Repository: incubator-sentry Updated Branches: refs/heads/SENTRY-999 51e7da951 -> fbb906099
SENTRY-1093: Refactor the constructor of PolicyEngine (Colin Ma, Reviewed by Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/fbb90609 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/fbb90609 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/fbb90609 Branch: refs/heads/SENTRY-999 Commit: fbb90609908fc5f5914468c5aa270d6682c500a9 Parents: 51e7da9 Author: Colin Ma <co...@apache.org> Authored: Wed Mar 9 10:14:07 2016 +0800 Committer: Colin Ma <co...@apache.org> Committed: Wed Mar 9 10:14:07 2016 +0800 ---------------------------------------------------------------------- .../binding/hive/authz/HiveAuthzBinding.java | 18 +++++--- .../binding/solr/authz/SolrAuthzBinding.java | 8 ++++ .../sentry/sqoop/binding/SqoopAuthBinding.java | 12 +++++- .../sentry/policy/db/SimpleDBPolicyEngine.java | 10 +---- .../sentry/policy/db/DBPolicyFileBackend.java | 28 ------------- .../sentry/policy/db/DBPolicyTestUtil.java | 44 ++++++++++++++++++++ .../policy/db/TestPolicyParsingNegative.java | 18 ++++---- ...sourceAuthorizationProviderGeneralCases.java | 2 +- ...sourceAuthorizationProviderSpecialCases.java | 5 ++- .../policy/db/TestSimpleDBPolicyEngineDFS.java | 7 ++-- .../db/TestSimpleDBPolicyEngineLocalFS.java | 2 +- .../indexer/SimpleIndexerPolicyEngine.java | 6 --- .../policy/indexer/IndexPolicyTestUtil.java | 44 ++++++++++++++++++++ .../indexer/IndexerPolicyFileBackend.java | 28 ------------- ...ndexerAuthorizationProviderGeneralCases.java | 2 +- ...ndexerAuthorizationProviderSpecialCases.java | 3 +- .../indexer/TestIndexerPolicyEngineDFS.java | 2 +- .../indexer/TestIndexerPolicyEngineLocalFS.java | 2 +- .../indexer/TestIndexerPolicyNegative.java | 6 +-- .../policy/search/SimpleSearchPolicyEngine.java | 6 --- .../policy/search/SearchPolicyFileBackend.java | 28 ------------- .../policy/search/SearchPolicyTestUtil.java | 44 ++++++++++++++++++++ ...SearchAuthorizationProviderGeneralCases.java | 2 +- ...SearchAuthorizationProviderSpecialCases.java | 3 +- .../search/TestSearchPolicyEngineDFS.java | 2 +- .../search/TestSearchPolicyEngineLocalFS.java | 2 +- .../policy/search/TestSearchPolicyNegative.java | 6 +-- .../policy/sqoop/SimpleSqoopPolicyEngine.java | 8 +--- .../sqoop/SqoopPolicyFileProviderBackend.java | 35 ---------------- .../policy/sqoop/SqoopPolicyTestUtil.java | 44 ++++++++++++++++++++ ...tSqoopAuthorizationProviderGeneralCases.java | 3 +- ...tSqoopAuthorizationProviderSpecialCases.java | 3 +- .../policy/sqoop/TestSqoopPolicyEngineDFS.java | 2 +- .../sqoop/TestSqoopPolicyEngineLocalFS.java | 3 +- .../policy/sqoop/TestSqoopPolicyNegative.java | 10 ++--- 35 files changed, 255 insertions(+), 193 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java index 0a1d0e8..e093b5c 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java @@ -39,6 +39,7 @@ import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.core.model.db.DBModelAction; import org.apache.sentry.core.model.db.DBModelAuthorizable; import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType; +import org.apache.sentry.core.model.db.HivePrivilegeModel; import org.apache.sentry.core.model.db.Server; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.cache.PrivilegeCache; @@ -216,12 +217,20 @@ public class HiveAuthzBinding { ProviderBackend providerBackend = (ProviderBackend) providerBackendConstructor. newInstance(new Object[] {authzConf, resourceName}); + // create backendContext + ProviderBackendContext context = new ProviderBackendContext(); + context.setAllowPerDatabase(true); + context.setValidators(HivePrivilegeModel.getInstance().getPrivilegeValidators(serverName)); + // initialize the backend with the context + providerBackend.initialize(context); + + // load the policy engine class Constructor<?> policyConstructor = - Class.forName(policyEngineName).getDeclaredConstructor(String.class, ProviderBackend.class); + Class.forName(policyEngineName).getDeclaredConstructor(ProviderBackend.class); policyConstructor.setAccessible(true); PolicyEngine policyEngine = (PolicyEngine) policyConstructor. - newInstance(new Object[] {serverName, providerBackend}); + newInstance(new Object[] {providerBackend}); // load the authz provider class @@ -251,10 +260,10 @@ public class HiveAuthzBinding { // load the policy engine class Constructor<?> policyConstructor = - Class.forName(policyEngineName).getDeclaredConstructor(String.class, ProviderBackend.class); + Class.forName(policyEngineName).getDeclaredConstructor(ProviderBackend.class); policyConstructor.setAccessible(true); PolicyEngine policyEngine = (PolicyEngine) policyConstructor. - newInstance(new Object[] {serverName, providerBackend}); + newInstance(new Object[] {providerBackend}); // load the authz provider class Constructor<?