sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject [24/44] sentry git commit: SENTRY-1287: Create sentry-service-server module(Colin Ma, reviewed by Dapeng Sun)
Date Fri, 24 Jun 2016 06:00:53 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
deleted file mode 100644
index a05521f..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ /dev/null
@@ -1,1102 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless createRequired by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.service.thrift;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeMap;
-
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.core.model.db.AccessURI;
-import org.apache.sentry.core.model.db.Database;
-import org.apache.sentry.core.model.db.Server;
-import org.apache.sentry.core.model.db.Table;
-import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
-import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.junit.Test;
-
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-import com.google.common.collect.Sets;
-
-
-public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
-
-  @Test
-  public void testCreateDropShowRole() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        String roleName = "admin_r";
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-
-        client.dropRoleIfExists(requestorUserName, roleName);
-
-        client.createRole(requestorUserName, roleName);
-
-        Set<TSentryRole> roles = client.listRoles(requestorUserName);
-        assertEquals("Incorrect number of roles", 1, roles.size());
-
-        for (TSentryRole role:roles) {
-          assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName));
-        }
-        client.dropRole(requestorUserName, roleName);
-      }});
-  }
-
-  @Test
-  public void testGranRevokePrivilegeOnTableForRole() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-        String roleName1 = "admin_r1";
-        String roleName2 = "admin_r2";
-
-        client.dropRoleIfExists(requestorUserName,  roleName1);
-        client.createRole(requestorUserName,  roleName1);
-
-        client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL");
-        client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL");
-        client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL");
-        client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL");
-
-
-        client.dropRoleIfExists(requestorUserName,  roleName2);
-        client.createRole(requestorUserName,  roleName2);
-
-        client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL");
-        client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL");
-        client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL");
-        client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL");
-
-        Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertEquals("Privilege not assigned to role1 !!", 4, listPrivilegesByRoleName.size());
-
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2);
-        assertEquals("Privilege not assigned to role2 !!", 4, listPrivilegesByRoleName.size());
-
-
-        client.revokeTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL");
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 3);
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 4);
-
-        client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL");
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 3);
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 3);
-
-        client.revokeTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL");
-        client.revokeTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL");
-        client.revokeTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL");
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0);
-
-        client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL");
-        client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL");
-        client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL");
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0);
-      }});
-  }
-
-  @Test
-  public void testAddDeleteRolesForUser() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-
-        // user1->group1
-        // user2->group1
-        // user3->group1, group2
-        // user4->group2, group3
-        // group1->r1
-        // group2->r2
-        // group3->r2
-        // user2->r3
-        // user4->r3
-        String roleName1 = "r1";
-        String roleName2 = "r2";
-        String roleName3 = "r3";
-        String user1 = "u1";
-        String user2 = "u2";
-        String user3 = "u3";
-        String user4 = "u4";
-        String group1 = "g1";
-        String group2 = "g2";
-        String group3 = "g3";
-        Map<String, Set<String>> userToGroups = Maps.newHashMap();
-        userToGroups.put(user1, Sets.newHashSet(group1));
-        userToGroups.put(user2, Sets.newHashSet(group1));
-        userToGroups.put(user3, Sets.newHashSet(group1, group2));
-        userToGroups.put(user4, Sets.newHashSet(group2, group3));
-
-        setLocalGroupMapping(user1, Sets.newHashSet(group1));
-        setLocalGroupMapping(user2, Sets.newHashSet(group1));
-        setLocalGroupMapping(user3, Sets.newHashSet(group1, group2));
-        setLocalGroupMapping(user4, Sets.newHashSet(group2, group3));
-        writePolicyFile();
-
-        client.dropRoleIfExists(requestorUserName, roleName1);
-        client.dropRoleIfExists(requestorUserName, roleName2);
-        client.dropRoleIfExists(requestorUserName, roleName3);
-        client.createRole(requestorUserName, roleName1);
-        client.createRole(requestorUserName, roleName2);
-        client.createRole(requestorUserName, roleName3);
-
-        client.grantRoleToGroup(requestorUserName, group1, roleName1);
-        client.grantRoleToUser(requestorUserName, user2, roleName2);
-        client.grantRoleToUser(requestorUserName, user3, roleName2);
-        client.grantRoleToUser(requestorUserName, user2, roleName3);
-        client.grantRoleToUsers(requestorUserName, roleName3, Sets.newHashSet(user4));
-        // following test cases also test the grantRoleToUser() and grantRoleToUsers() implicity
-        // admin always can get the role list
-        Set<TSentryRole> roles = client.listRolesByUserName(requestorUserName, user1);
-        assertEquals(0, roles.size());
-        // the role list includes the role for user and the role for user's group
-        roles = client.listRolesByUserName(requestorUserName, user2);
-        assertEquals(2, roles.size());
-        for (TSentryRole role : roles) {
-          assertTrue(roleName2.equals(role.getRoleName()) || roleName3.equals(role.getRoleName()));
-        }
-        // user has 2 groups whose role list are different
-        roles = client.listRolesByUserName(requestorUserName, user3);
-        assertEquals(1, roles.size());
-        for (TSentryRole role : roles) {
-          assertTrue(roleName2.equals(role.getRoleName()));
-        }
-        // user has 2 groups whose role list are the same
-        roles = client.listRolesByUserName(requestorUserName, user4);
-        assertEquals(1, roles.size());
-        for (TSentryRole role : roles) {
-          assertTrue(roleName3.equals(role.getRoleName()));
-        }
-        // user can get his own role list if he isn't an admin
-        roles = client.listRolesByUserName(user3, user3);
-        assertEquals(1, roles.size());
-        // user can't get other's role list if he isn't an admin
-        try {
