sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject [02/13] sentry git commit: SENTRY-999: Refactor the sentry to integrate with external components quickly (Colin Ma, reviewed by Dapeng Sun)
Date Fri, 22 Apr 2016 06:28:22 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopWildcardPrivilege.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopWildcardPrivilege.java
deleted file mode 100644
index ae89cf4..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopWildcardPrivilege.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER;
-
-import java.util.List;
-
-import org.apache.sentry.core.model.sqoop.SqoopActionConstant;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.KeyValue;
-
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Lists;
-
-public class SqoopWildcardPrivilege implements Privilege {
-
-  public static class Factory implements PrivilegeFactory {
-    @Override
-    public Privilege createPrivilege(String permission) {
-      return new SqoopWildcardPrivilege(permission);
-    }
-  }
-
-  private final ImmutableList<KeyValue> parts;
-
-  public SqoopWildcardPrivilege(String permission) {
-    if (Strings.isNullOrEmpty(permission)) {
-      throw new IllegalArgumentException("permission string cannot be null or empty.");
-    }
-    List<KeyValue>parts = Lists.newArrayList();
-    for (String authorizable : AUTHORIZABLE_SPLITTER.trimResults().split(permission.trim())) {
-      if (authorizable.isEmpty()) {
-        throw new IllegalArgumentException("Privilege '" + permission + "' has an empty section");
-      }
-      parts.add(new KeyValue(authorizable));
-    }
-    if (parts.isEmpty()) {
-      throw new AssertionError("Should never occur: " + permission);
-    }
-    this.parts = ImmutableList.copyOf(parts);
-  }
-
-  @Override
-  public boolean implies(Privilege p) {
-    if (!(p instanceof SqoopWildcardPrivilege)) {
-      return false;
-    }
-    SqoopWildcardPrivilege wp = (SqoopWildcardPrivilege)p;
-    List<KeyValue> otherParts = wp.parts;
-    if(equals(wp)) {
-      return true;
-    }
-    int index = 0;
-    for (KeyValue otherPart : otherParts) {
-      // If this privilege has less parts than the other privilege, everything
-      // after the number of parts contained
-      // in this privilege is automatically implied, so return true
-      if (parts.size() - 1 < index) {
-        return true;
-      } else {
-        KeyValue part = parts.get(index);
-        // Support for action inheritance from parent to child
-        if (part.getKey().equalsIgnoreCase(SqoopActionConstant.NAME)
-            && !(otherPart.getKey().equalsIgnoreCase(SqoopActionConstant.NAME))) {
-          continue;
-        }
-        // are the keys even equal
-        if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
-          return false;
-        }
-        if (!impliesKeyValue(part, otherPart)) {
-          return false;
-        }
-        index++;
-      }
-    }
-    // If this privilege has more parts than
-    // the other parts, only imply it if
-    // all of the other parts are "*" or "ALL"
-    for (; index < parts.size(); index++) {
-      KeyValue part = parts.get(index);
-      if (!part.getValue().equals(SqoopActionConstant.ALL)) {
-        return false;
-      }
-    }
-    return true;
-  }
-
-  private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
-    Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
-        "Please report, this method should not be called with two different keys");
-    if(policyPart.getValue().equalsIgnoreCase(SqoopActionConstant.ALL) ||
-        policyPart.getValue().equalsIgnoreCase(SqoopActionConstant.ALL_NAME) ||
-        policyPart.equals(requestPart)) {
-      return true;
-    } else if (!SqoopActionConstant.NAME.equalsIgnoreCase(policyPart.getKey())
-        && SqoopActionConstant.ALL.equalsIgnoreCase(requestPart.getValue())) {
-      /* privilege request is to match with any object of given type */
-      return true;
-    }
-    return false;
-
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/AbstractTestSqoopPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/AbstractTestSqoopPolicyEngine.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/AbstractTestSqoopPolicyEngine.java
deleted file mode 100644
index 49b9bc1..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/AbstractTestSqoopPolicyEngine.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Set;
-import java.util.TreeSet;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public abstract class AbstractTestSqoopPolicyEngine {
-  private static final String OPERATOR_JDBC_CONNECTORS_READ = "server=server1->connector=generic-jdbc-connector->action=read";
-  private static final String OPERATOR_HDFS_CONNECTORS_READ = "server=server1->connector=hdfs-connector->action=read";
-  private static final String OPERATOR_KAFKA_CONNECTORS_READ = "server=server1->connector=kafka-connector->action=read";
-  private static final String OPERATOR_KITE_CONNECTORS_READ = "server=server1->connector=kite-connector->action=read";
-  private static final String ANALYST_JOBS_ALL = "server=server1->job=all->action=*";
-  private static final String OPERATOR_JOB1_READ = "server=server1->job=job1->action=read";
-  private static final String OPERATOR_JOB2_READ = "server=server1->job=job2->action=read";
-  private static final String ANALYST_LINKS_ALL = "server=server1->link=all->action=*";
-  private static final String OPERATOR_LINK1_READ = "server=server1->link=link1->action=read";
-  private static final String OPERATOR_LINK2_READ = "server=server1->link=link2->action=read";
-  private static final String ADMIN = "server=server1->action=*";
-
-  private PolicyEngine policy;
-  private static File baseDir;
-
-  protected String sqoopServerName = "server1";
-
-  @BeforeClass
-  public static void setupClazz() throws IOException {
-    baseDir = Files.createTempDir();
-  }
-
-  @AfterClass
-  public static void teardownClazz() throws IOException {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  protected void setPolicy(PolicyEngine policy) {
-    this.policy = policy;
-  }
-  protected static File getBaseDir() {
-    return baseDir;
-  }
-  @Before
-  public void setup() throws IOException {
-    afterSetup();
-  }
-  @After
-  public void teardown() throws IOException {
-    beforeTeardown();
-  }
-  protected void afterSetup() throws IOException {
-
-  }
-
-  protected void beforeTeardown() throws IOException {
-
-  }
-
-  @Test
-  public void testDeveloper() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
-        OPERATOR_JDBC_CONNECTORS_READ, OPERATOR_HDFS_CONNECTORS_READ,
-        OPERATOR_KAFKA_CONNECTORS_READ, OPERATOR_KITE_CONNECTORS_READ,
-        ANALYST_JOBS_ALL, ANALYST_LINKS_ALL));
-    Assert.assertEquals(expected.toString(),
-        Sets.newTreeSet(policy.getPrivileges(set("developer"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  @Test
-  public void testAnalyst() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ANALYST_JOBS_ALL, ANALYST_LINKS_ALL));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  @Test
-  public void testConnectorOperator() throws Exception {
-
-  }
-
-  @Test
-  public void testJobOperator() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets
-        .newHashSet(OPERATOR_JOB1_READ,OPERATOR_JOB2_READ));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("job1_2_operator"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  @Test
-  public void testLinkOperator() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets
-        .newHashSet(OPERATOR_LINK1_READ, OPERATOR_LINK2_READ));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("link1_2_operator"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  @Test
-  public void testAdmin() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ADMIN));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  private static Set<String> set(String... values) {