> constrctor = @@ -263,7 +272,6 @@ public class HiveAuthzBinding { return (AuthorizationProvider) constrctor.newInstance(new Object[] {resourceName, policyEngine}); } - /** * Validate the privilege for the given operation for the given subject * @param hiveOp http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java index 88148c4..ea14d44 100644 --- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java +++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java @@ -39,12 +39,14 @@ import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.search.Collection; import org.apache.sentry.core.model.search.SearchModelAction; +import org.apache.sentry.core.model.search.SearchPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationComponent; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.common.GroupMappingService; import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider; import org.apache.sentry.provider.common.ProviderBackend; +import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.db.generic.SentryGenericProviderBackend; import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory; @@ -130,6 +132,12 @@ public class SolrAuthzBinding { ((SentryGenericProviderBackend) providerBackend).setServiceName(serviceName); } + // Create backend context + ProviderBackendContext context = new ProviderBackendContext(); + context.setAllowPerDatabase(false); + context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators()); + providerBackend.initialize(context); + // load the policy engine class Constructor<?> policyConstructor = Class.forName(policyEngineName).getDeclaredConstructor(ProviderBackend.class); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java index 8456031..55d9eb9 100644 --- a/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java +++ b/sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/binding/SqoopAuthBinding.java @@ -29,10 +29,12 @@ import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.sqoop.Server; import org.apache.sentry.core.model.sqoop.SqoopActionConstant; import org.apache.sentry.core.model.sqoop.SqoopActionFactory; +import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationComponent; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.common.ProviderBackend; +import org.apache.sentry.provider.common.ProviderBackendContext; import org.apache.sentry.provider.db.generic.SentryGenericProviderBackend; import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory; @@ -110,12 +112,18 @@ public class SqoopAuthBinding { ((SentryGenericProviderBackend) providerBackend).setServiceName(serviceName); } + // Create backend context + ProviderBackendContext context = new ProviderBackendContext(); + context.setAllowPerDatabase(false); + context.setValidators(SqoopPrivilegeModel.getInstance().getPrivilegeValidators(serviceName)); + providerBackend.initialize(context); + //Instantiate the configured policyEngine Constructor<?> policyConstructor = - Class.forName(policyEngineName).getDeclaredConstructor(String.class, ProviderBackend.class); + Class.forName(policyEngineName).getDeclaredConstructor(ProviderBackend.class); policyConstructor.setAccessible(true); PolicyEngine policyEngine = - (PolicyEngine) policyConstructor.newInstance(new Object[] {sqoopServer.getName(), providerBackend}); + (PolicyEngine) policyConstructor.newInstance(new Object[] {providerBackend}); //Instantiate the configured authProvider Constructor<?> constrctor = http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java index ff483c1..b1f041b 100644 --- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java +++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/SimpleDBPolicyEngine.java @@ -21,11 +21,9 @@ import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.SentryConfigurationException; -import org.apache.sentry.core.model.db.HivePrivilegeModel; import org.apache.sentry.policy.common.PrivilegeFactory; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.ProviderBackend; -import org.apache.sentry.provider.common.ProviderBackendContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,12 +38,8 @@ public class SimpleDBPolicyEngine implements PolicyEngine { private final ProviderBackend providerBackend; - public SimpleDBPolicyEngine(String serverName, ProviderBackend providerBackend) { + public SimpleDBPolicyEngine(ProviderBackend providerBackend) { this.providerBackend = providerBackend; - ProviderBackendContext context = new ProviderBackendContext(); - context.setAllowPerDatabase(true); - context.setValidators(HivePrivilegeModel.getInstance().getPrivilegeValidators(serverName)); - this.providerBackend.initialize(context); } /** @@ -56,8 +50,6 @@ public class SimpleDBPolicyEngine implements PolicyEngine { return new DBWildcardPrivilege.DBWildcardPrivilegeFactory(); } - - @Override public ImmutableSet<String> getAllPrivileges(Set<String> groups, ActiveRoleSet roleSet) throws SentryConfigurationException { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyFileBackend.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyFileBackend.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyFileBackend.java deleted file mode 100644 index 9dc63e4..0000000 --- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyFileBackend.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.db; - -import java.io.IOException; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.provider.file.SimpleFileProviderBackend; - -public class DBPolicyFileBackend extends SimpleDBPolicyEngine { - public DBPolicyFileBackend(String server, String resource) throws IOException{ - super(server, new SimpleFileProviderBackend(new Configuration(), resource)); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyTestUtil.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyTestUtil.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyTestUtil.java new file mode 100644 index 0000000..c46df8f --- /dev/null +++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/DBPolicyTestUtil.