Mailing-List: contact commits-help@hawq.incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@hawq.incubator.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: espino@apache.org
To: commits@hawq.incubator.apache.org
Date: Fri, 03 Feb 2017 09:00:33 -0000
Message-Id: <95ad9cf4556b426fba27930bb6bebaf5@git.apache.org>
In-Reply-To: <40325a477040484aa0872e11ff2aa29a@git.apache.org>
References: <40325a477040484aa0872e11ff2aa29a@git.apache.org>
Subject: [31/50] [abbrv] incubator-hawq git commit: HAWQ-1203. Ranger Plugin
 Service Implementation. (with contributions by Lav Jain and Leslie Chang)
 (close #1092)
archived-at: Fri, 03 Feb 2017 09:00:27 -0000

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSchemasTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSchemasTest.java b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSchemasTest.java
new file mode 100644
index 0000000..94372aa
--- /dev/null
+++ b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSchemasTest.java
@@ -0,0 +1,126 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific schema governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.admin;
+
+import com.google.common.collect.Sets;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.List;
+import java.util.Set;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Arrays;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class ListSchemasTest extends LookupTestBase {
+
+    private static final Set<String> DEFAULT_SCHEMAS = Sets.newHashSet("public");
+    private static final Set<String> EAST_SCHEMAS = Sets.newHashSet("common", "japan", "public");
+    private static final Set<String> WEST_SCHEMAS = Sets.newHashSet("common", "france", "jamaica", "public");
+    private static final Set<String> ALL_SCHEMAS = Sets.newHashSet("common", "japan", "france", "jamaica", "public");
+
+    private Map<String, List<String>> resources;
+
+    @Before
+    public void setUp() {
+        resources = new HashMap<>();
+    }
+
+    @Test
+    public void testListSchema_NoResources() throws Exception {
+        resources.put("database", Arrays.asList("noschema_db"));
+        List<String> result = service.lookupResource(getContext("schema", "*", resources));
+        assertEquals(DEFAULT_SCHEMAS.size(), result.size());
+        assertEquals(DEFAULT_SCHEMAS, Sets.newHashSet(result));
+    }
+
+    @Test
+    public void testListSchemas_SingleDb_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        List<String> result = service.lookupResource(getContext("schema", "*", resources));
+        assertEquals(EAST_SCHEMAS.size(), result.size());
+        assertEquals(EAST_SCHEMAS, Sets.newHashSet(result));
+    }
+
+    @Test
+    public void testListSchemas_TwoDb_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        List<String> result = service.lookupResource(getContext("schema", "*", resources));
+        assertEquals(ALL_SCHEMAS.size(), result.size());
+        assertEquals(ALL_SCHEMAS, Sets.newHashSet(result));
+    }
+
+    @Test
+    public void testListSchemas_AllDb_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("schema", "*", resources));
+        assertEquals(ALL_SCHEMAS.size(), result.size());
+        assertEquals(ALL_SCHEMAS, Sets.newHashSet(result));
+    }
+
+    @Test
+    public void testListSchemas_SingleDb_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        List<String> result = service.lookupResource(getContext("schema", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSchemas_TwoDb_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        List<String> result = service.lookupResource(getContext("schema", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSchemas_AllDb_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("schema", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSchemas_SingleDb_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        List<String> result = service.lookupResource(getContext("schema", "ja", resources));
+        assertEquals(1, result.size());
+        assertEquals("japan", result.get(0));
+    }
+
+    @Test
+    public void testListSchemas_TwoDb_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        List<String> result = service.lookupResource(getContext("schema", "ja", resources));
+        assertEquals(2, result.size());
+        assertEquals(Sets.newHashSet("japan", "jamaica"), Sets.newHashSet(result));
+    }
+
+    @Test
+    public void testListSchemas_AllDb_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("schema", "ja", resources));
+        assertEquals(2, result.size());
+        assertEquals(Sets.newHashSet("japan", "jamaica"), Sets.newHashSet(result));
+    }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSequencesTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSequencesTest.java b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSequencesTest.java
new file mode 100644
index 0000000..0c601c2
--- /dev/null
+++ b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSequencesTest.java
@@ -0,0 +1,250 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific schema governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.admin;
+
+import com.google.common.collect.Sets;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.List;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Arrays;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class ListSequencesTest extends LookupTestBase {
+
+    private Map<String, List<String>> resources;
+
+    @Before
+    public void setUp() {
+        resources = new HashMap<>();
+    }
+
+    @Test
+    public void testListSequences_NoSchemaDb_AllSchemas_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("noschema_db"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "*", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSequences_SingleDb_SingleSchema_AllFilter_NoSequences() throws Exception {
+        resources.put("database", Arrays.asList("west"));
+        resources.put("schema", Arrays.asList("jamaica"));
+        List<String> result = service.lookupResource(getContext("sequence", "*", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSequences_SingleDb_SingleSchema_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("sequence", "*", resources));
+        assertEquals(2, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sake")));