-    return Sets.newHashSet(values);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/MockGroupMappingServiceProvider.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/MockGroupMappingServiceProvider.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/MockGroupMappingServiceProvider.java
deleted file mode 100644
index fd577d6..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/MockGroupMappingServiceProvider.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.util.Set;
-
-import org.apache.sentry.provider.common.GroupMappingService;
-
-import com.google.common.collect.Multimap;
-import com.google.common.collect.Sets;
-
-public class MockGroupMappingServiceProvider implements GroupMappingService {
-  private final Multimap<String, String> userToGroupMap;
-
-  public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) {
-    this.userToGroupMap = userToGroupMap;
-  }
-  @Override
-  public Set<String> getGroups(String user) {
-    return Sets.newHashSet(userToGroupMap.get(user));
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyFileProviderBackend.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyFileProviderBackend.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyFileProviderBackend.java
deleted file mode 100644
index 5da63a3..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyFileProviderBackend.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.io.IOException;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.file.SimpleFileProviderBackend;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class SqoopPolicyFileProviderBackend extends SimpleSqoopPolicyEngine {
-  private static final Logger LOGGER = LoggerFactory.getLogger(SqoopPolicyFileProviderBackend.class);
-  public SqoopPolicyFileProviderBackend(String sqoopServerName,
-      String resource) throws IOException {
-    super(sqoopServerName, new SimpleFileProviderBackend(new Configuration(), resource));
-    LOGGER.warn("The DB providerbackend is the preferred option over file providerbackend as the sqoop policy engine");
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestServerNameRequiredMatch.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestServerNameRequiredMatch.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestServerNameRequiredMatch.java
deleted file mode 100644
index b6e9893..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestServerNameRequiredMatch.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import org.junit.Assert;
-
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
-import org.apache.shiro.config.ConfigurationException;
-import org.junit.Test;
-
-public class TestServerNameRequiredMatch {
-  @Test
-  public void testWithoutServerName() {
-    ServerNameRequiredMatch serverNameMatch = new ServerNameRequiredMatch("server1");
-    try {
-      serverNameMatch.validate(new PrivilegeValidatorContext("connector=c1->action=read"));
-      Assert.fail("Expected ConfigurationException");
-    } catch (ConfigurationException ex) {
-    }
-  }
-  @Test
-  public void testServerNameNotMatch() throws Exception {
-    ServerNameRequiredMatch serverNameMatch = new ServerNameRequiredMatch("server1");
-    try {
-      serverNameMatch.validate(new PrivilegeValidatorContext("server=server2->connector=c1->action=read"));
-      Assert.fail("Expected ConfigurationException");
-    } catch (ConfigurationException ex) {
-    }
-  }
-  @Test
-  public void testServerNameMatch() throws Exception {
-    ServerNameRequiredMatch serverNameMatch = new ServerNameRequiredMatch("server1");
-    try {
-      serverNameMatch.validate(new PrivilegeValidatorContext("server=server1->connector=c1->action=read"));
-    } catch (ConfigurationException ex) {
-      Assert.fail("Not expected ConfigurationException");
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java
deleted file mode 100644
index 3bdf6f7..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java
+++ /dev/null
@@ -1,225 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.sqoop.Connector;
-import org.apache.sentry.core.model.sqoop.Job;
-import org.apache.sentry.core.model.sqoop.Link;
-import org.apache.sentry.core.model.sqoop.Server;
-import org.apache.sentry.core.model.sqoop.SqoopActionConstant;
-import org.apache.sentry.core.model.sqoop.SqoopActionFactory.SqoopAction;
-import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
-import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFiles;
-import org.junit.After;
-import org.junit.Test;
-
-import com.google.common.base.Objects;
-import com.google.common.collect.HashMultimap;
-import com.google.common.collect.Multimap;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public class TestSqoopAuthorizationProviderGeneralCases {
-  private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap.create();
-
-  private static final Subject SUB_ADMIN = new Subject("admin1");
-  private static final Subject SUB_DEVELOPER = new Subject("developer1");
-  private static final Subject SUB_ANALYST = new Subject("analyst1");
-  private static final Subject SUB_JOB_OPERATOR = new Subject("job_operator1");
-  private static final Subject SUB_LINK_OPERATOR = new Subject("link_operator1");
-  private static final Subject SUB_CONNECTOR_OPERATOR = new Subject("connector_operator1");
-
-
-
-  private static final Server server1 = new Server("server1");
-  private static final Connector jdbc_connector = new Connector("generic-jdbc-connector");
-  private static final Connector hdfs_connector = new Connector("hdfs-connector");
-  private static final Connector kafka_connector = new Connector("kafka-connector");
-  private static final Connector kite_connector = new Connector("kite-connector");
-  private static final Link link1 = new Link("link1");
-  private static final Link link2 = new Link("link2");
-  private static final Job job1 = new Job("job1");
-  private static final Job job2 = new Job("job2");
-
-  private static final SqoopAction ALL = new SqoopAction(SqoopActionConstant.ALL);
-  private static final SqoopAction READ = new SqoopAction(SqoopActionConstant.READ);
-  private static final SqoopAction WRITE = new SqoopAction(SqoopActionConstant.WRITE);
-
-  private static final String ADMIN = "admin";
-  private static final String DEVELOPER = "developer";
-  private static final String ANALYST = "analyst";
-  private static final String JOB_OPERATOR = "job1_2_operator";
-  private static final String LINK_OPERATOR ="link1_2_operator";
-  private static final String CONNECTOR_OPERATOR = "connectors_operator";
-
-  static {
-    USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList(ADMIN));
-    USER_TO_GROUP_MAP.putAll(SUB_DEVELOPER.getName(), Arrays.asList(DEVELOPER));
-    USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList(ANALYST));
-    USER_TO_GROUP_MAP.putAll(SUB_JOB_OPERATOR.getName(),Arrays.asList(JOB_OPERATOR));
-    USER_TO_GROUP_MAP.putAll(SUB_LINK_OPERATOR.getName(),Arrays.asList(LINK_OPERATOR));
-    USER_TO_GROUP_MAP.putAll(SUB_CONNECTOR_OPERATOR.getName(),Arrays.asList(CONNECTOR_OPERATOR));
-  }
-
-  private final ResourceAuthorizationProvider authzProvider;
-  private File baseDir;
-
-  public TestSqoopAuthorizationProviderGeneralCases() throws IOException {
-    baseDir = Files.createTempDir();
-    PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini");
-    authzProvider = new HadoopGroupResourceAuthorizationProvider(
-        new SqoopPolicyFileProviderBackend(server1.getName(), new File(baseDir, "test-authz-provider.ini").getPath()),
-        new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP));
-  }
-
-  @After
-  public void teardown() {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  private void doTestResourceAuthorizationProvider(Subject subject, List<? extends Authorizable> authorizableHierarchy,
-      Set<? extends Action> actions, boolean expected) throws Exception {
-    Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
-    helper.add("Subject", subject).add("authzHierarchy", authorizableHierarchy).add("action", actions);
-    Assert.assertEquals(helper.toString(), expected,
-        authzProvider.hasAccess(subject, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-  }