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.policy.db; + +import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.core.model.db.HivePrivilegeModel; +import org.apache.sentry.policy.common.PolicyEngine; +import org.apache.sentry.provider.common.ProviderBackend; +import org.apache.sentry.provider.common.ProviderBackendContext; +import org.apache.sentry.provider.file.SimpleFileProviderBackend; + +import java.io.IOException; + +public class DBPolicyTestUtil { + + public static PolicyEngine createPolicyEngineForTest(String server, String resource) throws IOException { + + ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource); + + // create backendContext + ProviderBackendContext context = new ProviderBackendContext(); + context.setAllowPerDatabase(true); + context.setValidators(HivePrivilegeModel.getInstance().getPrivilegeValidators(server)); + // initialize the backend with the context + providerBackend.initialize(context); + + + return new SimpleDBPolicyEngine(providerBackend); + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestPolicyParsingNegative.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestPolicyParsingNegative.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestPolicyParsingNegative.java index 5f7c671..8bc511d 100644 --- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestPolicyParsingNegative.java +++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestPolicyParsingNegative.java @@ -72,7 +72,7 @@ public class TestPolicyParsingNegative { append("other_group = malicious_role", otherPolicyFile); append("[roles]", otherPolicyFile); append("malicious_role = server=server1->db=customers->table=purchases->action=select", otherPolicyFile); - PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } @@ -86,21 +86,21 @@ public class TestPolicyParsingNegative { policyFile.addGroupsToUser("admin1", "admin"); policyFile.write(globalPolicyFile); policyFile.write(otherPolicyFile); - policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath()); + policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); permissions = policy.getAllPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL); Assert.assertEquals(permissions.toString(), "[server=server1]"); // test to ensure [users] fails parsing of per-db file policyFile.addDatabase("other", otherPolicyFile.getPath()); policyFile.write(globalPolicyFile); policyFile.write(otherPolicyFile); - policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath()); + policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); permissions = policy.getAllPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL); Assert.assertEquals(permissions.toString(), "[server=server1]"); // test to ensure [databases] fails parsing of per-db file // by removing the user mapping from the per-db policy file policyFile.removeGroupsFromUser("admin1", "admin") .write(otherPolicyFile); - policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath()); + policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); permissions = policy.getAllPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL); Assert.assertEquals(permissions.toString(), "[server=server1]"); } @@ -113,7 +113,7 @@ public class TestPolicyParsingNegative { append("other_group = malicious_role", otherPolicyFile); append("[roles]", otherPolicyFile); append("malicious_role = server=server1", otherPolicyFile); - PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } @@ -124,7 +124,7 @@ public class TestPolicyParsingNegative { append("group = malicious_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("malicious_role = server=*", globalPolicyFile); - PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } @@ -135,7 +135,7 @@ public class TestPolicyParsingNegative { append("group = malicious_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("malicious_role = server=server2", globalPolicyFile); - PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } @@ -146,7 +146,7 @@ public class TestPolicyParsingNegative { append("group = malicious_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("malicious_role = *", globalPolicyFile); - PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } @@ -182,7 +182,7 @@ public class TestPolicyParsingNegative { append("[roles]", db2PolicyFile); append("db2_rule = server=server1->db=db2->table=purchases->action=select", db2PolicyFile); - PolicyEngine policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); // verify that the db1 rule is empty ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("db1_group"), ActiveRoleSet.ALL); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java index 53b83a5..2da4699 100644 --- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java +++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java @@ -91,7 +91,7 @@ public class TestResourceAuthorizationProviderGeneralCases { baseDir = Files.createTempDir(); PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini", "test-authz-provider-other-group.ini"); authzProvider = new HadoopGroupResourceAuthorizationProvider( - new DBPolicyFileBackend("server1", + DBPolicyTestUtil.createPolicyEngineForTest("server1", new File(baseDir, "test-authz-provider.ini").getPath()), new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP)); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java index 3ae901e..b166499 100644 --- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java +++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java @@ -32,6 +32,7 @@ import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.db.AccessURI; import org.apache.sentry.core.model.db.DBModelAction; import