-          client.listRolesByUserName(user3, user2);
-          fail("SentryAccessDeniedException should be caught.");
-        } catch (SentryAccessDeniedException e) {
-          // excepted exception
-        }
-        // the user's name can't be empty
-        try {
-          client.listRolesByUserName(user3, "");
-          fail("SentryAccessDeniedException should be caught.");
-        } catch (SentryAccessDeniedException e) {
-          // excepted exception
-        }
-        client.revokeRoleFromUser(requestorUserName, user2, roleName3);
-        client.revokeRoleFromUsers(requestorUserName, roleName3, Sets.newHashSet(user4));
-        // test the result of revokeRoleFromUser() and revokeRoleFromUsers()
-        roles = client.listRolesByUserName(requestorUserName, user2);
-        assertEquals(1, roles.size());
-        for (TSentryRole role : roles) {
-          assertTrue(roleName2.equals(role.getRoleName()));
-        }
-        roles = client.listRolesByUserName(requestorUserName, user4);
-        assertEquals(0, roles.size());
-      }
-    });
-  }
-
-  @Test
-  public void testGranRevokePrivilegeForRoleWithUG() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-
-        // user1_1->group1
-        // user1_2->group1
-        // user2_1->group2
-        // user2_2->group2
-        // group1->r1
-        // group2->r2
-        // user1_1->r3
-        // user2_1->r4
-        String roleName1 = "r1";
-        String roleName2 = "r2";
-        String roleName3 = "r3";
-        String roleName4 = "r4";
-        String user1_1 = "u1_1";
-        String user1_2 = "u1_2";
-        String user2_1 = "u2_1";
-        String user2_2 = "u2_2";
-        String group1 = "g1";
-        String group2 = "g2";
-        Map<String, String> userToGroup = Maps.newHashMap();
-        userToGroup.put(user1_1, group1);
-        userToGroup.put(user1_2, group1);
-        userToGroup.put(user2_1, group2);
-        userToGroup.put(user2_2, user2_1);
-
-        Set<String> groupSet = Sets.newHashSet(group1);
-        setLocalGroupMapping(user1_1, groupSet);
-        setLocalGroupMapping(user1_2, groupSet);
-        groupSet = Sets.newHashSet(group2);
-        setLocalGroupMapping(user2_1, groupSet);
-        setLocalGroupMapping(user2_2, groupSet);
-        writePolicyFile();
-
-        client.dropRoleIfExists(requestorUserName, roleName1);
-        client.dropRoleIfExists(requestorUserName, roleName2);
-        client.dropRoleIfExists(requestorUserName, roleName3);
-        client.dropRoleIfExists(requestorUserName, roleName4);
-        client.createRole(requestorUserName, roleName1);
-        client.createRole(requestorUserName, roleName2);
-        client.createRole(requestorUserName, roleName3);
-        client.createRole(requestorUserName, roleName4);
-
-        client.grantRoleToGroup(requestorUserName, group1, roleName1);
-        client.grantRoleToGroup(requestorUserName, group2, roleName2);
-        client.grantRoleToUser(requestorUserName, user1_1, roleName3);
-        client.grantRoleToUsers(requestorUserName, roleName4, Sets.newHashSet(user2_1));
-
-        client
-            .grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1_1", "ALL");
-        client
-            .grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1_2", "ALL");
-        client
-            .grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2_1", "ALL");
-        client
-            .grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2_2", "ALL");
-        client
-            .grantTablePrivilege(requestorUserName, roleName3, "server", "db1", "table3_1", "ALL");
-        client
-            .grantTablePrivilege(requestorUserName, roleName3, "server", "db1", "table3_2", "ALL");
-        client
-            .grantTablePrivilege(requestorUserName, roleName4, "server", "db1", "table4_1", "ALL");
-        client
-            .grantTablePrivilege(requestorUserName, roleName4, "server", "db1", "table4_2", "ALL");
-
-        Set<String> listPrivilegesForProvider = client.listPrivilegesForProvider(
-            Sets.newHashSet(group1), Sets.newHashSet(""), ActiveRoleSet.ALL, (Authorizable[]) null);
-        assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet(
-            "server=server->db=db1->table=table1_1->action=all",
-            "server=server->db=db1->table=table1_2->action=all"), listPrivilegesForProvider);
-
-        listPrivilegesForProvider = client.listPrivilegesForProvider(
-            Sets.newHashSet(userToGroup.get(user1_2)),
-            Sets.newHashSet(user1_2), ActiveRoleSet.ALL, (Authorizable[]) null);
-        assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet(
-            "server=server->db=db1->table=table1_1->action=all",
-            "server=server->db=db1->table=table1_2->action=all"), listPrivilegesForProvider);
-
-        listPrivilegesForProvider = client.listPrivilegesForProvider(
-            Sets.newHashSet(userToGroup.get(user1_1)),
-            Sets.newHashSet(user1_1), ActiveRoleSet.ALL, (Authorizable[]) null);
-        assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet(
-            "server=server->db=db1->table=table1_1->action=all",
-            "server=server->db=db1->table=table1_2->action=all",
-            "server=server->db=db1->table=table3_1->action=all",
-            "server=server->db=db1->table=table3_2->action=all"), listPrivilegesForProvider);
-
-        listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1),
-            Sets.newHashSet(user1_1, user1_2), ActiveRoleSet.ALL, (Authorizable[]) null);
-        assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet(
-            "server=server->db=db1->table=table1_1->action=all",
-            "server=server->db=db1->table=table1_2->action=all",
-            "server=server->db=db1->table=table3_1->action=all",
-            "server=server->db=db1->table=table3_2->action=all"), listPrivilegesForProvider);
-
-        listPrivilegesForProvider = client.listPrivilegesForProvider(
-            Sets.newHashSet(group1, group2), Sets.newHashSet(user1_1, user1_2, user2_1, user2_2),
-            ActiveRoleSet.ALL, (Authorizable[]) null);
-        assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet(
-            "server=server->db=db1->table=table1_1->action=all",
-            "server=server->db=db1->table=table1_2->action=all",
-            "server=server->db=db1->table=table2_1->action=all",
-            "server=server->db=db1->table=table2_2->action=all",
-            "server=server->db=db1->table=table3_1->action=all",
-            "server=server->db=db1->table=table3_2->action=all",
-            "server=server->db=db1->table=table4_1->action=all",
-            "server=server->db=db1->table=table4_2->action=all"), listPrivilegesForProvider);
-
-        client.revokeRoleFromUser(requestorUserName, user1_1, roleName3);
-        client.revokeRoleFromUsers(requestorUserName, roleName4, Sets.newHashSet(user2_1));
-      }
-    });
-  }
-
-  @Test
-  public void testMultipleRolesSamePrivilege() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-        String roleName1 = "admin_r1";
-        String roleName2 = "admin_r2";
-
-        client.dropRoleIfExists(requestorUserName, roleName1);
-        client.createRole(requestorUserName,  roleName1);
-
-        client.dropRoleIfExists(requestorUserName,  roleName2);
-        client.createRole(requestorUserName,  roleName2);
-
-        client.grantTablePrivilege(requestorUserName, roleName1, "server", "db", "table", "ALL");