-
-  @Test
-  public void testAdmin() throws Exception {
-    Set<? extends Action> allActions = Sets.newHashSet(ALL, READ, WRITE);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1), allActions, true);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,hdfs_connector), allActions, true);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,jdbc_connector), allActions, true);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,kafka_connector), allActions, true);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,kite_connector), allActions, true);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,link1), allActions, true);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,link2), allActions, true);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,job1), allActions, true);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,job2), allActions, true);
-  }
-
-  @Test
-  public void testDeveloper() throws Exception {
-    Set<SqoopAction> allActions = Sets.newHashSet(ALL, READ, WRITE);
-    for (SqoopAction action : allActions) {
-      //developer only has the read action on all connectors
-      for (Connector connector : Sets.newHashSet(jdbc_connector, hdfs_connector, kafka_connector, kite_connector)) {
-        doTestResourceAuthorizationProvider(SUB_DEVELOPER, Arrays.asList(server1, connector), Sets.newHashSet(action), READ.equals(action));
-      }
-    }
-
-    for (Link link : Sets.newHashSet(link1, link2)) {
-      //developer has the all action on all links
-      doTestResourceAuthorizationProvider(SUB_DEVELOPER, Arrays.asList(server1, link), allActions, true);
-    }
-
-    for (Job job : Sets.newHashSet(job1,job2)) {
-      //developer has the all action on all jobs
-      doTestResourceAuthorizationProvider(SUB_DEVELOPER, Arrays.asList(server1, job), allActions, true);
-    }
-  }
-
-  @Test
-  public void testAnalyst() throws Exception {
-    Set<SqoopAction> allActions = Sets.newHashSet(ALL, READ, WRITE);
-    for (SqoopAction action : allActions) {
-      //analyst has not the any action on all connectors
-      for (Connector connector : Sets.newHashSet(jdbc_connector, hdfs_connector, kafka_connector, kite_connector)) {
-        doTestResourceAuthorizationProvider(SUB_ANALYST, Arrays.asList(server1, connector), Sets.newHashSet(action), false);
-      }
-    }
-
-    for (Link link : Sets.newHashSet(link1, link2)) {
-      //analyst has the all action on all links
-      doTestResourceAuthorizationProvider(SUB_ANALYST, Arrays.asList(server1, link), allActions, true);
-    }
-
-    for (Job job : Sets.newHashSet(job1,job2)) {
-      //analyst has the all action on all jobs
-      doTestResourceAuthorizationProvider(SUB_ANALYST, Arrays.asList(server1, job), allActions, true);
-    }
-  }
-
-  @Test
-  public void testJobOperator() throws Exception {
-    Set<SqoopAction> allActions = Sets.newHashSet(ALL, READ, WRITE);
-    for (SqoopAction action : allActions) {
-      for (Job job : Sets.newHashSet(job1,job2)) {
-        //Job operator has the read action on all jobs
-        doTestResourceAuthorizationProvider(SUB_JOB_OPERATOR, Arrays.asList(server1, job), Sets.newHashSet(action), READ.equals(action));
-      }
-      for (Link link : Sets.newHashSet(link1, link2)) {
-        doTestResourceAuthorizationProvider(SUB_JOB_OPERATOR, Arrays.asList(server1, link), Sets.newHashSet(action), false);
-      }
-      for (Connector connector : Sets.newHashSet(jdbc_connector, hdfs_connector, kafka_connector, kite_connector)) {
-        doTestResourceAuthorizationProvider(SUB_JOB_OPERATOR, Arrays.asList(server1, connector), Sets.newHashSet(action), false);
-      }
-    }
-  }
-
-  @Test
-  public void testLinkOperator() throws Exception {
-    Set<SqoopAction> allActions = Sets.newHashSet(ALL, READ, WRITE);
-    for (SqoopAction action : allActions) {
-      for (Link link : Sets.newHashSet(link1, link2)) {
-        //Link operator has the read action on all links
-        doTestResourceAuthorizationProvider(SUB_LINK_OPERATOR, Arrays.asList(server1, link), Sets.newHashSet(action), READ.equals(action));
-      }
-      for (Job job : Sets.newHashSet(job1,job2)) {
-        doTestResourceAuthorizationProvider(SUB_LINK_OPERATOR, Arrays.asList(server1, job), Sets.newHashSet(action), false);
-      }
-      for (Connector connector : Sets.newHashSet(jdbc_connector, hdfs_connector, kafka_connector, kite_connector)) {
-        doTestResourceAuthorizationProvider(SUB_LINK_OPERATOR, Arrays.asList(server1, connector), Sets.newHashSet(action), false);
-      }
-    }
-  }
-
-  @Test
-  public void testConnectorOperator() throws Exception {
-    Set<SqoopAction> allActions = Sets.newHashSet(ALL, READ, WRITE);
-    for (SqoopAction action : allActions) {
-      for (Connector connector : Sets.newHashSet(jdbc_connector, hdfs_connector, kafka_connector, kite_connector)) {
-        doTestResourceAuthorizationProvider(SUB_CONNECTOR_OPERATOR, Arrays.asList(server1, connector), Sets.newHashSet(action), READ.equals(action));
-      }
-      for (Job job : Sets.newHashSet(job1,job2)) {
-        doTestResourceAuthorizationProvider(SUB_CONNECTOR_OPERATOR, Arrays.asList(server1, job), Sets.newHashSet(action), false);
-      }
-      for (Link link : Sets.newHashSet(link1, link2)) {
-        doTestResourceAuthorizationProvider(SUB_CONNECTOR_OPERATOR, Arrays.asList(server1, link), Sets.newHashSet(action), false);
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java
deleted file mode 100644
index 9fee5a7..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.sqoop.Connector;
-import org.apache.sentry.core.model.sqoop.Server;
-import org.apache.sentry.core.model.sqoop.SqoopActionConstant;
-import org.apache.sentry.core.model.sqoop.SqoopActionFactory.SqoopAction;
-import org.apache.sentry.provider.common.AuthorizationProvider;
-import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public class TestSqoopAuthorizationProviderSpecialCases {
-  private AuthorizationProvider authzProvider;
-  private PolicyFile policyFile;
-  private File baseDir;
-  private File iniFile;
-  private String initResource;
-  @Before
-  public void setup() throws IOException {
-    baseDir = Files.createTempDir();
-    iniFile = new File(baseDir, "policy.ini");
-    initResource = "file://" + iniFile.getPath();
-    policyFile = new PolicyFile();
-  }
-
-  @After
-  public void teardown() throws IOException {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  @Test
-  public void testDuplicateEntries() throws Exception {
-    Subject user1 = new Subject("user1");
-    Server server1 = new Server("server1");
-    Connector connector1 = new Connector("c1");
-    Set<? extends Action> actions = Sets.newHashSet(new SqoopAction(SqoopActionConstant.READ));
-    policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
-      .addRolesToGroup("group1",  true, "role1", "role1")
-      .addPermissionsToRole("role1", true, "server=server1->connector=c1->action=read",
-          "server=server1->connector=c1->action=read");
-    policyFile.write(iniFile);
-    SqoopPolicyFileProviderBackend policy = new SqoopPolicyFileProviderBackend(server1.getName(), initResource);
-    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
-    List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, connector1);
-    Assert.assertTrue(authorizableHierarchy.toString(),
-        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopModelAuthorizables.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopModelAuthorizables.java
deleted file mode 100644
index 99a5ae2..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopModelAuthorizables.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.sqoop;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
-
-import org.apache.sentry.core.model.sqoop.Server;
-import org.junit.Test;
-
-public class TestSqoopModelAuthorizables {
-
-  @Test
-  public void testServer() throws Exception {
-    Server server1 = (Server)SqoopModelAuthorizables.from("SERVER=server1");
-    assertEquals("server1", server1.getName());
