "A"); -// -// Assert.assertEquals(AuthzPathCacheOld.EntryType.AUTHZ_OBJECT, entry.getType()); -// Assert.assertEquals("p1", entry.getPathElement()); -// Assert.assertEquals("A", entry.getAuthzObj()); -// -// Assert.assertEquals(AuthzPathCacheOld.EntryType.AUTHZ_OBJECT, ep2.getType()); -// Assert.assertEquals("p2", ep2.getPathElement()); -// Assert.assertEquals("A", entry.getAuthzObj()); -// -// Assert.assertEquals(entry, root.find(new String[]{"a", "b", "t", "p1"}, -// true)); -// Assert.assertEquals(entry, root.find(new String[]{"a", "b", "t", "p1"}, -// false)); -// Assert.assertEquals(entry, root.find(new String[]{"a", "b", "t", "p1", "c"}, -// true)); -// Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1", "c"}, false)); -// Assert.assertEquals(prefix, root.findPrefixEntry( -// new String[]{"a", "b", "t", "p1"})); -// -// Assert.assertEquals(ep2, root.find(new String[]{"a", "b", "t", "p1", "p2"}, -// true)); -// Assert.assertEquals(ep2, root.find(new String[]{"a", "b", "t", "p1", "p2"}, -// false)); -// Assert.assertEquals(ep2, root.find(new String[]{"a", "b", "t", "p1", "p2", "c"}, -// true)); -// Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1", "p2", "c"}, false)); -// Assert.assertEquals(prefix, root.findPrefixEntry( -// new String[]{"a", "b", "t", "p1", "p2"})); -// -// root.find(new String[]{"a", "b", "t", "p1"}, false).delete(); -// -// Assert.assertEquals(entry, root.find(new String[]{"a", "b", "t", "p1"}, -// true)); -// Assert.assertEquals(AuthzPathCacheOld.EntryType.DIR, entry.getType()); -// Assert.assertNull(entry.getAuthzObj()); -// -// Assert.assertNotNull(root.find(new String[]{"a", "b", "t", "p1"}, false)); -// Assert.assertNotNull(root.find(new String[]{"a", "b", "t"}, false)); -// Assert.assertNotNull(root.find(new String[]{"a", "b"}, false)); -// Assert.assertEquals(prefix, root.findPrefixEntry( -// new String[]{"a", "b", "t", "p1"})); -// -// root.find(new String[]{"a", "b", "t", "p1", "p2"}, false).delete(); -// Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1"}, false)); -// Assert.assertNull(root.find(new String[]{"a", "b", "t"}, false)); -// Assert.assertNotNull(root.find(new String[]{"a", "b"}, false)); -// Assert.assertEquals(prefix, root.findPrefixEntry( -// new String[]{"a", "b", "t", "p1"})); -// -// } -// -// @Test -// public void testMultipleAuthzEntry() { -// AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false); -// AuthzPathCacheOld.Entry prefix = root.createPrefix(new String[]{"a", "b"}); -// -// AuthzPathCacheOld.Entry e1 = root.createAuthzObjPath( -// new String[]{"a", "b", "t", "p1"}, "A"); -// AuthzPathCacheOld.Entry e2 = root.createAuthzObjPath( -// new String[]{"a", "b", "t", "p2"}, "A"); -// -// -// Assert.assertEquals(e1, root.find(new String[]{"a", "b", "t", "p1"}, true)); -// Assert.assertEquals(e1, root.find(new String[]{"a", "b", "t", "p1"}, -// false)); -// Assert.assertEquals(e1, root.find(new String[]{"a", "b", "t", "p1", "c"}, -// true)); -// Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1", "c"}, false)); -// Assert.assertEquals(prefix, root.findPrefixEntry( -// new String[]{"a", "b", "t", "p1"})); -// -// Assert.assertEquals(e2, root.find(new String[]{"a", "b", "t", "p2"}, true)); -// Assert.assertEquals(e2, root.find(new String[]{"a", "b", "t", "p2"}, -// false)); -// Assert.assertEquals(e2, root.find(new String[]{"a", "b", "t", "p2", "c"}, -// true)); -// Assert.assertNull(root.find(new String[]{"a", "b", "t", "p2", "c"}, false)); -// Assert.assertEquals(prefix, root.findPrefixEntry( -// new String[]{"a", "b", "t", "p2"})); -// -// root.find(new String[]{"a", "b", "t", "p1"}, true).delete(); -// Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1"}, false)); -// Assert.assertNotNull(root.find(new String[]{"a", "b", "t"}, false)); -// -// root.find(new String[]{"a", "b", "t", "p2"}, true).delete(); -// Assert.assertNull(root.find(new