sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sra...@apache.org
Subject git commit: SENTRY-432: Rebase diff on master
Date Tue, 16 Sep 2014 21:21:34 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/sentry-hdfs-sync 0eb6645e8 -> f60a7c595


SENTRY-432: Rebase diff on master


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/f60a7c59
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/f60a7c59
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/f60a7c59

Branch: refs/heads/sentry-hdfs-sync
Commit: f60a7c5954524421436b8a3b896e3b110afcd3b3
Parents: 0eb6645
Author: Sravya Tirukkovalur <sravya@clouera.com>
Authored: Tue Sep 16 14:20:51 2014 -0700
Committer: Sravya Tirukkovalur <sravya@clouera.com>
Committed: Tue Sep 16 14:20:51 2014 -0700

----------------------------------------------------------------------
 .../hdfs/SentryAuthorizationProvider.java       | 288 ++++------
 .../hdfs/TestSentryAuthorizationProvider.java   |   2 +-
 .../org/apache/sentry/hdfs/DummyAdapter.java    |  39 --
 .../apache/sentry/hdfs/DummyAuthzSource.java    |  60 ---
 .../org/apache/sentry/hdfs/DummyHMSClient.java  |  79 ---
 .../sentry/hdfs/TestAuthzPathCacheOld.java      | 523 -------------------
 .../apache/sentry/hdfs/TestAuthzPermCache.java  |  64 ---
 .../db/service/persistent/SentryStore.java      |   4 +-
 .../thrift/SentryPolicyStoreProcessor.java      |   4 +-
 9 files changed, 103 insertions(+), 960 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java b/sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java
index 2375d1b..ebd063f 100644
--- a/sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java
+++ b/sentry-hdfs-int/src/main/java/org/apache/sentry/hdfs/SentryAuthorizationProvider.java
@@ -17,26 +17,21 @@
  */
 package org.apache.sentry.hdfs;
 
-import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
-import java.util.Map;
-import java.util.Set;
 
 import org.apache.hadoop.conf.Configurable;
 import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.UnresolvedLinkException;
 import org.apache.hadoop.fs.permission.AclEntry;
 import org.apache.hadoop.fs.permission.AclEntryScope;
 import org.apache.hadoop.fs.permission.AclEntryType;
-import org.apache.hadoop.fs.permission.FsAction;
 import org.apache.hadoop.fs.permission.FsPermission;
 import org.apache.hadoop.hdfs.DFSConfigKeys;
 import org.apache.hadoop.hdfs.server.namenode.AclFeature;
-import org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider;
-import org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider;
-import org.apache.hadoop.security.AccessControlException;
+import org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider;
+import org.apache.hadoop.hdfs.server.namenode.INodeAttributes;
+import org.apache.hadoop.hdfs.server.namenode.XAttrFeature;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -44,7 +39,7 @@ import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
 
 public class SentryAuthorizationProvider 
-    implements AuthorizationProvider, Configurable {
+    extends INodeAttributeProvider implements Configurable {
   
   static class SentryAclFeature extends AclFeature {
     public SentryAclFeature(ImmutableList<AclEntry> entries) {
@@ -57,10 +52,9 @@ public class SentryAuthorizationProvider
 
   private boolean started;
   private Configuration conf;
-  private AuthorizationProvider defaultAuthzProvider;
   private String user;
   private String group;
-  private FsPermission permission;
+  private short permission;
   private boolean originalAuthzAsAcl;
   private SentryAuthorizationInfo authzInfo;
 
@@ -94,8 +88,6 @@ public class SentryAuthorizationProvider
         throw new RuntimeException("HDFS ACLs must be enabled");
       }
 
-      defaultAuthzProvider = new DefaultAuthorizationProvider();
-      defaultAuthzProvider.start();
       // Configuration is read from hdfs-sentry.xml and NN configuration, in
       // that order of precedence.
       Configuration conf = new Configuration(this.conf);
@@ -104,10 +96,9 @@ public class SentryAuthorizationProvider
           SentryAuthorizationConstants.HDFS_USER_DEFAULT);
       group = conf.get(SentryAuthorizationConstants.HDFS_GROUP_KEY,
           SentryAuthorizationConstants.HDFS_GROUP_DEFAULT);
-      permission = FsPermission.createImmutable(
-          (short) conf.getLong(SentryAuthorizationConstants.HDFS_PERMISSION_KEY,
-              SentryAuthorizationConstants.HDFS_PERMISSION_DEFAULT)
-      );
+      permission = (short) conf.getLong(
+          SentryAuthorizationConstants.HDFS_PERMISSION_KEY,
+          SentryAuthorizationConstants.HDFS_PERMISSION_DEFAULT);
       originalAuthzAsAcl = conf.getBoolean(
           SentryAuthorizationConstants.INCLUDE_HDFS_AUTHZ_AS_ACL_KEY,
           SentryAuthorizationConstants.INCLUDE_HDFS_AUTHZ_AS_ACL_DEFAULT);
@@ -130,142 +121,104 @@ public class SentryAuthorizationProvider
   public synchronized void stop() {
     LOG.debug("Stopping");
     authzInfo.stop();
-    defaultAuthzProvider.stop();
-    defaultAuthzProvider = null;
   }
 
-  @Override
-  public void setSnaphottableDirs(Map<INodeAuthorizationInfo, Integer>
-      snapshotableDirs) {
-    defaultAuthzProvider.setSnaphottableDirs(snapshotableDirs);
-  }
-
-  @Override
-  public void addSnapshottable(INodeAuthorizationInfo dir) {
-    defaultAuthzProvider.addSnapshottable(dir);
-  }
-
-  @Override
-  public void removeSnapshottable(INodeAuthorizationInfo dir) {
-    defaultAuthzProvider.removeSnapshottable(dir);
-  }
+  private static final AclFeature EMPTY_ACL_FEATURE =
+      new AclFeature(AclFeature.EMPTY_ENTRY_LIST);
+
+  private class INodeAttributesX implements INodeAttributes {
+    private boolean useDefault;
+    private INodeAttributes node;
+    private AclFeature aclFeature;
+    
+    public INodeAttributesX(boolean useDefault, INodeAttributes node,
+        AclFeature aclFeature) {
+      this.node = node;
+      this.useDefault = useDefault;
+      this.aclFeature = aclFeature;
+    }
+    
+    @Override
+    public boolean isDirectory() {
+      return node.isDirectory();
+    }
 
