sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject incubator-sentry git commit: SENTRY-1004: Create CommonPrivilege for external component(Colin Ma, Reviewed by Dapeng Sun, Anne Yu)
Date Thu, 18 Feb 2016 01:07:21 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/SENTRY-999 65eda0145 -> 2aa3e99ae


SENTRY-1004: Create CommonPrivilege for external component(Colin Ma, Reviewed by Dapeng Sun,
Anne Yu)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/2aa3e99a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/2aa3e99a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/2aa3e99a

Branch: refs/heads/SENTRY-999
Commit: 2aa3e99aeadbc6e0c2d651532935bc4883bacc23
Parents: 65eda01
Author: Colin Ma <colin@apache.org>
Authored: Thu Feb 18 10:04:30 2016 +0800
Committer: Colin Ma <colin@apache.org>
Committed: Thu Feb 18 10:04:30 2016 +0800

----------------------------------------------------------------------
 .../sentry/core/common/BitFieldAction.java      |   2 +-
 .../sentry/core/common/ImplyMethodType.java     |  23 +++
 .../org/apache/sentry/core/common/Model.java    |  29 ++++
 .../org/apache/sentry/core/common/Resource.java |  26 ++++
 sentry-policy/sentry-policy-common/pom.xml      |   5 +
 .../sentry/policy/common/CommonPrivilege.java   | 139 +++++++++++++++++++
 .../sentry/policy/common/PolicyConstants.java   |   1 +
 .../sentry/policy/common/ModelForTest.java      |  87 ++++++++++++
 .../policy/common/TestCommonPrivilege.java      | 131 +++++++++++++++++
 .../sentry/policy/common/TestKeyValue.java      |  28 ++--
 10 files changed, 455 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java
index ce0e4fb..0f5b23b 100644
--- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java
@@ -20,7 +20,7 @@ package org.apache.sentry.core.common;
  * example, There exists three actions, UPDATE, QUERY and ALL.
  * The a bit set for UPDATE is 0x0001, QUERY is 0x0002, ALL is 0x0001|0x0002=0x0003
  */
-public abstract class BitFieldAction implements Action {
+public class BitFieldAction implements Action {
   private String name;
   private int code;
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java
new file mode 100644
index 0000000..16a7a46
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common;
+
+public enum ImplyMethodType {
+  STRING,
+  URL,
+  ACTION,
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Model.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Model.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Model.java
new file mode 100644
index 0000000..a63cd63
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Model.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common;
+
+import java.util.Map;
+
+// The interface is used for define the authorization model for different component
+public interface Model {
+  // The authorizableTypeName is the key of map, and the ImplyMethodType is the value.
+  Map<String, ImplyMethodType> getImplyMethodMap();
+
+  BitFieldActionFactory getBitFieldActionFactory();
+
+  // TODO: add interface to validate the hierarchy for the resources
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Resource.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Resource.java
b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Resource.java
new file mode 100644
index 0000000..3ce52e8
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Resource.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common;
+
+// The interface is responsible for define the resource for every component.
+public interface Resource {
+  // Get the ResourceImplyMethodType which indicate how to compare the resource value.
+  // eg, For Hive component, it will output STRING for "db", "table", "column" and URL for
"url"
+  //     in CommonPrivilege, the method imply() will compare the resource value according
to the ResourceImplyMethodType.
+  //     Using String.equals() for STRING and PathUtils.impliesURI() for URL
+  ImplyMethodType getResourceImplyMethod();
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/pom.xml b/sentry-policy/sentry-policy-common/pom.xml
index fbec06f..c925441 100644
--- a/sentry-policy/sentry-policy-common/pom.xml
+++ b/sentry-policy/sentry-policy-common/pom.xml
@@ -45,6 +45,11 @@ limitations under the License.
       <artifactId>junit</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-core-model-db</artifactId>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
 </project>

