sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gcha...@apache.org
Subject incubator-sentry git commit: SENTRY-1032: Rename shell command group/role shell commands and implement with solr shell (Gregory Chanan, reviewed by: Sravya Tirukkovalur)
Date Wed, 03 Feb 2016 20:49:14 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/master 488f88061 -> 25f88cb88


SENTRY-1032: Rename shell command group/role shell commands and implement with solr shell
(Gregory Chanan, reviewed by: Sravya Tirukkovalur)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/25f88cb8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/25f88cb8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/25f88cb8

Branch: refs/heads/master
Commit: 25f88cb88329823b1474ab4189e477b26537a74a
Parents: 488f880
Author: Gregory Chanan <gchanan@cloudera.com>
Authored: Wed Jan 27 13:08:08 2016 -0800
Committer: Gregory Chanan <gchanan@cloudera.com>
Committed: Wed Feb 3 12:48:16 2016 -0800

----------------------------------------------------------------------
 .../db/generic/tools/SentryShellSolr.java       |   4 +-
 .../tools/command/AddRoleToGroupCmd.java        |  46 +++++
 .../tools/command/DeleteRoleFromGroupCmd.java   |  46 +++++
 .../db/generic/tools/command/ListRolesCmd.java  |   2 +-
 .../provider/db/tools/SentryShellCommon.java    |  10 +-
 .../command/hive/GrantRoleToGroupsCmd.java      |   3 +-
 .../db/generic/tools/TestSentryShellSolr.java   | 172 +++++++++++--------
 .../provider/db/tools/TestSentryShellHive.java  |  66 +++----
 8 files changed, 233 insertions(+), 116 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
index 8e70ab7..b0d97cd 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java
@@ -54,9 +54,9 @@ public class SentryShellSolr extends SentryShellCommon {
     } else if (isDropRole) {
       command = new DropRoleCmd(roleName, component);
     } else if (isAddRoleGroup) {
-      throw new UnsupportedOperationException("Add group to role not supported for Solr client");
+      command = new AddRoleToGroupCmd(roleName, groupName, component);
     } else if (isDeleteRoleGroup) {
-      throw new UnsupportedOperationException("Delete group from role not supported for Solr
client");
+      command = new DeleteRoleFromGroupCmd(roleName, groupName, component);
     } else if (isGrantPrivilegeRole) {
       command = new GrantPrivilegeToRoleCmd(roleName, component,
           privilegeStr, new SolrTSentryPrivilegeConvertor(component, service));

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java
new file mode 100644
index 0000000..a45d7e4
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.generic.tools.command;
+
+import com.google.common.collect.Sets;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
+import org.apache.sentry.provider.db.tools.SentryShellCommon;
+
+import java.util.Set;
+
+/**
+ * Command for adding groups to a role.
+ */
+public class AddRoleToGroupCmd implements Command {
+
+  private String roleName;
+  private String groups;
+  private String component;
+
+  public AddRoleToGroupCmd(String roleName, String groups, String component) {
+    this.roleName = roleName;
+    this.groups = groups;
+    this.component = component;
+  }
+
+  @Override
+  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception
{
+    Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR));
+    client.addRoleToGroups(requestorName, roleName, component, groupSet);
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java
new file mode 100644
index 0000000..95f39ea
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.generic.tools.command;
+
+import com.google.common.collect.Sets;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
+import org.apache.sentry.provider.db.tools.SentryShellCommon;
+
+import java.util.Set;
+
+/**
+ * Command for deleting groups from a role.
+ */
+public class DeleteRoleFromGroupCmd implements Command {
+
+  private String roleName;
+  private String groups;
+  private String component;
+
+  public DeleteRoleFromGroupCmd(String roleName, String groups, String component) {
+    this.groups = groups;
+    this.roleName = roleName;
+    this.component = component;
+  }
+
+  @Override
+  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception
{
+    Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR));
+    client.deleteRoleToGroups(requestorName, roleName, component, groupSet);
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java
index bad47ef..6b68d06 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java
@@ -42,7 +42,7 @@ public class ListRolesCmd implements Command {
     if (StringUtils.isEmpty(groupName)) {
       roles = client.listAllRoles(requestorName, component);
     } else {
-      throw new UnsupportedOperationException("List roles by group name not supported");
+      roles = client.listRolesByGroupName(requestorName, groupName, component);
     }
     if (roles != null) {
       for (TSentryRole role : roles) {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
index 3b2e233..6ddc1de 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java
@@ -62,6 +62,8 @@ abstract public class SentryShellCommon {
   public final static String OPTION_DESC_PRIVILEGE = "Privilege string";
   public final static String PREFIX_MESSAGE_MISSING_OPTION = "Missing required option: ";
 