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testNoKV() throws Exception {
-    System.out.println(SqoopModelAuthorizables.from("nonsense"));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyKey() throws Exception {
-    System.out.println(SqoopModelAuthorizables.from("=server1"));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyValue() throws Exception {
-    System.out.println(SqoopModelAuthorizables.from("SERVER="));
-  }
-
-  @Test
-  public void testNotAuthorizable() throws Exception {
-    assertNull(SqoopModelAuthorizables.from("k=v"));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java
deleted file mode 100644
index ff4c9a8..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hdfs.MiniDFSCluster;
-import org.apache.sentry.provider.file.PolicyFiles;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-
-public class TestSqoopPolicyEngineDFS extends AbstractTestSqoopPolicyEngine {
-  private static MiniDFSCluster dfsCluster;
-  private static FileSystem fileSystem;
-  private static Path root;
-  private static Path etc;
-
-  @BeforeClass
-  public static void setupLocalClazz() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    File dfsDir = new File(baseDir, "dfs");
-    Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs());
-    Configuration conf = new Configuration();
-    conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
-    dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
-    fileSystem = dfsCluster.getFileSystem();
-    root = new Path(fileSystem.getUri().toString());
-    etc = new Path(root, "/etc");
-    fileSystem.mkdirs(etc);
-  }
-
-  @AfterClass
-  public static void teardownLocalClazz() {
-    if(dfsCluster != null) {
-      dfsCluster.shutdown();
-    }
-  }
-
-  @Override
-  protected void  afterSetup() throws IOException {
-    fileSystem.delete(etc, true);
-    fileSystem.mkdirs(etc);
-    PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini");
-    setPolicy(new SqoopPolicyFileProviderBackend(sqoopServerName, new Path(etc,
-        "test-authz-provider.ini").toString()));
-  }
-
-  @Override
-  protected void beforeTeardown() throws IOException {
-    fileSystem.delete(etc, true);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java
deleted file mode 100644
index ca5a198..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.provider.file.PolicyFiles;
-
-public class TestSqoopPolicyEngineLocalFS extends AbstractTestSqoopPolicyEngine {
-  @Override
-  protected void  afterSetup() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
-    PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini");
-    setPolicy(new SqoopPolicyFileProviderBackend(sqoopServerName, new File(baseDir, "test-authz-provider.ini").getPath()));
-  }
-  @Override
-  protected void beforeTeardown() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    FileUtils.deleteQuietly(baseDir);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java
deleted file mode 100644
index da922a5..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Charsets;
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public class TestSqoopPolicyNegative {
-  @SuppressWarnings("unused")
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(TestSqoopPolicyNegative.class);
-
-  private File baseDir;
-  private File globalPolicyFile;
-
-  @Before
-  public void setup() {
-    baseDir = Files.createTempDir();
-    globalPolicyFile = new File(baseDir, "global.ini");
-  }
-
-  @After
-  public void teardown() {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  private void append(String from, File to) throws IOException {
-    Files.append(from + "\n", to, Charsets.UTF_8);
-  }
-
-  @Test
-  public void testauthorizedSqoopInPolicyFile() throws Exception {
-    append("[groups]", globalPolicyFile);
-    append("other_group = other_role", globalPolicyFile);
-    append("[roles]", globalPolicyFile);
-    append("other_role = server=server1->connector=c1->action=read, server=server1->link=l1->action=read", globalPolicyFile);
-    PolicyEngine policy = new SqoopPolicyFileProviderBackend("server1", globalPolicyFile.getPath());
-    //malicious_group has no privilege
-    ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("malicious_group"), ActiveRoleSet.ALL);
-    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-    //other_group has two privileges
-    permissions = policy.getAllPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL);
-    Assert.assertTrue(permissions.toString(), permissions.size() == 2);
-  }
-
-  @Test
-  public void testNoServerNameConfig() throws Exception {
-    append("[groups]", globalPolicyFile);
-    append("other_group = malicious_role", globalPolicyFile);
-    append("[roles]", globalPolicyFile);
-    append("malicious_role = connector=c1->action=read,link=l1->action=read", globalPolicyFile);
-    PolicyEngine policy = new SqoopPolicyFileProviderBackend("server1", globalPolicyFile.getPath());
-    ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL);
-    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-  }
-
-  @Test
-  public void testServerAllName() throws Exception {
-    append("[groups]", globalPolicyFile);
-    append("group = malicious_role", globalPolicyFile);
-    append("[roles]", globalPolicyFile);
-    append("malicious_role = server=*", globalPolicyFile);
-    PolicyEngine policy = new SqoopPolicyFileProviderBackend("server1", globalPolicyFile.getPath());
-    ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
-    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-  }
-
-  @Test
-  public void testServerIncorrect() throws Exception {
-    append("[groups]", globalPolicyFile);
-    append("group = malicious_role", globalPolicyFile);
-    append("[roles]", globalPolicyFile);
-    append("malicious_role = server=server2", globalPolicyFile);
-    PolicyEngine policy = new SqoopPolicyFileProviderBackend("server1", globalPolicyFile.getPath());
-    ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
-    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-  }
-
-  @Test
-  public void testAll() throws Exception {
-    append("[groups]", globalPolicyFile);
-    append("group = malicious_role", globalPolicyFile);
-    append("[roles]", globalPolicyFile);
-    append("malicious_role = *", globalPolicyFile);
-    PolicyEngine policy = new SqoopPolicyFileProviderBackend("server1", globalPolicyFile.getPath());
-    ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
-    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopWildcardPrivilege.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopWildcardPrivilege.java
deleted file mode 100644
index 84a25a7..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopWildcardPrivilege.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.sqoop;
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_SEPARATOR;
-
-import org.apache.sentry.core.model.sqoop.SqoopActionConstant;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.KeyValue;
-import org.junit.Test;
-
-public class TestSqoopWildcardPrivilege extends org.junit.Assert {
-  private static final Privilege SQOOP_SERVER1_ALL =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("action", SqoopActionConstant.ALL));
-  private static final Privilege SQOOP_SERVER1_READ =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("action", SqoopActionConstant.READ));
-  private static final Privilege SQOOP_SERVER1_WRITE =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("action", SqoopActionConstant.WRITE));
-
-  private static final Privilege SQOOP_SERVER1_JOB1_ALL =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("JOB", "job1"), new KeyValue("action", SqoopActionConstant.ALL));
-  private static final Privilege SQOOP_SERVER1_JOB1_READ =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("JOB", "job1"), new KeyValue("action", SqoopActionConstant.READ));
-  private static final Privilege SQOOP_SERVER1_JOB1_WRITE =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("JOB", "job1"), new KeyValue("action", SqoopActionConstant.WRITE));
-