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
new file mode 100644
index 0000000..af3a7dd
--- /dev/null
+++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java
@@ -0,0 +1,139 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.common;
+
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Lists;
+import org.apache.sentry.core.common.BitFieldAction;
+import org.apache.sentry.core.common.BitFieldActionFactory;
+import org.apache.sentry.core.common.ImplyMethodType;
+import org.apache.sentry.core.common.Model;
+import org.apache.sentry.core.common.utils.PathUtils;
+import java.util.List;
+
+// The class is used to compare the privilege
+public class CommonPrivilege implements Privilege {
+
+  private ImmutableList<KeyValue> parts;
+
+  public CommonPrivilege(String privilegeStr) {
+    privilegeStr = Strings.nullToEmpty(privilegeStr).trim();
+    if (privilegeStr.isEmpty()) {
+      throw new IllegalArgumentException("Privilege string cannot be null or empty.");
+    }
+    List<KeyValue> parts = Lists.newArrayList();
+    for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.trimResults().split(
+            privilegeStr)) {
+      if (authorizable.isEmpty()) {
+        throw new IllegalArgumentException("Privilege '" + privilegeStr + "' has an empty
section");
+      }
+      parts.add(new KeyValue(authorizable));
+    }
+    if (parts.isEmpty()) {
+      throw new AssertionError("Should never occur: " + privilegeStr);
+    }
+    this.parts = ImmutableList.copyOf(parts);
+  }
+
+  public boolean implies(Privilege privilege, Model model) {
+    // By default only supports comparisons with other IndexerWildcardPermissions
+    if (!(privilege instanceof CommonPrivilege)) {
+      return false;
+    }
+
+    List<KeyValue> otherParts = ((CommonPrivilege) privilege).getParts();
+    if(parts.equals(otherParts)) {
+      return true;
+    }
+
+    int index = 0;
+    for (KeyValue otherPart : otherParts) {
+      // If this privilege has less parts than the other privilege, everything
+      // after the number of parts contained
+      // in this privilege is automatically implied, so return true
+      if (parts.size() - 1 < index) {
+        return true;
+      } else {
+        KeyValue part = parts.get(index);
+        String policyKey = part.getKey();
+        // are the keys even equal
+        if(!policyKey.equalsIgnoreCase(otherPart.getKey())) {
+          return false;
+        }
+
+        // do the imply for action
+        if (PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyKey)) {
+          if (!impliesAction(part.getValue(), otherPart.getValue(), model.getBitFieldActionFactory()))
{
+            return false;
+          }
+        } else {
+          if (!impliesValue(model.getImplyMethodMap().get(policyKey), part.getValue(), otherPart.getValue()))
{
+            return false;
+          }
+        }
+
+        index++;
+      }
+    }
+
+    // If this privilege has more parts than the other parts, only imply it if
+    // all of the other parts are wildcards
+    for (; index < parts.size(); index++) {
+      KeyValue part = parts.get(index);
+      if (!PolicyConstants.PRIVILEGE_WILDCARD_VALUE.equals(part.getValue())) {
+        return false;
+      }
+    }
+
+    return true;
+  }
+
+  private boolean impliesValue(ImplyMethodType implyMethodType, String policyValue, String
requestValue) {
+    // compare as the url
+    if (ImplyMethodType.URL == implyMethodType) {
+      return PathUtils.impliesURI(policyValue, requestValue);
+    }
+    // default: compare as the string
+    return policyValue.equals(requestValue);
+  }
+
+  private boolean impliesAction(String policyValue, String requestValue,
+                                BitFieldActionFactory bitFieldActionFactory) {
+    BitFieldAction currentAction = bitFieldActionFactory.getActionByName(policyValue);
+    BitFieldAction requestAction = bitFieldActionFactory.getActionByName(requestValue);
+    // the action in privilege is not supported
+    if (currentAction == null || requestAction == null) {
+      return false;
+    }
+    return currentAction.implies(requestAction);
+  }
+
+
+  @Override
+  public String toString() {
+    return PolicyConstants.AUTHORIZABLE_JOINER.join(parts);
+  }
+
+  public boolean implies(Privilege p) {
+    return false;
+  }
+
+  public List<KeyValue> getParts() {
+    return parts;
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java
b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java