-        Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1);
-
-        client.grantTablePrivilege(requestorUserName, roleName2, "server", "db", "table", "ALL");
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2);
-        assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1);
-      }});
-  }
-
-  @Test
-  public void testShowRoleGrant() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        String roleName = "admin_testdb";
-        String groupName = "group1";
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-
-        client.dropRoleIfExists(requestorUserName, roleName);
-        client.createRole(requestorUserName, roleName);
-
-        Set<TSentryRole> roles = client.listRoles(requestorUserName);
-        assertEquals("Incorrect number of roles", 1, roles.size());
-
-        client.grantRoleToGroup(requestorUserName, groupName, roleName);
-        Set<TSentryRole> groupRoles = client.listRolesByGroupName(requestorUserName, groupName);
-        assertTrue(groupRoles.size() == 1);
-        for (TSentryRole role:groupRoles) {
-          assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName));
-          assertTrue(role.getGroups().size() == 1);
-          for (TSentryGroup group :role.getGroups()) {
-            assertTrue(group.getGroupName(), group.getGroupName().equalsIgnoreCase(groupName));
-          }
-        }
-
-        client.dropRole(requestorUserName, roleName);
-      }});
-  }
-
-  @Test
-  public void testShowGrant() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        String roleName = "admin_testdb";
-        String server = "server1";
-        String db = "testDB";
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-
-        client.dropRoleIfExists(requestorUserName, roleName);
-        client.createRole(requestorUserName, roleName);
-
-        Set<TSentryRole> roles = client.listRoles(requestorUserName);
-        assertEquals("Incorrect number of roles", 1, roles.size());
-
-        client.grantDatabasePrivilege(requestorUserName, roleName, server, db, AccessConstants.ALL);
-        Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName);
-        assertTrue(privileges.size() == 1);
-
-        client.revokeDatabasePrivilege(requestorUserName, roleName, server, db, AccessConstants.ALL);
-        client.dropRole(requestorUserName, roleName);
-      }});
-  }
-
-  //See SENTRY-166
-  @Test
-  public void testUriWithEquals() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        String roleName = "admin_testdb";
-        String server = "server1";
-        String uri = "file://u/w/h/t/partition=value/";
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-
-        // Creating associated role
-        client.dropRoleIfExists(requestorUserName, roleName);
-        client.createRole(requestorUserName, roleName);
-        Set<TSentryRole> roles = client.listRoles(requestorUserName);
-        assertEquals("Incorrect number of roles", 1, roles.size());
-
-        client.grantURIPrivilege(requestorUserName, roleName, server, uri);
-        Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName);
-        assertTrue(privileges.size() == 1);
-
-        // Revoking the same privilege
-        client.revokeURIPrivilege(requestorUserName, roleName, server, uri);
-        privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName);
-        assertTrue(privileges.size() == 0);
-
-        // Clean up
-        client.dropRole(requestorUserName, roleName);
-      }});
-  }
-
-
-  //See SENTRY-181
-  @Test
-  public void testSameGrantTwice() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-        String roleName = "admin_r1";
-
-        client.createRole(requestorUserName, roleName);
-        client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL");
-        client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL");
-        assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size());
-      }});
-  }
-
-  @Test
-  public void testGrantRevokeWithGrantOption() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // Grant a privilege with Grant Option
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-        String roleName = "admin_r1";
-        boolean grantOption = true;
-        boolean withoutGrantOption = false;
-
-        client.dropRoleIfExists(requestorUserName,  roleName);
-        client.createRole(requestorUserName,  roleName);
-
-        client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption);
-        assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size());
-
-        // Try to revoke the privilege without grantOption and can't revoke the privilege.
-        client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", withoutGrantOption);
-        assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size());
-
-        // Try to revoke the privilege with grantOption, the privilege will be revoked.
-        client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption);
-        assertEquals(0, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size());
-      }});
-  }
-
-  @Test
-  public void testGrantTwoPrivilegeDiffInGrantOption() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // Grant a privilege with 'Grant Option'.
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-        String roleName = "admin_r1";
-        boolean grantOption = true;
-        boolean withoutGrantOption = false;
-
-        client.dropRoleIfExists(requestorUserName,  roleName);
-        client.createRole(requestorUserName,  roleName);
-
-        client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption);
-        assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size());
-
-        // Grant a privilege without 'Grant Option'.
-        client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", withoutGrantOption);
-        assertEquals(2, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size());
-
-        // Use 'grantOption = null', the two privileges will be revoked.
-        client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", null);
-        assertEquals(0, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size());
-      }});
-  }
-
-  @Test
-  public void testGranRevokePrivilegeOnColumnForRole() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-        String roleName1 = "admin_r1";
-        String roleName2 = "admin_r2";
-
-        client.dropRoleIfExists(requestorUserName,  roleName1);
-        client.createRole(requestorUserName,  roleName1);
-
-        client.grantColumnPrivilege(requestorUserName, roleName1, "server", "db1", "table1", "col1", "ALL");
-        client.grantColumnPrivilege(requestorUserName, roleName1, "server", "db1", "table1", "col2", "ALL");
-        client.grantColumnPrivilege(requestorUserName, roleName1, "server", "db1", "table2", "col1", "ALL");
-        client.grantColumnPrivilege(requestorUserName, roleName1, "server", "db1", "table2", "col2", "ALL");
-        client.grantColumnPrivilege(requestorUserName, roleName1, "server", "db2", "table1", "col1", "ALL");
-        client.grantColumnPrivilege(requestorUserName, roleName1, "server", "db2", "table2", "col1", "ALL");
-
-
-        client.dropRoleIfExists(requestorUserName,  roleName2);
-        client.createRole(requestorUserName,  roleName2);
-
-        client.grantColumnPrivilege(requestorUserName, roleName2, "server", "db1", "table1", "col1", "ALL");
-        client.grantColumnPrivilege(requestorUserName, roleName2, "server", "db1", "table1", "col2", "ALL");
