From commits-return-12622-archive-asf-public=cust-asf.ponee.io@sentry.apache.org Tue May 29 20:06:30 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 321FB1807D4 for ; Tue, 29 May 2018 20:06:23 +0200 (CEST) Received: (qmail 37863 invoked by uid 500); 29 May 2018 18:06:22 -0000 Mailing-List: contact commits-help@sentry.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@sentry.apache.org Delivered-To: mailing list commits@sentry.apache.org Received: (qmail 37061 invoked by uid 99); 29 May 2018 18:06:21 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2018 18:06:21 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 491DDE1107; Tue, 29 May 2018 18:06:21 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: spena@apache.org To: commits@sentry.apache.org Date: Tue, 29 May 2018 18:06:42 -0000 Message-Id: <0116a1a61c2642a3a2a9566137208a1d@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [23/43] sentry git commit: SENTRY-2208: Refactor out Sentry service into own module from sentry-provider-db (Anthony Young-Garner, reviewed by Sergio Pena, Steve Moist, Na Li) http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java deleted file mode 100644 index ebc8c31..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java +++ /dev/null @@ -1,1167 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.service.persistent; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import java.io.File; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.apache.commons.io.FileUtils; -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.provider.db.service.model.MSentryGroup; -import org.apache.sentry.provider.db.service.model.MSentryPrivilege; -import org.apache.sentry.provider.db.service.model.MSentryRole; -import org.apache.sentry.provider.db.service.model.MSentryUser; -import org.apache.sentry.api.common.ApiConstants.PrivilegeScope; -import org.apache.sentry.api.service.thrift.TSentryGrantOption; -import org.apache.sentry.api.service.thrift.TSentryMappingData; -import org.apache.sentry.api.service.thrift.TSentryPrivilege; -import org.apache.sentry.provider.file.PolicyFile; -import org.apache.sentry.api.common.SentryServiceUtil; -import org.apache.sentry.service.common.ServiceConstants.ServerConfig; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.Maps; -import com.google.common.collect.Sets; -import com.google.common.io.Files; - -public class TestSentryStoreImportExport { - - private static File dataDir; - private static String[] adminGroups = { "adminGroup1" }; - private static PolicyFile policyFile; - private static File policyFilePath; - private static SentryStore sentryStore; - private TSentryPrivilege tSentryPrivilege1; - private TSentryPrivilege tSentryPrivilege2; - private TSentryPrivilege tSentryPrivilege3; - private TSentryPrivilege tSentryPrivilege4; - private TSentryPrivilege tSentryPrivilege5; - private TSentryPrivilege tSentryPrivilege6; - private TSentryPrivilege tSentryPrivilege7; - private TSentryPrivilege tSentryPrivilege8; - private TSentryPrivilege tSentryPrivilege9; - - @BeforeClass - public static void setupEnv() throws Exception { - dataDir = new File(Files.createTempDir(), "sentry_policy_db"); - Configuration conf = new Configuration(false); - conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); - conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" + dataDir.getPath() - + ";create=true"); - conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "sentry"); - conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups); - conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); - policyFilePath = new File(dataDir, "local_policy_file.ini"); - conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, policyFilePath.getPath()); - policyFile = new PolicyFile(); - boolean hdfsSyncEnabled = SentryServiceUtil.isHDFSSyncEnabled(conf); - sentryStore = new SentryStore(conf); - sentryStore.setPersistUpdateDeltas(hdfsSyncEnabled); - - String adminUser = "g1"; - addGroupsToUser(adminUser, adminGroups); - writePolicyFile(); - } - - @Before - public void setupPrivilege() { - preparePrivilege(); - } - - @After - public void clearStore() { - sentryStore.clearAllTables(); - } - - // create the privileges instance for test case: - // privilege1=[server=server1] - // privilege2=[server=server1, action=select, grantOption=false] - // privilege3=[server=server1, db=db2, action=insert, grantOption=true] - // privilege4=[server=server1, db=db1, table=tbl1, action=insert, grantOption=false] - // privilege5=[server=server1, db=db1, table=tbl2, column=col1, action=insert, grantOption=false] - // privilege6=[server=server1, db=db1, table=tbl3, column=col1, action=*, grantOption=true] - // privilege7=[server=server1, db=db1, table=tbl4, column=col1, action=all, grantOption=true] - // privilege8=[server=server1, uri=hdfs://testserver:9999/path1, action=insert, grantOption=false] - // privilege9=[server=server1, db=db2, table=tbl1, action=insert, grantOption=false] - private void preparePrivilege() { - tSentryPrivilege1 = createTSentryPrivilege(PrivilegeScope.SERVER.name(), "server1", "", "", "", - "", "", TSentryGrantOption.UNSET); - tSentryPrivilege2 = createTSentryPrivilege(PrivilegeScope.SERVER.name(), "server1", "", "", "", - "", AccessConstants.SELECT, TSentryGrantOption.FALSE); - tSentryPrivilege3 = createTSentryPrivilege(PrivilegeScope.DATABASE.name(), "server1", "db2", - "", "", "", AccessConstants.INSERT, TSentryGrantOption.TRUE); - tSentryPrivilege4 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db1", - "tbl1", "", "", AccessConstants.INSERT, TSentryGrantOption.FALSE); - tSentryPrivilege5 = createTSentryPrivilege(PrivilegeScope.COLUMN.name(), "server1", "db1", - "tbl2", "col1", "", AccessConstants.INSERT, TSentryGrantOption.FALSE); - tSentryPrivilege6 = createTSentryPrivilege(PrivilegeScope.COLUMN.name(), "server1", "db1", - "tbl3", "col1", "", AccessConstants.ALL, TSentryGrantOption.TRUE); - tSentryPrivilege7 = createTSentryPrivilege(PrivilegeScope.COLUMN.name(), "server1", "db1", - "tbl4", "col1", "", AccessConstants.ACTION_ALL, TSentryGrantOption.TRUE); - tSentryPrivilege8 = createTSentryPrivilege(PrivilegeScope.URI.name(), "server1", "", "", "", - "hdfs://testserver:9999/path1", AccessConstants.INSERT, TSentryGrantOption.FALSE); - tSentryPrivilege9 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), "server1", "db2", - "tbl1", "", "", AccessConstants.INSERT, TSentryGrantOption.FALSE); - } - - @AfterClass - public static void teardown() { - if (sentryStore != null) { - sentryStore.stop(); - } - if (dataDir != null) { - FileUtils.deleteQuietly(dataDir); - } - } - - protected static void addGroupsToUser(String user, String... groupNames) { - policyFile.addGroupsToUser(user, groupNames); - } - - protected static void writePolicyFile() throws Exception { - policyFile.write(policyFilePath); - } - - // Befor import, database is empty. - // The following information is imported: - // group1=role1,role2,role3 - // group2=role1,role2,role3 - // group3=role1,role2,role3 - // role1=privilege1,privilege2,privilege3,privilege4,privilege5,privilege6,privilege7,privilege8 - // role2=privilege1,privilege2,privilege3,privilege4,privilege5,privilege6,privilege7,privilege8 - // role3=privilege1,privilege2,privilege3,privilege4,privilege5,privilege6,privilege7,privilege8 - // Both import API importSentryMetaData and export APIs getRolesMap, getGroupsMap, - // getPrivilegesList are tested. - @Test - public void testImportExportPolicy1() throws Exception { - TSentryMappingData tSentryMappingData = new TSentryMappingData(); - Map> sentryGroupRolesMap = Maps.newHashMap(); - Map> sentryRolePrivilegesMap = Maps.newHashMap(); - sentryGroupRolesMap.put("group1", Sets.newHashSet("Role1", "role2", "role3")); - sentryGroupRolesMap.put("group2", Sets.newHashSet("Role1", "role2", "role3")); - sentryGroupRolesMap.put("group3", Sets.newHashSet("Role1", "role2", "role3")); - sentryRolePrivilegesMap.put("Role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - sentryRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - sentryRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - tSentryMappingData.setGroupRolesMap(sentryGroupRolesMap); - tSentryMappingData.setRolePrivilegesMap(sentryRolePrivilegesMap); - sentryStore.importSentryMetaData(tSentryMappingData, false); - - Map