-  @Override
-  public void createSnapshot(INodeAuthorizationInfo dir, int snapshotId)
-      throws IOException{
-    defaultAuthzProvider.createSnapshot(dir, snapshotId);
-  }
+    @Override
+    public byte[] getLocalNameBytes() {
+      return node.getLocalNameBytes();
+    }
 
-  @Override
-  public void removeSnapshot(INodeAuthorizationInfo dir, int snapshotId)
-      throws IOException {
-    defaultAuthzProvider.removeSnapshot(dir, snapshotId);
-  }
+    public String getUserName() {
+      return (useDefault) ? node.getUserName() : user;
+    }
 
-  @Override
-  public void checkPermission(String user, Set<String> groups,
-      INodeAuthorizationInfo[] inodes, int snapshotId,
-      boolean doCheckOwner, FsAction ancestorAccess, FsAction parentAccess,
-      FsAction access, FsAction subAccess, boolean ignoreEmptyDir)
-      throws AccessControlException, UnresolvedLinkException {
-    defaultAuthzProvider.checkPermission(user, groups, inodes, snapshotId,
-        doCheckOwner, ancestorAccess, parentAccess, access, subAccess,
-        ignoreEmptyDir);
-  }
+    @Override
+    public String getGroupName() {
+      return (useDefault) ? node.getGroupName() : group;
+    }
 
-  private static final String[] EMPTY_STRING_ARRAY = new String[0];
-  
-  private String[] getPathElements(INodeAuthorizationInfo node) {
-    return getPathElements(node, 0);
-  }
+    @Override
+    public FsPermission getFsPermission() {
+      return (useDefault) ? node.getFsPermission()
+                          : new FsPermission(getFsPermissionShort());
+    }
 
-  private String[] getPathElements(INodeAuthorizationInfo node, int idx) {
-    String[] paths;
-    INodeAuthorizationInfo parent = node.getParent();
-    if (parent == null) {
-      paths = (idx > 0) ? new String[idx] : EMPTY_STRING_ARRAY;
-    } else {
-      paths = getPathElements(parent, idx + 1);
-      paths[paths.length - 1 - idx] = node.getLocalName();
+    @Override
+    public short getFsPermissionShort() {
+      return (useDefault) ? node.getFsPermissionShort()
+                          : (short) getPermissionLong();
     }
-    return paths;
-  }
 
-  @Override
-  public void setUser(INodeAuthorizationInfo node, String user) {
-    defaultAuthzProvider.setUser(node, user);
-  }
+    @Override
+    public long getPermissionLong() {
+      return (useDefault) ? node.getPermissionLong() : permission;
+    }
 
-  @Override
-  public String getUser(INodeAuthorizationInfo node, int snapshotId) {
-    String user;
-    String[] pathElements = getPathElements(node);
-    if (!authzInfo.isManaged(pathElements)) {
-      user = defaultAuthzProvider.getUser(node, snapshotId);
-    } else {
-      if (!authzInfo.isStale()) {
-        if (authzInfo.doesBelongToAuthzObject(pathElements)) {
-          user = this.user;
-        } else {
-          user = defaultAuthzProvider.getUser(node, snapshotId);
+    @Override
+    public AclFeature getAclFeature() {
+      AclFeature feature;
+      if (useDefault) {
+        feature = node.getAclFeature();
+        if (feature == null) {
+          feature = EMPTY_ACL_FEATURE;
         }
       } else {
-        user = this.user;
+        feature = aclFeature;
       }
+      return feature;
     }
-    return user;
-  }
 
-  @Override
-  public void setGroup(INodeAuthorizationInfo node, String group) {
-    defaultAuthzProvider.setGroup(node, group);
-  }
+    @Override
+    public XAttrFeature getXAttrFeature() {
+      return node.getXAttrFeature();
+    }
 
-  @Override
-  public String getGroup(INodeAuthorizationInfo node, int snapshotId) {
-    String group;
-    String[] pathElements = getPathElements(node);
-    if (!authzInfo.isManaged(pathElements)) {
-      group = defaultAuthzProvider.getGroup(node, snapshotId);
-    } else {
-      if (!authzInfo.isStale()) {
-        if (authzInfo.doesBelongToAuthzObject(pathElements)) {
-          group = this.group;
-        } else {
-          group = defaultAuthzProvider.getGroup(node, snapshotId);
-        }
-      } else {
-        group = this.group;
-      }
+    @Override
+    public long getModificationTime() {
+      return node.getModificationTime();
     }
-    return group;
-  }
 
-  @Override
-  public void setPermission(INodeAuthorizationInfo node,
-      FsPermission permission) {
-    defaultAuthzProvider.setPermission(node, permission);
+    @Override
+    public long getAccessTime() {
+      return node.getAccessTime();
+    }
   }
-
+  
   @Override
-  public FsPermission getFsPermission(
-      INodeAuthorizationInfo node, int snapshotId) {
-    FsPermission permission;
-    String[] pathElements = getPathElements(node);
-    if (!authzInfo.isManaged(pathElements)) {
-      permission = defaultAuthzProvider.getFsPermission(node, snapshotId);
-    } else {
-      if (!authzInfo.isStale()) {
+  public INodeAttributes getAttributes(String[] pathElements,
+      INodeAttributes node) {
+    if (authzInfo.isManaged(pathElements)) {
+      boolean stale = authzInfo.isStale();
+      AclFeature aclFeature = getAclFeature(pathElements, node, stale);
+      if (!stale) {
         if (authzInfo.doesBelongToAuthzObject(pathElements)) {
-          permission = this.permission;
-        } else {
-          permission = defaultAuthzProvider.getFsPermission(node, snapshotId);
+          node = new INodeAttributesX(false, node, aclFeature);
         }
       } else {
-        permission = this.permission;
+        node = new INodeAttributesX(true, node, aclFeature);
       }
     }
-    return permission;
+    return node;
   }
 
   private List<AclEntry> createAclEntries(String user, String group,
@@ -291,50 +244,30 @@ public class SentryAuthorizationProvider
     return list;
   }
 