+  public final static String GROUP_SPLIT_CHAR = ",";
+
   /**
    * parse arguments
    *
@@ -69,8 +71,8 @@ abstract public class SentryShellCommon {
    *   -conf,--sentry_conf             <filepath>                 sentry config file
path
    *   -cr,--create_role            -r <rolename>                 create role
    *   -dr,--drop_role              -r <rolename>                 drop role
-   *   -arg,--add_role_group        -r <rolename>  -g <groupname> add group to
role
-   *   -drg,--delete_role_group     -r <rolename>  -g <groupname> delete group
from role
+   *   -arg,--add_role_group        -r <rolename>  -g <groupname> add role to
group
+   *   -drg,--delete_role_group     -r <rolename>  -g <groupname> delete role
from group
    *   -gpr,--grant_privilege_role  -r <rolename>  -p <privilege> grant privilege
to role
    *   -rpr,--revoke_privilege_role -r <rolename>  -p <privilege> revoke privilege
from role
    *   -lr,--list_role              -g <groupname>                list roles for group
@@ -89,10 +91,10 @@ abstract public class SentryShellCommon {
     Option drOpt = new Option("dr", "drop_role", false, "Drop role");
     drOpt.setRequired(false);
 
-    Option argOpt = new Option("arg", "add_role_group", false, "Add group to role");
+    Option argOpt = new Option("arg", "add_role_group", false, "Add role to group");
     argOpt.setRequired(false);
 
-    Option drgOpt = new Option("drg", "delete_role_group", false, "Delete group from role");
+    Option drgOpt = new Option("drg", "delete_role_group", false, "Delete role from group");
     drgOpt.setRequired(false);
 
     Option gprOpt = new Option("gpr", "grant_privilege_role", false, "Grant privilege to
role");

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
index 39d3591..07a3de4 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
@@ -19,6 +19,7 @@ package org.apache.sentry.provider.db.tools.command.hive;
 
 import com.google.common.collect.Sets;
 import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.provider.db.tools.SentryShellCommon;
 
 import java.util.Set;
 
@@ -37,7 +38,7 @@ public class GrantRoleToGroupsCmd implements Command {
 
   @Override
   public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception
{
-    Set<String> groups = Sets.newHashSet(groupNamesStr.split(CommandUtil.SPLIT_CHAR));
+    Set<String> groups = Sets.newHashSet(groupNamesStr.split(SentryShellCommon.GROUP_SPLIT_CHAR));
     client.grantRoleToGroups(requestorName, roleName, groups);
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
index ae56e99..f1a87a8 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
@@ -30,6 +30,7 @@ import java.io.File;
 import java.io.FileOutputStream;
 import java.io.PrintStream;
 import java.security.PrivilegedExceptionAction;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
 import javax.security.auth.Subject;
@@ -98,21 +99,13 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase
{
         args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() };
         SentryShellSolr sentryShell = new SentryShellSolr();
         Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals("Incorrect number of roles", 2, roleNames.size());
-        for (String roleName : roleNames) {
-          assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName)
-              || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName));
-        }
+        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
 
         // validate the result, list roles with --list_role
         args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() };
         sentryShell = new SentryShellSolr();
         roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals("Incorrect number of roles", 2, roleNames.size());
-        for (String roleName : roleNames) {
-          assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName)
-              || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName));
-        }
+        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
 
         // test: drop role with -dr
         args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath()
};
@@ -129,87 +122,78 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase
{
     });
   }
 