rolesMap = sentryStore.getRolesMap(); - Map groupsMap = sentryStore.getGroupNameToGroupMap(); - List privilegesList = sentryStore.getPrivilegesList(); - - // test the result data for the role - verifyRoles(rolesMap, Sets.newHashSet("role1", "role2", "role3")); - - // test the result data for the group - verifyGroups(groupsMap, Sets.newHashSet("group1", "group2", "group3")); - - // test the result data for the privilege - verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - - // test the mapping data for group and role - List>> mapList = sentryStore.getGroupUserRoleMapList(null); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // test the mapping data for role and privilege - Map> actualRolePrivilegesMap = sentryStore - .getRoleNameTPrivilegesMap(); - Map> exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - } - - // call import twice, and there has no duplicate data: - // The data for 1st import: - // group1=role1 - // role1=privilege1,privilege2,privilege3,privilege4 - // The data for 2nd import: - // group2=role2,role3 - // group3=role2,role3 - // role2=privilege5,privilege6,privilege7,privilege8 - // role3=privilege5,privilege6,privilege7,privilege8 - // Both import API importSentryMetaData and export APIs getRolesMap, getGroupsMap, - // getPrivilegesList are tested. - @Test - public void testImportExportPolicy2() throws Exception { - TSentryMappingData tSentryMappingData1 = new TSentryMappingData(); - Map> sentryGroupRolesMap1 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap1 = Maps.newHashMap(); - sentryGroupRolesMap1.put("group1", Sets.newHashSet("role1")); - sentryRolePrivilegesMap1 - .put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, tSentryPrivilege3, - tSentryPrivilege4)); - tSentryMappingData1.setGroupRolesMap(sentryGroupRolesMap1); - tSentryMappingData1.setRolePrivilegesMap(sentryRolePrivilegesMap1); - sentryStore.importSentryMetaData(tSentryMappingData1, false); - - TSentryMappingData tSentryMappingData2 = new TSentryMappingData(); - Map> sentryGroupRolesMap2 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap2 = Maps.newHashMap(); - sentryGroupRolesMap2.put("group2", Sets.newHashSet("role2", "role3")); - sentryGroupRolesMap2.put("group3", Sets.newHashSet("role2", "role3")); - sentryRolePrivilegesMap2 - .put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7, - tSentryPrivilege8)); - sentryRolePrivilegesMap2 - .put("role3", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7, - tSentryPrivilege8)); - tSentryMappingData2.setGroupRolesMap(sentryGroupRolesMap2); - tSentryMappingData2.setRolePrivilegesMap(sentryRolePrivilegesMap2); - sentryStore.importSentryMetaData(tSentryMappingData2, false); - - Map rolesMap = sentryStore.getRolesMap(); - Map groupsMap = sentryStore.getGroupNameToGroupMap(); - List privilegesList = sentryStore.getPrivilegesList(); - - // test the result data for the role - verifyRoles(rolesMap, Sets.newHashSet("role1", "role2", "role3")); - - // test the result data for the group - verifyGroups(groupsMap, Sets.newHashSet("group1", "group2", "group3")); - - // test the result data for the privilege - verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - - // test the mapping data for group and role - List>> mapList = sentryStore.getGroupUserRoleMapList(null); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2", "role3")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // test the mapping data for role and privilege - Map> actualRolePrivilegesMap = sentryStore - .getRoleNameTPrivilegesMap(); - Map> exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap - .put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, tSentryPrivilege3, - tSentryPrivilege4)); - exceptedRolePrivilegesMap - .put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7, - tSentryPrivilege8)); - exceptedRolePrivilegesMap - .put("role3", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7, - tSentryPrivilege8)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - } - - // call import twice, and there has data overlap: - // The data for 1st import: - // group1=role1, role2 - // group2=role1, role2 - // group3=role1, role2 - // role1=privilege1,privilege2,privilege3,privilege4,privilege5 - // role2=privilege1,privilege2,privilege3,privilege4,privilege5 - // The data for 2nd import: - // group1=role2,role3 - // group2=role2,role3 - // group3=role2,role3 - // role2=privilege4,privilege5,privilege6,privilege7,privilege8 - // role3=privilege4,privilege5,privilege6,privilege7,privilege8 - // Both import API importSentryMetaData and export APIs getRolesMap, getGroupsMap, - // getPrivilegesList are tested. - @Test - public void testImportExportPolicy3() throws Exception { - TSentryMappingData tSentryMappingData1 = new TSentryMappingData(); - Map> sentryGroupRolesMap1 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap1 = Maps.newHashMap(); - sentryGroupRolesMap1.put("group1", Sets.newHashSet("role1", "role2")); - sentryGroupRolesMap1.put("group2", Sets.newHashSet("role1", "role2")); - sentryGroupRolesMap1.put("group3", Sets.newHashSet("role1", "role2")); - sentryRolePrivilegesMap1.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5)); - sentryRolePrivilegesMap1.put("role2", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5)); - tSentryMappingData1.setGroupRolesMap(sentryGroupRolesMap1); - tSentryMappingData1.setRolePrivilegesMap(sentryRolePrivilegesMap1); - sentryStore.importSentryMetaData(tSentryMappingData1, false); - - TSentryMappingData tSentryMappingData2 = new TSentryMappingData(); - Map> sentryGroupRolesMap2 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap2 = Maps.newHashMap(); - sentryGroupRolesMap2.put("group1", Sets.newHashSet("role2", "role3")); - sentryGroupRolesMap2.put("group2", Sets.newHashSet("role2", "role3")); - sentryGroupRolesMap2.put("group3", Sets.newHashSet("role2", "role3")); - sentryRolePrivilegesMap2.put("role2", Sets.newHashSet(tSentryPrivilege4, tSentryPrivilege5, - tSentryPrivilege6, tSentryPrivilege7, tSentryPrivilege8)); - sentryRolePrivilegesMap2.put("role3", Sets.newHashSet(tSentryPrivilege4, tSentryPrivilege5, - tSentryPrivilege6, tSentryPrivilege7, tSentryPrivilege8)); - tSentryMappingData2.setGroupRolesMap(sentryGroupRolesMap2); - tSentryMappingData2.setRolePrivilegesMap(sentryRolePrivilegesMap2); - sentryStore.importSentryMetaData(tSentryMappingData2, false); - - Map rolesMap = sentryStore.getRolesMap(); - Map groupsMap = sentryStore.getGroupNameToGroupMap(); - List privilegesList = sentryStore.getPrivilegesList(); - - // test the result data for the role - verifyRoles(rolesMap, Sets.newHashSet("role1", "role2", "role3")); - - // test the result data for the group - verifyGroups(groupsMap, Sets.newHashSet("group1", "group2", "group3")); - - // test the result data for the privilege - verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - - // test the mapping data for group and role - List>> mapList = sentryStore.getGroupUserRoleMapList(null); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // test the mapping data for role and privilege - Map> actualRolePrivilegesMap = sentryStore - .getRoleNameTPrivilegesMap(); - Map> exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5)); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4, tSentryPrivilege5, - tSentryPrivilege6, tSentryPrivilege7, tSentryPrivilege8)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - } - - // call import twice, and there has one role without group. - // The data for 1st import: - // group1=role1, role2 - // role1=privilege1,privilege2 - // role2=privilege3,privilege4 - // The data for 2nd import: - // group2=role2 - // role2=privilege5,privilege6 - // role3=privilege7,privilege8 - // role3 is without group, will be imported also - @Test - public void testImportExportPolicy4() throws Exception { - TSentryMappingData tSentryMappingData1 = new TSentryMappingData(); - Map> sentryGroupRolesMap1 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap1 = Maps.newHashMap(); - sentryGroupRolesMap1.put("group1", Sets.newHashSet("role1", "role2")); - sentryRolePrivilegesMap1.