-  @Override
-  public AclFeature getAclFeature(INodeAuthorizationInfo node, int snapshotId) {
+  public AclFeature getAclFeature(String[] pathElements, INodeAttributes node, 
+      boolean stale) {
     AclFeature f = null;
-    String[] pathElements = getPathElements(node);
     String p = Arrays.toString(pathElements);
-    boolean isManaged = false;
-    boolean isStale = false;
     boolean hasAuthzObj = false;
-    if (!authzInfo.isManaged(pathElements)) {
-      isManaged = false;
-      f = defaultAuthzProvider.getAclFeature(node, snapshotId);
-    } else {
-      isManaged = true;
-      List<AclEntry> list = new ArrayList<AclEntry>();
-      if (originalAuthzAsAcl) {
-        String user = defaultAuthzProvider.getUser(node, snapshotId);
-        String group = defaultAuthzProvider.getGroup(node, snapshotId);
-        INodeAuthorizationInfo pNode = node.getParent();
-        while  (group == null || pNode != null) {
-          group = defaultAuthzProvider.getGroup(pNode, snapshotId);
-          pNode = pNode.getParent();
-        }
-        FsPermission perm = defaultAuthzProvider.getFsPermission(node, snapshotId);
-        list.addAll(createAclEntries(user, group, perm));
-      }
-      if (!authzInfo.isStale()) { 
-        isStale = false;
-        if (authzInfo.doesBelongToAuthzObject(pathElements)) {
-          hasAuthzObj = true;
-          list.addAll(authzInfo.getAclEntries(pathElements));
-          f = new SentryAclFeature(ImmutableList.copyOf(list));
-        } else {
-          hasAuthzObj = false;
-          f = defaultAuthzProvider.getAclFeature(node, snapshotId);
-        }
-      } else {
-        isStale = true;
+    List<AclEntry> list = new ArrayList<AclEntry>();
+    if (originalAuthzAsAcl) {
+      String user = node.getUserName();
+      String group = node.getGroupName();
+      FsPermission perm = node.getFsPermission();
+      list.addAll(createAclEntries(user, group, perm));
+    }
+    if (!stale) { 
+      if (authzInfo.doesBelongToAuthzObject(pathElements)) {
+        hasAuthzObj = true;
+        list.addAll(authzInfo.getAclEntries(pathElements));
         f = new SentryAclFeature(ImmutableList.copyOf(list));
       }
+    } else {
+      f = new SentryAclFeature(ImmutableList.copyOf(list));
     }
     if (LOG.isDebugEnabled()) {
-      LOG.debug("### getAclEntry [" + (p == null ? "null" : p) + "] : ["
-          + "isManaged=" + isManaged
-          + ",isStale=" + isStale
+      LOG.debug("### getAclEntry [" + p + "] : ["
+          + "isStale=" + stale
           + ",hasAuthzObj=" + hasAuthzObj
           + ",origAtuhzAsAcl=" + originalAuthzAsAcl + "]"
           + "[" + (f == null ? "null" : f.getEntries()) + "]");
@@ -342,29 +275,4 @@ public class SentryAuthorizationProvider
     return f;
   }
 