String[]{"a", "b", "t", "p2"}, false)); -// Assert.assertNull(root.find(new String[]{"a", "b", "t"}, false)); -// Assert.assertNotNull(root.find(new String[]{"a", "b"}, false)); -// -// Assert.assertEquals(prefix, root.findPrefixEntry( -// new String[]{"a", "b", "t", "p3"})); -// } -// -// @Test -// public void testUpdateHandling() throws Exception { -// DummyHMSClient mock = new DummyHMSClient(); -// Database db1 = mock.addDb("db1", "/db1"); -// Table tbl11 = mock.addTable(db1, "tbl11", "/db1/tbl11"); -// mock.addPartition(db1, tbl11, "/db1/tbl11/part111"); -// mock.addPartition(db1, tbl11, "/db1/tbl11/part112"); -// AuthzPathCacheOld AuthzPathUpdater = new AuthzPathCacheOld(mock, new String[]{"/db1"}, 10000); -// -// // Trigger Initial refresh (full dump) -// AuthzPathUpdater.handleUpdateNotification(new PathsUpdate(10, null)); -// waitToCommit(AuthzPathUpdater); -// assertEquals("db1.tbl11", AuthzPathUpdater.findAuthzObject("/db1/tbl11/part111".split("^/")[1].split("/"))); -// assertEquals("db1.tbl11", AuthzPathUpdater.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/"))); -// -// // Handle preUpdate from HMS plugin -// PathsUpdate update = new PathsUpdate(11, null); -// update.addPathUpdate("db1.tbl12").addPath("/db1/tbl12").addPath("/db1/tbl12/part121"); -// update.addPathUpdate("db1.tbl11").delPath("/db1/tbl11/part112"); -// -// // Ensure JSON serialization is working : -// assertEquals(PathsUpdate.toJsonString(update), -// PathsUpdate.toJsonString( -// PathsUpdate.fromJsonString( -// PathsUpdate.toJsonString(update)))); -// -// AuthzPathUpdater.handleUpdateNotification(update); -// waitToCommit(AuthzPathUpdater); -// assertNull(AuthzPathUpdater.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/"), false)); -// assertEquals("db1.tbl12", AuthzPathUpdater.findAuthzObject("/db1/tbl12/part121".split("^/")[1].split("/"))); -// -// // Add more entries to HMS -// Table tbl13 = mock.addTable(db1, "tbl13", "/db1/tbl13"); -// mock.addPartition(db1, tbl13, "/db1/tbl13/part131"); -// -// // Simulate missed preUpdate (Send empty preUpdate with seqNum 13) -// // On missed preUpdate, refresh again -// AuthzPathUpdater.handleUpdateNotification(new PathsUpdate(13, null)); -// waitToCommit(AuthzPathUpdater); -// assertEquals("db1.tbl13", AuthzPathUpdater.findAuthzObject("/db1/tbl13/part131".split("^/")[1].split("/"))); -// } -// -// @Test -// public void testGetUpdatesFromSrcCache() throws InterruptedException { -// DummyHMSClient mock = new DummyHMSClient(); -// Database db1 = mock.addDb("db1", "/db1"); -// Table tbl11 = mock.addTable(db1, "tbl11", "/db1/tbl11"); -// mock.addPartition(db1, tbl11, "/db1/tbl11/part111"); -// mock.addPartition(db1, tbl11, "/db1/tbl11/part112"); -// -// // This would live in the Sentry Service -// AuthzPathCacheOld srcCache = new AuthzPathCacheOld(mock, new String[]{"/db1"}, 10000); -// -// // Trigger Initial full Image fetch -// srcCache.handleUpdateNotification(new PathsUpdate(10, null)); -// waitToCommit(srcCache); -// -// // This entity would live in the NN plugin : a downstream cache with no updateLog -// AuthzPathCacheOld destCache = new AuthzPathCacheOld(null, new String[]{"/db1"}, 0); -// -// // Adapter to pull updates from upstream cache to downstream Cache -// DummyAdapter<PathsUpdate> adapter = new DummyAdapter<PathsUpdate>(destCache, srcCache); -// adapter.getDestToPullUpdatesFromSrc(); -// waitToCommit(destCache); -// // Check if NN plugin received the updates from Sentry Cache -// assertEquals("db1.tbl11", destCache.findAuthzObject("/db1/tbl11/part111".split("^/")[1].split("/"))); -// assertEquals("db1.tbl11", destCache.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/"))); -// -// // Create Upsteram HMS preUpdate -// PathsUpdate update = new PathsUpdate(11, null); -// update.addPathUpdate("db1.tbl12").addPath("/db1/tbl12").addPath("/db1/tbl12/part121"); -// update.addPathUpdate("db1.tbl11").delPath("/db1/tbl11/part112"); -// -// // Send Update to Upstream Cache -// srcCache.handleUpdateNotification(update); -// waitToCommit(srcCache); -// // Pull preUpdate to downstream Cache -// adapter.getDestToPullUpdatesFromSrc(); -// waitToCommit(destCache); -// -// assertNull(srcCache.