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2)); - sentryRolePrivilegesMap1.put("role2", Sets.newHashSet(tSentryPrivilege3, tSentryPrivilege4)); - tSentryMappingData1.setGroupRolesMap(sentryGroupRolesMap1); - tSentryMappingData1.setRolePrivilegesMap(sentryRolePrivilegesMap1); - sentryStore.importSentryMetaData(tSentryMappingData1, false); - - TSentryMappingData tSentryMappingData2 = new TSentryMappingData(); - Map> sentryGroupRolesMap2 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap2 = Maps.newHashMap(); - sentryGroupRolesMap2.put("group2", Sets.newHashSet("role2")); - sentryRolePrivilegesMap2.put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6)); - sentryRolePrivilegesMap2.put("role3", Sets.newHashSet(tSentryPrivilege7, tSentryPrivilege8)); - tSentryMappingData2.setGroupRolesMap(sentryGroupRolesMap2); - tSentryMappingData2.setRolePrivilegesMap(sentryRolePrivilegesMap2); - sentryStore.importSentryMetaData(tSentryMappingData2, false); - - Map rolesMap = sentryStore.getRolesMap(); - Map groupsMap = sentryStore.getGroupNameToGroupMap(); - List privilegesList = sentryStore.getPrivilegesList(); - - // test the result data for the role - verifyRoles(rolesMap, Sets.newHashSet("role1", "role2", "role3")); - - // test the result data for the group - verifyGroups(groupsMap, Sets.newHashSet("group1", "group2")); - - // test the result data for the privilege - verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - - // test the mapping data for group and role - List>> mapList = sentryStore.getGroupUserRoleMapList(null); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // test the mapping data for role and privilege - Map> actualRolePrivilegesMap = sentryStore - .getRoleNameTPrivilegesMap(); - Map> exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2)); - exceptedRolePrivilegesMap - .put("role2", Sets.newHashSet(tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, - tSentryPrivilege6)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege7, tSentryPrivilege8)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - } - - // test for import mapping data for [group,role] only: - // group1=role1, role2 - @Test - public void testImportExportPolicy5() throws Exception { - TSentryMappingData tSentryMappingData1 = new TSentryMappingData(); - Map> sentryGroupRolesMap1 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap1 = Maps.newHashMap(); - sentryGroupRolesMap1.put("group1", Sets.newHashSet("role1", "role2")); - tSentryMappingData1.setGroupRolesMap(sentryGroupRolesMap1); - tSentryMappingData1.setRolePrivilegesMap(sentryRolePrivilegesMap1); - sentryStore.importSentryMetaData(tSentryMappingData1, false); - - Map rolesMap = sentryStore.getRolesMap(); - Map groupsMap = sentryStore.getGroupNameToGroupMap(); - List privilegesList = sentryStore.getPrivilegesList(); - - // test the result data for the role - verifyRoles(rolesMap, Sets.newHashSet("role1", "role2")); - - // test the result data for the group - verifyGroups(groupsMap, Sets.newHashSet("group1")); - - // test the result data for the privilege - assertTrue(privilegesList.isEmpty()); - - // test the mapping data for group and role - List>> mapList = sentryStore.getGroupUserRoleMapList(null); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // test the mapping data for role and privilege - Map> actualRolePrivilegesMap = sentryStore - .getRoleNameTPrivilegesMap(); - assertTrue(actualRolePrivilegesMap.isEmpty()); - } - - // test for filter the orphaned group: - // group1=role1, role2 - // group2=role2 - @Test - public void testImportExportPolicy6() throws Exception { - TSentryMappingData tSentryMappingData1 = new TSentryMappingData(); - Map> sentryGroupRolesMap1 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap1 = Maps.newHashMap(); - sentryGroupRolesMap1.put("group1", Sets.newHashSet("role1", "role2")); - sentryGroupRolesMap1.put("group2", Sets.newHashSet("role2")); - tSentryMappingData1.setGroupRolesMap(sentryGroupRolesMap1); - tSentryMappingData1.setRolePrivilegesMap(sentryRolePrivilegesMap1); - sentryStore.importSentryMetaData(tSentryMappingData1, false); - - // drop the role2, the group2 is orphaned group - sentryStore.dropSentryRole("role2"); - - Map rolesMap = sentryStore.getRolesMap(); - Map groupsMap = sentryStore.getGroupNameToGroupMap(); - List privilegesList = sentryStore.getPrivilegesList(); - - // test the result data for the role - verifyRoles(rolesMap, Sets.newHashSet("role1")); - - // test the result data for the group - verifyGroups(groupsMap, Sets.newHashSet("group1", "group2")); - - // test the result data for the privilege - assertTrue(privilegesList.isEmpty()); - - // test the mapping data for group and role - List>> mapList = sentryStore.getGroupUserRoleMapList(null); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // test the mapping data for role and privilege - Map> actualRolePrivilegesMap = sentryStore - .getRoleNameTPrivilegesMap(); - assertTrue(actualRolePrivilegesMap.isEmpty()); - } - - // call import twice, and there has no duplicate data, the import will be with the overwrite mode: - // The data for 1st import: - // group1=role1 - // role1=privilege1 - // The data for 2nd import: - // group2=role2,role3 - // group3=role2,role3 - // role2=privilege2 - // role3=privilege2 - // Both import API importSentryMetaData and export APIs getRolesMap, getGroupsMap, - // getPrivilegesList are tested. - @Test - public void testImportExportPolicy7() throws Exception { - TSentryMappingData tSentryMappingData1 = new TSentryMappingData(); - Map> sentryGroupRolesMap1 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap1 = Maps.newHashMap(); - sentryGroupRolesMap1.put("group1", Sets.newHashSet("role1")); - sentryRolePrivilegesMap1.put("role1", Sets.newHashSet(tSentryPrivilege1)); - tSentryMappingData1.setGroupRolesMap(sentryGroupRolesMap1); - tSentryMappingData1.setRolePrivilegesMap(sentryRolePrivilegesMap1); - // the import with overwrite mode - sentryStore.importSentryMetaData(tSentryMappingData1, true); - - TSentryMappingData tSentryMappingData2 = new TSentryMappingData(); - Map> sentryGroupRolesMap2 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap2 = Maps.newHashMap(); - sentryGroupRolesMap2.put("group2", Sets.newHashSet("role2", "role3")); - sentryGroupRolesMap2.put("group3", Sets.newHashSet("role2", "role3")); - sentryRolePrivilegesMap2.put("role2", Sets.newHashSet(tSentryPrivilege2)); - sentryRolePrivilegesMap2.put("role3", Sets.newHashSet(tSentryPrivilege2)); - tSentryMappingData2.setGroupRolesMap(sentryGroupRolesMap2); - tSentryMappingData2.setRolePrivilegesMap(sentryRolePrivilegesMap2); - // the import with overwrite mode - sentryStore.importSentryMetaData(tSentryMappingData2, true); - - Map rolesMap = sentryStore.getRolesMap(); - Map groupsMap = sentryStore.getGroupNameToGroupMap(); - List privilegesList = sentryStore.getPrivilegesList(); - - // test the result data for the role - verifyRoles(rolesMap, Sets.newHashSet("role1", "role2", "role3")); - - // test the result data for the group - verifyGroups(groupsMap, Sets.newHashSet("group1", "group2", "group3")); - - // test the result data for the privilege - verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2)); - - // test the mapping data for group and role - List>> mapList = sentryStore.getGroupUserRoleMapList(null); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2", "role3")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // test the mapping data for role and privilege - Map> actualRolePrivilegesMap = sentryStore - .getRoleNameTPrivilegesMap(); - Map> exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege1)); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege2)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege2)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - } - - // call import twice, and there has data overlap, the import will be with the overwrite mode: - // The data for 1st import: - // group1=role1, role2 - // group2=role1, role2 - // group3=role1, role2 - // role1=privilege1,privilege2,privilege3,privilege4,privilege5 - // role2=privilege1,privilege2,privilege3,privilege4,privilege5 - // The data for 2nd import: - // group1=role2,role3 - // group2=role2,role3 - // group3=role2,role3 - // role2=privilege4,privilege5,privilege6,privilege7,privilege8 - // role3=privilege4,privilege5,privilege6,privilege7,privilege8 - // Both import API importSentryMetaData and export APIs getRolesMap, getGroupsMap, - // getPrivilegesList are tested. - @Test - public void testImportExportPolicy8() throws Exception { - TSentryMappingData tSentryMappingData1 = new TSentryMappingData(); - Map> sentryGroupRolesMap1 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap1 = Maps.newHashMap(); - sentryGroupRolesMap1.put("group1", Sets.newHashSet("role1", "role2")); - sentryGroupRolesMap1.put("group2", Sets.newHashSet("role1", "role2")); - sentryGroupRolesMap1.put("group3", Sets.newHashSet("role1", "role2")); - sentryRolePrivilegesMap1.