+    }
+
+    @Test
+    public void testListSequences_SingleDb_TwoSchemas_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("common", "japan"));
+        List<String> result = service.lookupResource(getContext("sequence", "*", resources));
+        assertEquals(3, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sprite", "sake")));
+    }
+
+    @Test
+    public void testListSequences_SingleDb_AllSchemas_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "*", resources));
+        assertEquals(3, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sprite", "sake")));
+    }
+
+    @Test
+    public void testListSequences_TwoDb_CommonSchema_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("common"));
+        List<String> result = service.lookupResource(getContext("sequence", "*", resources));
+        assertEquals(2, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sprite")));
+    }
+
+    @Test
+    public void testListSequences_TwoDb_SingleSchema_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("sequence", "*", resources));
+        assertEquals(2, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sake")));
+    }
+
+    @Test
+    public void testListSequences_TwoDb_AllSchemas_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "*", resources));
+        assertEquals(4, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sprite", "sake", "scotch")));
+    }
+
+    @Test
+    public void testListSequences_AllDb_AllSchemas_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("*"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "*", resources));
+        assertEquals(4, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sprite", "sake", "scotch")));
+    }
+
+    @Test
+    public void testListSequences_SingleDb_SingleSchema_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("sequence", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSequences_SingleDb_TwoSchemas_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("common", "japan"));
+        List<String> result = service.lookupResource(getContext("sequence", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSequences_SingleDb_AllSchemas_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSequences_TwoDbs_CommonSchema_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("common"));
+        List<String> result = service.lookupResource(getContext("sequence", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSequences_TwoDbs_SingleSchema_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("sequence", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSequences_TwoDbs_AllSchemas_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSequences_AllDbs_AllSchemas_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("*"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListSequences_SingleDb_SingleSchema_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("sequence", "s", resources));
+        assertEquals(1, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sake")));
+    }
+
+    @Test
+    public void testListSequences_SingleDb_TwoSchemas_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("common", "japan"));
+        List<String> result = service.lookupResource(getContext("sequence", "s", resources));
+        assertEquals(2, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sprite", "sake")));
+    }
+
+    @Test
+    public void testListSequences_SingleDb_AllSchemas_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "s", resources));
+        assertEquals(2, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sprite", "sake")));
+    }
+
+    @Test
+    public void testListSequences_SingleDb_AllSchemas_FilteredPresent2() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "w", resources));
+        assertEquals(1, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water")));
+    }
+
+    @Test
+    public void testListSequences_TwoDbs_CommonSchema_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("common"));
+        List<String> result = service.lookupResource(getContext("sequence", "w", resources));
+        assertEquals(1, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water")));
+    }
+
+    @Test
+    public void testListSequences_TwoDbs_SingleSchema_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("sequence", "s", resources));
+        assertEquals(1, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sake")));
+    }
+
+    @Test
+    public void testListSequences_TwoDbs_AllSchemas_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "s", resources));
+        assertEquals(3, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sprite", "sake", "scotch")));
+    }
+
+    @Test
+    public void testListSequences_AllDbs_AllSchemas_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("*"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("sequence", "s", resources));
+        assertEquals(3, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sprite", "sake", "scotch")));
+    }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablesTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablesTest.java b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablesTest.java
new file mode 100644
index 0000000..1360cac
--- /dev/null
+++ b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablesTest.java
@@ -0,0 +1,250 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific schema governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.admin;
+
+import com.google.common.collect.Sets;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.List;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Arrays;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class ListTablesTest extends LookupTestBase {
+
+    private Map<String, List<String>> resources;
+
+    @Before
+    public void setUp() {
+        resources = new HashMap<>();
+    }
+
+    @Test
+    public void testListTables_NoSchemaDb_AllSchemas_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("noschema_db"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "*", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListTables_SingleDb_SingleSchema_AllFilter_NoTables() throws Exception {
+        resources.put("database", Arrays.asList("west"));
+        resources.put("schema", Arrays.asList("jamaica"));
