sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject [08/44] sentry git commit: SENTRY-1287: Create sentry-service-server module(Colin Ma, reviewed by Dapeng Sun)
Date Fri, 24 Jun 2016 06:00:37 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
new file mode 100644
index 0000000..74e9dd8
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
@@ -0,0 +1,416 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.log.util;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
+import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
+import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
+import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.google.common.collect.Sets;
+
+public class TestCommandUtil extends Assert {
+
+  @Test
+  public void testCreateCmdForCreateOrDropRole() {
+    String roleName = "testRole";
+
+    String createRoleCmdResult = CommandUtil.createCmdForCreateOrDropRole(
+        roleName, true);
+    String dropRoleCmdResult = CommandUtil.createCmdForCreateOrDropRole(
+        roleName, false);
+    String createRoleCmdExcepted = "CREATE ROLE testRole";
+    String dropRoleCmdExcepted = "DROP ROLE testRole";
+
+    Assert.assertEquals(createRoleCmdExcepted, createRoleCmdResult);
+    Assert.assertEquals(dropRoleCmdResult, dropRoleCmdExcepted);
+  }
+
+  @Test
+  public void testCreateCmdForRoleAddOrDeleteGroup1() {
+
+    String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole",
+        getGroupStr(1));
+    String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1";
+    String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole",
+        getGroupStr(1));
+    String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1";
+
+    Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult);
+    Assert.assertEquals(createRoleDeleteGroupCmdExcepted,
+        createRoleDeleteGroupCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForRoleAddOrDeleteGroup2() {
+    String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole",
+        getGroupStr(3));
+    String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1, testGroup2,
testGroup3";
+    String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole",
+        getGroupStr(3));
+    String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1,
testGroup2, testGroup3";
+
+    Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult);
+    Assert.assertEquals(createRoleDeleteGroupCmdExcepted,
+        createRoleDeleteGroupCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForRoleAddOrDeleteUser1() {
+    String createRoleAddGroupCmdResult =
+        CommandUtil.createCmdForRoleAddUser("testRole", getUserStr(1));
+    String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO USER testUser1";
+    String createRoleDeleteGroupCmdResult =
+        CommandUtil.createCmdForRoleDeleteUser("testRole", getUserStr(1));
+    String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM USER testUser1";
+
+    Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult);
+    Assert.assertEquals(createRoleDeleteGroupCmdExcepted, createRoleDeleteGroupCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForRoleAddOrDeleteUser2() {
+    String createRoleAddGroupCmdResult =
+        CommandUtil.createCmdForRoleAddUser("testRole", getUserStr(3));
+    String createRoleAddGroupCmdExcepted =
+        "GRANT ROLE testRole TO USER testUser1, testUser2, testUser3";
+    String createRoleDeleteGroupCmdResult =
+        CommandUtil.createCmdForRoleDeleteUser("testRole", getUserStr(3));
+    String createRoleDeleteGroupCmdExcepted =
+        "REVOKE ROLE testRole FROM USER testUser1, testUser2, testUser3";
+
+    Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult);
+    Assert.assertEquals(createRoleDeleteGroupCmdExcepted, createRoleDeleteGroupCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForGrantOrRevokePrivilege1() {
+    TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+    TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+    TSentryPrivilege privilege = getPrivilege(AccessConstants.ALL,
+        PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest",
+        "hdfs://namenode:port/path/to/dir");
+    Set<TSentryPrivilege> privileges = Sets.newHashSet();
+    privileges.add(privilege);
+    grantRequest.setPrivileges(privileges);
+    revokeRequest.setPrivileges(privileges);
+
+    String createGrantPrivilegeCmdResult = CommandUtil