org.apache.sentry.core.model.db.Server; +import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFile; @@ -74,7 +75,7 @@ public class TestResourceAuthorizationProviderSpecialCases { .addPermissionsToRole("role1", true, "server=" + server1.getName() + "->uri=" + uri.getName(), "server=" + server1.getName() + "->uri=" + uri.getName()); policyFile.write(iniFile); - DBPolicyFileBackend policy = new DBPolicyFileBackend(server1.getName(), initResource); + PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest(server1.getName(), initResource); authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy); List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri); Assert.assertTrue(authorizableHierarchy.toString(), @@ -90,7 +91,7 @@ public class TestResourceAuthorizationProviderSpecialCases { .addRolesToGroup("group1", "role1") .addPermissionsToRole("role1", "server=" + server1.getName() + "->uri=" + uri.getName()); policyFile.write(iniFile); - DBPolicyFileBackend policy = new DBPolicyFileBackend(server1.getName(), initResource); + PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest(server1.getName(), initResource); authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy); // positive test List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java index f8c36e2..901e5bf 100644 --- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java +++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java @@ -27,6 +27,7 @@ import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; import org.apache.hadoop.hdfs.MiniDFSCluster; import org.apache.sentry.core.common.ActiveRoleSet; +import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.file.PolicyFile; import org.apache.sentry.provider.file.PolicyFiles; import org.junit.AfterClass; @@ -70,7 +71,7 @@ public class TestSimpleDBPolicyEngineDFS extends AbstractTestSimplePolicyEngine fileSystem.delete(etc, true); fileSystem.mkdirs(etc); PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini", "test-authz-provider-other-group.ini"); - setPolicy(new DBPolicyFileBackend("server1", + setPolicy(DBPolicyTestUtil.createPolicyEngineForTest("server1", new Path(etc, "test-authz-provider.ini").toString())); } @Override @@ -102,8 +103,8 @@ public class TestSimpleDBPolicyEngineDFS extends AbstractTestSimplePolicyEngine PolicyFiles.copyFilesToDir(fileSystem, etc, globalPolicyFile); PolicyFiles.copyFilesToDir(fileSystem, etc, dbPolicyFile); - DBPolicyFileBackend multiFSEngine = - new DBPolicyFileBackend("server1", globalPolicyFile.getPath()); + PolicyEngine multiFSEngine = + DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); Set<String> dbGroups = Sets.newHashSet(); dbGroups.add("group1"); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java index cb4e1a2..435e4d8 100644 --- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java +++ b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java @@ -32,7 +32,7 @@ public class TestSimpleDBPolicyEngineLocalFS extends AbstractTestSimplePolicyEng Assert.assertNotNull(baseDir); Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs()); PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini", "test-authz-provider-other-group.ini"); - setPolicy(new DBPolicyFileBackend("server1", + setPolicy(DBPolicyTestUtil.createPolicyEngineForTest("server1", new File(baseDir, "test-authz-provider.ini").getPath())); } @Override http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java index 514b88a..2ed6a6a 100644 --- a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java +++ b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java @@ -21,11 +21,9 @@ import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.SentryConfigurationException; -import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel; import org.apache.sentry.policy.common.PrivilegeFactory; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.ProviderBackend; -import org.apache.sentry.provider.common.ProviderBackendContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -43,10 +41,6 @@ public class SimpleIndexerPolicyEngine implements PolicyEngine { public SimpleIndexerPolicyEngine(ProviderBackend providerBackend) { this.providerBackend = providerBackend; - ProviderBackendContext context = new ProviderBackendContext(); - context.setAllowPerDatabase(false); - context.setValidators(IndexerPrivilegeModel.getInstance().getPrivilegeValidators()); - this.providerBackend.initialize(context); } /** http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java new file mode 100644 index 0000000..45d3400 --- /dev/null +++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.policy.indexer; + +import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel; +import org.apache.sentry.policy.common.PolicyEngine; +import org.apache.sentry.provider.common.ProviderBackend; +import org.apache.sentry.provider.common.ProviderBackendContext; +import org.apache.sentry.provider.file.SimpleFileProviderBackend; + +import java.io.IOException; + +public class IndexPolicyTestUtil { + + public static PolicyEngine createPolicyEngineForTest(String resource) throws IOException { + + ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource); + + // create backendContext + ProviderBackendContext context = new ProviderBackendContext(); + context.setAllowPerDatabase(false); + context.setValidators(IndexerPrivilegeModel.getInstance().getPrivilegeValidators()); + // initialize the backend with the context + providerBackend.initialize(context); + + + return new SimpleIndexerPolicyEngine(providerBackend); + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexerPolicyFileBackend.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexerPolicyFileBackend.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexerPolicyFileBackend.java deleted file mode 100644 index ba1b3ed..0000000 --- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexerPolicyFileBackend.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.indexer; - -import java.io.IOException; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.provider.file.SimpleFileProviderBackend; - -public class IndexerPolicyFileBackend extends SimpleIndexerPolicyEngine { - public IndexerPolicyFileBackend(String resource) throws IOException{ - super(new SimpleFileProviderBackend(new Configuration(), resource)); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java index 00c1b6d..2781bf9 100644 --- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java +++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java @@ -85,7 +85,7 @@ public class TestIndexerAuthorizationProviderGeneralCases { baseDir = Files.createTempDir(); PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini"); authzProvider = new HadoopGroupResourceAuthorizationProvider( - new IndexerPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath()), + IndexPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "test-authz-provider.ini").getPath()), new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP)); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java index 0765b92..3af9481 100644 --- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java +++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java @@ -31,6 +31,7 @@ import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.indexer.Indexer; import org.apache.sentry.core.model.indexer.IndexerModelAction; +import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFile; @@ -72,7 +73,7 @@ public class TestIndexerAuthorizationProviderSpecialCases { .addPermissionsToRole("role1", true, "indexer=" + indexer1.getName(), "indexer=" + indexer1.getName()); policyFile.write(iniFile); - IndexerPolicyFileBackend policy = new IndexerPolicyFileBackend(initResource); + PolicyEngine policy = IndexPolicyTestUtil.createPolicyEngineForTest(initResource); authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy); List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(indexer1); Assert.assertTrue(authorizableHierarchy.toString(), http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineDFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineDFS.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineDFS.java index f439430..0639082 100644 --- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineDFS.java +++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineDFS.java @@ -63,7 +63,7 @@ public class TestIndexerPolicyEngineDFS extends AbstractTestIndexerPolicyEngine fileSystem.delete(etc, true); fileSystem.mkdirs(etc); PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini"); - setPolicy(new IndexerPolicyFileBackend(new Path(etc, + setPolicy(IndexPolicyTestUtil.createPolicyEngineForTest(new Path(etc, "test-authz-provider.ini").toString())); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineLocalFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineLocalFS.java index 95cf2a6..94da6f7 100644 --- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineLocalFS.java +++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineLocalFS.java @@ -32,7 +32,7 @@ public class TestIndexerPolicyEngineLocalFS extends AbstractTestIndexerPolicyEng Assert.assertNotNull(baseDir); Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs()); PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini"); - setPolicy(new IndexerPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath())); + setPolicy(IndexPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "test-authz-provider.ini").getPath())); } @Override protected void beforeTeardown() throws IOException { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyNegative.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyNegative.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyNegative.java index 0706560..8117616 100644 --- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyNegative.java +++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyNegative.java @@ -72,7 +72,7 @@ public class TestIndexerPolicyNegative { append("other_group = some_role", otherPolicyFile); append("[roles]", otherPolicyFile); append("some_role = indexer=i1", otherPolicyFile); - IndexerPolicyFileBackend policy = new IndexerPolicyFileBackend(globalPolicyFile.getPath()); + PolicyEngine policy = IndexPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); Assert.assertEquals(Collections.emptySet(), policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL)); } @@ -83,7 +83,7 @@ public class TestIndexerPolicyNegative { append("group = some_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("some_role = action=read", globalPolicyFile); - PolicyEngine policy = new IndexerPolicyFileBackend(globalPolicyFile.getPath()); + PolicyEngine policy = IndexPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } @@ -94,7 +94,7 @@ public class TestIndexerPolicyNegative { append("group = malicious_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("malicious_role = indexer=*", globalPolicyFile); - PolicyEngine policy = new