+        List<String> result = service.lookupResource(getContext("table", "*", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListTables_SingleDb_SingleSchema_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("table", "*", resources));
+        assertEquals(2, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "sushi")));
+    }
+
+    @Test
+    public void testListTables_SingleDb_TwoSchemas_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("common", "japan"));
+        List<String> result = service.lookupResource(getContext("table", "*", resources));
+        assertEquals(3, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "soup", "sushi")));
+    }
+
+    @Test
+    public void testListTables_SingleDb_AllSchemas_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "*", resources));
+        assertEquals(3, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "soup", "sushi")));
+    }
+
+    @Test
+    public void testListTables_TwoDb_CommonSchema_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("common"));
+        List<String> result = service.lookupResource(getContext("table", "*", resources));
+        assertEquals(2, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "soup")));
+    }
+
+    @Test
+    public void testListTables_TwoDb_SingleSchema_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("table", "*", resources));
+        assertEquals(2, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "sushi")));
+    }
+
+    @Test
+    public void testListTables_TwoDb_AllSchemas_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "*", resources));
+        assertEquals(4, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "soup", "sushi", "stew")));
+    }
+
+    @Test
+    public void testListTables_AllDb_AllSchemas_AllFilter() throws Exception {
+        resources.put("database", Arrays.asList("*"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "*", resources));
+        assertEquals(4, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "soup", "sushi", "stew")));
+    }
+
+    @Test
+    public void testListTables_SingleDb_SingleSchema_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("table", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListTables_SingleDb_TwoSchemas_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("common", "japan"));
+        List<String> result = service.lookupResource(getContext("table", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListTables_SingleDb_AllSchemas_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListTables_TwoDbs_CommonSchema_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("common"));
+        List<String> result = service.lookupResource(getContext("table", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListTables_TwoDbs_SingleSchema_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("table", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListTables_TwoDbs_AllSchemas_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListTables_AllDbs_AllSchemas_FilteredAbsent() throws Exception {
+        resources.put("database", Arrays.asList("*"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "z", resources));
+        assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testListTables_SingleDb_SingleSchema_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("table", "s", resources));
+        assertEquals(1, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sushi")));
+    }
+
+    @Test
+    public void testListTables_SingleDb_TwoSchemas_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("common", "japan"));
+        List<String> result = service.lookupResource(getContext("table", "s", resources));
+        assertEquals(2, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("soup", "sushi")));
+    }
+
+    @Test
+    public void testListTables_SingleDb_AllSchemas_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "s", resources));
+        assertEquals(2, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("soup", "sushi")));
+    }
+
+    @Test
+    public void testListTables_SingleDb_AllSchemas_FilteredPresent2() throws Exception {
+        resources.put("database", Arrays.asList("east"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "r", resources));
+        assertEquals(1, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice")));
+    }
+
+    @Test
+    public void testListTables_TwoDbs_CommonSchema_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("common"));
+        List<String> result = service.lookupResource(getContext("table", "r", resources));
+        assertEquals(1, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice")));
+    }
+
+    @Test
+    public void testListTables_TwoDbs_SingleSchema_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("japan"));
+        List<String> result = service.lookupResource(getContext("table", "s", resources));
+        assertEquals(1, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sushi")));
+    }
+
+    @Test
+    public void testListTables_TwoDbs_AllSchemas_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("east", "west"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "s", resources));
+        assertEquals(3, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("soup", "sushi", "stew")));
+    }
+
+    @Test
+    public void testListTables_AllDbs_AllSchemas_FilteredPresent() throws Exception {
+        resources.put("database", Arrays.asList("*"));
+        resources.put("schema", Arrays.asList("*"));
+        List<String> result = service.lookupResource(getContext("table", "s", resources));
+        assertEquals(3, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("soup", "sushi", "stew")));
+    }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablespacesTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablespacesTest.java b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablespacesTest.java
new file mode 100644
index 0000000..65048db
--- /dev/null
+++ b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablespacesTest.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.admin;
+
+import com.google.common.collect.Sets;
+import org.junit.Test;
+
+import java.util.List;
+import java.util.Set;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class ListTablespacesTest extends LookupTestBase {
+