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5)); - sentryRolePrivilegesMap1.put("role2", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5)); - tSentryMappingData1.setGroupRolesMap(sentryGroupRolesMap1); - tSentryMappingData1.setRolePrivilegesMap(sentryRolePrivilegesMap1); - // the import with overwrite mode - sentryStore.importSentryMetaData(tSentryMappingData1, true); - - TSentryMappingData tSentryMappingData2 = new TSentryMappingData(); - Map> sentryGroupRolesMap2 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap2 = Maps.newHashMap(); - sentryGroupRolesMap2.put("group1", Sets.newHashSet("role2", "role3")); - sentryGroupRolesMap2.put("group2", Sets.newHashSet("role2", "role3")); - sentryGroupRolesMap2.put("group3", Sets.newHashSet("role2", "role3")); - sentryRolePrivilegesMap2.put("role2", Sets.newHashSet(tSentryPrivilege4, tSentryPrivilege5, - tSentryPrivilege6, tSentryPrivilege7, tSentryPrivilege8)); - sentryRolePrivilegesMap2.put("role3", Sets.newHashSet(tSentryPrivilege4, tSentryPrivilege5, - tSentryPrivilege6, tSentryPrivilege7, tSentryPrivilege8)); - tSentryMappingData2.setGroupRolesMap(sentryGroupRolesMap2); - tSentryMappingData2.setRolePrivilegesMap(sentryRolePrivilegesMap2); - // the import with overwrite mode - sentryStore.importSentryMetaData(tSentryMappingData2, true); - - Map rolesMap = sentryStore.getRolesMap(); - Map groupsMap = sentryStore.getGroupNameToGroupMap(); - List privilegesList = sentryStore.getPrivilegesList(); - - // test the result data for the role - verifyRoles(rolesMap, Sets.newHashSet("role1", "role2", "role3")); - - // test the result data for the group - verifyGroups(groupsMap, Sets.newHashSet("group1", "group2", "group3")); - - // test the result data for the privilege - verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - - // test the mapping data for group and role - List>> mapList = sentryStore.getGroupUserRoleMapList(null); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // test the mapping data for role and privilege - Map> actualRolePrivilegesMap = sentryStore - .getRoleNameTPrivilegesMap(); - Map> exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5)); - // role2 should be overwrite - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege4, tSentryPrivilege5, - tSentryPrivilege6, tSentryPrivilege7, tSentryPrivilege8)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4, tSentryPrivilege5, - tSentryPrivilege6, tSentryPrivilege7, tSentryPrivilege8)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - } - - // test the import privileges with the action: All, *, select, insert - // All and * should replace the select and insert - // The data for import: - // group1=role1, role2 - // role1=testPrivilege1,testPrivilege2,testPrivilege3,testPrivilege4 - // role2=testPrivilege5, testPrivilege6,testPrivilege7,testPrivilege8 - @Test - public void testImportExportPolicy9() throws Exception { - TSentryPrivilege testPrivilege1 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), - "server1", "db1", "tbl1", "", "", AccessConstants.SELECT, TSentryGrantOption.TRUE); - TSentryPrivilege testPrivilege2 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), - "server1", "db1", "tbl1", "", "", AccessConstants.INSERT, TSentryGrantOption.FALSE); - TSentryPrivilege testPrivilege3 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), - "server1", "db1", "tbl1", "", "", AccessConstants.ACTION_ALL, TSentryGrantOption.TRUE); - TSentryPrivilege testPrivilege4 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), - "server1", "db1", "tbl1", "", "", AccessConstants.INSERT, TSentryGrantOption.TRUE); - TSentryPrivilege testPrivilege5 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), - "server1", "db1", "tbl2", "", "", AccessConstants.SELECT, TSentryGrantOption.TRUE); - TSentryPrivilege testPrivilege6 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), - "server1", "db1", "tbl2", "", "", AccessConstants.INSERT, TSentryGrantOption.FALSE); - TSentryPrivilege testPrivilege7 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), - "server1", "db1", "tbl2", "", "", AccessConstants.ALL, TSentryGrantOption.TRUE); - TSentryPrivilege testPrivilege8 = createTSentryPrivilege(PrivilegeScope.TABLE.name(), - "server1", "db1", "tbl2", "", "", AccessConstants.INSERT, TSentryGrantOption.TRUE); - - TSentryMappingData tSentryMappingData1 = new TSentryMappingData(); - Map> sentryGroupRolesMap1 = Maps.newHashMap(); - Map> sentryRolePrivilegesMap1 = Maps.newHashMap(); - sentryGroupRolesMap1.put("group1", Sets.newHashSet("role1", "role2")); - // after import there should be only testPrivilege2, testPrivilege3 - sentryRolePrivilegesMap1.put("role1", - Sets.newHashSet(testPrivilege1, testPrivilege2, testPrivilege3, testPrivilege4)); - // after import there should be only testPrivilege6,testPrivilege7 - sentryRolePrivilegesMap1.put("role2", - Sets.newHashSet(testPrivilege5, testPrivilege6, testPrivilege7, testPrivilege8)); - tSentryMappingData1.setGroupRolesMap(sentryGroupRolesMap1); - tSentryMappingData1.setRolePrivilegesMap(sentryRolePrivilegesMap1); - // the import with overwrite mode - sentryStore.importSentryMetaData(tSentryMappingData1, true); - - Map rolesMap = sentryStore.getRolesMap(); - Map groupsMap = sentryStore.getGroupNameToGroupMap(); - - // test the result data for the role - verifyRoles(rolesMap, Sets.newHashSet("role1", "role2")); - - // test the result data for the group - verifyGroups(groupsMap, Sets.newHashSet("group1")); - - // test the mapping data for group and role - List>> mapList = sentryStore.getGroupUserRoleMapList(null); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // test the mapping data for role and privilege - Map> actualRolePrivilegesMap = sentryStore - .getRoleNameTPrivilegesMap(); - Map> exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(testPrivilege2, testPrivilege3)); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(testPrivilege6, testPrivilege7)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - } - - // The following data is imported: - // group1=role1 - // group2=role1,role2 - // group3=role2,role3 - // group4=role1,role2,role3 - // role1=privilege3,privilege4,privilege9 - // role2=privilege3,privilege4,privilege5,privilege6,privilege7 - // role3=privilege4,privilege5,privilege6,privilege7,privilege8 - // Export APIs getRoleNameTPrivilegesMap, getGroupNameRoleNamesMap are tested. - @Test - public void testExportPolicyWithSpecificObject() throws Exception { - // import the data for test - TSentryMappingData tSentryMappingData = new TSentryMappingData(); - Map> sentryGroupRolesMap = Maps.newHashMap(); - Map> sentryRolePrivilegesMap = Maps.newHashMap(); - sentryGroupRolesMap.put("group1", Sets.newHashSet("role1")); - sentryGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); - sentryGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - sentryGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); - sentryRolePrivilegesMap.put("role1", Sets.newHashSet( - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege9)); - sentryRolePrivilegesMap.put("role2", Sets.newHashSet( - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7)); - sentryRolePrivilegesMap.put("role3", Sets.newHashSet( - tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - tSentryMappingData.setGroupRolesMap(sentryGroupRolesMap); - tSentryMappingData.setRolePrivilegesMap(sentryRolePrivilegesMap); - sentryStore.importSentryMetaData(tSentryMappingData, false); - - // verify the rolePrivilegesMap and groupRolesMap for db=db1 - Map> actualRolePrivilegesMap = - sentryStore.getRoleNameTPrivilegesMap("db1", ""); - Map> exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege4)); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege4, - tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4, - tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - - List>> mapList = sentryStore.getGroupUserRoleMapList( - actualRolePrivilegesMap.keySet()); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // verify the rolePrivilegesMap and groupRolesMap for db=db2 - actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("db2", ""); - exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege3, tSentryPrivilege9)); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege3)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - - mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet()); - actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP); - exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2")); - exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // verify the rolePrivilegesMap and groupRolesMap for db=db1 and table=tbl1 - actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("db1", "tbl1"); - exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege4)); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege4)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - - mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet()); - actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP); - exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // verify the rolePrivilegesMap and groupRolesMap for db=db1 and table=tbl2 - actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("db1", "tbl2"); - exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege5)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege5)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - - mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet()); - actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP); - exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - exceptedGroupRolesMap.put("group4", Sets.newHashSet("role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // verify the rolePrivilegesMap and groupRolesMap for table=tbl1 - actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("", "tbl1"); - exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege4, tSentryPrivilege9)); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege4)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - - mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet()); - actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP); - exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - // verify the rolePrivilegesMap and groupRolesMap for empty parameter - actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("", ""); - exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege3, - tSentryPrivilege4, tSentryPrivilege9)); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege3, - tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4, - tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - - mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet()); - actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP); - exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1")); - exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2")); - exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3")); - exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - } - - // Befor import, database is empty. - // The following information is imported: - // group1=role1,role2,role3 - // user1=role1,role2 - // user2=role2,role3 - // role1=privilege1,privilege2,privilege3,privilege4 - // role2=privilege5,privilege6,privilege7,privilege8 - // role3=privilege3,privilege4,privilege5,privilege6 - // Both import API importSentryMetaData and export APIs getRolesMap, getGroupsMap, - // getUsersMap getPrivilegesList are tested. - @Test - public void testImportExportWithUser() throws Exception { - TSentryMappingData tSentryMappingData = new TSentryMappingData(); - Map> groupRolesMap = Maps.newHashMap(); - Map> userRolesMap = Maps.newHashMap(); - Map> sentryRolePrivilegesMap = Maps.newHashMap(); - groupRolesMap.put("group1", Sets.newHashSet("Role1", "role2", "role3")); - userRolesMap.put("user1", Sets.newHashSet("Role1", "role2")); - userRolesMap.put("user2", Sets.newHashSet("role2", "role3")); - sentryRolePrivilegesMap.put("Role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4)); - sentryRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - sentryRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege3, - tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6)); - tSentryMappingData.setGroupRolesMap(groupRolesMap); - tSentryMappingData.setRolePrivilegesMap(sentryRolePrivilegesMap); - tSentryMappingData.setUserRolesMap(userRolesMap); - sentryStore.importSentryMetaData(tSentryMappingData, false); - - Map rolesMap = sentryStore.getRolesMap(); - Map groupsMap = sentryStore.getGroupNameToGroupMap(); - Map usersMap = sentryStore.getUserNameToUserMap(); - List privilegesList = sentryStore.getPrivilegesList(); - - // test the result data for the role - verifyRoles(rolesMap, Sets.newHashSet("role1", "role2", "role3")); - - // test the result data for the group - verifyGroups(groupsMap, Sets.newHashSet("group1")); - - // test the result data for the user - verifyUsers(usersMap, Sets.newHashSet("user1", "user2")); - - // test the result data for the privilege - verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - - // test the mapping data for group and role - List>> mapList = sentryStore.getGroupUserRoleMapList(null); - Map> actualGroupRolesMap = mapList.get( - SentryStore.INDEX_GROUP_ROLES_MAP); - Map> exceptedGroupRolesMap = Maps.newHashMap(); - exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3")); - verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap); - - Map> actualUserRolesMap = mapList.get( - SentryStore.INDEX_USER_ROLES_MAP); - Map> exceptedUserRolesMap = Maps.newHashMap(); - exceptedUserRolesMap.put("user1", Sets.newHashSet("role1", "role2")); - exceptedUserRolesMap.put("user2", Sets.newHashSet("role2", "role3")); - verifyUserGroupRolesMap(actualUserRolesMap, exceptedUserRolesMap); - - // test the mapping data for role and privilege - Map> actualRolePrivilegesMap = sentryStore - .getRoleNameTPrivilegesMap(); - Map> exceptedRolePrivilegesMap = Maps.newHashMap(); - exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, - tSentryPrivilege3, tSentryPrivilege4)); - exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, - tSentryPrivilege7, tSentryPrivilege8)); - exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege3, - tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6)); - - verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap); - } - - private void verifyRoles(Map actualRoleMap, Set expectedRoleNameSet) { - assertEquals(expectedRoleNameSet.size(), actualRoleMap.keySet().size()); - for (String roleName : actualRoleMap.keySet()) { - assertTrue(expectedRoleNameSet.contains(roleName)); - } - } - - private void verifyGroups(Map actualGroupsMap, - Set expectedGroupNameSet) { - assertEquals(expectedGroupNameSet.size(), actualGroupsMap.keySet().size()); - for (String groupName : actualGroupsMap.keySet()) { - assertTrue(expectedGroupNameSet.contains(groupName)); - } - } - - private void verifyUsers(Map actualUsersMap, - Set