-        client.grantColumnPrivilege(requestorUserName, roleName2, "server", "db1", "table2", "col1", "ALL");
-        client.grantColumnPrivilege(requestorUserName, roleName2, "server", "db1", "table2", "col2", "ALL");
-        client.grantColumnPrivilege(requestorUserName, roleName2, "server", "db2", "table1", "col1", "ALL");
-        client.grantColumnPrivilege(requestorUserName, roleName2, "server", "db2", "table2", "col1", "ALL");
-
-        Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertEquals("Privilege not assigned to role1 !!", 6, listPrivilegesByRoleName.size());
-
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2);
-        assertEquals("Privilege not assigned to role2 !!", 6, listPrivilegesByRoleName.size());
-
-
-        client.revokeColumnPrivilege(requestorUserName, roleName1, "server", "db1", "table1", "col1", "ALL");
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 5);
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 6);
-
-        client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL");
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 4);
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 5);
-
-        client.revokeDatabasePrivilege(requestorUserName, roleName1, "server", "db1", "ALL");
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 2);
-        client.revokeColumnPrivilege(requestorUserName, roleName1, "server", "db2", "table1", "col1", "ALL");
-        client.revokeColumnPrivilege(requestorUserName, roleName1, "server", "db2", "table2", "col1", "ALL");
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0);
-
-        client.revokeColumnPrivilege(requestorUserName, roleName2, "server", "db1", "table2", "col1", "ALL");
-        client.revokeColumnPrivilege(requestorUserName, roleName2, "server", "db1", "table2", "col2", "ALL");
-        client.revokeColumnPrivilege(requestorUserName, roleName2, "server", "db2", "table1", "col1", "ALL");
-        client.revokeColumnPrivilege(requestorUserName, roleName2, "server", "db2", "table2", "col1", "ALL");
-        listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2);
-        assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0);
-      }});
-  }
-
-  @Test
-  public void testListByAuthDB() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        String roleName1 = "role1";
-        String roleName2 = "role2";
-        Set<String> testRoleSet = Sets.newHashSet(roleName1, roleName2);
-        String group1 = "group1";
-        String group2 = "group2";
-        Set<String> testGroupSet = Sets.newHashSet(group1, group2);
-        String server = "server1";
-        String db = "testDB";
-        String db2 = "testDB2";
-        String tab = "testTab";
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        String group1user = "group1user";
-        setLocalGroupMapping(group1user, Sets.newHashSet(group1));
-        String group2user = "group2user";
-        setLocalGroupMapping(group2user, Sets.newHashSet(group2));
-        setLocalGroupMapping("random", Sets.newHashSet("foo"));
-        writePolicyFile();
-
-        client.dropRoleIfExists(requestorUserName, roleName1);
-        client.createRole(requestorUserName, roleName1);
-        client.dropRoleIfExists(requestorUserName, roleName2);
-        client.createRole(requestorUserName, roleName2);
-
-        TSentryPrivilege role1db1 = client.grantDatabasePrivilege(
-            requestorUserName, roleName1, server, db, AccessConstants.SELECT);
-        client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab,
-            AccessConstants.ALL);
-        client.grantTablePrivilege(requestorUserName, roleName1, server, db2, tab,
-            AccessConstants.SELECT);
-        client.grantURIPrivilege(requestorUserName, roleName1, server, "hdfs:///fooUri");
-        client.grantRoleToGroup(requestorUserName, group1, roleName1);
-
-        TSentryPrivilege role2db1 = client.grantDatabasePrivilege(
-            requestorUserName, roleName2, server, db,
-            AccessConstants.ALL);
-        client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2,
-            AccessConstants.SELECT);
-        client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab,
-            AccessConstants.ALL);
-        client.grantRoleToGroup(requestorUserName, group2, roleName2);
-
-        // build expected output
-        TSentryPrivilegeMap db1RoleToPrivMap = new TSentryPrivilegeMap(
-            new TreeMap<String, Set<TSentryPrivilege>>());
-        db1RoleToPrivMap.getPrivilegeMap()
-            .put(roleName1, Sets.newHashSet(role1db1));
-        db1RoleToPrivMap.getPrivilegeMap()
-            .put(roleName2, Sets.newHashSet(role2db1));
-        Map<TSentryAuthorizable, TSentryPrivilegeMap> expectedResults = Maps
-            .newTreeMap();
-        List<? extends Authorizable> db1Authrizable = Lists.newArrayList(
-            new Server(server), new Database(db));
-        expectedResults.put(
-            SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(db1Authrizable),
-            db1RoleToPrivMap);
-
-        Set<List<? extends Authorizable>> authorizableSet = Sets.newHashSet();
-        authorizableSet.add(db1Authrizable);
-
-        // verify for null group and null roleset
-        Map<TSentryAuthorizable, TSentryPrivilegeMap> authPrivMap = client
-            .listPrivilegsbyAuthorizable(requestorUserName, authorizableSet, null, null);
-        assertEquals(expectedResults, authPrivMap);
-
-        // verify for null group and specific roleset
-        authPrivMap = client.listPrivilegsbyAuthorizable(requestorUserName, authorizableSet,
-            null, new ActiveRoleSet(testRoleSet));
-        assertEquals(expectedResults, authPrivMap);
-
-        // verify for null group and specific roleset
-        authPrivMap = client.listPrivilegsbyAuthorizable(requestorUserName, authorizableSet, null,
-            ActiveRoleSet.ALL);
-        assertEquals(expectedResults, authPrivMap);
-
-        // verify for specific group and null roleset
-        authPrivMap = client.listPrivilegsbyAuthorizable(requestorUserName, authorizableSet,
-            testGroupSet, null);
-        assertEquals(expectedResults, authPrivMap);
-
-        // verify for specific group and specific roleset
-        authPrivMap = client.listPrivilegsbyAuthorizable(requestorUserName, authorizableSet,
-            testGroupSet, new ActiveRoleSet(testRoleSet));
-        assertEquals(expectedResults, authPrivMap);
-
-        // verify for specific group and ALL roleset
-        authPrivMap = client.listPrivilegsbyAuthorizable(requestorUserName, authorizableSet,
-            testGroupSet, ActiveRoleSet.ALL);
-        assertEquals(expectedResults, authPrivMap);
-
-        // verify users not belonging to any group are not shown anything
-        authPrivMap = client
-            .listPrivilegsbyAuthorizable("random", authorizableSet,
-                new HashSet<String>(), ActiveRoleSet.ALL);
-        expectedResults.clear();
-        expectedResults.put(
-            SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(db1Authrizable),
-            new TSentryPrivilegeMap(new HashMap<String, Set<TSentryPrivilege>>()));
-        assertEquals(expectedResults, authPrivMap);
-      }});
-  }
-
-  @Test
-  public void testListByAuthTab() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        String roleName1 = "role1";
-        String roleName2 = "role2";
-        String server = "server1";
-        String db = "testDB";
-        String db2 = "testDB2";
-        String tab = "testTab";