index 0bad8c1..8e4d465 100644
--- a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java
+++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java
@@ -35,4 +35,5 @@ public class PolicyConstants {
   // TODO change to privilege
   public static final String PRIVILEGE_NAME = "action";
   public static final String PRIVILEGE_PREFIX = (PRIVILEGE_NAME + KV_SEPARATOR).toLowerCase();
+  public static final String PRIVILEGE_WILDCARD_VALUE = "*";
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java
b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java
new file mode 100644
index 0000000..a213987
--- /dev/null
+++ b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.common;
+
+import org.apache.sentry.core.common.*;
+import org.apache.sentry.core.model.db.DBModelAuthorizable;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class ModelForTest implements Model {
+
+  private Map<String, ImplyMethodType> implyMethodMap;
+  private BitFieldActionFactory bitFieldActionFactory;
+
+  public ModelForTest() {
+    implyMethodMap = new HashMap<String, ImplyMethodType>();
+    bitFieldActionFactory = new ActionFactoryForTest();
+
+    implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Server.name().toLowerCase(),
ImplyMethodType.STRING);
+    implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Db.name().toLowerCase(), ImplyMethodType.STRING);
+    implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Table.name().toLowerCase(), ImplyMethodType.STRING);
+    implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Column.name().toLowerCase(),
ImplyMethodType.STRING);
+    implyMethodMap.put(DBModelAuthorizable.AuthorizableType.URI.name().toLowerCase(), ImplyMethodType.URL);
+  }
+
+  public Map<String, ImplyMethodType> getImplyMethodMap() {
+    return implyMethodMap;
+  }
+
+  public BitFieldActionFactory getBitFieldActionFactory() {
+    return bitFieldActionFactory;
+  }
+
+  public static class ActionFactoryForTest extends BitFieldActionFactory {
+    enum ActionType {
+      SELECT("select", 1),
+      INSERT("insert", 2),
+      ALL("all", SELECT.getCode() | INSERT.getCode()),
+      ALL_STAR("*", SELECT.getCode() | INSERT.getCode());
+
+      private String name;
+      private int code;
+
+      ActionType(String name, int code) {
+        this.name = name;
+        this.code = code;
+      }
+
+      public int getCode() {
+        return code;
+      }
+
+      public String getName() {
+        return name;
+      }
+    }
+
+    public List<? extends BitFieldAction> getActionsByCode(int actionCode) {
+      return null;
+    }
+
+    public BitFieldAction getActionByName(String name) {
+      for (ActionType action : ActionType.values()) {
+        if (action.name.equalsIgnoreCase(name)) {
+          return new BitFieldAction(action.getName(), action.getCode());
+        }
+      }
+      return null;
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java
b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java
new file mode 100644
index 0000000..d74c88f
--- /dev/null
+++ b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java
@@ -0,0 +1,131 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.common;
+
+import org.apache.sentry.core.common.Model;
+import org.junit.Before;
+import org.junit.Test;
+import java.util.List;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertTrue;
+import static junit.framework.Assert.assertFalse;
+
+public class TestCommonPrivilege {
+
+  private Model testModel;
+
+  @Before
+  public void prepareData() {
+    testModel = new ModelForTest();
+  }
+
+  @Test
+  public void testCreateCommonPrivilege() throws Exception {
+    String privilegeHiveStr = "server=server1->db=db1->table=table1->column=column1->action=select";
+    String privilegeSolrStr = "server=server1->collection=col1->action=update";
+    String privilegeSqoopStr = "server=server1->link=link1->action=read";
+
+    CommonPrivilege privilegeHive = new CommonPrivilege(privilegeHiveStr);
+    CommonPrivilege privilegeSolr = new CommonPrivilege(privilegeSolrStr);
+    CommonPrivilege privilegeSqoop = new CommonPrivilege(privilegeSqoopStr);
+
+    List<KeyValue> keyValues = privilegeHive.getParts();
+    assertEquals(5, keyValues.size());
+    // test the value and the order
+    assertEquals("server", keyValues.get(0).getKey());
+    assertEquals("server1", keyValues.get(0).getValue());
+    assertEquals("db", keyValues.get(1).getKey());
+    assertEquals("db1", keyValues.get(1).getValue());