expectedUserNameSet) { - assertEquals(expectedUserNameSet.size(), actualUsersMap.keySet().size()); - for (String userName : actualUsersMap.keySet()) { - assertTrue(expectedUserNameSet.contains(userName)); - } - } - - private void verifyPrivileges(List actualPrivileges, - Set expectedTSentryPrivilegeSet) { - assertEquals(expectedTSentryPrivilegeSet.size(), actualPrivileges.size()); - for (MSentryPrivilege mSentryPrivilege : actualPrivileges) { - boolean isFound = false; - for (TSentryPrivilege tSentryPrivilege : expectedTSentryPrivilegeSet) { - isFound = compareTSentryPrivilege(sentryStore.convertToTSentryPrivilege(mSentryPrivilege), - tSentryPrivilege); - if (isFound) { - break; - } - } - assertTrue(isFound); - } - } - - private void verifyUserGroupRolesMap(Map> actualMap, - Map> exceptedMap) { - assertEquals(exceptedMap.keySet().size(), actualMap.keySet().size()); - for (String name : actualMap.keySet()) { - Set exceptedRoles = exceptedMap.get(name); - Set actualRoles = actualMap.get(name); - assertEquals(actualRoles.size(), exceptedRoles.size()); - assertTrue(actualRoles.equals(exceptedRoles)); - } - } - - private void verifyRolePrivilegesMap(Map> actualRolePrivilegesMap, - Map> expectedRolePrivilegesMap) { - assertEquals(expectedRolePrivilegesMap.keySet().size(), actualRolePrivilegesMap.keySet().size()); - for (String roleName : expectedRolePrivilegesMap.keySet()) { - Set exceptedTSentryPrivileges = expectedRolePrivilegesMap.get(roleName); - Set actualTSentryPrivileges = actualRolePrivilegesMap.get(roleName); - assertEquals(exceptedTSentryPrivileges.size(), actualTSentryPrivileges.size()); - for (TSentryPrivilege actualPrivilege : actualTSentryPrivileges) { - boolean isFound = false; - for (TSentryPrivilege expectedPrivilege : exceptedTSentryPrivileges) { - isFound = compareTSentryPrivilege(expectedPrivilege, actualPrivilege); - if (isFound) { - break; - } - } - assertTrue(isFound); - } - } - } - - private TSentryPrivilege createTSentryPrivilege(String scope, String server, String dbName, - String tableName, String columnName, String uri, String action, TSentryGrantOption grantOption) { - TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(); - tSentryPrivilege.setPrivilegeScope(scope); - tSentryPrivilege.setServerName(server); - tSentryPrivilege.setDbName(dbName); - tSentryPrivilege.setTableName(tableName); - tSentryPrivilege.setColumnName(columnName); - tSentryPrivilege.setURI(uri); - tSentryPrivilege.setAction(action); - tSentryPrivilege.setGrantOption(grantOption); - return tSentryPrivilege; - } - - // compare the TSentryPrivilege without the create time - private boolean compareTSentryPrivilege(TSentryPrivilege tSentryPrivilege1, - TSentryPrivilege tSentryPrivilege2) { - if (tSentryPrivilege1 == null) { - if (tSentryPrivilege2 == null) { - return true; - } else { - return false; - } - } else { - if (tSentryPrivilege2 == null) { - return false; - } - } - - boolean this_present_privilegeScope = true && tSentryPrivilege1.isSetPrivilegeScope(); - boolean that_present_privilegeScope = true && tSentryPrivilege2.isSetPrivilegeScope(); - if (this_present_privilegeScope || that_present_privilegeScope) { - if (!(this_present_privilegeScope && that_present_privilegeScope)) { - return false; - } - if (!tSentryPrivilege1.getPrivilegeScope().equalsIgnoreCase( - tSentryPrivilege2.getPrivilegeScope())) { - return false; - } - } - - boolean this_present_serverName = true && tSentryPrivilege1.isSetServerName(); - boolean that_present_serverName = true && tSentryPrivilege2.isSetServerName(); - if (this_present_serverName || that_present_serverName) { - if (!(this_present_serverName && that_present_serverName)) { - return false; - } - if (!tSentryPrivilege1.getServerName().equalsIgnoreCase(tSentryPrivilege2.getServerName())) { - return false; - } - } - - boolean this_present_dbName = true && tSentryPrivilege1.isSetDbName(); - boolean that_present_dbName = true && tSentryPrivilege2.isSetDbName(); - if (this_present_dbName || that_present_dbName) { - if (!(this_present_dbName && that_present_dbName)) { - return false; - } - if (!tSentryPrivilege1.getDbName().equalsIgnoreCase(tSentryPrivilege2.getDbName())) { - return false; - } - } - - boolean this_present_tableName = true && tSentryPrivilege1.isSetTableName(); - boolean that_present_tableName = true && tSentryPrivilege2.isSetTableName(); - if (this_present_tableName || that_present_tableName) { - if (!(this_present_tableName && that_present_tableName)) { - return false; - } - if (!tSentryPrivilege1.getTableName().equalsIgnoreCase(tSentryPrivilege2.getTableName())) { - return false; - } - } - - boolean this_present_URI = true && tSentryPrivilege1.isSetURI(); - boolean that_present_URI = true && tSentryPrivilege2.isSetURI(); - if (this_present_URI || that_present_URI) { - if (!(this_present_URI && that_present_URI)) { - return false; - } - if (!tSentryPrivilege1.getURI().equalsIgnoreCase(tSentryPrivilege2.getURI())) { - return false; - } - } - - boolean this_present_action = true && tSentryPrivilege1.isSetAction(); - boolean that_present_action = true && tSentryPrivilege2.isSetAction(); - if (this_present_action || that_present_action) { - if (!(this_present_action && that_present_action)) { - return false; - } - if (!tSentryPrivilege1.getAction().equalsIgnoreCase(tSentryPrivilege2.getAction())) { - return false; - } - } - - boolean this_present_grantOption = true && tSentryPrivilege1.isSetGrantOption(); - boolean that_present_grantOption = true && tSentryPrivilege2.isSetGrantOption(); - if (this_present_grantOption || that_present_grantOption) { - if (!(this_present_grantOption && that_present_grantOption)) { - return false; - } - if (!tSentryPrivilege1.getGrantOption().equals(tSentryPrivilege2.getGrantOption())) { - return false; - } - } - - boolean this_present_columnName = true && tSentryPrivilege1.isSetColumnName(); - boolean that_present_columnName = true && tSentryPrivilege2.isSetColumnName(); - if (this_present_columnName || that_present_columnName) { - if (!(this_present_columnName && that_present_columnName)) { - return false; - } - if (!tSentryPrivilege1.getColumnName().equalsIgnoreCase(tSentryPrivilege2.getColumnName())) { - return false; - } - } - - return true; - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java deleted file mode 100644 index 25f94fa..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java +++ /dev/null @@ -1,86 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.service.persistent; - -import static org.junit.Assert.assertEquals; - -import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.provider.db.service.model.MSentryPrivilege; -import org.junit.Test; - -public class TestSentryStoreToAuthorizable { - - private MSentryPrivilege privilege; - - @Test - public void testServer() { - privilege = new MSentryPrivilege(null, "server1", null, null, null, null, null); - assertEquals("server=server1", - SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, "server1", null, null, null, null, - AccessConstants.ALL); - assertEquals("server=server1", - SentryStore.toAuthorizable(privilege)); - } - - @Test - public void testTable() { - privilege = new MSentryPrivilege(null, "server1", "db1", "tbl1", null, null, null); - assertEquals("server=server1->db=db1->table=tbl1", - SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, "server1", "db1", "tbl1", null, null, - AccessConstants.INSERT); - assertEquals("server=server1->db=db1->table=tbl1->action=insert", - SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, "server1", "db1", "tbl1", null, null, - AccessConstants.SELECT); - assertEquals("server=server1->db=db1->table=tbl1->action=select", - SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, "server1", "db1", "tbl1", null, null, - AccessConstants.ALL); - assertEquals("server=server1->db=db1->table=tbl1", - SentryStore.toAuthorizable(privilege)); - } - - @Test - public void testDb() { - privilege = new MSentryPrivilege(null, "server1", "db1", null, null, null, null); - assertEquals("server=server1->db=db1", - SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, "server1", "db1", null, null, null, - AccessConstants.ALL); - assertEquals("server=server1->db=db1", - SentryStore.toAuthorizable(privilege)); - } - - @Test - public void testUri() { - privilege = new MSentryPrivilege(null, "server1", null, null, null, "file:///", null); - assertEquals("server=server1->uri=file:///", - SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, "server1", null, null, null, "file:///", - AccessConstants.SELECT); - assertEquals("server=server1->uri=file:///->action=select", - SentryStore.toAuthorizable(privilege)); - privilege = new MSentryPrivilege(null, "server1", null, null, null, "file:///", - AccessConstants.ALL); - assertEquals("server=server1->uri=file:///", - SentryStore.toAuthorizable(privilege)); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryVersion.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryVersion.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryVersion.java deleted file mode 100644 index 21aa7f9..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryVersion.java +++ /dev/null @@ -1,91 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.provider.db.service.persistent; - -import static org.junit.Assert.assertEquals; - -import java.io.File; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.core.common.exception.SentryNoSuchObjectException; -import org.apache.sentry.api.common.SentryServiceUtil; -import org.apache.sentry.service.common.ServiceConstants.ServerConfig; -import org.junit.Before; -import org.junit.Test; - -import com.google.common.io.Files; - -public class TestSentryVersion { - - private File dataDir; - private Configuration conf; - - @Before - public void setup() throws Exception { - dataDir = new File(Files.createTempDir(), "sentry_policy_db"); - conf = new Configuration(false); - conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" - + dataDir.getPath() + ";create=true"); - conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); - } - - /** - * Create the schema using auto creation Create new sentry store without - * implicit schema creation on the same backend db and make sure it starts - * - * @throws Exception - */ - @Test - public void testVerifySentryVersionCheck() throws Exception { - conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); - boolean hdfsSyncEnabled = SentryServiceUtil.isHDFSSyncEnabled(conf); - SentryStore sentryStore = new SentryStore(conf); - sentryStore.setPersistUpdateDeltas(hdfsSyncEnabled); - sentryStore.stop(); - conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "true"); - sentryStore = new SentryStore(conf); - sentryStore.setPersistUpdateDeltas(hdfsSyncEnabled); - } - - /** - * Verify that store is not initialized by default without schema pre-created - * - * @throws Exception - */ - @Test(expected = SentryNoSuchObjectException.class) - public void testNegSentrySchemaDefault() throws Exception { - new SentryStore(conf); - } - - /** - * With schema verification turned off, Sentry Store should autoCreate the - * schema - * @throws Exception - */ - @Test - public void testSentryImplicitVersion() throws Exception { - conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); - boolean hdfsSyncEnabled = SentryServiceUtil.isHDFSSyncEnabled(conf); - SentryStore sentryStore = new SentryStore(conf); - sentryStore.setPersistUpdateDeltas(hdfsSyncEnabled); - assertEquals(SentryStoreSchemaInfo.getSentryVersion(), - sentryStore.getSentryVersion()); - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java deleted file mode 100644 index 7e5e91d..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java +++ /dev/null @@ -1,309 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sentry.service.thrift; -import java.io.File; -import java.security.PrivilegedExceptionAction; -import java.util.Properties; -import java.util.Set; -import java.util.concurrent.TimeoutException; - - -import com.google.common.io.Resources; -import org.apache.commons.io.FileUtils; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.minikdc.MiniKdc; -import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.sentry.api.common.ApiConstants; -import org.apache.sentry.api.common.Status; -import org.apache.sentry.api.service.thrift.SentryMiniKdcTestcase; -import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient; -import org.apache.sentry.api.service.thrift.TSentryRole; -import org.apache.sentry.provider.file.PolicyFile; -import org.apache.sentry.service.common.ServiceConstants.ServerConfig; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Strings; -import com.google.common.io.Files; - -public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase { - private static final Logger LOGGER = LoggerFactory.getLogger(SentryServiceIntegrationBase.class); - - protected static final String SERVER_HOST = NetUtils.createSocketAddr("localhost:80").getAddress().getCanonicalHostName(); - protected static final String REALM = "EXAMPLE.COM"; - protected static final String SERVER_PRINCIPAL = "sentry/" + SERVER_HOST; - protected static String SERVER_KERBEROS_NAME = "sentry/" + SERVER_HOST + "@" + REALM; - protected static final String HTTP_PRINCIPAL = "HTTP/" + SERVER_HOST; - protected static final String CLIENT_PRINCIPAL = "hive/" + SERVER_HOST; - protected static final String CLIENT_KERBEROS_SHORT_NAME = "hive"; - protected static final String ADMIN_USER = "admin_user"; - protected static final String ADMIN_GROUP = "admin_group"; - - protected static SentryService server; - protected SentryPolicyServiceClient client; - protected static MiniKdc kdc; - protected static File kdcWorkDir; - protected static File dbDir; - protected static File serverKeytab; - protected static File httpKeytab; - protected static File clientKeytab; - protected static UserGroupInformation clientUgi; - protected static boolean kerberos; - protected final static Configuration conf = new Configuration(false); - protected PolicyFile policyFile; - protected File policyFilePath; - protected static Properties kdcConfOverlay = new Properties(); - - protected static boolean webServerEnabled = false; - protected static int webServerPort = ServerConfig.SENTRY_WEB_PORT_DEFAULT; - protected static boolean webSecurity = false; - - protected static boolean pooled = false; - - protected static boolean useSSL = false; - protected static String allowedUsers = "hive,USER1"; - - @BeforeClass - public static void setup() throws Exception { - kerberos = true; - pooled = true; - beforeSetup(); - setupConf(); - startSentryService(); - afterSetup(); - } - - private static void setupKdc() throws Exception { - startMiniKdc(kdcConfOverlay); - } - - public static void startSentryService() throws Exception { - server.start(); - final long start = System.currentTimeMillis(); - while(!server.isRunning()) { - Thread.sleep(1000); - if(System.currentTimeMillis() - start > 60000L) { - throw new TimeoutException("Server did not start after 60 seconds"); - } - } - } - - public void stopSentryService() throws Exception { - server.stop(); - Thread.sleep(30000); - } - - public static void setupConf() throws Exception { - if (kerberos) { - setupKdc(); - kdc = getKdc(); - kdcWorkDir = getWorkDir(); - serverKeytab = new File(kdcWorkDir, "server.keytab"); - clientKeytab = new File(kdcWorkDir, "client.keytab"); - kdc.createPrincipal(serverKeytab, SERVER_PRINCIPAL); - kdc.createPrincipal(clientKeytab, CLIENT_PRINCIPAL); - conf.set(ServerConfig.PRINCIPAL, getServerKerberosName()); - conf.set(ServerConfig.KEY_TAB, serverKeytab.getPath()); - conf.set(ServerConfig.ALLOW_CONNECT, CLIENT_KERBEROS_SHORT_NAME); - conf.set(ServerConfig.SERVER_HA_ZOOKEEPER_CLIENT_PRINCIPAL, - getServerKerberosName()); - conf.set(ServerConfig.SERVER_HA_ZOOKEEPER_CLIENT_KEYTAB, - serverKeytab.getPath()); - - conf.set(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true"); - conf.set("hadoop.security.authentication", "kerberos"); - UserGroupInformation.setConfiguration(conf); - UserGroupInformation.loginUserFromKeytab(CLIENT_PRINCIPAL, clientKeytab.getPath()); - clientUgi = UserGroupInformation.getLoginUser(); - } else { - LOGGER.info("Stopped KDC"); - conf.set(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_NONE); - } - - if (webServerEnabled) { - conf.set(ServerConfig.SENTRY_WEB_ENABLE, "true"); - conf.set(ServerConfig.SENTRY_WEB_PORT, String.valueOf(webServerPort)); - conf.set(ServerConfig.SENTRY_WEB_PUBSUB_SERVLET_ENABLED, "true"); - if (webSecurity) { - httpKeytab = new File(kdcWorkDir, "http.keytab"); - kdc.createPrincipal(httpKeytab, HTTP_PRINCIPAL); - conf.set(ServerConfig.SENTRY_WEB_SECURITY_TYPE, - ServerConfig.SENTRY_WEB_SECURITY_TYPE_KERBEROS); - conf.set(ServerConfig.SENTRY_WEB_SECURITY_PRINCIPAL, HTTP_PRINCIPAL); - conf.set(ServerConfig.SENTRY_WEB_SECURITY_KEYTAB, httpKeytab.getPath()); - conf.set(ServerConfig.SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS, allowedUsers); - } else { - conf.set(ServerConfig.SENTRY_WEB_SECURITY_TYPE, - ServerConfig.SENTRY_WEB_SECURITY_TYPE_NONE); - } - } else { - conf.set(ServerConfig.SENTRY_WEB_ENABLE, "false"); - } - if (pooled) { - conf.set(ApiConstants.ClientConfig.SENTRY_POOL_ENABLED, "true"); - } - if (useSSL) { - String keystorePath = Resources.getResource("keystore.jks").getPath(); - conf.set(ServerConfig.SENTRY_WEB_USE_SSL, "true"); - conf.set(ServerConfig.SENTRY_WEB_SSL_KEYSTORE_PATH, keystorePath); - conf.set(ServerConfig.SENTRY_WEB_SSL_KEYSTORE_PASSWORD, "password"); - - LOGGER.debug("{} is at {}", ServerConfig.SENTRY_WEB_SSL_KEYSTORE_PATH, keystorePath); - } - conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); - conf.set(ServerConfig.ADMIN_GROUPS, ADMIN_GROUP); - conf.set(ServerConfig.RPC_ADDRESS, SERVER_HOST); - conf.set(ServerConfig.RPC_PORT, String.valueOf(0)); - dbDir = new File(Files.createTempDir(), "sentry_policy_db"); - conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, - "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true"); - conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); - server = SentryServiceFactory.create(conf); - conf.set(ApiConstants.ClientConfig.SERVER_RPC_ADDRESS, server.getAddress().getHostName()); - conf.set(ApiConstants.ClientConfig.SERVER_RPC_PORT, String.valueOf(server.getAddress().getPort())); - conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, - ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); - } - - @Before - public void before() throws Exception { - policyFilePath = new File(dbDir, "local_policy_file.ini"); - conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, - policyFilePath.getPath()); - policyFile = new PolicyFile(); - connectToSentryService(); - } - - @After - public void after() { - try { - runTestAsSubject(new TestOperation() { - @Override - public void runTestAsSubject() throws Exception { - if (client != null) { - Set tRoles = client.listAllRoles(ADMIN_USER); - if (tRoles != null) { - for (TSentryRole tRole : tRoles) { - client.dropRole(ADMIN_USER, tRole.getRoleName()); - } - } - client.close(); - } - } - }); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } finally { - policyFilePath.delete(); - } - } - - public void connectToSentryService() throws Exception { - if (kerberos) { - client = clientUgi.doAs(new PrivilegedExceptionAction() { - @Override - public SentryPolicyServiceClient run() throws Exception { - return SentryServiceClientFactory.create(conf); - } - }); - } else { - client = SentryServiceClientFactory.create(conf); - } - } - - @AfterClass - public static void tearDown() throws Exception { - beforeTeardown(); - - if(server != null) { - server.stop(); - } - if (dbDir != null) { - FileUtils.deleteQuietly(dbDir); - } - stopMiniKdc(); - afterTeardown(); - } - - public static String getServerKerberosName() { - return SERVER_KERBEROS_NAME; - } - - public static void beforeSetup() throws Exception { - - } - public static void afterSetup() throws Exception { - - } - public static void beforeTeardown() throws Exception { - - } - public static void afterTeardown() throws Exception { - - } - protected static void assertOK(TSentryResponseStatus resp) { - assertStatus(Status.OK, resp); - } - - protected static void assertStatus(Status status, TSentryResponseStatus resp) { - if (resp.getValue() != status.getCode()) { - String message = "Expected: " + status + ", Response: " + Status.fromCode(resp.getValue()) - + ", Code: " + resp.getValue() + ", Message: " + resp.getMessage(); - String stackTrace = Strings.nullToEmpty(resp.getStack()).trim(); - if (!stackTrace.isEmpty()) { - message += ", StackTrace: " + stackTrace; - } - Assert.fail(message); - } - } - - protected void setLocalGroupMapping(String user, Set groupSet) { - for (String group : groupSet) { - policyFile.addGroupsToUser(user, group); - } - } - - protected void writePolicyFile() throws Exception { - policyFile.write(policyFilePath); - } - - protected void runTestAsSubject(final TestOperation test) throws Exception { - /*if (false) { - clientUgi.doAs(new PrivilegedExceptionAction() { - @Override - public Void run() throws Exception { - test.runTestAsSubject(); - return null; - }}); - } else { - */ test.runTestAsSubject(); - //} - } - - protected interface TestOperation { - void runTestAsSubject() throws Exception; - } - -} http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryStateBankTestHelper.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryStateBankTestHelper.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryStateBankTestHelper.java deleted file mode 100644 index 48212a0..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryStateBankTestHelper.java +++ /dev/null @@ -1,29 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with the License. You may obtain - * a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.sentry.service.thrift; - -/** - * - */ -public class SentryStateBankTestHelper { - - public static void clearAllStates() { - SentryStateBank.clearAllStates(); - } - - public static void resetComponentState(String component) { - SentryStateBank.resetComponentState(component); - } -} http://git-wip-us.apache.org/repos/asf/sentry/blob/b97f5c7a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryWebMetricParser.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryWebMetricParser.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryWebMetricParser.java deleted file mode 100644 index 8446d95..0000000 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryWebMetricParser.java +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.service.thrift; - -import org.codehaus.jackson.JsonNode; -import org.codehaus.jackson.map.ObjectMapper; - -import java.io.IOException; - - -/** - * The SentryWebMetricParser is used to parse the metrics displayed on the sentry web ui. - */ -public class SentryWebMetricParser { - private JsonNode root; - private final String sentryService = SentryService.class.getName(); - private ObjectMapper mapper; - - public SentryWebMetricParser(String response) throws IOException { - this.mapper = new ObjectMapper(); - this.root = mapper.readTree(response); - } - - public void refreshRoot(String response) throws IOException { - root = mapper.readTree(response); - } - - public JsonNode getRoot() { - return root; - } - - public JsonNode getGauges(JsonNode root) { - JsonNode gauges = root.findPath("gauges"); - return gauges; - } - - public JsonNode getCounters(JsonNode root) { - JsonNode counters = root.findPath("counters"); - return counters; - } - - public JsonNode getHistograms(JsonNode root) { - JsonNode histograms = root.findPath("histograms"); - return histograms; - } - - public JsonNode getMeters(JsonNode root) { - JsonNode meters = root.findPath("meters"); - return meters; - } - - public JsonNode getTimers(JsonNode root) { - JsonNode timers = root.findPath("timers"); - return timers; - } - - public JsonNode getValue(JsonNode node) { - return node.findPath("value"); - } - - public boolean isHA() { - JsonNode gauges = getGauges(root); - JsonNode obj = getValue(gauges.findPath(sentryService + ".is_ha")); - return obj.getValueAsBoolean(); - } - - public boolean isActive() { - JsonNode gauges = getGauges(root); - JsonNode obj = getValue(gauges.findPath(sentryService + ".is_active")); - return obj.getBooleanValue(); - } -} \ No newline at end of file