+    private static final Set<String> TABLESPACES = Sets.newHashSet("pg_default", "pg_global", "dfs_default");
+
+    @Test
+    public void testListTablespace_All() throws Exception {
+        List<String> result = service.lookupResource(getContext("tablespace", "*"));
+        assertEquals(3, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet(TABLESPACES)));
+    }
+
+    @Test
+    public void testListTablespace_FilteredPresent() throws Exception {
+        List<String> result = service.lookupResource(getContext("tablespace", "pg_d"));
+        assertEquals(1, result.size());
+        assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("pg_default")));
+    }
+
+    @Test
+    public void testListTablespace_FilteredAbsent() throws Exception {
+        List<String> result = service.lookupResource(getContext("tablespace", "z"));
+        assertTrue(result.isEmpty());
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/LookupTestBase.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/LookupTestBase.java b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/LookupTestBase.java
new file mode 100644
index 0000000..25265f3
--- /dev/null
+++ b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/LookupTestBase.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.admin;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hawq.ranger.service.RangerServiceHawq;
+import org.apache.ranger.plugin.service.ResourceLookupContext;
+import org.junit.Before;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public abstract class LookupTestBase {
+
+    protected static final Log LOG = LogFactory.getLog(LookupTestBase.class);
+    protected RangerServiceHawq service;
+
+    @Before
+    public void setup() {
+        Map<String, String> configs = new HashMap<>();
+        configs = new HashMap<>();
+        configs.put("username", "gpadmin");
+        configs.put("password", "dQSF8ViAE4/I38xmFwJfCg==");
+        configs.put("hostname", "localhost");
+        configs.put("port", "5432");
+        configs.put("jdbc.driverClassName", "org.postgresql.Driver");
+
+        service = new RangerServiceHawq();
+        service.setServiceName("hawq");
+        service.setServiceType("hawq");
+        service.setConfigs(configs);
+    }
+
+    protected ResourceLookupContext getContext(String resourceName, String userInput) {
+        ResourceLookupContext context = new ResourceLookupContext();
+        context.setResourceName(resourceName);
+        context.setUserInput(userInput);
+        return context;
+    }
+
+    protected ResourceLookupContext getContext(String resourceName, String userInput, Map<String, List<String>> resources) {
+        ResourceLookupContext context = getContext(resourceName, userInput);
+        context.setResources(resources);
+        return context;
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/resources/admin-tests-ddl.sql
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/admin/src/test/resources/admin-tests-ddl.sql b/ranger-plugin/integration/admin/src/test/resources/admin-tests-ddl.sql
new file mode 100644
index 0000000..d9e7fcc
--- /dev/null
+++ b/ranger-plugin/integration/admin/src/test/resources/admin-tests-ddl.sql
@@ -0,0 +1,61 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements.  See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership.  The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License.  You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied.  See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+
+-- EAST Database and its objects
+DROP DATABASE IF EXISTS east;
+CREATE DATABASE east;
+\c east;
+CREATE SCHEMA common;
+CREATE TABLE common.rice (id integer);
+CREATE TABLE common.soup (id integer);
+CREATE SEQUENCE common.water;
+CREATE SEQUENCE common.sprite;
+CREATE FUNCTION common.eat(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL;
+CREATE FUNCTION common.sleep(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL;
+CREATE SCHEMA japan;
+CREATE TABLE japan.rice (id integer);
+CREATE TABLE japan.sushi (id integer);
+CREATE SEQUENCE japan.water;
+CREATE SEQUENCE japan.sake;
+CREATE FUNCTION japan.eat(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL;
+CREATE FUNCTION japan.stand(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL;
+CREATE LANGUAGE langdbeast HANDLER plpgsql_call_handler;
+
+-- WEST Database and its objects
+DROP DATABASE IF EXISTS west;
+CREATE DATABASE west;
+\c west;
+CREATE SCHEMA common;
+CREATE TABLE common.rice (id integer);
+CREATE TABLE common.soup (id integer);
+CREATE SEQUENCE common.water;
+CREATE SEQUENCE common.sprite;
+CREATE FUNCTION common.eat(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL;
+CREATE FUNCTION common.sleep(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL;
+CREATE SCHEMA france;
+CREATE TABLE france.rice (id integer);
+CREATE TABLE france.stew (id integer);
+CREATE SEQUENCE france.water;
+CREATE SEQUENCE france.scotch;
+CREATE FUNCTION france.eat(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL;
+CREATE FUNCTION france.smile(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL;
+CREATE LANGUAGE langdbwest HANDLER plpgsql_call_handler;
+CREATE SCHEMA jamaica;
+
+-- Database without an explicit schema
+DROP DATABASE IF EXISTS noschema_db;
+CREATE DATABASE noschema_db;
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/admin/src/test/resources/log4j.properties b/ranger-plugin/integration/admin/src/test/resources/log4j.properties
new file mode 100644
index 0000000..903f0b6
--- /dev/null
+++ b/ranger-plugin/integration/admin/src/test/resources/log4j.properties
@@ -0,0 +1,34 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+##-- To prevent junits from cluttering the build run by default all test runs send output to null appender
+log4j.appender.devnull=org.apache.log4j.varia.NullAppender
+#hawq.ranger.root.logger=FATAL,devnull
+
+##-- uncomment the following line during during development/debugging so see debug messages during test run to be emitted to console
+hawq.ranger.root.logger=DEBUG,console
+log4j.rootLogger=${hawq.ranger.root.logger}
+
+# Logging Threshold
+log4j.threshold=ALL
+
+#
+# console
+# Add "console" to rootlogger above if you want to use this
+#
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/pom.xml b/ranger-plugin/integration/pom.xml
new file mode 100644
index 0000000..b6aac80