+        .createCmdForGrantPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT ALL ON DATABASE dbTest TO ROLE testRole";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokePrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE ALL ON DATABASE dbTest FROM ROLE testRole";
+
+    Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+        createRevokePrivilegeCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForGrantOrRevokePrivilege2() {
+    TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+    TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+    TSentryPrivilege privilege = getPrivilege(AccessConstants.INSERT,
+        PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest",
+        "hdfs://namenode:port/path/to/dir");
+    Set<TSentryPrivilege> privileges = Sets.newHashSet();
+    privileges.add(privilege);
+    grantRequest.setPrivileges(privileges);
+    revokeRequest.setPrivileges(privileges);
+
+    String createGrantPrivilegeCmdResult = CommandUtil
+        .createCmdForGrantPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT INSERT ON DATABASE dbTest TO ROLE testRole";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokePrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE INSERT ON DATABASE dbTest FROM ROLE
testRole";
+
+    Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+        createRevokePrivilegeCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForGrantOrRevokePrivilege3() {
+    TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+    TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+    TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT,
+        PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest",
+        "hdfs://namenode:port/path/to/dir");
+    Set<TSentryPrivilege> privileges = Sets.newHashSet();
+    privileges.add(privilege);
+    grantRequest.setPrivileges(privileges);
+    revokeRequest.setPrivileges(privileges);
+
+    String createGrantPrivilegeCmdResult = CommandUtil
+        .createCmdForGrantPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON DATABASE dbTest TO ROLE testRole";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokePrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON DATABASE dbTest FROM ROLE
testRole";
+
+    Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+        createRevokePrivilegeCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForGrantOrRevokePrivilege4() {
+    TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+    TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+    TSentryPrivilege privilege = getPrivilege(null,
+        PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest",
+        "hdfs://namenode:port/path/to/dir");
+    Set<TSentryPrivilege> privileges = Sets.newHashSet();
+    privileges.add(privilege);
+    grantRequest.setPrivileges(privileges);
+    revokeRequest.setPrivileges(privileges);
+
+    String createGrantPrivilegeCmdResult = CommandUtil
+        .createCmdForGrantPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT null ON DATABASE dbTest TO ROLE testRole";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokePrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE null ON DATABASE dbTest FROM ROLE testRole";
+
+    Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+        createRevokePrivilegeCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForGrantOrRevokePrivilege5() {
+    TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+    TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+    TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT,
+        PrivilegeScope.TABLE.name(), "dbTest", "tableTest", "serverTest",
+        "hdfs://namenode:port/path/to/dir");
+    Set<TSentryPrivilege> privileges = Sets.newHashSet();
+    privileges.add(privilege);
+    grantRequest.setPrivileges(privileges);
+    revokeRequest.setPrivileges(privileges);
+
+    String createGrantPrivilegeCmdResult = CommandUtil
+        .createCmdForGrantPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON TABLE tableTest TO ROLE testRole";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokePrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON TABLE tableTest FROM ROLE
testRole";
+
+    Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+        createRevokePrivilegeCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForGrantOrRevokePrivilege6() {
+    TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+    TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+    TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT,
+        PrivilegeScope.SERVER.name(), "dbTest", "tableTest", "serverTest",