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-
-        client.dropRoleIfExists(requestorUserName, roleName1);
-        client.createRole(requestorUserName, roleName1);
-        client.dropRoleIfExists(requestorUserName, roleName2);
-        client.createRole(requestorUserName, roleName2);
-
-        client.grantDatabasePrivilege(
-            requestorUserName, roleName1, server, db, AccessConstants.SELECT);
-        client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab,
-            AccessConstants.ALL);
-        TSentryPrivilege role1db2tab = client.grantTablePrivilege(
-            requestorUserName, roleName1, server, db2, tab,
-            AccessConstants.SELECT);
-
-        client.grantDatabasePrivilege(
-            requestorUserName, roleName2, server, db,
-            AccessConstants.ALL);
-        client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2,
-            AccessConstants.SELECT);
-        TSentryPrivilege role2db2tab = client.grantTablePrivilege(
-            requestorUserName, roleName2, server, db2, tab,
-            AccessConstants.ALL);
-        client.grantURIPrivilege(requestorUserName, roleName1, server,
-            "hdfs:///fooUri");
-
-        // build expected output
-        TSentryPrivilegeMap db1RoleToPrivMap = new TSentryPrivilegeMap(
-            new TreeMap<String, Set<TSentryPrivilege>>());
-        db1RoleToPrivMap.getPrivilegeMap().put(roleName1,
-            Sets.newHashSet(role1db2tab));
-        db1RoleToPrivMap.getPrivilegeMap().put(roleName2,
-            Sets.newHashSet(role2db2tab));
-        Map<TSentryAuthorizable, TSentryPrivilegeMap> expectedResults = Maps
-            .newTreeMap();
-        List<? extends Authorizable> db2TabAuthrizable = Lists.newArrayList(
-            new Server(server), new Database(db2), new Table(tab));
-        expectedResults.put(
-            SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(db2TabAuthrizable),
-            db1RoleToPrivMap);
-
-        Set<List<? extends Authorizable>> authorizableSet = Sets.newHashSet();
-        authorizableSet.add(db2TabAuthrizable);
-        Map<TSentryAuthorizable, TSentryPrivilegeMap> authPrivMap = client
-            .listPrivilegsbyAuthorizable(requestorUserName, authorizableSet, null, null);
-
-        assertEquals(expectedResults, authPrivMap);
-      }});
-  }
-
-  @Test
-  public void testListByAuthUri() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        String roleName1 = "role1";
-        String roleName2 = "role2";
-        String server = "server1";
-        String db = "testDB";
-        String db2 = "testDB2";
-        String tab = "testTab";
-        String uri1 = "hdfs:///fooUri";
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-
-        client.dropRoleIfExists(requestorUserName, roleName1);
-        client.createRole(requestorUserName, roleName1);
-        client.dropRoleIfExists(requestorUserName, roleName2);
-        client.createRole(requestorUserName, roleName2);
-
-        client.grantDatabasePrivilege(requestorUserName, roleName1, server, db,
-            AccessConstants.SELECT);
-        client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab,
-            AccessConstants.ALL);
-        client.grantTablePrivilege(requestorUserName, roleName1, server, db2, tab,
-            AccessConstants.SELECT);
-        TSentryPrivilege role1uri1 = client.grantURIPrivilege(requestorUserName,
-            roleName1, server, uri1);
-
-        client.grantDatabasePrivilege(requestorUserName, roleName2, server, db,
-            AccessConstants.ALL);
-        client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2,
-            AccessConstants.SELECT);
-        client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab,
-            AccessConstants.ALL);
-        TSentryPrivilege role2uri2 = client.grantURIPrivilege(requestorUserName,
-            roleName2, server, uri1);
-
-        // build expected output
-        TSentryPrivilegeMap db1RoleToPrivMap = new TSentryPrivilegeMap(
-            new TreeMap<String, Set<TSentryPrivilege>>());
-        db1RoleToPrivMap.getPrivilegeMap().put(roleName1,
-            Sets.newHashSet(role1uri1));
-        db1RoleToPrivMap.getPrivilegeMap().put(roleName2,
-            Sets.newHashSet(role2uri2));
-        Map<TSentryAuthorizable, TSentryPrivilegeMap> expectedResults = Maps
-            .newTreeMap();
-        List<? extends Authorizable> uri1Authrizable = Lists.newArrayList(
-            new Server(server), new AccessURI(uri1));
-        expectedResults.put(
-            SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(uri1Authrizable),
-            db1RoleToPrivMap);
-
-        Set<List<? extends Authorizable>> authorizableSet = Sets.newHashSet();
-        authorizableSet.add(uri1Authrizable);
-        Map<TSentryAuthorizable, TSentryPrivilegeMap> authPrivMap = client
-            .listPrivilegsbyAuthorizable(requestorUserName, authorizableSet, null, null);
-
-        assertEquals(expectedResults, authPrivMap);
-      }});
-  }
-
-  /**
-   * List privileges by authorizables executed by non-admin user
-   * Test various positive and negative cases for non-admin user
-   * @throws Exception
-   */
-  @Test
-  public void testListByAuthTabForNonAdmin() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        String user1 = "user1";
-        String group1 = "group1";
-        String group2 = "group2";
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        Set<String> userGroupNames1 = Sets.newHashSet(group1);
-        Set<String> userGroupNames2 = Sets.newHashSet(group2);
-        String roleName1 = "role1";
-        String roleName2 = "role2";
-        String server = "server1";
-        String db = "testDB";
-        String db2 = "testDB2";
-        String tab = "testTab";
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        setLocalGroupMapping(user1, userGroupNames1);
-        writePolicyFile();
-
-        client.dropRoleIfExists(requestorUserName, roleName1);
-        client.createRole(requestorUserName, roleName1);
-        client.dropRoleIfExists(requestorUserName, roleName2);
-        client.createRole(requestorUserName, roleName2);
-
-        client.grantDatabasePrivilege(requestorUserName, roleName1, server, db,
-            AccessConstants.SELECT);
-        client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab,
-            AccessConstants.ALL);
-        TSentryPrivilege role1db2tab = client.grantTablePrivilege(
-            requestorUserName, roleName1, server, db2, tab, AccessConstants.SELECT);
-        client.grantRoleToGroup(requestorUserName, group1, roleName1);
-
-        client.grantDatabasePrivilege(requestorUserName, roleName2, server, db,
-            AccessConstants.ALL);
-        client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2,
-            AccessConstants.SELECT);
-        client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab,
-            AccessConstants.ALL);
-        client.grantURIPrivilege(requestorUserName, roleName1, server,
-            "hdfs:///fooUri");
-
-        // build expected output. user1 should see privileges on tab1 from role1
-        TSentryPrivilegeMap db1RoleToPrivMap = new TSentryPrivilegeMap(
-            new TreeMap<String, Set<TSentryPrivilege>>());
-        db1RoleToPrivMap.getPrivilegeMap().put(roleName1, Sets.newHashSet(role1db2tab));
-        Map<TSentryAuthorizable, TSentryPrivilegeMap> expectedResults = Maps.newTreeMap();
-        List<? extends Authorizable> db2TabAuthorizable = Lists.newArrayList(