--- /dev/null
+++ b/ranger-plugin/integration/pom.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.apache.hawq</groupId>
+    <artifactId>ranger-plugin-integration</artifactId>
+    <packaging>pom</packaging>
+    <name>HAWQ Ranger Plugin - Integration Tests</name>
+    <description>HAWQ Ranger Plugin - Integration Tests</description>
+
+    <parent>
+        <groupId>org.apache.hawq</groupId>
+        <artifactId>ranger-plugin</artifactId>
+        <version>2.1.0.0</version>
+        <relativePath>..</relativePath>
+    </parent>
+
+    <modules>
+        <module>admin</module>
+        <module>service</module>
+    </modules>
+
+    <properties>
+        <jackson.version>1.9</jackson.version>
+    </properties>
+
+    <build>
+        <testResources>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <includes>
+                    <include>**/*</include>
+                </includes>
+                <filtering>true</filtering>
+            </testResource>
+        </testResources>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>1.7</source>
+                    <target>1.7</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/pom.xml b/ranger-plugin/integration/service/pom.xml
new file mode 100644
index 0000000..34ade8d
--- /dev/null
+++ b/ranger-plugin/integration/service/pom.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.apache.hawq</groupId>
+    <artifactId>ranger-plugin-integration-service</artifactId>
+    <packaging>jar</packaging>
+    <name>HAWQ Ranger Plugin - Integration Tests</name>
+    <description>HAWQ Ranger Plugin - Integration Tests</description>
+
+    <parent>
+        <groupId>org.apache.hawq</groupId>
+        <artifactId>ranger-plugin-integration</artifactId>
+        <version>2.1.0.0</version>
+        <relativePath>..</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>1.3.2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <version>4.5.2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.jackson</groupId>
+            <artifactId>jackson-mapper-asl</artifactId>
+            <version>1.9.13</version>
+        </dependency>
+
+        <!-- Test Dependencies -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+        </dependency>
+    </dependencies>
+
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java
new file mode 100644
index 0000000..451a289
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.service.tests;
+
+import org.junit.Test;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+public class DatabaseTest extends ServiceBaseTest {
+
+    private static final List<String> PRIVILEGES = Arrays.asList("connect", "temp");
+
+    public void beforeTest()
+            throws IOException {
+        createPolicy("test-database.json");
+        resources.put("database", "sirotan");
+    }
+
+    @Test
+    public void testDatabases_UserMaria_SirotanDb_Allowed()
+            throws IOException {
+        assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testDatabases_UserMaria_DoesNotExistDb_Denied()
+            throws IOException {
+        resources.put("database", "doesnotexist");
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testDatabases_UserBob_SirotanDb_Denied()
+            throws IOException {
+        assertFalse(hasAccess("bob", resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testDatabases_UserMaria_SirotanDb_Denied()
+            throws IOException {
+        deletePolicy();
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java
new file mode 100644
index 0000000..1253c38
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.service.tests;
+
+import org.junit.Test;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+public class FunctionTest extends ServiceBaseTest {
+
+    private static final List<String> PRIVILEGES = Arrays.asList("execute");
+
+    public void beforeTest()
+            throws IOException {
+        createPolicy("test-function.json");
+        resources.put("database", "sirotan");
+        resources.put("schema", "siroschema");
+        resources.put("function", "atan");
+    }
+
+    @Test
+    public void testFunctions_UserMaria_SirotanDb_AtanFunction_Allowed()
+            throws IOException {
+        assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testFunctions_UserMaria_OtherDb_AtanFunction_Denied()
+            throws IOException {
+        resources.put("database", "other");
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testFunctions_UserMaria_SirotanDb_DoesNotExistFunction_Denied()
+            throws IOException {
+        resources.put("function", "doesnotexist");
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testFunctions_UserBob_SirotanDb_AtanFunction_Denied()
+            throws IOException {
+        assertFalse(hasAccess("bob", resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testFunctions_UserMaria_SirotanDb_AtanFunction_Denied()
+            throws IOException {
+        deletePolicy();
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testFunctions_UserMaria_DoesNotExistDb_AtanFunction_Denied()
+            throws IOException {
+        resources.put("database", "doesnotexist");
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testFunctions_UserMaria_SirotanDb_AtanFunction_Policy2_Allowed()
+            throws IOException {
+        deletePolicy();
+        createPolicy("test-function-2.json");
+        assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java
new file mode 100644
index 0000000..6eedb08
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.service.tests;
+
+import org.junit.Test;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+public class LanguageTest extends ServiceBaseTest {
+
+    private static final List<String> PRIVILEGES = Arrays.asList("usage");
+
+    public void beforeTest()
+            throws IOException {
+        createPolicy("test-language.json");
+        resources.put("database", "sirotan");
+        resources.put("language", "sql");
+    }
+
+    @Test
+    public void testLanguages_UserMaria_SirotanDb_SqlLanguage_Allowed()
+            throws IOException {
+        assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testLanguages_UserMaria_SirotanDb_DoesNotExistLanguage_Denied()
+            throws IOException {
+        resources.put("language", "doesnotexist");