+        "hdfs://namenode:port/path/to/dir");
+    Set<TSentryPrivilege> privileges = Sets.newHashSet();
+    privileges.add(privilege);
+    grantRequest.setPrivileges(privileges);
+    revokeRequest.setPrivileges(privileges);
+
+    String createGrantPrivilegeCmdResult = CommandUtil
+        .createCmdForGrantPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON SERVER serverTest TO ROLE testRole";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokePrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON SERVER serverTest FROM ROLE
testRole";
+
+    Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+        createRevokePrivilegeCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForGrantOrRevokePrivilege7() {
+    TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+    TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+    TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT,
+        PrivilegeScope.URI.name(), "dbTest", "tableTest", "serverTest",
+        "hdfs://namenode:port/path/to/dir");
+    Set<TSentryPrivilege> privileges = Sets.newHashSet();
+    privileges.add(privilege);
+    grantRequest.setPrivileges(privileges);
+    revokeRequest.setPrivileges(privileges);
+
+    String createGrantPrivilegeCmdResult = CommandUtil
+        .createCmdForGrantPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON URI hdfs://namenode:port/path/to/dir
TO ROLE testRole";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokePrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON URI hdfs://namenode:port/path/to/dir
FROM ROLE testRole";
+
+    Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+        createRevokePrivilegeCmdResult);
+  }
+
+  @Test
+  public void testCreateCmdForGrantOrRevokePrivilege8() {
+    TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+    TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+    TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.SERVER.name(),
+        "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir");
+    privilege.setGrantOption(TSentryGrantOption.TRUE);
+    Set<TSentryPrivilege> privileges = Sets.newHashSet();
+    privileges.add(privilege);
+    grantRequest.setPrivileges(privileges);
+    revokeRequest.setPrivileges(privileges);
+
+    String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON SERVER serverTest TO ROLE testRole
WITH GRANT OPTION";
+    String createRevokePrivilegeCmdResult = CommandUtil.createCmdForRevokePrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON SERVER serverTest FROM ROLE
testRole WITH GRANT OPTION";
+
+    Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    Assert.assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult);
+  }
+
+  // generate the command without grant option
+  @Test
+  public void testCreateCmdForGrantOrRevokeGMPrivilege1() {
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest
grantRequest = getGrantGMPrivilegeRequest();
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest
revokeRequest = getRevokeGMPrivilegeRequest();
+    org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege();
+    grantRequest.setPrivilege(privilege);
+    revokeRequest.setPrivilege(privilege);
+
+    String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1
resourceType2 resourceName2 TO ROLE testRole";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokeGMPrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1
resourceType2 resourceName2 FROM ROLE testRole";
+
+    Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    Assert.assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult);
+  }
+
+  // generate the command with grant option
+  @Test
+  public void testCreateCmdForGrantOrRevokeGMPrivilege2() {
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest
grantRequest = getGrantGMPrivilegeRequest();
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest
revokeRequest = getRevokeGMPrivilegeRequest();
+    org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege();
+    privilege
+        .setGrantOption(org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption.TRUE);
+    grantRequest.setPrivilege(privilege);
+    revokeRequest.setPrivilege(privilege);
+
+    String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1
resourceType2 resourceName2 TO ROLE testRole WITH GRANT OPTION";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokeGMPrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1
resourceType2 resourceName2 FROM ROLE testRole WITH GRANT OPTION";
+
