SENTRY-777: SentryServiceIntegrationBase#after() should be run under client subject (Dapeng Sun, reviewed by Guoquan Shen)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/1556781c Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/1556781c Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/1556781c Branch: refs/heads/hive_plugin_v2 Commit: 1556781c49361b821b8db55b28d9e5de5394565e Parents: 9943a33 Author: Sun Dapeng <[email protected]> Authored: Mon Jun 29 15:52:00 2015 +0800 Committer: Sun Dapeng <[email protected]> Committed: Tue Jun 30 09:55:22 2015 +0800 ---------------------------------------------------------------------- .../hdfs/SentryHdfsServiceIntegrationBase.java | 3 +- .../TestSentryGenericServiceIntegration.java | 30 ++++++++++---- .../thrift/TestSentryServiceFailureCase.java | 3 +- .../TestSentryServiceForHAWithKerberos.java | 41 +++++++++++++------- .../thrift/TestSentryServiceWithKerberos.java | 3 +- .../thrift/TestSentryWebServerWithKerberos.java | 3 +- .../TestSentryWebServerWithoutSecurity.java | 3 +- .../thrift/SentryServiceIntegrationBase.java | 29 +++++++++----- 8 files changed, 72 insertions(+), 43 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1556781c/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/SentryHdfsServiceIntegrationBase.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/SentryHdfsServiceIntegrationBase.java b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/SentryHdfsServiceIntegrationBase.java index 7c75be9..eccf83b 100644 --- a/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/SentryHdfsServiceIntegrationBase.java +++ b/sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/SentryHdfsServiceIntegrationBase.java @@ -21,7 +21,6 @@ package org.apache.sentry.hdfs; import java.security.PrivilegedExceptionAction; import org.apache.hadoop.security.UserGroupInformation; -import org.apache.sentry.SentryUserException; import org.apache.sentry.hdfs.ServiceConstants.ClientConfig; import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; import org.junit.After; @@ -43,7 +42,7 @@ public class SentryHdfsServiceIntegrationBase extends } @After - public void after() throws SentryUserException { + public void after() { if (hdfsClient != null) { hdfsClient.close(); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1556781c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java index ae354d9..6b86077 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java @@ -37,11 +37,15 @@ import org.apache.sentry.core.model.search.SearchConstants; import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; import org.junit.After; import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import com.google.common.collect.Lists; import com.google.common.collect.Sets; public class TestSentryGenericServiceIntegration extends SentryServiceIntegrationBase { + + private static final Logger LOGGER = LoggerFactory.getLogger(SentryServiceIntegrationBase.class); private static final String SOLR = "SOLR"; private SentryGenericServiceClient client; @@ -65,15 +69,25 @@ public class TestSentryGenericServiceIntegration extends SentryServiceIntegratio } @After - public void after() throws SentryUserException { - Set<TSentryRole> tRoles = client.listAllRoles(ADMIN_USER, SOLR); - for (TSentryRole tRole : tRoles) { - client.dropRole(ADMIN_USER, tRole.getRoleName(), SOLR); - } - if(client != null) { - client.close(); + public void after() { + try { + runTestAsSubject(new TestOperation(){ + @Override + public void runTestAsSubject() throws Exception { + Set<TSentryRole> tRoles = client.listAllRoles(ADMIN_USER, SOLR); + for (TSentryRole tRole : tRoles) { + client.dropRole(ADMIN_USER, tRole.getRoleName(), SOLR); + } + if(client != null) { + client.close(); + } + } + }); + } catch (Exception e) { + LOGGER.error(e.getMessage(), e); + } finally { + policyFilePath.delete(); } - policyFilePath.delete(); } @Test http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1556781c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java index 2fd34bd..a453ff3 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java @@ -20,7 +20,6 @@ package org.apache.sentry.provider.db.service.thrift; import java.security.PrivilegedActionException; -import org.apache.sentry.SentryUserException; import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; import org.junit.After; @@ -54,7 +53,7 @@ public class TestSentryServiceFailureCase extends SentryServiceIntegrationBase { @Override @After - public void after() throws SentryUserException { + public void after() { } @Test http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1556781c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java index cfe09b5..813b30b 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java @@ -18,13 +18,18 @@ package org.apache.sentry.provider.db.service.thrift; -import org.apache.sentry.SentryUserException; +import java.io.File; +import java.util.Set; + +import org.apache.sentry.provider.file.PolicyFile; import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; -import