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testLanguages_UserBob_SirotanDb_SqlLanguage_Denied()
+            throws IOException {
+        assertFalse(hasAccess("bob", resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testLanguages_UserMaria_SirotanDb_SqlLanguage_Denied()
+            throws IOException {
+        deletePolicy();
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testLanguages_UserMaria_DoesNotExistDb_SqlLanguage_Denied()
+            throws IOException {
+        resources.put("database", "doesnotexist");
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testLanguages_UserMaria_SirotanDb_SqlLanguage_Policy2_Allowed()
+            throws IOException {
+        deletePolicy();
+        createPolicy("test-language-2.json");
+        assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java
new file mode 100644
index 0000000..f0e5c99
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.service.tests;
+
+import org.junit.Test;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+public class ProtocolTest extends ServiceBaseTest {
+
+    private static final List<String> PRIVILEGES = Arrays.asList("select", "insert");
+
+    public void beforeTest()
+            throws IOException {
+        createPolicy("test-protocol.json");
+        resources.put("protocol", "pxf");
+    }
+
+    @Test
+    public void testProtocols_UserMaria_PxfProtocol_Allowed()
+            throws IOException {
+        assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testProtocols_UserMaria_DoesNotExistProtocol_Denied()
+            throws IOException {
+        resources.put("protocol", "doesnotexist");
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testProtocols_UserBob_PxfProtocol_Denied()
+            throws IOException {
+        assertFalse(hasAccess("bob", resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testProtocols_UserMaria_PxfProtocol_Denied()
+            throws IOException {
+        deletePolicy();
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java
new file mode 100644
index 0000000..7e7787a
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.service.tests;
+
+import org.codehaus.jackson.map.ObjectMapper;
+
+import java.io.IOException;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class RPSRequest {
+
+    String user;
+    Map<String, String> resources;
+    List<String> privileges;
+
+    public RPSRequest(String user,
+                      Map<String, String> resources,
+                      List<String> privileges) {
+        this.user = user;
+        this.resources = resources;
+        this.privileges = privileges;
+    }
+
+    public String getJsonString()
+            throws IOException {
+
+        Map<String, Object> request = new HashMap<>();
+        request.put("requestId", 9);
+        request.put("user", user);
+        request.put("clientIp", "123.0.0.21");
+        request.put("context", "CREATE DATABASE sirotan;");
+        Map<String, Object> accessHash = new HashMap<>();
+        accessHash.put("resource", resources);
+        accessHash.put("privileges", privileges);
+        request.put("access", Arrays.asList(accessHash));
+        return new ObjectMapper().writeValueAsString(request);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java
new file mode 100644
index 0000000..2ed1046
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.service.tests;
+
+import org.codehaus.jackson.annotate.JsonProperty;
+
+import java.util.List;
+import java.util.Map;
+
+public class RPSResponse {
+
+    @JsonProperty
+    public int requestId;
+
+    @JsonProperty
+    public List<Map<String, Object>> access;
+
+    public List<Map<String, Object>> getAccess() {
+        return access;
+    }
+
+    public boolean hasAccess() {
+        return (boolean) access.get(0).get("allowed");
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java
new file mode 100644
index 0000000..8608584
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.service.tests;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.http.client.methods.HttpDelete;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.StringEntity;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.rules.TestName;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public abstract class ServiceBaseTest {
+
+    protected final Log log = LogFactory.getLog(this.getClass());
+
+    @Rule
+    public final TestName testName = new TestName();
+    protected final String policyName = getClass().getSimpleName();
+    protected Map<String, String> resources = new HashMap<>();
+
+    public static String RANGER_PLUGIN_SERVICE_HOST = "localhost";
+    public static String RANGER_PLUGIN_SERVICE_PORT = "8432";
+    public static String RANGER_PLUGIN_SERVICE_URL =
+        "http://" + RANGER_PLUGIN_SERVICE_HOST + ":" + RANGER_PLUGIN_SERVICE_PORT + "/rps";
+    public static String RANGER_ADMIN_HOST = "localhost";
+    public static String RANGER_ADMIN_PORT = "6080";
+    public static String RANGER_URL =
+        "http://" + RANGER_ADMIN_HOST + ":" + RANGER_ADMIN_PORT + "/service/public/v2/api";
+    public static String RANGER_TEST_USER = "maria_dev";
+    public static int    POLICY_REFRESH_INTERVAL = 6000;
+
+    @Before
+    public void setUp()
+            throws IOException {
+        log.info("======================================================================================");
+        log.info("Running test " + testName.getMethodName());
+        log.info("======================================================================================");
+        beforeTest();
+    }
+
+    @After
+    public void tearDown()
+            throws IOException {
+        deletePolicy();
+    }
+
+    protected void createPolicy(String jsonFile)
+            throws IOException {
+
+        log.info("Creating policy " + policyName);
+        HttpPost httpPost = new HttpPost(RANGER_URL + "/policy");
+        httpPost.setEntity(new StringEntity(Utils.getPayload(jsonFile)));
+        Utils.processHttpRequest(httpPost);
+        waitForPolicyRefresh();
+    }
+
+    protected void deletePolicy()
+            throws IOException {
+
+        log.info("Deleting policy " + policyName);
+        String requestUrl = RANGER_URL + "/policy?servicename=hawq&policyname=" + policyName;
+        Utils.processHttpRequest(new HttpDelete(requestUrl));
+        waitForPolicyRefresh();