+    assertEquals("table", keyValues.get(2).getKey());
+    assertEquals("table1", keyValues.get(2).getValue());
+    assertEquals("column", keyValues.get(3).getKey());
+    assertEquals("column1", keyValues.get(3).getValue());
+    assertEquals("action", keyValues.get(4).getKey());
+    assertEquals("select", keyValues.get(4).getValue());
+
+    keyValues = privilegeSolr.getParts();
+    assertEquals(3, keyValues.size());
+    assertEquals("server", keyValues.get(0).getKey());
+    assertEquals("server1", keyValues.get(0).getValue());
+    assertEquals("collection", keyValues.get(1).getKey());
+    assertEquals("col1", keyValues.get(1).getValue());
+    assertEquals("action", keyValues.get(2).getKey());
+    assertEquals("update", keyValues.get(2).getValue());
+
+    keyValues = privilegeSqoop.getParts();
+    assertEquals(3, keyValues.size());
+    assertEquals("server", keyValues.get(0).getKey());
+    assertEquals("server1", keyValues.get(0).getValue());
+    assertEquals("link", keyValues.get(1).getKey());
+    assertEquals("link1", keyValues.get(1).getValue());
+    assertEquals("action", keyValues.get(2).getKey());
+    assertEquals("read", keyValues.get(2).getValue());
+  }
+
+  @Test
+  public void testImplyCommonPrivilegeWithoutAction() throws Exception {
+
+    CommonPrivilege requestPrivilege = new CommonPrivilege("server=server1->db=db1->table=table1");
+    CommonPrivilege privilegForTest1 = new CommonPrivilege("server=server1->db=db1->table=table1");
+    CommonPrivilege privilegForTest2 = new CommonPrivilege("server=server1->db=db1");
+    CommonPrivilege privilegForTest3 = new CommonPrivilege("server=server1->db=db1->table=table2");
+    CommonPrivilege privilegForTest4 = new CommonPrivilege("server=server1->db=db1->table=table1->column=col1");
+    CommonPrivilege privilegForTest5 = new CommonPrivilege("server=server1->db=db1->table=table1->column=*");
+
+    assertTrue(privilegForTest1.implies(requestPrivilege, testModel));
+    assertTrue(privilegForTest2.implies(requestPrivilege, testModel));
+    assertFalse(privilegForTest3.implies(requestPrivilege, testModel));
+    assertFalse(privilegForTest4.implies(requestPrivilege, testModel));
+    assertTrue(privilegForTest5.implies(requestPrivilege, testModel));
+  }
+
+  @Test
+  public void testImplyCommonPrivilegeWithUrl() throws Exception {
+
+    CommonPrivilege requestPrivilege = new CommonPrivilege("server=server1->uri=hdfs:///url/for/request");
+    CommonPrivilege privilegForTest1 = new CommonPrivilege("server=server1->uri=hdfs:///url");
+    CommonPrivilege privilegForTest2 = new CommonPrivilege("server=server1->uri=hdfs:///url/for/request");
+    CommonPrivilege privilegForTest3 = new CommonPrivilege("server=server1->uri=hdfs:///url/unvalid/for/request");
+
+    assertTrue(privilegForTest1.implies(requestPrivilege, testModel));
+    assertTrue(privilegForTest2.implies(requestPrivilege, testModel));
+    assertFalse(privilegForTest3.implies(requestPrivilege, testModel));
+  }
+
+  @Test
+  public void testImplyCommonPrivilegeForAction() throws Exception {
+    CommonPrivilege privilegForSelect = new CommonPrivilege("server=server1->db=db1->table=table1->action=select");
+    CommonPrivilege privilegForInsert = new CommonPrivilege("server=server1->db=db1->table=table1->action=insert");
+    CommonPrivilege privilegForAll = new CommonPrivilege("server=server1->db=db1->table=table1->action=all");
+
+    // the privilege should imply itself
+    assertTrue(privilegForSelect.implies(privilegForSelect, testModel));
+    assertTrue(privilegForInsert.implies(privilegForInsert, testModel));
+    assertTrue(privilegForAll.implies(privilegForAll, testModel));
+
+    // do the imply with the different action based on operate &
+    assertFalse(privilegForInsert.implies(privilegForSelect, testModel));
+    assertTrue(privilegForAll.implies(privilegForSelect, testModel));
+
+    assertFalse(privilegForSelect.implies(privilegForInsert, testModel));
+    assertTrue(privilegForAll.implies(privilegForInsert, testModel));
+
+    assertFalse(privilegForSelect.implies(privilegForAll, testModel));
+    assertFalse(privilegForInsert.implies(privilegForAll, testModel));
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java
b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java
index 2dfc7c5..7686ea1 100644
--- a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java
+++ b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java
@@ -16,10 +16,8 @@
  */
 package org.apache.sentry.policy.common;
 