IndexerPolicyFileBackend(globalPolicyFile.getPath()); + PolicyEngine policy = IndexPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java index 11db0e6..cde0e7a 100644 --- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java +++ b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java @@ -21,11 +21,9 @@ import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.SentryConfigurationException; -import org.apache.sentry.core.model.search.SearchPrivilegeModel; import org.apache.sentry.policy.common.PrivilegeFactory; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.ProviderBackend; -import org.apache.sentry.provider.common.ProviderBackendContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -43,10 +41,6 @@ public class SimpleSearchPolicyEngine implements PolicyEngine { public SimpleSearchPolicyEngine(ProviderBackend providerBackend) { this.providerBackend = providerBackend; - ProviderBackendContext context = new ProviderBackendContext(); - context.setAllowPerDatabase(false); - context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators()); - this.providerBackend.initialize(context); } /** http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java deleted file mode 100644 index be23e15..0000000 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.search; - -import java.io.IOException; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.provider.file.SimpleFileProviderBackend; - -public class SearchPolicyFileBackend extends SimpleSearchPolicyEngine { - public SearchPolicyFileBackend(String resource) throws IOException{ - super(new SimpleFileProviderBackend(new Configuration(), resource)); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyTestUtil.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyTestUtil.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyTestUtil.java new file mode 100644 index 0000000..0f76050 --- /dev/null +++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyTestUtil.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.policy.search; + +import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.core.model.search.SearchPrivilegeModel; +import org.apache.sentry.policy.common.PolicyEngine; +import org.apache.sentry.provider.common.ProviderBackend; +import org.apache.sentry.provider.common.ProviderBackendContext; +import org.apache.sentry.provider.file.SimpleFileProviderBackend; + +import java.io.IOException; + +public class SearchPolicyTestUtil { + + public static PolicyEngine createPolicyEngineForTest(String resource) throws IOException { + + ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource); + + // create backendContext + ProviderBackendContext context = new ProviderBackendContext(); + context.setAllowPerDatabase(false); + context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators()); + // initialize the backend with the context + providerBackend.initialize(context); + + + return new SimpleSearchPolicyEngine(providerBackend); + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java index 52a9021..c9c8330 100644 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java +++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java @@ -84,7 +84,7 @@ public class TestSearchAuthorizationProviderGeneralCases { baseDir = Files.createTempDir(); PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini"); authzProvider = new HadoopGroupResourceAuthorizationProvider( - new SearchPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath()), + SearchPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "test-authz-provider.ini").getPath()), new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP)); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java index 801a702..b3a68a7 100644 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java +++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java @@ -31,6 +31,7 @@ import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.Subject; import org.apache.sentry.core.model.search.Collection; import org.apache.sentry.core.model.search.SearchModelAction; +import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFile; @@ -72,7 +73,7 @@ public class TestSearchAuthorizationProviderSpecialCases { .addPermissionsToRole("role1", true, "collection=" + collection1.getName(), "collection=" + collection1.getName()); policyFile.write(iniFile); - SearchPolicyFileBackend policy = new SearchPolicyFileBackend(initResource); + PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(initResource); authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy); List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(collection1); Assert.assertTrue(authorizableHierarchy.toString(), http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java index 735935e..292685b 100644 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java +++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java @@ -63,7 +63,7 @@ public class TestSearchPolicyEngineDFS extends AbstractTestSearchPolicyEngine { fileSystem.delete(etc, true); fileSystem.mkdirs(etc); PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini"); - setPolicy(new SearchPolicyFileBackend(new Path(etc, + setPolicy(SearchPolicyTestUtil.createPolicyEngineForTest(new Path(etc, "test-authz-provider.ini").toString())); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java index 77048cf..9d34460 100644 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java +++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java @@ -32,7 +32,7 @@ public