+    }
+
+    protected boolean hasAccess(String user,
+                                Map<String, String> resources,
+                                List<String> privileges)
+            throws IOException {
+
+        log.info("Checking access for user " + user);
+        RPSRequest request = new RPSRequest(user, resources, privileges);
+        HttpPost httpPost = new HttpPost(RANGER_PLUGIN_SERVICE_URL);
+        httpPost.setEntity(new StringEntity(request.getJsonString()));
+        String result = Utils.processHttpRequest(httpPost);
+        RPSResponse rpsResponse = Utils.getResponse(result);
+        return rpsResponse.hasAccess();
+    }
+
+    private void waitForPolicyRefresh() {
+
+        try {
+            Thread.sleep(POLICY_REFRESH_INTERVAL);
+        }
+        catch (InterruptedException e) {
+            log.error(e);
+        }
+    }
+
+    public abstract void beforeTest() throws IOException;
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java
new file mode 100644
index 0000000..cfc41cb
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.service.tests;
+
+import org.junit.Test;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+public class TablespaceTest extends ServiceBaseTest {
+
+    private static final List<String> PRIVILEGES = Arrays.asList("create");
+
+    public void beforeTest()
+            throws IOException {
+        createPolicy("test-tablespace.json");
+        resources.put("tablespace", "pg_global");
+    }
+
+    @Test
+    public void testTablespaces_UserMaria_PgGlobalTablespace_Allowed()
+            throws IOException {
+        assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testTablespaces_UserMaria_DoesNotExistTablespace_Denied()
+            throws IOException {
+        resources.put("tablespace", "doesnotexist");
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testTablespaces_UserBob_PgGlobalTablespace_Denied()
+            throws IOException {
+        assertFalse(hasAccess("bob", resources, PRIVILEGES));
+    }
+
+    @Test
+    public void testTablespaces_UserMaria_PgGlobalTablespace_Denied()
+            throws IOException {
+        deletePolicy();
+        assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES));
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java
new file mode 100644
index 0000000..971e513
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.integration.service.tests;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.codehaus.jackson.map.ObjectMapper;
+
+import java.io.IOException;
+
+public class Utils {
+
+    protected static final Log log = LogFactory.getLog(Utils.class);
+
+    public static String getPayload(String jsonFile)
+            throws IOException {
+        return IOUtils.toString(Utils.class.getClassLoader().getResourceAsStream(jsonFile));
+    }
+
+    public static String getEncoding() {
+        return Base64.encodeBase64String("admin:admin".getBytes());
+    }
+
+    public static String processHttpRequest(HttpRequestBase request)
+            throws IOException {
+
+        if (log.isDebugEnabled()) {
+            log.debug("Request URI = " + request.getURI().toString());
+        }
+        request.setHeader("Authorization", "Basic " + getEncoding());
+        request.setHeader("Content-Type", "application/json");
+        HttpClient httpClient = HttpClientBuilder.create().build();
+        HttpResponse response = httpClient.execute(request);
+        int responseCode = response.getStatusLine().getStatusCode();
+        log.info("Response Code = " + responseCode);
+        HttpEntity entity = response.getEntity();
+        if (entity != null) {
+            String result = IOUtils.toString(entity.getContent());
+            if (log.isDebugEnabled()) {
+                log.debug(result);
+            }
+            return result;
+        }
+        return null;
+    }
+
+    public static RPSResponse getResponse(String result)
+            throws IOException {
+        return new ObjectMapper().readValue(result, RPSResponse.class);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/resources/log4j.properties b/ranger-plugin/integration/service/src/test/resources/log4j.properties
new file mode 100644
index 0000000..8578fd2
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/resources/log4j.properties
@@ -0,0 +1,35 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+##-- To prevent junits from cluttering the build run by default all test runs send output to null appender
+log4j.appender.devnull=org.apache.log4j.varia.NullAppender
+#hawq.ranger.root.logger=FATAL,devnull
+
+##-- uncomment the following line during during development/debugging so see debug messages during test run to be emitted to console
+hawq.ranger.root.logger=DEBUG,console
+log4j.rootLogger=${hawq.ranger.root.logger}
+log4j.logger.org.apache.http=WARN
+
+# Logging Threshold
+log4j.threshold=ALL
+
+#
+# console
+# Add "console" to rootlogger above if you want to use this
+#
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-database.json
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/resources/test-database.json b/ranger-plugin/integration/service/src/test/resources/test-database.json
new file mode 100644
index 0000000..ffa3bfe
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/resources/test-database.json
@@ -0,0 +1,46 @@
+{
+  "isEnabled": true,
+  "service": "hawq",
+  "name": "DatabaseTest",
+  "policyType": 0,
+  "description": "Test policy for database resource",
+  "isAuditEnabled": true,
+  "resources": {
+    "schema": {
+      "values": ["*"],
+      "isExcludes": false,
+      "isRecursive": false
+    },
+    "database": {
+      "values": ["sirotan"],
+      "isExcludes": false,
+      "isRecursive": false
+    },
+    "function": {
+      "values": ["*"],
+      "isExcludes": false,
+      "isRecursive": false
+    }
+  },
+  "policyItems": [{
+    "accesses": [{
+      "type": "create",
+      "isAllowed": true
+    }, {
+      "type": "connect",
+      "isAllowed": true
+    }, {
+      "type": "temp",
+      "isAllowed": true
+    }],
+    "users": ["maria_dev"],
+    "groups": [],
+    "conditions": [],
+    "delegateAdmin": true
+  }],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": []
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-function-2.json