-  @Override
-  public void removeAclFeature(INodeAuthorizationInfo node) {
-    AclFeature aclFeature = node.getAclFeature(CURRENT_STATE_ID);
-    if (aclFeature.getClass() != SentryAclFeature.class) {
-      defaultAuthzProvider.removeAclFeature(node);
-    }
-  }
-
-  @Override
-  public void addAclFeature(INodeAuthorizationInfo node, AclFeature f) {
-    String[] pathElements = getPathElements(node);
-    if (!authzInfo.isManaged(pathElements)) {
-      defaultAuthzProvider.addAclFeature(node, f);
-    }
-  }
-
-  @Override 
-  public boolean doesAllowChanges(INodeAuthorizationInfo node) {
-    String[] pathElements = getPathElements(node);
-    if (!authzInfo.isManaged(pathElements)) {
-      return defaultAuthzProvider.doesAllowChanges(node);
-    }
-    return !authzInfo.doesBelongToAuthzObject(getPathElements(node));
-  }
-
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs-int/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs-int/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java b/sentry-hdfs-int/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java
index 67919fa..c9bd9a3 100644
--- a/sentry-hdfs-int/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java
+++ b/sentry-hdfs-int/src/test/java/org/apache/sentry/hdfs/TestSentryAuthorizationProvider.java
@@ -56,7 +56,7 @@ public class TestSentryAuthorizationProvider {
       public Void run() throws Exception {
         System.setProperty(MiniDFSCluster.PROP_TEST_BUILD_DATA, "target/test/data");
         Configuration conf = new HdfsConfiguration();
-        conf.set(DFSConfigKeys.DFS_NAMENODE_AUTHORIZATION_PROVIDER_KEY,
+        conf.set(DFSConfigKeys.DFS_NAMENODE_INODE_ATTRIBUTES_PROVIDER_KEY,
             MockSentryAuthorizationProvider.class.getName());
         conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true);
         EditLogFileOutputStream.setShouldSkipFsyncForTesting(true);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAdapter.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAdapter.java b/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAdapter.java
deleted file mode 100644
index 24c63a5..0000000
--- a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAdapter.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.hdfs;
-
-//import org.apache.sentry.provider.db.service.thrift.UpdateForwarder;
-
-public class DummyAdapter {
-//public class DummyAdapter<K extends UpdateForwarder.Update> {
-//
-//  private final UpdateForwarder<K> destCache;
-//  private final UpdateForwarder<K> srcCache;
-//
-//  public DummyAdapter(UpdateForwarder<K> destCache, UpdateForwarder<K> srcCache) {
-//    super();
-//    this.destCache = destCache;
-//    this.srcCache = srcCache;
-//  }
-//
-//  public void getDestToPullUpdatesFromSrc() {
-//    for (K update : srcCache.getAllUpdatesFrom(destCache.getLastCommitted() + 1)) {
-//      destCache.handleUpdateNotification(update);
-//    }
-//  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAuthzSource.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAuthzSource.java b/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAuthzSource.java
deleted file mode 100644
index 57299c8..0000000
--- a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyAuthzSource.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.hdfs;
-
-//import org.apache.sentry.hdfs.old.AuthzPermCache.AuthzSource;
-//import org.apache.sentry.hdfs.old.AuthzPermCache.PrivilegeInfo;
-//import org.apache.sentry.hdfs.old.AuthzPermCache.RoleInfo;
-
-public class DummyAuthzSource {
-//public class DummyAuthzSource implements AuthzSource{
-//
-//  public Map<String, PrivilegeInfo> privs = new HashMap<String, PrivilegeInfo>();
-//  public Map<String, RoleInfo> roles = new HashMap<String, RoleInfo>();
-//
-//  @Override
-//  public PrivilegeInfo loadPrivilege(String authzObj) throws Exception {
-//    return privs.get(authzObj);
-//  }
-//
-//  @Override
-//  public RoleInfo loadGroupsForRole(String group) throws Exception {
-//    return roles.get(group);
-//  }
-//
-//  @Override
-//  public PermissionsUpdate createFullImage(long seqNum) {
-//    PermissionsUpdate retVal = new PermissionsUpdate(seqNum, true);
-//    for (Map.Entry<String, PrivilegeInfo> pE : privs.entrySet()) {
-//      PrivilegeChanges pUpdate = retVal.addPrivilegeUpdate(pE.getKey());
-//      PrivilegeInfo pInfo = pE.getValue();
-//      for (Map.Entry<String, FsAction> ent : pInfo.roleToPermission.entrySet()) {
-//        pUpdate.addPrivilege(ent.getKey(), ent.getValue().SYMBOL);
-//      }
-//    }
-//    for (Map.Entry<String, RoleInfo> rE : roles.entrySet()) {
-//      RoleChanges rUpdate = retVal.addRoleUpdate(rE.getKey());
-//      RoleInfo rInfo = rE.getValue();
-//      for (String role : rInfo.groups) {
-//        rUpdate.addGroup(role);
-//      }
-//    }
-//    return retVal;
-//  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyHMSClient.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyHMSClient.java b/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyHMSClient.java
deleted file mode 100644
index 3f66c87..0000000
--- a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/DummyHMSClient.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.hdfs;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-
-import org.apache.hadoop.hive.metastore.api.Database;
-import org.apache.hadoop.hive.metastore.api.Partition;
-import org.apache.hadoop.hive.metastore.api.StorageDescriptor;
-import org.apache.hadoop.hive.metastore.api.Table;
-import org.apache.sentry.hdfs.MetastoreClient;
-
-public class DummyHMSClient implements MetastoreClient {
-
-  private HashMap<Database, HashMap<Table, HashSet<Partition>>> hmsData =
-      new HashMap<Database, HashMap<Table, HashSet<Partition>>>();
-
-  @Override
-  public List<Database> getAllDatabases() {
-    return new ArrayList<Database>(hmsData.keySet());
-  }
-
-  @Override
-  public List<Table> getAllTablesOfDatabase(Database db) {
-    if (hmsData.containsKey(db)) {
-      return new ArrayList<Table>(hmsData.get(db).keySet());
-    }
-    return new ArrayList<Table>();
-  }
-
-  @Override
-  public List<Partition> listAllPartitions(Database db, Table tbl) {
-    if (hmsData.containsKey(db)) {
-      if (hmsData.get(db).containsKey(tbl)) {
-        return new ArrayList<Partition>(hmsData.get(db).get(tbl));
-      }
-    }
-    return new ArrayList<Partition>();
-  }
-
-  public Database addDb(String dbName, String location) {
-    Database db = new Database(dbName, null, location, null);
-    hmsData.put(db, new HashMap<Table, HashSet<Partition>>());
-    return db;
-  }
-
-  public Table addTable(Database db, String tblName, String location) {
-    Table tbl = 
-        new Table(tblName, db.getName(), null, 0, 0, 0, 
-            new StorageDescriptor(null, location, null, null, false, 0, null, null, null, null),
-            null, null, null, null, null);