-  // this is not supported, just check that all the permutations
-  // give a reasonable error
   @Test
   public void testAddDeleteRoleForGroup() throws Exception {
     runTestAsSubject(new TestOperation() {
       @Override
       public void runTestAsSubject() throws Exception {
-         // test: add role to multiple groups
-        String[] args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup2,testGroup3",
+        // Must lower case group names, see SENTRY-1035
+        final boolean lowerCaseGroupNames = true;
+        String TEST_GROUP_1 = lowerCaseGroupNames ? "testgroup1" : "testGroup1";
+        String TEST_GROUP_2 = lowerCaseGroupNames ? "testgroup2" : "testGroup2";
+        String TEST_GROUP_3 = lowerCaseGroupNames ? "testgroup3" : "testGroup3";
+
+        // create the role for test
+        client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
+        client.createRole(requestorName, TEST_ROLE_NAME_2, SOLR);
+        // test: add role to group with -arg
+        String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
+            confPath.getAbsolutePath() };
+        SentryShellSolr.main(args);
+        // test: add role to multiple groups
+        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," +
TEST_GROUP_3,
             "-conf",
             confPath.getAbsolutePath() };
-        SentryShellSolr sentryShell = new SentryShellSolr();
-        try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected UnsupportedOperationException");
-        } catch (UnsupportedOperationException e) {
-          // expected
-        }
-
+        SentryShellSolr.main(args);
         // test: add role to group with --add_role_group
-        args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1",
+        args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
             "-conf",
             confPath.getAbsolutePath() };
-        sentryShell = new SentryShellSolr();
-        try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected UnsupportedOperationException");
-        } catch (UnsupportedOperationException e) {
-          // expected
-        }
+        SentryShellSolr.main(args);
 
-        args = new String[] { "-lr", "-g", "testGroup1", "-conf", confPath.getAbsolutePath()
};
-        sentryShell = new SentryShellSolr();
-        try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected UnsupportedOperationException");
-        } catch (UnsupportedOperationException e) {
-          // expected
-        }
+        // validate the result list roles with -lr and -g
+        args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath()
};
+        SentryShellSolr sentryShell = new SentryShellSolr();
+        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
+        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
 
         // list roles with --list_role and -g
-        args = new String[] { "--list_role", "-g", "testGroup2", "-conf",
+        args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf",
             confPath.getAbsolutePath() };
         sentryShell = new SentryShellSolr();
-        try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected UnsupportedOperationException");
-        } catch (UnsupportedOperationException e) {
-          // expected
-        }
+        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
+        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
 
-        // test: delete group from role with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf",
+        args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf",
             confPath.getAbsolutePath() };
         sentryShell = new SentryShellSolr();
-        try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected UnsupportedOperationException");
-        } catch (UnsupportedOperationException e) {
-          // expected
-        }
+        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
+        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
 
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup2,testGroup3",
+        // test: delete role from group with -drg
+        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
+            confPath.getAbsolutePath() };
+        SentryShellSolr.main(args);
+        // test: delete role to multiple groups
+        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," +
TEST_GROUP_3,
             "-conf",
             confPath.getAbsolutePath() };
-        try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected UnsupportedOperationException");
-        } catch (UnsupportedOperationException e) {
-          // expected
-        }
-
-        // test: delete group from role with --delete_role_group
-        args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1",
+        SentryShellSolr.main(args);
+        // test: delete role from group with --delete_role_group
+        args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
             "-conf", confPath.getAbsolutePath() };
-        try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected UnsupportedOperationException");
-        } catch (UnsupportedOperationException e) {
-          // expected
-        }
+        SentryShellSolr.main(args);
+
+        // validate the result
+        Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1,
SOLR);
+        assertEquals("Incorrect number of roles", 0, roles.size());
+        roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, SOLR);
+        assertEquals("Incorrect number of roles", 0, roles.size());
+        roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, SOLR);
+        assertEquals("Incorrect number of roles", 0, roles.size());
+        // clear the test data
+        client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR);
+        client.dropRole(requestorName, TEST_ROLE_NAME_2, SOLR);
       }
     });
   }
@@ -311,6 +295,28 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase
{
           // excepted exception
         }
 