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/resources/test-function-2.json b/ranger-plugin/integration/service/src/test/resources/test-function-2.json
new file mode 100644
index 0000000..5ae7f0b
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/resources/test-function-2.json
@@ -0,0 +1,40 @@
+{
+  "isEnabled": true,
+  "service": "hawq",
+  "name": "FunctionTest",
+  "policyType": 0,
+  "description": "Test policy for function resource",
+  "isAuditEnabled": true,
+  "resources": {
+    "schema": {
+      "values": ["*"],
+      "isExcludes": false,
+      "isRecursive": false
+    },
+    "database": {
+      "values": ["*"],
+      "isExcludes": false,
+      "isRecursive": false
+    },
+    "function": {
+      "values": ["atan"],
+      "isExcludes": false,
+      "isRecursive": false
+    }
+  },
+  "policyItems": [{
+    "accesses": [{
+      "type": "execute",
+      "isAllowed": true
+    }],
+    "users": ["maria_dev"],
+    "groups": [],
+    "conditions": [],
+    "delegateAdmin": true
+  }],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": []
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-function.json
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/resources/test-function.json b/ranger-plugin/integration/service/src/test/resources/test-function.json
new file mode 100644
index 0000000..74d5d83
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/resources/test-function.json
@@ -0,0 +1,40 @@
+{
+  "isEnabled": true,
+  "service": "hawq",
+  "name": "FunctionTest",
+  "policyType": 0,
+  "description": "Test policy for function resource",
+  "isAuditEnabled": true,
+  "resources": {
+    "schema": {
+      "values": ["siroschema"],
+      "isExcludes": false,
+      "isRecursive": false
+    },
+    "database": {
+      "values": ["sirotan"],
+      "isExcludes": false,
+      "isRecursive": false
+    },
+    "function": {
+      "values": ["atan"],
+      "isExcludes": false,
+      "isRecursive": false
+    }
+  },
+  "policyItems": [{
+    "accesses": [{
+      "type": "execute",
+      "isAllowed": true
+    }],
+    "users": ["maria_dev"],
+    "groups": [],
+    "conditions": [],
+    "delegateAdmin": true
+  }],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": []
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-language-2.json
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/resources/test-language-2.json b/ranger-plugin/integration/service/src/test/resources/test-language-2.json
new file mode 100644
index 0000000..93a41fe
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/resources/test-language-2.json
@@ -0,0 +1,35 @@
+{
+  "isEnabled": true,
+  "service": "hawq",
+  "name": "LanguageTest",
+  "policyType": 0,
+  "description": "Test policy for language resource",
+  "isAuditEnabled": true,
+  "resources": {
+    "language": {
+      "values": ["sql"],
+      "isExcludes": false,
+      "isRecursive": false
+    },
+    "database": {
+      "values": ["*"],
+      "isExcludes": false,
+      "isRecursive": false
+    }
+  },
+  "policyItems": [{
+    "accesses": [{
+      "type": "usage",
+      "isAllowed": true
+    }],
+    "users": ["maria_dev"],
+    "groups": [],
+    "conditions": [],
+    "delegateAdmin": true
+  }],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": []
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-language.json
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/resources/test-language.json b/ranger-plugin/integration/service/src/test/resources/test-language.json
new file mode 100644
index 0000000..cba2f43
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/resources/test-language.json
@@ -0,0 +1,35 @@
+{
+  "isEnabled": true,
+  "service": "hawq",
+  "name": "LanguageTest",
+  "policyType": 0,
+  "description": "Test policy for language resource",
+  "isAuditEnabled": true,
+  "resources": {
+    "language": {
+      "values": ["sql"],
+      "isExcludes": false,
+      "isRecursive": false
+    },
+    "database": {
+      "values": ["sirotan"],
+      "isExcludes": false,
+      "isRecursive": false
+    }
+  },
+  "policyItems": [{
+    "accesses": [{
+      "type": "usage",
+      "isAllowed": true
+    }],
+    "users": ["maria_dev"],
+    "groups": [],
+    "conditions": [],
+    "delegateAdmin": true
+  }],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": []
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-protocol.json
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/resources/test-protocol.json b/ranger-plugin/integration/service/src/test/resources/test-protocol.json
new file mode 100644
index 0000000..d59caed
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/resources/test-protocol.json
@@ -0,0 +1,33 @@
+{
+  "isEnabled": true,
+  "service": "hawq",
+  "name": "ProtocolTest",
+  "policyType": 0,
+  "description": "Test policy for protocol resource",
+  "isAuditEnabled": true,
+  "resources": {
+    "protocol": {
+      "values": ["pxf"],
+      "isExcludes": false,
+      "isRecursive": false
+    }
+  },
+  "policyItems": [{
+    "accesses": [{
+      "type": "select",
+      "isAllowed": true
+    }, {
+      "type": "insert",
+      "isAllowed": true
+    }],
+    "users": ["maria_dev"],
+    "groups": [],
+    "conditions": [],
+    "delegateAdmin": true
+  }],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": []
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-tablespace.json
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/resources/test-tablespace.json b/ranger-plugin/integration/service/src/test/resources/test-tablespace.json
new file mode 100644
index 0000000..a45ecea
--- /dev/null
+++ b/ranger-plugin/integration/service/src/test/resources/test-tablespace.json
@@ -0,0 +1,30 @@
+{
+  "isEnabled": true,
+  "service": "hawq",
+  "name": "TablespaceTest",
+  "policyType": 0,
+  "description": "Test policy for tablespace resource",
+  "isAuditEnabled": true,
+  "resources": {
+    "tablespace": {
+      "values": ["pg_global"],
+      "isExcludes": false,
+      "isRecursive": false
+    }
+  },
+  "policyItems": [{
+    "accesses": [{
+      "type": "create",
+      "isAllowed": true
+    }],
+    "users": ["maria_dev"],
+    "groups": [],
+    "conditions": [],
+    "delegateAdmin": true
+  }],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": []
+}
\ No newline at end of file