-    hmsData.get(db).put(tbl, new HashSet<Partition>());
-    return tbl;
-  }
-  
-  public void addPartition(Database db, Table tbl, String partitionPath) {
-    Partition part = new Partition(null, db.getName(), tbl.getTableName(), 0, 0,
-        new StorageDescriptor(null, partitionPath, null, null, false, 0, null, null, null, null), null);
-    hmsData.get(db).get(tbl).add(part);
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPathCacheOld.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPathCacheOld.java b/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPathCacheOld.java
deleted file mode 100644
index ca3ebfe..0000000
--- a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPathCacheOld.java
+++ /dev/null
@@ -1,523 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.hdfs;
-
-
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hive.metastore.api.Database;
-import org.apache.hadoop.hive.metastore.api.Table;
-//import org.apache.sentry.hdfs.old.AuthzPathCacheOld;
-import org.junit.Assert;
-import org.junit.Test;
-
-import java.util.Arrays;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.fail;
-
-public class TestAuthzPathCacheOld {
-
-//  @Test
-//  public void testGetPathElements() {
-//    String[] as2 = AuthzPathCacheOld.getPathElements(new String("/a/b"));
-//    String[] as1 = AuthzPathCacheOld.getPathElements(new String("/a/b"));
-//    Assert.assertArrayEquals(as1, as2);
-//
-//    String[] as = AuthzPathCacheOld.getPathElements(new String("/a/b"));
-//    Assert.assertArrayEquals(new String[] {"a", "b"}, as);
-//
-//    as = AuthzPathCacheOld.getPathElements(new String("//a/b"));
-//    Assert.assertArrayEquals(new String[]{"a", "b"}, as);
-//
-//    as = AuthzPathCacheOld.getPathElements(new String("/a//b"));
-//    Assert.assertArrayEquals(new String[]{"a", "b"}, as);
-//
-//    as = AuthzPathCacheOld.getPathElements(new String("/a/b/"));
-//    Assert.assertArrayEquals(new String[]{"a", "b"}, as);
-//
-//    as = AuthzPathCacheOld.getPathElements(new String("//a//b//"));
-//    Assert.assertArrayEquals(new String[]{"a", "b"}, as);
-//  }
-//
-//  @Test
-//  public void testGetPathsElements() {
-//    String[][] as1 = AuthzPathCacheOld.gePathsElements(
-//        new String[]{new String("/a/b")});
-//    String[][] as2 = AuthzPathCacheOld.gePathsElements(
-//        new String[]{new String("/a/b")});
-//    Assert.assertEquals(as1.length, as2.length);
-//    Assert.assertArrayEquals(as1[0], as2[0]);
-//  }
-//
-//  @Test
-//  public void testEntryType() {
-//    Assert.assertTrue(AuthzPathCacheOld.EntryType.DIR.isRemoveIfDangling());
-//    Assert.assertFalse(AuthzPathCacheOld.EntryType.PREFIX.isRemoveIfDangling());
-//    Assert.assertTrue(
-//        AuthzPathCacheOld.EntryType.AUTHZ_OBJECT.isRemoveIfDangling());
-//  }
-//  
-//  @Test
-//  public void testRootEntry() {
-//    AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false);
-//    root.toString();
-//    Assert.assertNull(root.getParent());
-//    Assert.assertEquals(AuthzPathCacheOld.EntryType.DIR, root.getType());
-//    // NOTE : This was causing some problems during serialization.. so dissabling 
-////    Assert.assertNull(root.getPathElement());
-//    Assert.assertNull(root.getAuthzObj());
-//    Assert.assertEquals(Path.SEPARATOR, root.getFullPath());
-//    Assert.assertTrue(root.getChildren().isEmpty());
-//    root.delete();
-//    try {
-//      root.find(null, true);
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//    try {
-//      root.find(new String[0], true);
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//    try {
-//      root.find(null, false);
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//    try {
-//      root.find(new String[0], false);
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//    Assert.assertEquals(root, root.find(new String[]{"a"}, true));
-//    Assert.assertNull(root.find(new String[]{"a"}, false));
-//    Assert.assertNull(root.findPrefixEntry(new String[]{"a"}));
-//
-//    root.delete();
-//  }
-//
-//  @Test
-//  public void testRootPrefixEntry() {
-//    AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(true);
-//    root.toString();
-//
-//    Assert.assertEquals(root, root.find(new String[]{"a"}, true));
-//    Assert.assertEquals(null, root.find(new String[]{"a"}, false));
-//    Assert.assertEquals(root, root.findPrefixEntry(new String[]{"a"}));
-//    Assert.assertEquals(root, root.findPrefixEntry(new String[]{"a", "b"}));
-//
-//    try {
-//      root.createPrefix(new String[]{"a"});
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//  }
-//
-//  @Test
-//  public void testImmediatePrefixEntry() {
-//    AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false);
-//    AuthzPathCacheOld.Entry entry = root.createPrefix(new String[] {"a"});
-//    entry.toString();
-//    
-//    Assert.assertEquals(1, root.getChildren().size());
-//
-//    Assert.assertEquals(root, entry.getParent());
-//    Assert.assertEquals(AuthzPathCacheOld.EntryType.PREFIX, entry.getType());
-//    Assert.assertEquals("a", entry.getPathElement());
-//    Assert.assertNull(entry.getAuthzObj());
-//    Assert.assertEquals(Path.SEPARATOR + "a", entry.getFullPath());
-//    Assert.assertTrue(entry.getChildren().isEmpty());
-//
-//    Assert.assertEquals(entry, root.find(new String[]{"a"}, true));
-//    Assert.assertEquals(entry, root.find(new String[]{"a"}, false));
-//    Assert.assertEquals(entry, root.findPrefixEntry(new String[]{"a"}));
-//    Assert.assertEquals(entry, root.findPrefixEntry(new String[]{"a", "b"}));
-//
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b"}, true));
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b", "c"}, true));
-//    Assert.assertNull(root.find(new String[]{"a", "b"}, false));
-//
-//    Assert.assertNull(root.find(new String[]{"b"}, false));
-//    Assert.assertNull(root.findPrefixEntry(new String[]{"b"}));
-//
-//    try {
-//      root.createPrefix(new String[]{"a", "b"});
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//
-//    try {
-//      root.createPrefix(new String[]{"a", "b", "c"});
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//
-//    entry.delete();
-//    Assert.assertTrue(root.getChildren().isEmpty());
-//  }
-//
-//  @Test
-//  public void testFurtherPrefixEntry() {
-//    AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false);
-//    AuthzPathCacheOld.Entry entry = root.createPrefix(new String[]{"a", "b"});
-//    entry.toString();
-//
-//    Assert.assertEquals(1, root.getChildren().size());
-//
-//    Assert.assertEquals(root, entry.getParent().getParent());
-//    Assert.assertEquals(AuthzPathCacheOld.EntryType.PREFIX, entry.getType());
-//    Assert.assertEquals(AuthzPathCacheOld.EntryType.DIR, 
-//        entry.getParent().getType());
-//    Assert.assertEquals("b", entry.getPathElement());