-  private static final Privilege SQOOP_SERVER1_LINK1_ALL =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("LINK", "link1"), new KeyValue("action", SqoopActionConstant.ALL));
-  private static final Privilege SQOOP_SERVER1_LINK1_READ =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("LINK", "link1"), new KeyValue("action", SqoopActionConstant.READ));
-  private static final Privilege SQOOP_SERVER1_LINK1_WRITE =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("LINK", "link1"), new KeyValue("action", SqoopActionConstant.WRITE));
-
-  private static final Privilege SQOOP_SERVER1_CONNECTOR1_ALL =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("CONNECTOR", "connector1"), new KeyValue("action", SqoopActionConstant.ALL));
-  private static final Privilege SQOOP_SERVER1_CONNECTOR1_READ =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("CONNECTOR", "connector1"), new KeyValue("action", SqoopActionConstant.READ));
-  private static final Privilege SQOOP_SERVER1_CONNECTOR1_WRITE =
-      create(new KeyValue("SERVER", "server1"), new KeyValue("CONNECTOR", "connector1"), new KeyValue("action", SqoopActionConstant.WRITE));
-
-
-  @Test
-  public void testSimpleAction() throws Exception {
-    //server
-    assertFalse(SQOOP_SERVER1_WRITE.implies(SQOOP_SERVER1_READ));
-    assertFalse(SQOOP_SERVER1_READ.implies(SQOOP_SERVER1_WRITE));
-    //connector
-    assertFalse(SQOOP_SERVER1_CONNECTOR1_WRITE.implies(SQOOP_SERVER1_CONNECTOR1_READ));
-    assertFalse(SQOOP_SERVER1_CONNECTOR1_READ.implies(SQOOP_SERVER1_CONNECTOR1_WRITE));
-    //job
-    assertFalse(SQOOP_SERVER1_JOB1_READ.implies(SQOOP_SERVER1_JOB1_WRITE));
-    assertFalse(SQOOP_SERVER1_JOB1_WRITE.implies(SQOOP_SERVER1_JOB1_READ));
-    //link
-    assertFalse(SQOOP_SERVER1_LINK1_READ.implies(SQOOP_SERVER1_LINK1_WRITE));
-    assertFalse(SQOOP_SERVER1_LINK1_WRITE.implies(SQOOP_SERVER1_LINK1_READ));
-  }
-
-  @Test
-  public void testShorterThanRequest() throws Exception {
-    //job
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_JOB1_ALL));
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_JOB1_READ));
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_JOB1_WRITE));
-
-    assertFalse(SQOOP_SERVER1_WRITE.implies(SQOOP_SERVER1_READ));
-    assertTrue(SQOOP_SERVER1_READ.implies(SQOOP_SERVER1_JOB1_READ));
-    assertTrue(SQOOP_SERVER1_WRITE.implies(SQOOP_SERVER1_JOB1_WRITE));
-
-    //link
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_LINK1_ALL));
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_LINK1_READ));
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_LINK1_WRITE));
-
-    assertTrue(SQOOP_SERVER1_READ.implies(SQOOP_SERVER1_LINK1_READ));
-    assertTrue(SQOOP_SERVER1_WRITE.implies(SQOOP_SERVER1_LINK1_WRITE));
-
-    //connector
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_CONNECTOR1_ALL));
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_CONNECTOR1_READ));
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_CONNECTOR1_WRITE));
-
-    assertTrue(SQOOP_SERVER1_READ.implies(SQOOP_SERVER1_CONNECTOR1_READ));
-    assertTrue(SQOOP_SERVER1_WRITE.implies(SQOOP_SERVER1_CONNECTOR1_WRITE));
-  }
-
-  @Test
-  public void testActionAll() throws Exception {
-    //server
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_READ));
-    assertTrue(SQOOP_SERVER1_ALL.implies(SQOOP_SERVER1_WRITE));
-
-    //job
-    assertTrue(SQOOP_SERVER1_JOB1_ALL.implies(SQOOP_SERVER1_JOB1_READ));
-    assertTrue(SQOOP_SERVER1_JOB1_ALL.implies(SQOOP_SERVER1_JOB1_WRITE));
-
-    //link
-    assertTrue(SQOOP_SERVER1_LINK1_ALL.implies(SQOOP_SERVER1_LINK1_READ));
-    assertTrue(SQOOP_SERVER1_LINK1_ALL.implies(SQOOP_SERVER1_LINK1_WRITE));
-
-    //connector
-    assertTrue(SQOOP_SERVER1_CONNECTOR1_ALL.implies(SQOOP_SERVER1_CONNECTOR1_READ));
-    assertTrue(SQOOP_SERVER1_CONNECTOR1_ALL.implies(SQOOP_SERVER1_CONNECTOR1_WRITE));
-  }
-
-  @Test
-  public void testUnexpected() throws Exception {
-    Privilege p = new Privilege() {
-      @Override
-      public boolean implies(Privilege p) {
-        return false;
-      }
-    };
-    Privilege job1 = create(new KeyValue("SERVER", "server"), new KeyValue("JOB", "job1"));
-    assertFalse(job1.implies(null));
-    assertFalse(job1.implies(p));
-    assertFalse(job1.equals(null));
-    assertFalse(job1.equals(p));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testNullString() throws Exception {
-    System.out.println(create((String)null));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyString() throws Exception {
-    System.out.println(create(""));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyKey() throws Exception {
-    System.out.println(create(KV_JOINER.join("", "server1")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyValue() throws Exception {
-    System.out.println(create(KV_JOINER.join("SERVER", "")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyPart() throws Exception {
-    System.out.println(create(AUTHORIZABLE_JOINER.
-        join(KV_JOINER.join("SERVER", "server1"), "")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testOnlySeperators() throws Exception {
-    System.out.println(create(AUTHORIZABLE_JOINER.
-        join(KV_SEPARATOR, KV_SEPARATOR, KV_SEPARATOR)));
-  }
-
-  static SqoopWildcardPrivilege create(KeyValue... keyValues) {
-    return create(AUTHORIZABLE_JOINER.join(keyValues));
-
-  }
-  static SqoopWildcardPrivilege create(String s) {
-    return new SqoopWildcardPrivilege(s);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/resources/log4j.properties b/sentry-policy/sentry-policy-sqoop/src/test/resources/log4j.properties
deleted file mode 100644
index 7703069..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-# Define some default values that can be overridden by system properties.
-#
-# For testing, it may also be convenient to specify
-
-log4j.rootLogger=DEBUG,console
-
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.target=System.err
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n
-
-log4j.logger.org.apache.hadoop.conf.Configuration=INFO
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/test/resources/test-authz-provider.ini
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/test/resources/test-authz-provider.ini b/sentry-policy/sentry-policy-sqoop/src/test/resources/test-authz-provider.ini
deleted file mode 100644
index a4ab5d1..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/test/resources/test-authz-provider.ini
+++ /dev/null
@@ -1,40 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-[groups]
-developer = jdbc_connector_role, hdfs_connector_role,kafka_connector_role,kite_connector_role,\
-    jobs_analyst_role,links_analyst_role
-analyst = jobs_analyst_role,links_analyst_role
-connectors_operator = jdbc_connector_role, hdfs_connector_role,kafka_connector_role,kite_connector_role
-jobs_analyst = jobs_analyst_role
-job1_2_operator = job1_role,job2_role
-links_analyst = links_analyst_role
-link1_2_operator = link1_role,link2_role
-admin = admin_role
-
-[roles]
-admin_role = server=server1->action=*
-jdbc_connector_role = server=server1->connector=generic-jdbc-connector->action=read
-hdfs_connector_role = server=server1->connector=hdfs-connector->action=read
-kafka_connector_role = server=server1->connector=kafka-connector->action=read
-kite_connector_role = server=server1->connector=kite-connector->action=read
-jobs_analyst_role = server=server1->job=all->action=*
-job1_role = server=server1->job=job1->action=read
-job2_role = server=server1->job=job2->action=read
-links_analyst_role = server=server1->link=all->action=*
-link1_role = server=server1->link=link1->action=read
-link2_role = server=server1->link=link2->action=read
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java
index bcd3312..e45799f 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupResourceAuthorizationProvider.java
@@ -21,6 +21,7 @@ import java.io.IOException;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.Groups;
+import org.apache.sentry.core.common.Model;
 import org.apache.sentry.policy.common.PolicyEngine;
 