+        // test: add non-exist role to group with -arg
+        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
+            confPath.getAbsolutePath() };
+        sentryShell = new SentryShellSolr();
+        try {
+          sentryShell.executeShell(args);
+          fail("Exception should be thrown for granting non-exist role to group");
+        } catch (SentryUserException e) {
+          // excepted exception
+        }
+
+        // test: drop group from non-exist role with -drg
+        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
+            confPath.getAbsolutePath() };
+        sentryShell = new SentryShellSolr();
+        try {
+          sentryShell.executeShell(args);
+          fail("Exception should be thrown for drop group from non-exist role");
+        } catch (SentryUserException e) {
+          // excepted exception
+        }
+
         // test: grant privilege to role with the error privilege format
         args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=*",
             "-conf", confPath.getAbsolutePath() };
@@ -365,25 +371,25 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase
{
         validateMissingParameterMsg(sentryShell, args,
                 SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
 
-        // test: -r is required when add group to role
+        // test: -r is required when add role to group
         args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath()
};
         sentryShell = new SentryShellSolr();
         validateMissingParameterMsg(sentryShell, args,
                 SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
 
-        // test: -g is required when add group to role
+        // test: -g is required when add role to group
         args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath()
};
         sentryShell = new SentryShellSolr();
         validateMissingParameterMsg(sentryShell, args,
                 SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
 
-        // test: -r is required when delete group from role
+        // test: -r is required when delete role from group
         args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath()
};
         sentryShell = new SentryShellSolr();
         validateMissingParameterMsg(sentryShell, args,
                 SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
 
-        // test: -g is required when delete group from role
+        // test: -g is required when delete role from group
         args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath()
};
         sentryShell = new SentryShellSolr();
         validateMissingParameterMsg(sentryShell, args,
@@ -428,10 +434,10 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase
{
         sentryShell = new SentryShellSolr();
         validateMissingParameterMsgsContains(sentryShell, args,
                 SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[",
-                "-arg Add group to role",
+                "-arg Add role to group",
                 "-cr Create role",
                 "-rpr Revoke privilege from role",
-                "-drg Delete group from role",
+                "-drg Delete role from group",
                 "-lr List role",
                 "-lp List privilege",
                 "-gpr Grant privilege to role",
@@ -455,6 +461,22 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase
{
     return resultSet;
   }
 
+  private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames)
{
+    if (expectedRoleNames != null && expectedRoleNames.length > 0) {
+      assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length,
+          expectedRoleNames.length, roleNames.size());
+      Set<String> lowerCaseRoles = new HashSet<String>();
+      for (String role : roleNames) {
+        lowerCaseRoles.add(role.toLowerCase());
+      }
+
+      for (String expectedRole : expectedRoleNames) {
+        assertTrue("Expected role: " + expectedRole,
+            lowerCaseRoles.contains(expectedRole.toLowerCase()));
+      }
+    }
+  }
+
   private void validateMissingParameterMsg(SentryShellSolr sentryShell, String[] args,
       String expectedErrorMsg) throws Exception {
     Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
index 7883929..6cb1925 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
@@ -26,6 +26,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.PrintStream;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
 
@@ -92,21 +93,13 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
         args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() };
         SentryShellHive sentryShell = new SentryShellHive();
         Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals("Incorrect number of roles", 2, roleNames.size());
-        for (String roleName : roleNames) {
-          assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName)
-              || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName));
-        }
+        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
 
         // validate the result, list roles with --list_role
         args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() };
         sentryShell = new SentryShellHive();
         roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals("Incorrect number of roles", 2, roleNames.size());
-        for (String roleName : roleNames) {
-          assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName)
-              || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName));
-        }
+        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
 