class TestSearchPolicyEngineLocalFS extends AbstractTestSearchPolicyEngin Assert.assertNotNull(baseDir); Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs()); PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini"); - setPolicy(new SearchPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath())); + setPolicy(SearchPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "test-authz-provider.ini").getPath())); } @Override protected void beforeTeardown() throws IOException { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java index 2abe8f2..9155dad 100644 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java +++ b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java @@ -72,7 +72,7 @@ public class TestSearchPolicyNegative { append("other_group = some_role", otherPolicyFile); append("[roles]", otherPolicyFile); append("some_role = collection=c1", otherPolicyFile); - SearchPolicyFileBackend policy = new SearchPolicyFileBackend(globalPolicyFile.getPath()); + PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); Assert.assertEquals(Collections.emptySet(), policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL)); } @@ -83,7 +83,7 @@ public class TestSearchPolicyNegative { append("group = some_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("some_role = action=query", globalPolicyFile); - PolicyEngine policy = new SearchPolicyFileBackend(globalPolicyFile.getPath()); + PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } @@ -94,7 +94,7 @@ public class TestSearchPolicyNegative { append("group = malicious_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("malicious_role = collection=*", globalPolicyFile); - PolicyEngine policy = new SearchPolicyFileBackend(globalPolicyFile.getPath()); + PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java index 603295c..33f6c77 100644 --- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java +++ b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java @@ -21,11 +21,9 @@ import java.util.Set; import org.apache.sentry.core.common.ActiveRoleSet; import org.apache.sentry.core.common.Authorizable; import org.apache.sentry.core.common.SentryConfigurationException; -import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.policy.common.PrivilegeFactory; import org.apache.sentry.provider.common.ProviderBackend; -import org.apache.sentry.provider.common.ProviderBackendContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -35,12 +33,8 @@ public class SimpleSqoopPolicyEngine implements PolicyEngine { private static final Logger LOGGER = LoggerFactory.getLogger(SimpleSqoopPolicyEngine.class); private final ProviderBackend providerBackend; - public SimpleSqoopPolicyEngine(String sqoopServerName, ProviderBackend providerBackend) { + public SimpleSqoopPolicyEngine(ProviderBackend providerBackend) { this.providerBackend = providerBackend; - ProviderBackendContext context = new ProviderBackendContext(); - context.setAllowPerDatabase(false); - context.setValidators(SqoopPrivilegeModel.getInstance().getPrivilegeValidators(sqoopServerName)); - this.providerBackend.initialize(context); } @Override public PrivilegeFactory getPrivilegeFactory() { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyFileProviderBackend.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyFileProviderBackend.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyFileProviderBackend.java deleted file mode 100644 index 5da63a3..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyFileProviderBackend.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.sqoop; - -import java.io.IOException; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.provider.file.SimpleFileProviderBackend; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class SqoopPolicyFileProviderBackend extends SimpleSqoopPolicyEngine { - private static final Logger LOGGER = LoggerFactory.getLogger(SqoopPolicyFileProviderBackend.class); - public SqoopPolicyFileProviderBackend(String sqoopServerName, - String resource) throws IOException { - super(sqoopServerName, new SimpleFileProviderBackend(new Configuration(), resource)); - LOGGER.warn("The DB providerbackend is the preferred option over file providerbackend as the sqoop policy engine"); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java new file mode 100644 index 0000000..a76554e --- /dev/null +++ b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.policy.sqoop; + +import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; +import org.apache.sentry.policy.common.PolicyEngine; +import org.apache.sentry.provider.common.ProviderBackend; +import org.apache.sentry.provider.common.ProviderBackendContext; +import org.apache.sentry.provider.file.SimpleFileProviderBackend; + +import java.io.IOException; + +public class SqoopPolicyTestUtil { + + public static PolicyEngine createPolicyEngineForTest(String server, String resource) throws IOException { + + ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource); + + // create backendContext + ProviderBackendContext context = new ProviderBackendContext(); + context.setAllowPerDatabase(false); + context.setValidators(SqoopPrivilegeModel.getInstance().getPrivilegeValidators(server)); + // initialize the backend with the context + providerBackend.initialize(context); + + + return new SimpleSqoopPolicyEngine(providerBackend); + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java index e59164d..1e97b62 100644 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java +++ b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java @@ -98,7 +98,8 @@ public class TestSqoopAuthorizationProviderGeneralCases { baseDir = Files.createTempDir(); PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini"); authzProvider = new HadoopGroupResourceAuthorizationProvider( - new SqoopPolicyFileProviderBackend(server1.getName(), new File(baseDir, "test-authz-provider.ini").getPath()), + SqoopPolicyTestUtil.createPolicyEngineForTest(server1.getName(), + new File(baseDir, "test-authz-provider.ini").getPath()), new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP)); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java index 2198c7b..99eaf18 100644 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java +++ b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java @@ -34,6 +34,7 @@ import org.apache.sentry.core.model.sqoop.Connector; import org.apache.sentry.core.model.sqoop.Server; import org.apache.sentry.core.model.sqoop.SqoopActionConstant; import org.apache.sentry.core.model.sqoop.SqoopActionFactory.SqoopAction; +import org.apache.sentry.policy.common.PolicyEngine; import org.apache.sentry.provider.common.AuthorizationProvider; import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; import org.apache.sentry.provider.file.PolicyFile; @@ -77,7 +78,7 @@ public class TestSqoopAuthorizationProviderSpecialCases { .addPermissionsToRole("role1", true, "server=server1->connector=c1->action=read", "server=server1->connector=c1->action=read"); policyFile.write(iniFile); - SqoopPolicyFileProviderBackend policy = new SqoopPolicyFileProviderBackend(server1.getName(), initResource); + PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest(server1.getName(), initResource); authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy); List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, connector1); Assert.assertTrue(authorizableHierarchy.toString(), http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java index 676262e..9611ad8 100644 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java +++ b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java @@ -64,7 +64,7 @@ public class TestSqoopPolicyEngineDFS extends AbstractTestSqoopPolicyEngine { fileSystem.delete(etc, true); fileSystem.mkdirs(etc); PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini"); - setPolicy(new SqoopPolicyFileProviderBackend(sqoopServerName, new Path(etc, + setPolicy(SqoopPolicyTestUtil.createPolicyEngineForTest(sqoopServerName, new Path(etc, "test-authz-provider.ini").toString())); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java index 554c580..a4a874b 100644 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java +++ b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java @@ -33,7 +33,8 @@ public class TestSqoopPolicyEngineLocalFS extends AbstractTestSqoopPolicyEngine Assert.assertNotNull(baseDir); Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs()); PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini"); - setPolicy(new SqoopPolicyFileProviderBackend(sqoopServerName, new File(baseDir, "test-authz-provider.ini").getPath())); + setPolicy(SqoopPolicyTestUtil.createPolicyEngineForTest(sqoopServerName, + new File(baseDir, "test-authz-provider.ini").getPath())); } @Override protected void beforeTeardown() throws IOException { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fbb90609/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java index 406e53f..646a3c8 100644 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java +++ b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java @@ -66,7 +66,7 @@ public class TestSqoopPolicyNegative { append("other_group = other_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("other_role = server=server1->connector=c1->action=read, server=server1->link=l1->action=read", globalPolicyFile); - PolicyEngine policy = new SqoopPolicyFileProviderBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); //malicious_group has no privilege ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("malicious_group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); @@ -81,7 +81,7 @@ public class TestSqoopPolicyNegative { append("other_group = malicious_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("malicious_role = connector=c1->action=read,link=l1->action=read", globalPolicyFile); - PolicyEngine policy = new SqoopPolicyFileProviderBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } @@ -92,7 +92,7 @@ public class TestSqoopPolicyNegative { append("group = malicious_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("malicious_role = server=*", globalPolicyFile); - PolicyEngine policy = new SqoopPolicyFileProviderBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } @@ -103,7 +103,7 @@ public class TestSqoopPolicyNegative { append("group = malicious_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("malicious_role = server=server2", globalPolicyFile); - PolicyEngine policy = new SqoopPolicyFileProviderBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); } @@ -114,7 +114,7 @@ public class TestSqoopPolicyNegative { append("group = malicious_role", globalPolicyFile); append("[roles]", globalPolicyFile); append("malicious_role = *", globalPolicyFile); - PolicyEngine policy = new SqoopPolicyFileProviderBackend("server1", globalPolicyFile.getPath()); + PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); Assert.assertTrue(permissions.toString(), permissions.isEmpty()); }