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/"), false)); -// assertNull(destCache.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/"), false)); -// assertEquals("db1.tbl11", destCache.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/"))); -// assertEquals("db1.tbl12", destCache.findAuthzObject("/db1/tbl12/part121".split("^/")[1].split("/"))); -// } -// -//// @Test(expected = IllegalArgumentException.class) -//// public void testAuthzPathUpdaterRootPrefix() { -//// AuthzPathCacheOld cache = new AuthzPathCacheOld(new String[]{"/", "/b/c"}); -//// } -// -// @Test -// public void testAuthzPathUpdater() { -// AuthzPathCacheOld cache = new AuthzPathCacheOld(null, new String[] { "/a", "/b/c"}, 0); -// Assert.assertTrue(cache.isUnderPrefix("/a".split("^/")[1].split("/"))); -// Assert.assertTrue(cache.isUnderPrefix("/a/x".split("^/")[1].split("/"))); -// Assert.assertTrue(cache.isUnderPrefix("/b/c/".split("^/")[1].split("/"))); -// Assert.assertFalse(cache.isUnderPrefix("/x".split("^/")[1].split("/"))); -// -// Assert.assertNull((cache.findAuthzObject("/a/x".split("^/")[1].split("/")))); -// Assert.assertNull((cache.findAuthzObject("/x".split("^/")[1].split("/")))); -// -// cache.addAuthzObject("T", Arrays.asList("/a/T/p1", "/a/T/p2")); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1".split("^/")[1].split("/"))); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p2".split("^/")[1].split("/"))); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x".split("^/")[1].split("/"))); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x/x".split("^/")[1].split("/"))); -// Assert.assertNull((cache.findAuthzObject("/a/T/p3".split("^/")[1].split("/")))); -// -// cache.addPathsToAuthzObject("T", Arrays.asList("/a/T/p3")); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1".split("^/")[1].split("/"))); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p2".split("^/")[1].split("/"))); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x".split("^/")[1].split("/"))); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x/x".split("^/")[1].split("/"))); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p3".split("^/")[1].split("/"))); -// -// cache.deletePathsFromAuthzObject("T", Arrays.asList("/a/T/p2")); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1".split("^/")[1].split("/"))); -// Assert.assertNull((cache.findAuthzObject("/a/T/p2".split("^/")[1].split("/")))); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x".split("^/")[1].split("/"))); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x/x".split("^/")[1].split("/"))); -// Assert.assertEquals("T", cache.findAuthzObject("/a/T/p3".split("^/")[1].split("/"))); -// -// cache.deleteAuthzObject("T"); -// Assert.assertNull((cache.findAuthzObject("/a/T/p1".split("^/")[1].split("/")))); -// Assert.assertNull((cache.findAuthzObject("/a/T/p2".split("^/")[1].split("/")))); -// Assert.assertNull((cache.findAuthzObject("/a/T/p3".split("^/")[1].split("/")))); -// } -// -// private void waitToCommit(AuthzPathCacheOld hmsCache) throws InterruptedException { -// int counter = 0; -// while(!hmsCache.areAllUpdatesCommited()) { -// Thread.sleep(200); -// counter++; -// if (counter > 10000) { -// fail("Updates taking too long to commit !!"); -// } -// } -// } - -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPermCache.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPermCache.java b/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPermCache.java deleted file mode 100644 index f4e569f..0000000 --- a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPermCache.java +++ /dev/null @@ -1,64 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.hdfs; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import org.apache.hadoop.fs.permission.FsAction; -//import org.apache.sentry.hdfs.old.AuthzPermCache; -//import org.apache.sentry.hdfs.old.AuthzPermCache.PrivilegeInfo; -//import org.apache.sentry.hdfs.old.AuthzPermCache.RoleInfo; -import org.junit.Test; - -public class TestAuthzPermCache { - -// @Test -// public void testAuthzAddRemove() throws InterruptedException { -// DummyAuthzSource src = new DummyAuthzSource(); -// AuthzPermCache authzCache = new AuthzPermCache(10000, src, 0); -// src.privs.put("db1.tbl11", new PrivilegeInfo("db1.tbl11").setPermission("r1", FsAction.READ_WRITE)); -// src.privs.put("db1.tbl12", new PrivilegeInfo("db1.tbl12").setPermission("r1", FsAction.READ).setPermission("r2", FsAction.WRITE)); -// src.privs.put("db1.tbl13", new PrivilegeInfo("db1.tbl13").setPermission("r2", FsAction.READ).setPermission("r3", FsAction.WRITE)); -// src.roles.put("r1", new RoleInfo("r1").addGroup("g1")); -// src.roles.put("r2", new RoleInfo("r2").addGroup("g2").addGroup("g1")); -// src.roles.put("r3", new RoleInfo("r3").addGroup("g3").addGroup("g2").addGroup("g1")); -// authzCache.handleUpdateNotification(new PermissionsUpdate(10, false)); -// waitToCommit(authzCache); -// -// assertEquals(FsAction.READ_WRITE, authzCache.getPermissions("db1.tbl11").get("g1")); -// assertEquals(FsAction.READ_WRITE, authzCache.getPermissions("db1.tbl12").get("g1")); -// assertEquals(FsAction.WRITE, authzCache.getPermissions("db1.tbl12").get("g2")); -// assertEquals(FsAction.READ_WRITE, authzCache.getPermissions("db1.tbl13").get("g1")); -// assertEquals(FsAction.READ_WRITE, authzCache.getPermissions("db1.tbl13").get("g2")); -// assertEquals(FsAction.WRITE, authzCache.getPermissions("db1.tbl13").get("g3")); -// } -// -// private void waitToCommit(AuthzPermCache authzCache) throws InterruptedException { -// int counter = 0; -// while(!authzCache.areAllUpdatesCommited()) { -// Thread.sleep(200); -// counter++; -// if (counter > 10000) { -// fail("Updates taking too long to commit !!"); -// } -// } -// } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java index 6e66823..6d0efd3 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java @@ -1410,12 +1410,12 @@ public class SentryStore implements ExternalImageRetriever<PermissionsUpdate> { String existingPriv = pUpdate.getAddPrivileges().get(mRole.getRoleName()); if (existingPriv == null) { pUpdate.putToAddPrivileges(mRole.getRoleName(), - ACTION_MAPPING.get(mPriv.getAction()).SYMBOL); + ACTION_MAPPING.get(mPriv.getAction().toUpperCase()).SYMBOL); } else { pUpdate.putToAddPrivileges( mRole.getRoleName(), FsAction.getFsAction(existingPriv) - .or(ACTION_MAPPING.get(mPriv.getAction())).SYMBOL); + .or(ACTION_MAPPING.get(mPriv.getAction().toUpperCase())).SYMBOL); } } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java index 685c906..8ede069 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java @@ -264,7 +264,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); update.addPrivilegeUpdate(authzObj).putToAddPrivileges( request.getRoleName(), - SentryStore.ACTION_MAPPING.get(request.getPrivilege().getAction()) + SentryStore.ACTION_MAPPING.get(request.getPrivilege().getAction().toUpperCase()) .SYMBOL); permsUpdater.handleUpdateNotification(update); LOGGER.info("Authz Perm preUpdate [" + update.getSeqNum() + "].."); @@ -306,7 +306,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface { PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false); update.addPrivilegeUpdate(authzObj).putToDelPrivileges( request.getRoleName(), - SentryStore.ACTION_MAPPING.get(request.getPrivilege().getAction()) + SentryStore.ACTION_MAPPING.get(request.getPrivilege().getAction().toUpperCase()) .SYMBOL); permsUpdater.handleUpdateNotification(update); LOGGER.info("Authz Perm preUpdate [" + update.getSeqNum() + ", " + authzObj + "]..");