-import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.assertFalse;
 import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER;
-
+import junit.framework.Assert;
 import org.junit.Test;
 
 public class TestKeyValue {
@@ -27,8 +25,8 @@ public class TestKeyValue {
   @Test
   public void testWithSeparators() throws Exception {
     KeyValue kv = new KeyValue("URI=/u/h/w/t/partition=value/");
-    assertEquals("URI", kv.getKey());
-    assertEquals("/u/h/w/t/partition=value/", kv.getValue());
+    Assert.assertEquals("URI", kv.getKey());
+    Assert.assertEquals("/u/h/w/t/partition=value/", kv.getValue());
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -58,19 +56,19 @@ public class TestKeyValue {
   }
 
   private void doTest(KeyValue kv1, KeyValue kv2, KeyValue kv3) {
-    assertEquals(kv1, kv2);
-    assertFalse(kv1.equals(kv3));
+    Assert.assertEquals(kv1, kv2);
+    Assert.assertFalse(kv1.equals(kv3));
 
-    assertEquals(kv1.toString(), kv2.toString());
-    assertFalse(kv1.toString().equals(kv3.toString()));
+    Assert.assertEquals(kv1.toString(), kv2.toString());
+    Assert.assertFalse(kv1.toString().equals(kv3.toString()));
 
-    assertEquals(kv1.hashCode(), kv2.hashCode());
-    assertFalse(kv1.hashCode() == kv3.hashCode());
+    Assert.assertEquals(kv1.hashCode(), kv2.hashCode());
+    Assert.assertFalse(kv1.hashCode() == kv3.hashCode());
 
-    assertEquals(kv1.getKey(), kv2.getKey());
-    assertFalse(kv1.getKey().equals(kv3.getKey()));
+    Assert.assertEquals(kv1.getKey(), kv2.getKey());
+    Assert.assertFalse(kv1.getKey().equals(kv3.getKey()));
 
-    assertEquals(kv1.getValue(), kv2.getValue());
-    assertFalse(kv1.getValue().equals(kv3.getValue()));
+    Assert.assertEquals(kv1.getValue(), kv2.getValue());
+    Assert.assertFalse(kv1.getValue().equals(kv3.getValue()));
   }
 }


Mime
View raw message