+    Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    Assert.assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult);
+  }
+
+  private String getGroupStr(int num) {
+    StringBuilder sb = new StringBuilder();
+    for (int i = 0; i < num; i++) {
+      if (i > 0) {
+        sb.append(", ");
+      }
+      sb.append("testGroup" + (i + 1));
+    }
+    return sb.toString();
+  }
+
+  private String getUserStr(int num) {
+    StringBuilder sb = new StringBuilder();
+    for (int i = 0; i < num; i++) {
+      if (i > 0) {
+        sb.append(", ");
+      }
+      sb.append("testUser" + (i + 1));
+    }
+    return sb.toString();
+  }
+
+  private TAlterSentryRoleGrantPrivilegeRequest getGrantPrivilegeRequest() {
+    TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest();
+    request.setRoleName("testRole");
+    return request;
+  }
+
+  private TAlterSentryRoleRevokePrivilegeRequest getRevokePrivilegeRequest() {
+    TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
+    request.setRoleName("testRole");
+    return request;
+  }
+
+  private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest
getGrantGMPrivilegeRequest() {
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest
request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest();
+    request.setRoleName("testRole");
+    return request;
+  }
+
+  private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest
getRevokeGMPrivilegeRequest() {
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest
request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest();
+    request.setRoleName("testRole");
+    return request;
+  }
+
+  private TSentryPrivilege getPrivilege(String action, String privilegeScope,
+      String dbName, String tableName, String serverName, String URI) {
+    TSentryPrivilege privilege = new TSentryPrivilege();
+    privilege.setAction(action);
+    privilege.setPrivilegeScope(privilegeScope);
+    privilege.setDbName(dbName);
+    privilege.setTableName(tableName);
+    privilege.setServerName(serverName);
+    privilege.setURI(URI);
+    return privilege;
+  }
+
+  private org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege getGMPrivilege()
{
+    org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = new
org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege();
+    privilege.setAction("ACTION");
+    privilege.setComponent("COMPONENT");
+    List<TAuthorizable> authorizables = new ArrayList<TAuthorizable>();
+    authorizables.add(new TAuthorizable("resourceType1", "resourceName1"));
+    authorizables.add(new TAuthorizable("resourceType2", "resourceName2"));
+    privilege.setAuthorizables(authorizables);
+    return privilege;
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
new file mode 100644
index 0000000..c31233b
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
@@ -0,0 +1,245 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.persistent;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
+import org.junit.Test;
+
+public class TestSentryPrivilege {
+  @Test
+  public void testImpliesPrivilegePositive() throws Exception {
+    // 1.test server+database+table+action
+    MSentryPrivilege my = new MSentryPrivilege();
+    MSentryPrivilege your = new MSentryPrivilege();
+    my.setServerName("server1");
+    my.setDbName("db1");
+    my.setTableName("tb1");
+    my.setAction(AccessConstants.SELECT);
+    your.setServerName("server1");
+    your.setDbName("db1");
+    your.setTableName("tb1");
+    your.setAction(AccessConstants.SELECT);
+    assertTrue(my.implies(your));
+
+    my.setAction(AccessConstants.ALL);
+    assertTrue(my.implies(your));
+
+    my.setTableName("");
+    assertTrue(my.implies(your));
+
+    my.setDbName("");
+    assertTrue(my.implies(your));
+
+    my.setAction(AccessConstants.ACTION_ALL);
+    assertTrue(my.implies(your));
+
+    my.setTableName("");
+    assertTrue(my.implies(your));
+
+    my.setDbName("");
+    assertTrue(my.implies(your));
+
+    // 2.test server+URI+action using all combinations of * and ALL for action
+    String[][] actionMap = new String[][] {
+        { AccessConstants.ALL, AccessConstants.ALL },
+        { AccessConstants.ALL, AccessConstants.ACTION_ALL },
+        { AccessConstants.ACTION_ALL, AccessConstants.ALL },
+        { AccessConstants.ACTION_ALL, AccessConstants.ACTION_ALL } };
+
+    for (int actions = 0; actions < actionMap.length; actions++) {
+      my = new MSentryPrivilege();
+      your = new MSentryPrivilege();
+      my.setServerName("server1");
+      my.setAction(actionMap[actions][0]);