 import com.google.common.annotations.VisibleForTesting;
@@ -35,18 +36,20 @@ public class HadoopGroupResourceAuthorizationProvider extends
 
   // resource parameter present so that other AuthorizationProviders (e.g.
   // LocalGroupResourceAuthorizationProvider) has the same constructor params.
-  public HadoopGroupResourceAuthorizationProvider(String resource, PolicyEngine policy) throws IOException {
-    this(new Configuration(), resource, policy);
+  public HadoopGroupResourceAuthorizationProvider(String resource, PolicyEngine policy,
+      Model model) throws IOException {
+    this(new Configuration(), resource, policy, model);
   }
 
-  public HadoopGroupResourceAuthorizationProvider(Configuration conf, String resource, PolicyEngine policy) throws IOException { //NOPMD
-    this(policy, new HadoopGroupMappingService(getGroups(conf)));
+  public HadoopGroupResourceAuthorizationProvider(Configuration conf, String resource, //NOPMD
+      PolicyEngine policy, Model model) throws IOException {
+    this(policy, new HadoopGroupMappingService(getGroups(conf)), model);
   }
 
   @VisibleForTesting
   public HadoopGroupResourceAuthorizationProvider(PolicyEngine policy,
-      GroupMappingService groupService) {
-    super(policy, groupService);
+      GroupMappingService groupService, Model model) {
+    super(policy, groupService, model);
   }
 