-            new Server(server), new Database(db2), new Table(tab));
-        expectedResults.put(
-            SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(db2TabAuthorizable),
-            db1RoleToPrivMap);
-
-        Set<List<? extends Authorizable>> authorizableSet = Sets.newHashSet();
-        authorizableSet.add(db2TabAuthorizable);
-
-        // list privileges with null group and roles
-        Map<TSentryAuthorizable, TSentryPrivilegeMap> authPrivMap = client
-            .listPrivilegsbyAuthorizable(user1, authorizableSet, null, null);
-        assertEquals(expectedResults, authPrivMap);
-
-        // list privileges with empty group set and null roles
-        authPrivMap = client.listPrivilegsbyAuthorizable(user1, authorizableSet,
-            new HashSet<String>(), null);
-        assertEquals(expectedResults, authPrivMap);
-
-        // list privileges with null group set and ALL roleset
-        authPrivMap = client.listPrivilegsbyAuthorizable(user1, authorizableSet,
-            null, new ActiveRoleSet(true));
-        assertEquals(expectedResults, authPrivMap);
-
-        // list privileges with user1's group set and null roles
-        authPrivMap = client.listPrivilegsbyAuthorizable(user1, authorizableSet,
-            userGroupNames1, null);
-        assertEquals(expectedResults, authPrivMap);
-
-        // list privileges with user1's group set and ALL roles
-        authPrivMap = client.listPrivilegsbyAuthorizable(user1, authorizableSet,
-            userGroupNames1, new ActiveRoleSet(true));
-        assertEquals(expectedResults, authPrivMap);
-
-        // list privileges with null group and user's specific roles with uppercase name
-        authPrivMap = client.listPrivilegsbyAuthorizable(user1, authorizableSet,
-            null, new ActiveRoleSet(Sets.newHashSet(roleName1.toUpperCase())));
-        assertEquals(expectedResults, authPrivMap);
-
-        // verify that user1 can't query group2
-        try {
-          client.listPrivilegsbyAuthorizable(user1, authorizableSet, userGroupNames2, null);
-          fail("listPrivilegsbyAuthorizable() should fail for user1 accessing " + group2);
-        } catch (SentryAccessDeniedException e) {
-          // expected
-        }
-
-        // verify that user1 can't query role2
-        ActiveRoleSet roleSet2 = new ActiveRoleSet(Sets.newHashSet(roleName2));
-        try {
-          client.listPrivilegsbyAuthorizable(user1, authorizableSet, null, roleSet2);
-          fail("listPrivilegsbyAuthorizable() should fail for user1 accessing " + roleName2);
-        } catch (SentryAccessDeniedException e) {
-          // expected
-        }
-      }});
-  }
-
-  /**
-   * Attempt to access a configuration value that is forbidden in getConfigVal
-   * @param configVal The banned value
-   * @param defaultVal A default to pass to getConfigValue
-   * @throws Exception
-   */
-  private void checkBannedConfigVal(final String configVal, final String defaultVal)
-          throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        try {
-            client.getConfigValue(configVal, defaultVal);
-            fail("Attempt to access " + configVal + " succeeded");
-          } catch (SentryAccessDeniedException e) {
-            assertTrue(e.toString().contains("was denied"));
-            assertTrue(e.toString().contains(configVal));
-          }
-      }});
-  }
-
-  @Test
-  public void testGetConfigVal() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-
-        String val;
-
-        // Basic success case
-        val = client.getConfigValue("sentry.service.admin.group", "xxx");
-        assertEquals(val, "admin_group");
-
-        // Undefined value gets the default back
-        val = client.getConfigValue("sentry.this.is.not.defined", "hello");
-        assertEquals(val, "hello");
-
-        // Undefined value and null default gets null back
-        val = client.getConfigValue("sentry.this.is.not.defined", null);
-        assertEquals(val, null);
-
-        // Known config value with null default works as expected
-        val = client.getConfigValue("sentry.service.admin.group", null);
-        assertEquals(val, "admin_group");
-
-        // Value that is forbidden (anything not starting with "sentry") dies
-        checkBannedConfigVal("notsentry", "xxx");
-
-        // Ditto with a null default
-        checkBannedConfigVal("notsentry", null);
-
-        // Values with .jdbc. are forbidden
-        checkBannedConfigVal("sentry.xxx.jdbc.xxx", null);
-
-        // Values with password are forbidden
-        checkBannedConfigVal("sentry.xxx.password", null);
-
-        // Attempt to get the location of the keytab also fails
-        checkBannedConfigVal("sentry.service.server.keytab", null);
-
-      }});
-  }
-
-  /* SENTRY-841 */
-  @Test
-  public void testGranRevokePrivilegeOnServerForRole() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-
-        String roleName1 = "admin_r1";
-
-        client.dropRoleIfExists(requestorUserName, roleName1);
-        client.createRole(requestorUserName, roleName1);
-
-        client.grantServerPrivilege(requestorUserName, roleName1, "server", false);
-
-        Set<TSentryPrivilege> listPrivs = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege should be all:",listPrivs.iterator().next().getAction().equals("*"));
-
-        client.revokeServerPrivilege(requestorUserName, roleName1, "server", false);
-        listPrivs = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege not correctly revoked !!", listPrivs.size() == 0);
-
-      }});
-  }
-
-  @Test
-  public void testGranRevokePrivilegeWithoutAction() throws Exception {
-    runTestAsSubject(new TestOperation(){
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String requestorUserName = ADMIN_USER;
-        String roleName1 = "admin_r1";
-        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
-        writePolicyFile();
-
-        client.dropRoleIfExists(requestorUserName, roleName1);
-        client.createRole(requestorUserName, roleName1);
-        client.grantServerPrivilege(requestorUserName, roleName1, "server1", false);
-
-        Set<TSentryPrivilege> listPrivs = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege should be all:", listPrivs.iterator().next().getAction().equals("*"));
-
-        client.revokeServerPrivilege(requestorUserName, roleName1, "server1", "ALL", false);
-        listPrivs = client.listAllPrivilegesByRoleName(requestorUserName, roleName1);
-        assertTrue("Privilege not correctly revoked !!", listPrivs.size() == 0);
-
-      }});
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithInvalidMsgSize.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithInvalidMsgSize.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithInvalidMsgSize.java
deleted file mode 100644
index 15eab15..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithInvalidMsgSize.java
+++ /dev/null
@@ -1,119 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import com.google.common.collect.Sets;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.service.thrift.SentryServiceClientFactory;
-import org.apache.sentry.service.thrift.SentryServiceFactory;
-import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.apache.sentry.service.thrift.ServiceConstants;
-import org.junit.Assert;
-import org.junit.Test;
-
-import java.util.Set;
-
-/**
- * Test sentry service with a larger message size than the server's or client's thrift max message size.