+      your.setServerName("server1");
+      your.setAction(actionMap[actions][1]);
+      my.setURI("hdfs://namenode:9000/path");
+      your.setURI("hdfs://namenode:9000/path");
+      assertTrue(my.implies(your));
+
+      my.setURI("hdfs://namenode:9000/path");
+      your.setURI("hdfs://namenode:9000/path/to/some/dir");
+      assertTrue(my.implies(your));
+
+      my.setURI("file:///path");
+      your.setURI("file:///path");
+      assertTrue(my.implies(your));
+
+      my.setURI("file:///path");
+      your.setURI("file:///path/to/some/dir");
+      assertTrue(my.implies(your));
+
+      // my is SERVER level privilege, your is URI level privilege
+      my.setURI("");
+      your.setURI("file:///path");
+      assertTrue(my.implies(your));
+    }
+  }
+
+  @Test
+  public void testImpliesPrivilegeNegative() throws Exception {
+    // 1.test server+database+table+action
+    MSentryPrivilege my = new MSentryPrivilege();
+    MSentryPrivilege your = new MSentryPrivilege();
+    // bad action
+    my.setServerName("server1");
+    my.setDbName("db1");
+    my.setTableName("tb1");
+    my.setAction(AccessConstants.SELECT);
+    your.setServerName("server1");
+    your.setDbName("db1");
+    your.setTableName("tb1");
+    your.setAction(AccessConstants.INSERT);
+    assertFalse(my.implies(your));
+
+    // bad action
+    your.setAction(AccessConstants.ALL);
+    assertFalse(my.implies(your));
+
+
+    // bad table
+    your.setTableName("tb2");
+    assertFalse(my.implies(your));
+
+    // bad database
+    your.setTableName("tb1");
+    your.setDbName("db2");
+    assertFalse(my.implies(your));
+
+    // bad server
+    your.setTableName("tb1");
+    your.setDbName("db1");
+    your.setServerName("server2");
+    assertFalse(my.implies(your));
+
+    // 2.test server+URI+action
+    my = new MSentryPrivilege();
+    your = new MSentryPrivilege();
+    my.setServerName("server1");
+    my.setAction(AccessConstants.ALL);
+    your.setServerName("server2");
+    your.setAction(AccessConstants.ALL);
+
+    // relative path
+    my.setURI("hdfs://namenode:9000/path");
+    your.setURI("hdfs://namenode:9000/path/to/../../other");
+    assertFalse(my.implies(your));
+    my.setURI("file:///path");
+    your.setURI("file:///path/to/../../other");
+    assertFalse(my.implies(your));
+
+    // bad uri
+    my.setURI("blah");
+    your.setURI("hdfs://namenode:9000/path/to/some/dir");
+    assertFalse(my.implies(your));
+    my.setURI("hdfs://namenode:9000/path/to/some/dir");
+    your.setURI("blah");
+    assertFalse(my.implies(your));
+
+    // bad scheme
+    my.setURI("hdfs://namenode:9000/path");
+    your.setURI("file:///path/to/some/dir");
+    assertFalse(my.implies(your));
+    my.setURI("hdfs://namenode:9000/path");
+    your.setURI("file://namenode:9000/path/to/some/dir");
+    assertFalse(my.implies(your));
+
+    // bad hostname
+    my.setURI("hdfs://namenode1:9000/path");
+    your.setURI("hdfs://namenode2:9000/path");
+    assertFalse(my.implies(your));
+
+    // bad port
+    my.setURI("hdfs://namenode:9000/path");
+    your.setURI("hdfs://namenode:9001/path");
+    assertFalse(my.implies(your));
+
+    // bad path
+    my.setURI("hdfs://namenode:9000/path1");
+    your.setURI("hdfs://namenode:9000/path2");
+    assertFalse(my.implies(your));
+    my.setURI("file:///path1");
+    your.setURI("file:///path2");
+    assertFalse(my.implies(your));
+
+    // bad server
+    your.setServerName("server2");
+    my.setURI("hdfs://namenode:9000/path1");
+    your.setURI("hdfs://namenode:9000/path1");
+    assertFalse(my.implies(your));
+
+    // bad implies
+    my.setServerName("server1");
+    my.setURI("hdfs://namenode:9000/path1");
+    your.setServerName("server1");
+    your.setURI("");
+    assertFalse(my.implies(your));
+  }
+
+  @Test
+  public void testImpliesPrivilegePositiveWithColumn() throws Exception {
+    // 1.test server+database+table+column+action
+    MSentryPrivilege my = new MSentryPrivilege();
+    MSentryPrivilege your = new MSentryPrivilege();
+    my.setServerName("server1");
+    my.setAction(AccessConstants.SELECT);
+    your.setServerName("server1");
+    your.setDbName("db1");
+    your.setTableName("tb1");
+    your.setColumnName("c1");
+    your.setAction(AccessConstants.SELECT);
+    assertTrue(my.implies(your));
+
+    my.setDbName("db1");
+    assertTrue(my.implies(your));
+
+    my.setTableName("tb1");
+    assertTrue(my.implies(your));
+
+    my.setColumnName("c1");
+    assertTrue(my.implies(your));
+  }
+