   private static Groups getGroups(Configuration conf) {

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java
index ae674aa..4cf629b 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ProviderBackendContext.java
@@ -16,7 +16,7 @@
  */
 package org.apache.sentry.provider.common;
 
-import org.apache.sentry.policy.common.PrivilegeValidator;
+import org.apache.sentry.core.common.validator.PrivilegeValidator;
 
 import com.google.common.collect.ImmutableList;
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
index b023c9a..95b4b98 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
@@ -16,10 +16,10 @@
  */
 package org.apache.sentry.provider.common;
 
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.PRIVILEGE_NAME;
+import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SPLITTER;
+import static org.apache.sentry.core.common.utils.SentryConstants.KV_JOINER;
+import static org.apache.sentry.core.common.utils.SentryConstants.PRIVILEGE_NAME;
 
 import java.util.ArrayList;
 import java.util.HashSet;
@@ -29,6 +29,7 @@ import java.util.Set;
 import org.apache.sentry.core.common.Action;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.Model;
 import org.apache.sentry.core.common.SentryConfigurationException;
 import org.apache.sentry.core.common.Subject;
 import org.apache.sentry.policy.common.PolicyEngine;
@@ -58,12 +59,14 @@ public abstract class ResourceAuthorizationProvider implements AuthorizationProv
   private final GroupMappingService groupService;
   private final PolicyEngine policy;
   private final PrivilegeFactory privilegeFactory;
+  private final Model model;
 
   public ResourceAuthorizationProvider(PolicyEngine policy,
-      GroupMappingService groupService) {
+      GroupMappingService groupService, Model model) {
     this.policy = policy;
     this.groupService = groupService;
     this.privilegeFactory = policy.getPrivilegeFactory();
+    this.model = model;
   }
 
   /***
@@ -110,7 +113,7 @@ public abstract class ResourceAuthorizationProvider implements AuthorizationProv
         /*
          * Does the permission granted in the policy file imply the requested action?
          */
-        boolean result = permission.implies(privilegeFactory.createPrivilege(requestPrivilege));
+        boolean result = permission.implies(privilegeFactory.createPrivilege(requestPrivilege), model);
         if (LOGGER.isDebugEnabled()) {
           LOGGER.debug("ProviderPrivilege {}, RequestPrivilege {}, RoleSet, {}, Result {}",
               new Object[]{ permission, requestPrivilege, roleSet, result});

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
index 8674700..2214867 100644
--- a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
@@ -20,6 +20,7 @@ package org.apache.sentry.provider.file;
 import java.io.IOException;
 
 import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.core.common.Model;
 import org.apache.sentry.policy.common.PolicyEngine;
 import org.apache.sentry.provider.common.GroupMappingService;
 
@@ -32,18 +33,19 @@ import com.google.common.annotations.VisibleForTesting;
 public class HadoopGroupResourceAuthorizationProvider extends
   org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider {
 
-  public HadoopGroupResourceAuthorizationProvider(String resource, PolicyEngine policy) throws IOException {
-    super(resource, policy);
+  public HadoopGroupResourceAuthorizationProvider(String resource, PolicyEngine policy, Model model) throws IOException {
+    super(resource, policy, model);
   }
 
-  public HadoopGroupResourceAuthorizationProvider(Configuration conf, String resource, PolicyEngine policy) throws IOException {
-    super(conf, resource, policy);
+  public HadoopGroupResourceAuthorizationProvider(Configuration conf, String resource,
+      PolicyEngine policy, Model model) throws IOException {
+    super(conf, resource, policy, model);
   }
 
   @VisibleForTesting
   public HadoopGroupResourceAuthorizationProvider(PolicyEngine policy,
-      GroupMappingService groupService) {
-    super(policy, groupService);
+      GroupMappingService groupService, Model model) {
+    super(policy, groupService, model);
   }
 
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java
index 402574e..2b402a0 100644
--- a/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java
+++ b/sentry-provider/sentry-provider-common/src/test/java/org/apache/sentry/provider/common/TestGetGroupMapping.java
@@ -35,7 +35,7 @@ public class TestGetGroupMapping {
   private static class TestResourceAuthorizationProvider extends ResourceAuthorizationProvider {
     public TestResourceAuthorizationProvider(PolicyEngine policy,
       GroupMappingService groupService) {
-      super(policy, groupService);
+      super(policy, groupService, null);
     }
   };
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-db/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/pom.xml b/sentry-provider/sentry-provider-db/pom.xml
index eb9de88..86e27e4 100644
--- a/sentry-provider/sentry-provider-db/pom.xml
+++ b/sentry-provider/sentry-provider-db/pom.xml
@@ -104,11 +104,7 @@ limitations under the License.
     </dependency>
     <dependency>
       <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-policy-search</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-policy-kafka</artifactId>
+      <artifactId>sentry-policy-engine</artifactId>
     </dependency>
     <dependency>
       <groupId>org.apache.hive</groupId>

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java
index 3c00d23..0ac39f4 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeObject.java
@@ -17,8 +17,8 @@
  */
 package org.apache.sentry.provider.db.generic.service.persistent;
 
-import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.core.common.utils.SentryConstants.KV_JOINER;
+import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_JOINER;
 
 import java.util.List;
 import org.apache.sentry.core.common.Authorizable;

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
index 58be24d..19c8dd8 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
@@ -17,8 +17,8 @@
  */
 package org.apache.sentry.provider.db.generic.service.thrift;
 
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER;
+import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.core.common.utils.SentryConstants.KV_JOINER;
 
 import java.lang.reflect.Constructor;
 import java.util.HashSet;
@@ -29,9 +29,9 @@ import java.util.Set;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.sentry.SentryUserException;
 import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.utils.SentryConstants;
 import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.policy.common.KeyValue;
-import org.apache.sentry.policy.common.PolicyConstants;
+import org.apache.sentry.core.common.utils.KeyValue;
 import org.apache.sentry.provider.common.AuthorizationComponent;
 import org.apache.sentry.provider.db.SentryAccessDeniedException;
 import org.apache.sentry.provider.db.SentryAlreadyExistsException;
@@ -271,11 +271,11 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
 
       for (Authorizable authorizable : authorizables) {
 
-        privileges.add(PolicyConstants.KV_JOINER.join(authorizable.getTypeName(),
+        privileges.add(SentryConstants.KV_JOINER.join(authorizable.getTypeName(),
             authorizable.getName()));
       }
 
-      return PolicyConstants.AUTHORIZABLE_JOINER.join(privileges);
+      return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
     } else {
       return "";
     }
@@ -307,7 +307,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
       return authorizables;
     }
 
-    for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
+    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
       KeyValue tempKV = new KeyValue(authorizable);
       final String key = tempKV.getKey();
       final String value = tempKV.getValue();