         // test: drop role with -dr
         args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath()
};
@@ -131,7 +124,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
         // create the role for test
         client.createRole(requestorName, TEST_ROLE_NAME_1);
         client.createRole(requestorName, TEST_ROLE_NAME_2);
-        // test: add group to role with -arg
+        // test: add role to group with -arg
         String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf",
             confPath.getAbsolutePath() };
         SentryShellHive.main(args);
@@ -150,32 +143,23 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
         args = new String[] { "-lr", "-g", "testGroup1", "-conf", confPath.getAbsolutePath()
};
         SentryShellHive sentryShell = new SentryShellHive();
         Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals("Incorrect number of roles", 2, roleNames.size());
-        for (String roleName : roleNames) {
-          assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName)
-              || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName));
-        }
+        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
+
 
         // list roles with --list_role and -g
         args = new String[] { "--list_role", "-g", "testGroup2", "-conf",
             confPath.getAbsolutePath() };
         sentryShell = new SentryShellHive();
         roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals("Incorrect number of roles", 1, roleNames.size());
-        for (String roleName : roleNames) {
-          assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName));
-        }
+        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
 
         args = new String[] { "--list_role", "-g", "testGroup3", "-conf",
             confPath.getAbsolutePath() };
         sentryShell = new SentryShellHive();
         roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals("Incorrect number of roles", 1, roleNames.size());
-        for (String roleName : roleNames) {
-          assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName));
-        }
+        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
 
-        // test: delete group from role with -drg
+        // test: delete role from group with -drg
         args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf",
             confPath.getAbsolutePath() };
         SentryShellHive.main(args);
@@ -184,7 +168,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
             "-conf",
             confPath.getAbsolutePath() };
         SentryShellHive.main(args);
-        // test: delete group from role with --delete_role_group
+        // test: delete role from group with --delete_role_group
         args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1",
             "-conf", confPath.getAbsolutePath() };
         SentryShellHive.main(args);
@@ -426,7 +410,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
           // excepted exception
         }
 
-        // test: add group to non-exist role with -arg
+        // test: add non-exist role to group with -arg
         args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
             confPath.getAbsolutePath() };
         sentryShell = new SentryShellHive();
@@ -502,25 +486,25 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
         validateMissingParameterMsg(sentryShell, args,
                 SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
 
-        // test: -r is required when add group to role
+        // test: -r is required when add role to group
         args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath()
};
         sentryShell = new SentryShellHive();
         validateMissingParameterMsg(sentryShell, args,
                 SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
 
-        // test: -g is required when add group to role
+        // test: -g is required when add role to group
         args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath()
};
         sentryShell = new SentryShellHive();
         validateMissingParameterMsg(sentryShell, args,
                 SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
 
-        // test: -r is required when delete group from role
+        // test: -r is required when delete role from group
         args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath()
};
         sentryShell = new SentryShellHive();
         validateMissingParameterMsg(sentryShell, args,
                 SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
 
-        // test: -g is required when delete group from role
+        // test: -g is required when delete role from group
         args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath()
};
         sentryShell = new SentryShellHive();
         validateMissingParameterMsg(sentryShell, args,
@@ -555,10 +539,10 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
         sentryShell = new SentryShellHive();
         validateMissingParameterMsgsContains(sentryShell, args,
                 SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[",
-                "-arg Add group to role",
+                "-arg Add role to group",
                 "-cr Create role",
                 "-rpr Revoke privilege from role",
-                "-drg Delete group from role",
+                "-drg Delete role from group",
                 "-lr List role",
                 "-lp List privilege",
                 "-gpr Grant privilege to role",
@@ -582,6 +566,22 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase
{
     return resultSet;
   }
 
+  private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames)
{
+    if (expectedRoleNames != null && expectedRoleNames.length > 0) {
+      assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length,
+          expectedRoleNames.length, roleNames.size());
+      Set<String> lowerCaseRoles = new HashSet<String>();
+      for (String role : roleNames) {
+        lowerCaseRoles.add(role.toLowerCase());
+      }
+
+      for (String expectedRole : expectedRoleNames) {
+        assertTrue("Expected role: " + expectedRole,
+            lowerCaseRoles.contains(expectedRole.toLowerCase()));
+      }
+    }
+  }
+
   private void validateMissingParameterMsg(SentryShellHive sentryShell, String[] args,
       String exceptedErrorMsg) throws Exception {
     Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);


Mime
View raw message