-//    Assert.assertEquals("a", entry.getParent().getPathElement());
-//    Assert.assertNull(entry.getAuthzObj());
-//    Assert.assertNull(entry.getParent().getAuthzObj());
-//    Assert.assertEquals(Path.SEPARATOR + "a" + Path.SEPARATOR + "b", 
-//        entry.getFullPath());
-//    Assert.assertEquals(Path.SEPARATOR + "a", entry.getParent().getFullPath());
-//    Assert.assertTrue(entry.getChildren().isEmpty());
-//    Assert.assertEquals(1, entry.getParent().getChildren().size());
-//
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b"}, true));
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b"}, false));
-//    Assert.assertEquals(entry, root.findPrefixEntry(new String[]{"a", "b"}));
-//    Assert.assertNull(root.findPrefixEntry(new String[]{"a"}));
-//
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b", "c"}, true));
-//    Assert.assertNull(root.find(new String[]{"a", "b", "c"}, false));
-//
-//    try {
-//      root.createPrefix(new String[]{"a", "b"});
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//
-//    try {
-//      root.createPrefix(new String[]{"a", "b", "c"});
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//
-//    entry.delete();
-//    Assert.assertTrue(root.getChildren().isEmpty());
-//  }
-//
-//  @Test
-//  public void testImmediateAuthzEntry() {
-//    AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false);
-//    AuthzPathCacheOld.Entry prefix = root.createPrefix(new String[]{"a", "b"});
-//
-//    AuthzPathCacheOld.Entry entry = root.createAuthzObjPath(
-//        new String[]{"a", "b", "p1"}, "A");
-//    Assert.assertEquals(prefix, entry.getParent());
-//    Assert.assertEquals(AuthzPathCacheOld.EntryType.AUTHZ_OBJECT, entry.getType());
-//    Assert.assertEquals("p1", entry.getPathElement());
-//    Assert.assertEquals("A", entry.getAuthzObj());
-//    Assert.assertEquals(Path.SEPARATOR + "a" + Path.SEPARATOR + "b" + 
-//            Path.SEPARATOR + "p1", entry.getFullPath());
-//
-//    try {
-//      root.createPrefix(new String[]{"a", "b", "p1", "c"});
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b", "p1"}, true));
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b", "p1"}, false));
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b", "p1", "c"}, 
-//        true));
-//    Assert.assertNull(root.find(new String[]{"a", "b", "p1", "c"}, false));
-//    Assert.assertEquals(prefix, root.findPrefixEntry(
-//        new String[]{"a", "b", "p1"}));
-//
-//    root.find(new String[]{"a", "b", "p1"}, true).delete();
-//    Assert.assertNull(root.find(new String[]{"a", "b", "p1"}, false));
-//    Assert.assertNotNull(root.find(new String[]{"a", "b"}, false));
-//    Assert.assertEquals(prefix, root.findPrefixEntry(
-//        new String[]{"a", "b", "p1"}));
-//
-//  }
-//
-//  @Test
-//  public void testFurtherAuthzEntry() {
-//    AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false);
-//    AuthzPathCacheOld.Entry prefix = root.createPrefix(new String[]{"a", "b"});
-//
-//    AuthzPathCacheOld.Entry entry = root.createAuthzObjPath(
-//        new String[]{"a", "b", "t", "p1"}, "A");
-//    Assert.assertEquals(prefix, entry.getParent().getParent());
-//    Assert.assertEquals(AuthzPathCacheOld.EntryType.AUTHZ_OBJECT, entry.getType());
-//    Assert.assertEquals("p1", entry.getPathElement());
-//    Assert.assertEquals("A", entry.getAuthzObj());
-//    Assert.assertEquals(Path.SEPARATOR + "a" + Path.SEPARATOR + "b" +
-//        Path.SEPARATOR + "t" + Path.SEPARATOR + "p1", entry.getFullPath());
-//
-//    try {
-//      root.createPrefix(new String[]{"a", "b", "p1", "t", "c"});
-//      Assert.fail();
-//    } catch (IllegalArgumentException ex) {
-//      //NOP
-//    }
-//
-//    AuthzPathCacheOld.Entry ep2 = root.createAuthzObjPath(
-//        new String[]{"a", "b", "t", "p1", "p2"}, "A");
-//
-//    Assert.assertEquals(AuthzPathCacheOld.EntryType.AUTHZ_OBJECT, entry.getType());
-//    Assert.assertEquals("p1", entry.getPathElement());
-//    Assert.assertEquals("A", entry.getAuthzObj());
-//
-//    Assert.assertEquals(AuthzPathCacheOld.EntryType.AUTHZ_OBJECT, ep2.getType());
-//    Assert.assertEquals("p2", ep2.getPathElement());
-//    Assert.assertEquals("A", entry.getAuthzObj());
-//
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b", "t", "p1"}, 
-//        true));
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b", "t", "p1"}, 
-//        false));
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b", "t", "p1", "c"},
-//        true));
-//    Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1", "c"}, false));
-//    Assert.assertEquals(prefix, root.findPrefixEntry(
-//        new String[]{"a", "b", "t", "p1"}));
-//
-//    Assert.assertEquals(ep2, root.find(new String[]{"a", "b", "t", "p1", "p2"},
-//        true));
-//    Assert.assertEquals(ep2, root.find(new String[]{"a", "b", "t", "p1", "p2"},
-//        false));
-//    Assert.assertEquals(ep2, root.find(new String[]{"a", "b", "t", "p1", "p2", "c"},
-//        true));
-//    Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1", "p2", "c"}, false));
-//    Assert.assertEquals(prefix, root.findPrefixEntry(
-//        new String[]{"a", "b", "t", "p1", "p2"}));
-//
-//    root.find(new String[]{"a", "b", "t", "p1"}, false).delete();
-//
-//    Assert.assertEquals(entry, root.find(new String[]{"a", "b", "t", "p1"},
-//        true));
-//    Assert.assertEquals(AuthzPathCacheOld.EntryType.DIR, entry.getType());
-//    Assert.assertNull(entry.getAuthzObj());
-//
-//    Assert.assertNotNull(root.find(new String[]{"a", "b", "t", "p1"}, false));
-//    Assert.assertNotNull(root.find(new String[]{"a", "b", "t"}, false));
-//    Assert.assertNotNull(root.find(new String[]{"a", "b"}, false));
-//    Assert.assertEquals(prefix, root.findPrefixEntry(
-//        new String[]{"a", "b", "t", "p1"}));
-//
-//    root.find(new String[]{"a", "b", "t", "p1", "p2"}, false).delete();
-//    Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1"}, false));
-//    Assert.assertNull(root.find(new String[]{"a", "b", "t"}, false));
-//    Assert.assertNotNull(root.find(new String[]{"a", "b"}, false));
-//    Assert.assertEquals(prefix, root.findPrefixEntry(
-//        new String[]{"a", "b", "t", "p1"}));
-//
-//  }
-//
-//  @Test
-//  public void testMultipleAuthzEntry() {
-//    AuthzPathCacheOld.Entry root = AuthzPathCacheOld.Entry.createRoot(false);
-//    AuthzPathCacheOld.Entry prefix = root.createPrefix(new String[]{"a", "b"});
-//
-//    AuthzPathCacheOld.Entry e1 = root.createAuthzObjPath(
-//        new String[]{"a", "b", "t", "p1"}, "A");
-//    AuthzPathCacheOld.Entry e2 = root.createAuthzObjPath(
-//        new String[]{"a", "b", "t", "p2"}, "A");
-//
-//
-//    Assert.assertEquals(e1, root.find(new String[]{"a", "b", "t", "p1"}, true));
-//    Assert.assertEquals(e1, root.find(new String[]{"a", "b", "t", "p1"}, 