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
index ca88c25..af73755 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/KafkaTSentryPrivilegeConvertor.java
@@ -19,12 +19,12 @@
 package org.apache.sentry.provider.db.generic.tools;
 
 import com.google.common.collect.Lists;
+import org.apache.sentry.core.common.utils.KeyValue;
+import org.apache.sentry.core.common.utils.SentryConstants;
+import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
 import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
-import org.apache.sentry.policy.common.KeyValue;
-import org.apache.sentry.policy.common.PolicyConstants;
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
-import org.apache.sentry.policy.kafka.KafkaModelAuthorizables;
-import org.apache.sentry.policy.kafka.KafkaPrivilegeValidator;
+import org.apache.sentry.core.model.kafka.KafkaModelAuthorizables;
+import org.apache.sentry.core.model.kafka.validator.KafkaPrivilegeValidator;
 import org.apache.sentry.provider.common.PolicyFileConstants;
 import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
 import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
@@ -48,7 +48,7 @@ public  class KafkaTSentryPrivilegeConvertor implements TSentryPrivilegeConverto
     validatePrivilegeHierarchy(privilegeStr);
     TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
     List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>();
-    for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
+    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
       KeyValue keyValue = new KeyValue(authorizable);
       String key = keyValue.getKey();
       String value = keyValue.getValue();
@@ -84,23 +84,23 @@ public  class KafkaTSentryPrivilegeConvertor implements TSentryPrivilegeConverto
       if (it != null) {
         while (it.hasNext()) {
           TAuthorizable tAuthorizable = it.next();
-          privileges.add(PolicyConstants.KV_JOINER.join(
+          privileges.add(SentryConstants.KV_JOINER.join(
               tAuthorizable.getType(), tAuthorizable.getName()));
         }
       }
 
       if (!authorizables.isEmpty()) {
-        privileges.add(PolicyConstants.KV_JOINER.join(
+        privileges.add(SentryConstants.KV_JOINER.join(
             PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
       }
 
       // only append the grant option to privilege string if it's true
       if ("true".equals(grantOption)) {
-        privileges.add(PolicyConstants.KV_JOINER.join(
+        privileges.add(SentryConstants.KV_JOINER.join(
             PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
       }
     }
-    return PolicyConstants.AUTHORIZABLE_JOINER.join(privileges);
+    return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
   }
 
   private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception {

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
index bf91f52..d25ce4b 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java
@@ -27,9 +27,9 @@ import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.sentry.core.common.Action;
 import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.KeyValue;
-import org.apache.sentry.policy.common.PolicyConstants;
-import org.apache.sentry.policy.search.SimpleSearchPolicyEngine;
+import org.apache.sentry.core.common.utils.KeyValue;
+import org.apache.sentry.core.common.utils.SentryConstants;
+import org.apache.sentry.core.model.search.SearchPrivilegeModel;
 import org.apache.sentry.provider.common.ProviderBackend;
 import org.apache.sentry.provider.common.ProviderBackendContext;
 import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
@@ -88,7 +88,7 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon {
     SimpleFileProviderBackend policyFileBackend =
         new SimpleFileProviderBackend(conf, policyFile);
     ProviderBackendContext context = new ProviderBackendContext();
-    context.setValidators(SimpleSearchPolicyEngine.createPrivilegeValidators());
+    context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators());
     policyFileBackend.initialize(context);
     if (validate) {
       validatePolicy(policyFileBackend);
@@ -123,7 +123,7 @@ public class SentryConfigToolSolr extends SentryConfigToolCommon {
           for (String permission : privileges) {
             String action = null;
 
-            for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.
+            for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.
                 trimResults().split(permission)) {
               KeyValue kv = new KeyValue(authorizable);
               String key = kv.getKey();

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java
index 8dffe94..12c833e 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java
@@ -20,14 +20,14 @@ package org.apache.sentry.provider.db.generic.tools;
 
 import com.google.common.collect.Lists;
 
+import org.apache.sentry.core.common.utils.SentryConstants;
 import org.apache.sentry.core.model.search.Collection;
 import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.policy.common.PolicyConstants;
-import org.apache.sentry.policy.common.PrivilegeValidator;
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
-import org.apache.sentry.policy.search.SearchModelAuthorizables;
-import org.apache.sentry.policy.search.SimpleSearchPolicyEngine;
-import org.apache.sentry.policy.common.KeyValue;
+import org.apache.sentry.core.common.validator.PrivilegeValidator;
+import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
+import org.apache.sentry.core.model.search.SearchModelAuthorizables;
+import org.apache.sentry.core.model.search.SearchPrivilegeModel;
+import org.apache.sentry.core.common.utils.KeyValue;
 import org.apache.sentry.provider.common.PolicyFileConstants;
 import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
 import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
@@ -61,7 +61,7 @@ public  class SolrTSentryPrivilegeConvertor implements TSentryPrivilegeConvertor
 
     TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
     List<TAuthorizable> authorizables = new LinkedList<TAuthorizable>();
-    for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
+    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
       KeyValue keyValue = new KeyValue(authorizable);
       String key = keyValue.getKey();
       String value = keyValue.getValue();
@@ -104,27 +104,27 @@ public  class SolrTSentryPrivilegeConvertor implements TSentryPrivilegeConvertor
       if (it != null) {
         while (it.hasNext()) {
           TAuthorizable tAuthorizable = it.next();
-          privileges.add(PolicyConstants.KV_JOINER.join(
+          privileges.add(SentryConstants.KV_JOINER.join(
               tAuthorizable.getType(), tAuthorizable.getName()));
         }
       }
 
       if (!authorizables.isEmpty()) {
-        privileges.add(PolicyConstants.KV_JOINER.join(
+        privileges.add(SentryConstants.KV_JOINER.join(
             PolicyFileConstants.PRIVILEGE_ACTION_NAME, action));
       }
 
       // only append the grant option to privilege string if it's true
       if ("true".equals(grantOption)) {
-        privileges.add(PolicyConstants.KV_JOINER.join(
+        privileges.add(SentryConstants.KV_JOINER.join(
             PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME, grantOption));
       }
     }
-    return PolicyConstants.AUTHORIZABLE_JOINER.join(privileges);
+    return SentryConstants.AUTHORIZABLE_JOINER.join(privileges);
   }
 
   private static void validatePrivilegeHierarchy(String privilegeStr) throws Exception {
-    List<PrivilegeValidator> validators = SimpleSearchPolicyEngine.createPrivilegeValidators();
+    List<PrivilegeValidator> validators = SearchPrivilegeModel.getInstance().getPrivilegeValidators();
     PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr);
     for (PrivilegeValidator validator : validators) {
       try {

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java
index 13b48ea..59161f0 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGMPrivilege.java
@@ -17,8 +17,8 @@ vim  * Licensed to the Apache Software Foundation (ASF) under one
  */
 package org.apache.sentry.provider.db.service.model;
 
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER;
+import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.core.common.utils.SentryConstants.KV_JOINER;
 
 import java.lang.reflect.Field;
 import java.util.HashSet;


Mime
View raw message