org.junit.After; +import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import com.google.common.collect.Sets; + /** * Test various kerberos related stuff on the SentryService side */ @@ -44,21 +49,27 @@ public class TestSentryServiceForHAWithKerberos extends SentryServiceIntegration @Override @Before public void before() throws Exception { + policyFilePath = new File(dbDir, "local_policy_file.ini"); + conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, + policyFilePath.getPath()); + policyFile = new PolicyFile(); + connectToSentryService(); } - @Override - @After - public void after() throws SentryUserException { - } - - /** - * Test that we are correctly substituting "_HOST" if/when needed. - * - * @throws Exception - */ @Test - public void testHostSubstitution() throws Exception { - // We just need to ensure that we are able to correct connect to the server - connectToSentryService(); + public void testCreateRole() throws Exception { + runTestAsSubject(new TestOperation(){ + @Override + public void runTestAsSubject() throws Exception { + String requestorUserName = ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + String roleName = "admin_r"; + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + client.dropRole(requestorUserName, roleName); + } + }); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1556781c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java index 7b1eab1..ff73382 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java @@ -17,7 +17,6 @@ */ package org.apache.sentry.provider.db.service.thrift; -import org.apache.sentry.SentryUserException; import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; import org.junit.After; import org.junit.Before; @@ -42,7 +41,7 @@ public class TestSentryServiceWithKerberos extends SentryServiceIntegrationBase @Override @After - public void after() throws SentryUserException { + public void after() { } /** http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1556781c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java index ffbb585..90ce080 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java @@ -33,7 +33,6 @@ import org.apache.commons.io.IOUtils; import org.apache.hadoop.security.authentication.client.AuthenticatedURL; import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.authentication.client.KerberosAuthenticator; -import org.apache.sentry.SentryUserException; import org.apache.sentry.service.thrift.KerberosConfiguration; import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; import org.junit.After; @@ -64,7 +63,7 @@ public class TestSentryWebServerWithKerberos extends SentryServiceIntegrationBas @Override @After - public void after() throws SentryUserException { + public void after() { } @Test http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1556781c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java index 27e518b..0d82d99 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java @@ -21,7 +21,6 @@ import java.net.HttpURLConnection; import java.net.URL; import org.apache.commons.io.IOUtils; -import org.apache.sentry.SentryUserException; import org.apache.sentry.service.thrift.SentryServiceIntegrationBase; import org.junit.After; import org.junit.Assert; @@ -45,7 +44,7 @@ public class TestSentryWebServerWithoutSecurity extends SentryServiceIntegration @Override @After - public void after() throws SentryUserException { + public void after() { } @Test http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1556781c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java index c132e13..2eea07b 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java @@ -33,7 +33,6 @@ import org.apache.curator.test.TestingServer; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.minikdc.MiniKdc; import org.apache.hadoop.net.NetUtils; -import org.apache.sentry.SentryUserException; import org.apache.sentry.provider.db.service.persistent.HAContext; import org.apache.sentry.provider.db.service.thrift.SentryMiniKdcTestcase; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; @@ -215,17 +214,27 @@ public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase } @After - public void after() throws SentryUserException { - if (client != null) { - Set<TSentryRole> tRoles = client.listRoles(ADMIN_USER); - if (tRoles != null) { - for (TSentryRole tRole : tRoles) { - client.dropRole(ADMIN_USER, tRole.getRoleName()); + public void after() { + try { + runTestAsSubject(new TestOperation() { + @Override + public void runTestAsSubject() throws Exception { + if (client != null) { + Set<TSentryRole> tRoles = client.listRoles(ADMIN_USER); + if (tRoles != null) { + for (TSentryRole tRole : tRoles) { + client.dropRole(ADMIN_USER, tRole.getRoleName()); + } + } + client.close(); + } } - } - client.close(); + }); + } catch (Exception e) { + LOGGER.error(e.getMessage(), e); + } finally { + policyFilePath.delete(); } - policyFilePath.delete(); } public void connectToSentryService() throws Exception {