+  @Test
+  public void testImpliesPrivilegeNegativeWithColumn() throws Exception {
+    // 1.test server+database+table+column+action
+    MSentryPrivilege my = new MSentryPrivilege();
+    MSentryPrivilege your = new MSentryPrivilege();
+    // bad column
+    my.setServerName("server1");
+    my.setDbName("db1");
+    my.setTableName("tb1");
+    my.setColumnName("c1");
+    my.setAction(AccessConstants.SELECT);
+    your.setServerName("server1");
+    your.setDbName("db1");
+    your.setTableName("tb1");
+    your.setColumnName("c2");
+    your.setAction(AccessConstants.SELECT);
+    assertFalse(my.implies(your));
+
+    // bad scope
+    your.setColumnName("");
+    assertFalse(my.implies(your));
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java
b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java
new file mode 100644
index 0000000..7cbcc11
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.persistent;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.hadoop.conf.Configuration;
+
+import org.apache.curator.test.TestingServer;
+import org.apache.curator.x.discovery.ServiceInstance;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+
+public class TestSentryServiceDiscovery {
+
+  private HAContext haContext;
+  private TestingServer server;
+
+  @Before
+  public void setup() throws Exception {
+    server = new TestingServer();
+    // HA conf
+    Configuration conf = new Configuration(false);
+    conf.set(ServerConfig.SENTRY_HA_ENABLED, "true");
+    conf.set(ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE, "sentry-test");
+    conf.set(ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM, server.getConnectString());
+    haContext = HAContext.getHAContext(conf);
+  }
+
+  @After
+  public void teardown() {
+    HAContext.clearServerContext();
+    if (server != null) {
+      try {
+        server.stop();
+      } catch (IOException e) {
+      }
+    }
+  }
+
+  @Test
+  public void testRegisterOneService() throws Exception {
+    final String hostname = "localhost1";
+    final Integer port = 123;
+    ServiceRegister register = new ServiceRegister(haContext);
+    register.regService(hostname, port);
+    ServiceManager manager = new ServiceManager(haContext);
+    ServiceInstance<Void> instance = manager.getServiceInstance();
+    assertEquals("'hostname' doesn't match.", hostname, instance.getAddress());
+    assertEquals("'port' doesn't match.", port, instance.getPort());
+  }
+
+  @Test
+  public void testRegisterMultiService() throws Exception {
+
+    final String hostname1 = "localhost1";
+    final Integer port1 = 123;
+    final String hostname2 = "localhost2";
+    final Integer port2 = 456;
+    final String hostname3 = "localhost3";
+    final Integer port3 = 789;
+
+    Map<String, Integer> servicesMap = new HashMap<String, Integer>();
+    servicesMap.put(hostname1, port1);
+    servicesMap.put(hostname2, port2);
+    servicesMap.put(hostname3, port3);
+
+    ServiceRegister register1 = new ServiceRegister(haContext);
+    register1.regService(hostname1, port1);
+    ServiceRegister register2 = new ServiceRegister(haContext);
+    register2.regService(hostname2, port2);
+    ServiceRegister register3 = new ServiceRegister(haContext);
+    register3.regService(hostname3, port3);
+
+    ServiceManager manager = new ServiceManager(haContext);
+    ServiceInstance<Void> instance = manager.getServiceInstance();
+    assertEquals("'instance' doesn't match.", instance.getPort(), servicesMap.get(instance.getAddress()));
+    instance = manager.getServiceInstance();
+    assertEquals("'instance' doesn't match.", instance.getPort(), servicesMap.get(instance.getAddress()));
+    instance = manager.getServiceInstance();
+    assertEquals("'instance' doesn't match.", instance.getPort(), servicesMap.get(instance.getAddress()));
+  }
+
+  @Test
+  public void testReportError() throws Exception {
+    final String hostname1 = "localhost1";
+    final Integer port1 = 123;
+
+    ServiceRegister register1 = new ServiceRegister(haContext);
+    register1.regService(hostname1, port1);
+
+    ServiceManager manager = new ServiceManager(haContext);
+    ServiceInstance<Void> instance = manager.getServiceInstance();
+    manager.reportError(instance);
+    // report twice, manager will not return temporarily
+    instance = manager.getServiceInstance();
+    manager.reportError(instance);
+    instance = manager.getServiceInstance();
+    assertEquals("'instance' should be null.", null, instance);
+  }
+
+}


Mime
View raw message