-//        false));
-//    Assert.assertEquals(e1, root.find(new String[]{"a", "b", "t", "p1", "c"},
-//        true));
-//    Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1", "c"}, false));
-//    Assert.assertEquals(prefix, root.findPrefixEntry(
-//        new String[]{"a", "b", "t", "p1"}));
-//
-//    Assert.assertEquals(e2, root.find(new String[]{"a", "b", "t", "p2"}, true));
-//    Assert.assertEquals(e2, root.find(new String[]{"a", "b", "t", "p2"}, 
-//        false));
-//    Assert.assertEquals(e2, root.find(new String[]{"a", "b", "t", "p2", "c"},
-//        true));
-//    Assert.assertNull(root.find(new String[]{"a", "b", "t", "p2", "c"}, false));
-//    Assert.assertEquals(prefix, root.findPrefixEntry(
-//        new String[]{"a", "b", "t", "p2"}));
-//
-//    root.find(new String[]{"a", "b", "t", "p1"}, true).delete();
-//    Assert.assertNull(root.find(new String[]{"a", "b", "t", "p1"}, false));
-//    Assert.assertNotNull(root.find(new String[]{"a", "b", "t"}, false));
-//
-//    root.find(new String[]{"a", "b", "t", "p2"}, true).delete();
-//    Assert.assertNull(root.find(new String[]{"a", "b", "t", "p2"}, false));
-//    Assert.assertNull(root.find(new String[]{"a", "b", "t"}, false));
-//    Assert.assertNotNull(root.find(new String[]{"a", "b"}, false));
-//
-//    Assert.assertEquals(prefix, root.findPrefixEntry(
-//        new String[]{"a", "b", "t", "p3"}));
-//  }
-//
-//  @Test
-//  public void testUpdateHandling() throws Exception {
-//    DummyHMSClient mock = new DummyHMSClient();
-//    Database db1 = mock.addDb("db1", "/db1");
-//    Table tbl11 = mock.addTable(db1, "tbl11", "/db1/tbl11");
-//    mock.addPartition(db1, tbl11, "/db1/tbl11/part111");
-//    mock.addPartition(db1, tbl11, "/db1/tbl11/part112");
-//    AuthzPathCacheOld AuthzPathUpdater = new AuthzPathCacheOld(mock, new String[]{"/db1"}, 10000);
-//
-//    // Trigger Initial refresh (full dump)
-//    AuthzPathUpdater.handleUpdateNotification(new PathsUpdate(10, null));
-//    waitToCommit(AuthzPathUpdater);
-//    assertEquals("db1.tbl11", AuthzPathUpdater.findAuthzObject("/db1/tbl11/part111".split("^/")[1].split("/")));
-//    assertEquals("db1.tbl11", AuthzPathUpdater.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/")));
-//
-//    // Handle preUpdate from HMS plugin
-//    PathsUpdate update = new PathsUpdate(11, null);
-//    update.addPathUpdate("db1.tbl12").addPath("/db1/tbl12").addPath("/db1/tbl12/part121");
-//    update.addPathUpdate("db1.tbl11").delPath("/db1/tbl11/part112");
-//
-//    // Ensure JSON serialization is working :
-//    assertEquals(PathsUpdate.toJsonString(update), 
-//        PathsUpdate.toJsonString(
-//            PathsUpdate.fromJsonString(
-//                PathsUpdate.toJsonString(update))));
-//
-//    AuthzPathUpdater.handleUpdateNotification(update);
-//    waitToCommit(AuthzPathUpdater);
-//    assertNull(AuthzPathUpdater.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/"), false));
-//    assertEquals("db1.tbl12", AuthzPathUpdater.findAuthzObject("/db1/tbl12/part121".split("^/")[1].split("/")));
-//
-//    // Add more entries to HMS
-//    Table tbl13 = mock.addTable(db1, "tbl13", "/db1/tbl13");
-//    mock.addPartition(db1, tbl13, "/db1/tbl13/part131");
-//
-//    // Simulate missed preUpdate (Send empty preUpdate with seqNum 13)
-//    // On missed preUpdate, refresh again
-//    AuthzPathUpdater.handleUpdateNotification(new PathsUpdate(13, null));
-//    waitToCommit(AuthzPathUpdater);
-//    assertEquals("db1.tbl13", AuthzPathUpdater.findAuthzObject("/db1/tbl13/part131".split("^/")[1].split("/")));
-//  }
-//
-//  @Test
-//  public void testGetUpdatesFromSrcCache() throws InterruptedException {
-//    DummyHMSClient mock = new DummyHMSClient();
-//    Database db1 = mock.addDb("db1", "/db1");
-//    Table tbl11 = mock.addTable(db1, "tbl11", "/db1/tbl11");
-//    mock.addPartition(db1, tbl11, "/db1/tbl11/part111");
-//    mock.addPartition(db1, tbl11, "/db1/tbl11/part112");
-//
-//    // This would live in the Sentry Service
-//    AuthzPathCacheOld srcCache = new AuthzPathCacheOld(mock, new String[]{"/db1"}, 10000);
-//
-//    // Trigger Initial full Image fetch
-//    srcCache.handleUpdateNotification(new PathsUpdate(10, null));
-//    waitToCommit(srcCache);
-//
-//    // This entity would live in the NN plugin : a downstream cache with no updateLog
-//    AuthzPathCacheOld destCache = new AuthzPathCacheOld(null, new String[]{"/db1"}, 0);
-//
-//    // Adapter to pull updates from upstream cache to downstream Cache
-//    DummyAdapter<PathsUpdate> adapter = new DummyAdapter<PathsUpdate>(destCache, srcCache);
-//    adapter.getDestToPullUpdatesFromSrc();
-//    waitToCommit(destCache);
-//    // Check if NN plugin received the updates from Sentry Cache
-//    assertEquals("db1.tbl11", destCache.findAuthzObject("/db1/tbl11/part111".split("^/")[1].split("/")));
-//    assertEquals("db1.tbl11", destCache.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/")));
-//
-//    // Create Upsteram HMS preUpdate
-//    PathsUpdate update = new PathsUpdate(11, null);
-//    update.addPathUpdate("db1.tbl12").addPath("/db1/tbl12").addPath("/db1/tbl12/part121");
-//    update.addPathUpdate("db1.tbl11").delPath("/db1/tbl11/part112");
-//
-//    // Send Update to Upstream Cache
-//    srcCache.handleUpdateNotification(update);
-//    waitToCommit(srcCache);
-//    // Pull preUpdate to downstream Cache
-//    adapter.getDestToPullUpdatesFromSrc();
-//    waitToCommit(destCache);
-//
-//    assertNull(srcCache.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/"), false));
-//    assertNull(destCache.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/"), false));
-//    assertEquals("db1.tbl11", destCache.findAuthzObject("/db1/tbl11/part112".split("^/")[1].split("/")));
-//    assertEquals("db1.tbl12", destCache.findAuthzObject("/db1/tbl12/part121".split("^/")[1].split("/")));
-//  }
-//
-////  @Test(expected = IllegalArgumentException.class)
-////  public void testAuthzPathUpdaterRootPrefix() {
-////    AuthzPathCacheOld cache = new AuthzPathCacheOld(new String[]{"/", "/b/c"});
-////  }
-//  
-//  @Test
-//  public void testAuthzPathUpdater() {
-//    AuthzPathCacheOld cache = new AuthzPathCacheOld(null, new String[] { "/a", "/b/c"}, 0);
-//    Assert.assertTrue(cache.isUnderPrefix("/a".split("^/")[1].split("/")));
-//    Assert.assertTrue(cache.isUnderPrefix("/a/x".split("^/")[1].split("/")));
-//    Assert.assertTrue(cache.isUnderPrefix("/b/c/".split("^/")[1].split("/")));
-//    Assert.assertFalse(cache.isUnderPrefix("/x".split("^/")[1].split("/")));
-//
-//    Assert.assertNull((cache.findAuthzObject("/a/x".split("^/")[1].split("/"))));
-//    Assert.assertNull((cache.findAuthzObject("/x".split("^/")[1].split("/"))));
-//    