- */
-public class TestSentryServiceWithInvalidMsgSize extends SentryServiceIntegrationBase {
-  private final Set<String> REQUESTER_USER_GROUP_NAMES = Sets.newHashSet(ADMIN_GROUP);
-  private final String ROLE_NAME = "admin_r";
-
-  /**
-   * Test the case when the message size is larger than the client's thrift max message size.
-   */
-  @Test
-  public void testClientWithSmallMaxMsgSize() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        Configuration confWithSmallMaxMsgSize = new Configuration(conf);
-        confWithSmallMaxMsgSize.setLong(ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE, 20);
-        // create a client with a small thrift max message size
-        SentryPolicyServiceClient clientWithSmallMaxMsgSize = SentryServiceClientFactory.create(confWithSmallMaxMsgSize);
-
-        setLocalGroupMapping(ADMIN_USER, REQUESTER_USER_GROUP_NAMES);
-        writePolicyFile();
-
-        boolean exceptionThrown = false;
-        try {
-          // client throws exception when message size is larger than the client's thrift max message size.
-          clientWithSmallMaxMsgSize.listRoles(ADMIN_USER);
-        } catch (SentryUserException e) {
-          exceptionThrown = true;
-          Assert.assertTrue(e.getMessage().contains("Thrift exception occurred"));
-          Assert.assertTrue(e.getCause().getMessage().contains("Length exceeded max allowed"));
-        } finally {
-          Assert.assertEquals(true, exceptionThrown);
-          clientWithSmallMaxMsgSize.close();
-        }
-
-        // client can still talk with sentry server when message size is smaller.
-        client.dropRoleIfExists(ADMIN_USER, ROLE_NAME);
-        client.listRoles(ADMIN_USER);
-        client.createRole(ADMIN_USER, ROLE_NAME);
-        client.listRoles(ADMIN_USER);
-      }
-    });
-  }
-
-  /**
-   * Test the case when the message size is larger than the server's thrift max message size.
-   */
-  @Test
-  public void testServerWithSmallMaxMsgSize() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        Configuration confWithSmallMaxMsgSize = new Configuration(conf);
-        confWithSmallMaxMsgSize.setLong(ServiceConstants.ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE,
-            50);
-        stopSentryService();
-
-        // create a server with a small max thrift message size
-        server = new SentryServiceFactory().create(confWithSmallMaxMsgSize);
-        startSentryService();
-
-        setLocalGroupMapping(ADMIN_USER, REQUESTER_USER_GROUP_NAMES);
-        writePolicyFile();
-
-        // client can talk with server when message size is smaller.
-        client.listRoles(ADMIN_USER);
-        client.createRole(ADMIN_USER, ROLE_NAME);
-
-        boolean exceptionThrown = false;
-        try {
-          // client throws exception when message size is larger than the server's thrift max message size.
-          client.grantServerPrivilege(ADMIN_USER, ROLE_NAME, "server", false);
-        } catch (SentryUserException e) {
-          exceptionThrown = true;
-          Assert.assertTrue(e.getMessage().contains("org.apache.thrift.transport.TTransportException"));
-        } finally {
-          Assert.assertEquals(true, exceptionThrown);
-        }
-
-        // client can still talk with sentry server when message size is smaller.
-        Set<TSentryRole> roles = client.listRoles(ADMIN_USER);
-        Assert.assertTrue(roles.size() == 1);
-        Assert.assertEquals(ROLE_NAME, roles.iterator().next().getRoleName());
-      }
-    });
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java
deleted file mode 100644
index ff73382..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-/**
- * Test various kerberos related stuff on the SentryService side
- */
-public class TestSentryServiceWithKerberos extends SentryServiceIntegrationBase {
-
-  @BeforeClass
-  public static void setup() throws Exception {
-    SERVER_KERBEROS_NAME = "sentry/_HOST@" + REALM;
-    SentryServiceIntegrationBase.setup();
-  }
-
-  @Override
-  @Before
-  public void before() throws Exception {
-  }
-
-  @Override
-  @After
-  public void after() {
-  }
-
-  /**
-   * Test that we are correctly substituting "_HOST" if/when needed.
-   *
-   * @throws Exception
-   */
-  @Test
-  public void testHostSubstitution() throws Exception {
-    // We just need to ensure that we are able to correct connect to the server
-    connectToSentryService();
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java
deleted file mode 100644
index ece2ee8..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java
+++ /dev/null
@@ -1,136 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import static org.junit.Assert.fail;
-
-import java.io.File;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.security.PrivilegedExceptionAction;
-import java.util.HashSet;
-
-import javax.security.auth.Subject;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.login.LoginContext;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
-import org.apache.hadoop.security.authentication.client.AuthenticationException;
-import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
-import org.apache.sentry.service.thrift.KerberosConfiguration;
-import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Sets;
-
-public class TestSentryWebServerWithKerberos extends SentryServiceIntegrationBase {
-
-  private static Logger LOG = LoggerFactory.getLogger(TestSentryWebServerWithKerberos.class);
-
-  @BeforeClass
-  public static void setup() throws Exception {
-    webServerEnabled = true;
-    webSecurity = true;
-    SentryServiceIntegrationBase.setup();
-  }
-
-  @Override
-  @Before
-  public void before() throws Exception {
-  }
-
-  @Override
-  @After
-  public void after() {
-  }
-
-  @Test
-  public void testPing() throws Exception {
-    clientUgi.doAs(new PrivilegedExceptionAction<Void>() {
-      @Override
-      public Void run() throws Exception {
-        final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping");
-        HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()).