-//    cache.addAuthzObject("T", Arrays.asList("/a/T/p1", "/a/T/p2"));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1".split("^/")[1].split("/")));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p2".split("^/")[1].split("/")));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x".split("^/")[1].split("/")));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x/x".split("^/")[1].split("/")));
-//    Assert.assertNull((cache.findAuthzObject("/a/T/p3".split("^/")[1].split("/"))));
-//
-//    cache.addPathsToAuthzObject("T", Arrays.asList("/a/T/p3"));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1".split("^/")[1].split("/")));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p2".split("^/")[1].split("/")));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x".split("^/")[1].split("/")));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x/x".split("^/")[1].split("/")));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p3".split("^/")[1].split("/")));
-//
-//    cache.deletePathsFromAuthzObject("T", Arrays.asList("/a/T/p2"));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1".split("^/")[1].split("/")));
-//    Assert.assertNull((cache.findAuthzObject("/a/T/p2".split("^/")[1].split("/"))));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x".split("^/")[1].split("/")));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p1/x/x".split("^/")[1].split("/")));
-//    Assert.assertEquals("T", cache.findAuthzObject("/a/T/p3".split("^/")[1].split("/")));
-//
-//    cache.deleteAuthzObject("T");
-//    Assert.assertNull((cache.findAuthzObject("/a/T/p1".split("^/")[1].split("/"))));
-//    Assert.assertNull((cache.findAuthzObject("/a/T/p2".split("^/")[1].split("/"))));
-//    Assert.assertNull((cache.findAuthzObject("/a/T/p3".split("^/")[1].split("/"))));
-//  }
-//
-//  private void waitToCommit(AuthzPathCacheOld hmsCache) throws InterruptedException {
-//    int counter = 0;
-//    while(!hmsCache.areAllUpdatesCommited()) {
-//      Thread.sleep(200);
-//      counter++;
-//      if (counter > 10000) {
-//        fail("Updates taking too long to commit !!");
-//      }
-//    }
-//  }
-  
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPermCache.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPermCache.java b/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPermCache.java
deleted file mode 100644
index f4e569f..0000000
--- a/sentry-hdfs/src/test/java/org/apache/sentry/hdfs/TestAuthzPermCache.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.hdfs;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import org.apache.hadoop.fs.permission.FsAction;
-//import org.apache.sentry.hdfs.old.AuthzPermCache;
-//import org.apache.sentry.hdfs.old.AuthzPermCache.PrivilegeInfo;
-//import org.apache.sentry.hdfs.old.AuthzPermCache.RoleInfo;
-import org.junit.Test;
-
-public class TestAuthzPermCache {
-
-//  @Test
-//  public void testAuthzAddRemove() throws InterruptedException {
-//    DummyAuthzSource src = new DummyAuthzSource();
-//    AuthzPermCache authzCache = new AuthzPermCache(10000, src, 0);
-//    src.privs.put("db1.tbl11", new PrivilegeInfo("db1.tbl11").setPermission("r1", FsAction.READ_WRITE));
-//    src.privs.put("db1.tbl12", new PrivilegeInfo("db1.tbl12").setPermission("r1", FsAction.READ).setPermission("r2", FsAction.WRITE));
-//    src.privs.put("db1.tbl13", new PrivilegeInfo("db1.tbl13").setPermission("r2", FsAction.READ).setPermission("r3", FsAction.WRITE));
-//    src.roles.put("r1", new RoleInfo("r1").addGroup("g1"));
-//    src.roles.put("r2", new RoleInfo("r2").addGroup("g2").addGroup("g1"));
-//    src.roles.put("r3", new RoleInfo("r3").addGroup("g3").addGroup("g2").addGroup("g1"));
-//    authzCache.handleUpdateNotification(new PermissionsUpdate(10, false));
-//    waitToCommit(authzCache);
-//
-//    assertEquals(FsAction.READ_WRITE, authzCache.getPermissions("db1.tbl11").get("g1"));
-//    assertEquals(FsAction.READ_WRITE, authzCache.getPermissions("db1.tbl12").get("g1"));
-//    assertEquals(FsAction.WRITE, authzCache.getPermissions("db1.tbl12").get("g2"));
-//    assertEquals(FsAction.READ_WRITE, authzCache.getPermissions("db1.tbl13").get("g1"));
-//    assertEquals(FsAction.READ_WRITE, authzCache.getPermissions("db1.tbl13").get("g2"));
-//    assertEquals(FsAction.WRITE, authzCache.getPermissions("db1.tbl13").get("g3"));
-//  }
-//
-//  private void waitToCommit(AuthzPermCache authzCache) throws InterruptedException {
-//    int counter = 0;
-//    while(!authzCache.areAllUpdatesCommited()) {
-//      Thread.sleep(200);
-//      counter++;
-//      if (counter > 10000) {
-//        fail("Updates taking too long to commit !!");
-//      }
-//    }
-//  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 6e66823..6d0efd3 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -1410,12 +1410,12 @@ public class SentryStore implements ExternalImageRetriever<PermissionsUpdate> {
           String existingPriv = pUpdate.getAddPrivileges().get(mRole.getRoleName());
           if (existingPriv == null) {
             pUpdate.putToAddPrivileges(mRole.getRoleName(),
-                ACTION_MAPPING.get(mPriv.getAction()).SYMBOL);
+                ACTION_MAPPING.get(mPriv.getAction().toUpperCase()).SYMBOL);
           } else {
             pUpdate.putToAddPrivileges(
                 mRole.getRoleName(),
                 FsAction.getFsAction(existingPriv)
-                    .or(ACTION_MAPPING.get(mPriv.getAction())).SYMBOL);
+                    .or(ACTION_MAPPING.get(mPriv.getAction().toUpperCase())).SYMBOL);
           }
         }
       }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f60a7c59/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index 685c906..8ede069 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -264,7 +264,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
         PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false);
         update.addPrivilegeUpdate(authzObj).putToAddPrivileges(
             request.getRoleName(),
-            SentryStore.ACTION_MAPPING.get(request.getPrivilege().getAction())
+            SentryStore.ACTION_MAPPING.get(request.getPrivilege().getAction().toUpperCase())
                 .SYMBOL);
         permsUpdater.handleUpdateNotification(update);
         LOGGER.info("Authz Perm preUpdate [" + update.getSeqNum() + "]..");
@@ -306,7 +306,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
         PermissionsUpdate update = new PermissionsUpdate(permSeqNum.incrementAndGet(), false);
         update.addPrivilegeUpdate(authzObj).putToDelPrivileges(
             request.getRoleName(),
-            SentryStore.ACTION_MAPPING.get(request.getPrivilege().getAction())
+            SentryStore.ACTION_MAPPING.get(request.getPrivilege().getAction().toUpperCase())
                 .SYMBOL);
         permsUpdater.handleUpdateNotification(update);
         LOGGER.info("Authz Perm preUpdate [" + update.getSeqNum() + ", " + authzObj + "]..");


Mime
View raw message