-            openConnection(url, new AuthenticatedURL.Token());
-        Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
-        String response = IOUtils.toString(conn.getInputStream());
-        Assert.assertEquals("pong\n", response);
-      return null;
-      }} );
-  }
-
-  @Test
-  public void testPingWithoutSubject() throws Exception {
-    final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping");
-    try {
-      new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token());
-      fail("Here should fail.");
-    } catch (Exception e) {
-      boolean isExpectError = e.getMessage().contains("No valid credentials provided");
-      Assert.assertTrue("Here should fail by 'No valid credentials provided'," +
-          " but the exception is:" + e, isExpectError);
-    }
-  }
-
-  @Test
-  public void testPingUsingHttpURLConnection() throws Exception {
-    final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping");
-    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
-    Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode());
-    String errorMessage = IOUtils.toString(conn.getErrorStream());
-    Assert.assertTrue(errorMessage.contains("Authentication required"));
-  }
-
-  @Test
-  public void testPingWithUnauthorizedUser() throws Exception {
-    // create an unauthorized User with Kerberos
-    String userPrinciple = "user/" + SERVER_HOST;
-    String userKerberosName = userPrinciple + "@" + REALM;
-    Subject userSubject = new Subject(false, Sets.newHashSet(
-        new KerberosPrincipal(userKerberosName)), new HashSet<Object>(),new HashSet<Object>());
-    File userKeytab = new File(kdcWorkDir, "user.keytab");
-    kdc.createPrincipal(userKeytab, userPrinciple);
-    LoginContext userLoginContext = new LoginContext("", userSubject, null,
-        KerberosConfiguration.createClientConfig(userKerberosName, userKeytab));
-    userLoginContext.login();
-    Subject.doAs(userLoginContext.getSubject(), new PrivilegedExceptionAction<Void>() {
-      @Override
-      public Void run() throws Exception {
-        final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping");
-        try {
-          new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token());
-          fail("Here should fail.");
-        } catch (AuthenticationException e) {
-          String expectedError = "status code: 403";
-          if (!e.getMessage().contains(expectedError)) {
-            LOG.error("UnexpectedError: " + e.getMessage(), e);
-            fail("UnexpectedError: " + e.getMessage());
-          }
-        }
-        return null;
-      }
-    });
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithSSL.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithSSL.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithSSL.java
deleted file mode 100644
index d1d0b4b..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithSSL.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import com.google.common.io.Resources;
-import org.apache.commons.io.IOUtils;
-import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.junit.*;
-
-import javax.net.ssl.HttpsURLConnection;
-import java.net.URL;
-import java.util.Properties;
-
-/**
- * Test sentry web server when ssl is enabled.
- */
-public class TestSentryWebServerWithSSL extends SentryServiceIntegrationBase {
-  @BeforeClass
-  public static void setup() throws Exception {
-    webServerEnabled = true;
-    webSecurity = false;
-    useSSL = true;
-    SentryServiceIntegrationBase.setup();
-  }
-
-  @Test
-  public void testPing() throws Exception {
-    final URL url = new URL("https://"+ SERVER_HOST + ":" + webServerPort + "/ping");
-    Properties systemProps = System.getProperties();
-    systemProps.put( "javax.net.ssl.trustStore", Resources.getResource("cacerts.jks").getPath());
-    System.setProperties(systemProps);
-    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
-    Assert.assertEquals(HttpsURLConnection.HTTP_OK, conn.getResponseCode());
-    String response = IOUtils.toString(conn.getInputStream());
-    Assert.assertEquals("pong\n", response);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java
deleted file mode 100644
index 4a913e5..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.service.thrift;
-
-import java.net.HttpURLConnection;
-import java.net.URL;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class TestSentryWebServerWithoutSecurity extends SentryServiceIntegrationBase {
-
-  @BeforeClass
-  public static void setup() throws Exception {
-    webServerEnabled = true;
-    webSecurity = false;
-    SentryServiceIntegrationBase.setup();
-  }
-
-  @Override
-  @Before
-  public void before() throws Exception {
-  }
-
-  @Override
-  @After
-  public void after() {
-  }
-
-  @Test
-  public void testPing() throws Exception {
-    final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping");
-    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
-    Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
-    String response = IOUtils.toString(conn.getInputStream());
-    Assert.assertEquals("pong\n", response);
-  }
-
-  @Test
-  public void testConf() throws Exception {
-    // test bad format
-    final URL url = new URL("http://" + SERVER_HOST + ":" + webServerPort + "/conf?"
-        + ConfServlet.FORMAT_PARAM + "=badformat");
-    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
-    Assert.assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, conn.getResponseCode());
-
-    // test json format
-    final URL url1 = new URL("http://" + SERVER_HOST + ":" + webServerPort + "/conf?"
-        + ConfServlet.FORMAT_PARAM +"=" +  ConfServlet.FORMAT_JSON);
-    conn = (HttpURLConnection) url1.openConnection();
-    Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
-
-    // test xml format
-    final URL url2 = new URL("http://" + SERVER_HOST + ":" + webServerPort + "/conf?"
-        + ConfServlet.FORMAT_PARAM +"=" + ConfServlet.FORMAT_XML);
-    conn = (HttpURLConnection) url2.openConnection();
-    Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
-    String xmlResponse = IOUtils.toString(conn.getInputStream());
-
-    // test default is xml format
-    final URL url3 = new URL("http://" + SERVER_HOST + ":" + webServerPort + "/conf");
-    conn = (HttpURLConnection) url3.openConnection();
-    Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
-    String defaultResponse = IOUtils.toString(conn.getInputStream());
-    Assert.assertEquals(xmlResponse, defaultResponse);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java
deleted file mode 100644
index 68abf27..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.tools;
-
-import java.io.File;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.persistent.SentryStoreSchemaInfo;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.io.Files;
-
-public class TestSentrySchemaTool {
-  private Configuration sentryConf;
-  private SentrySchemaTool schemaTool;
-
-  private static final String OLDEST_INIT_VERSION = "1.4.0";
-
-  @Before
-  public void defaultSetup() throws Exception {
-    sentryConf = new Configuration();
-    File dbDir = new File(Files.createTempDir(), "sentry_policy_db");
-    sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
-        "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true");
-    sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy");
-    schemaTool = new SentrySchemaTool("./src/main/resources", sentryConf,
-        "derby");
-  }
-
-  private void nonDefaultsetup() throws Exception {
-    sentryConf = new Configuration();
-    File dbDir = new File(Files.createTempDir(), "sentry_policy_db");
-    sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
-        "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true");
-    sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy");
-    schemaTool = new SentrySchemaTool("./src/main/resources", sentryConf,
-        "derby");
-  }
-
-  @Test
-  public void testInitNonDefault() throws Exception {
-    nonDefaultsetup();
-    schemaTool.doInit();
-    schemaTool.verifySchemaVersion();
-  }
-
-  @Test
-  public void testInit() throws Exception {
-    schemaTool.doInit();
-    schemaTool.verifySchemaVersion();
-  }
-
-  @Test
-  public void testInitTo() throws Exception {
-    schemaTool.doInit(SentryStoreSchemaInfo.getSentryVersion());
-    schemaTool.verifySchemaVersion();
-  }
-
-  @Test(expected = SentryUserException.class)
-  public void testDryRun() throws Exception {
-    schemaTool.setDryRun(true);
-    schemaTool.doInit();
-    schemaTool.setDryRun(false);
-    // verification should fail since dryRun didn't create the actual schema
-    schemaTool.verifySchemaVersion();
-  }
-
-  @Test
-  public void testUpgrade() throws Exception {
-    schemaTool.doInit(OLDEST_INIT_VERSION);
-    schemaTool.doUpgrade();
-    schemaTool.verifySchemaVersion();
-  }
-
-}


Mime
View raw message