Return-Path: X-Original-To: apmail-sentry-commits-archive@minotaur.apache.org Delivered-To: apmail-sentry-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C4B5F18DE6 for ; Wed, 3 Feb 2016 20:49:23 +0000 (UTC) Received: (qmail 89698 invoked by uid 500); 3 Feb 2016 20:49:23 -0000 Delivered-To: apmail-sentry-commits-archive@sentry.apache.org Received: (qmail 89651 invoked by uid 500); 3 Feb 2016 20:49:23 -0000 Mailing-List: contact commits-help@sentry.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@sentry.incubator.apache.org Delivered-To: mailing list commits@sentry.incubator.apache.org Received: (qmail 89642 invoked by uid 99); 3 Feb 2016 20:49:23 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Feb 2016 20:49:23 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 1B16A18059C for ; Wed, 3 Feb 2016 20:49:23 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -3.649 X-Spam-Level: X-Spam-Status: No, score=-3.649 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.429] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id BTrW3LrWaIce for ; Wed, 3 Feb 2016 20:49:17 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with SMTP id B157B21150 for ; Wed, 3 Feb 2016 20:49:15 +0000 (UTC) Received: (qmail 88673 invoked by uid 99); 3 Feb 2016 20:49:15 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Feb 2016 20:49:14 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id D4E11DFC8F; Wed, 3 Feb 2016 20:49:14 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: gchanan@apache.org To: commits@sentry.incubator.apache.org Message-Id: <4c3914cfb3f140fc83adbbc2a084b75d@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: incubator-sentry git commit: SENTRY-1032: Rename shell command group/role shell commands and implement with solr shell (Gregory Chanan, reviewed by: Sravya Tirukkovalur) Date: Wed, 3 Feb 2016 20:49:14 +0000 (UTC) Repository: incubator-sentry Updated Branches: refs/heads/master 488f88061 -> 25f88cb88 SENTRY-1032: Rename shell command group/role shell commands and implement with solr shell (Gregory Chanan, reviewed by: Sravya Tirukkovalur) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/25f88cb8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/25f88cb8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/25f88cb8 Branch: refs/heads/master Commit: 25f88cb88329823b1474ab4189e477b26537a74a Parents: 488f880 Author: Gregory Chanan Authored: Wed Jan 27 13:08:08 2016 -0800 Committer: Gregory Chanan Committed: Wed Feb 3 12:48:16 2016 -0800 ---------------------------------------------------------------------- .../db/generic/tools/SentryShellSolr.java | 4 +- .../tools/command/AddRoleToGroupCmd.java | 46 +++++ .../tools/command/DeleteRoleFromGroupCmd.java | 46 +++++ .../db/generic/tools/command/ListRolesCmd.java | 2 +- .../provider/db/tools/SentryShellCommon.java | 10 +- .../command/hive/GrantRoleToGroupsCmd.java | 3 +- .../db/generic/tools/TestSentryShellSolr.java | 172 +++++++++++-------- .../provider/db/tools/TestSentryShellHive.java | 66 +++---- 8 files changed, 233 insertions(+), 116 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java index 8e70ab7..b0d97cd 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java @@ -54,9 +54,9 @@ public class SentryShellSolr extends SentryShellCommon { } else if (isDropRole) { command = new DropRoleCmd(roleName, component); } else if (isAddRoleGroup) { - throw new UnsupportedOperationException("Add group to role not supported for Solr client"); + command = new AddRoleToGroupCmd(roleName, groupName, component); } else if (isDeleteRoleGroup) { - throw new UnsupportedOperationException("Delete group from role not supported for Solr client"); + command = new DeleteRoleFromGroupCmd(roleName, groupName, component); } else if (isGrantPrivilegeRole) { command = new GrantPrivilegeToRoleCmd(roleName, component, privilegeStr, new SolrTSentryPrivilegeConvertor(component, service)); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java new file mode 100644 index 0000000..a45d7e4 --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java @@ -0,0 +1,46 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.generic.tools.command; + +import com.google.common.collect.Sets; +import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; +import org.apache.sentry.provider.db.tools.SentryShellCommon; + +import java.util.Set; + +/** + * Command for adding groups to a role. + */ +public class AddRoleToGroupCmd implements Command { + + private String roleName; + private String groups; + private String component; + + public AddRoleToGroupCmd(String roleName, String groups, String component) { + this.roleName = roleName; + this.groups = groups; + this.component = component; + } + + @Override + public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { + Set groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR)); + client.addRoleToGroups(requestorName, roleName, component, groupSet); + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java new file mode 100644 index 0000000..95f39ea --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java @@ -0,0 +1,46 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.generic.tools.command; + +import com.google.common.collect.Sets; +import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; +import org.apache.sentry.provider.db.tools.SentryShellCommon; + +import java.util.Set; + +/** + * Command for deleting groups from a role. + */ +public class DeleteRoleFromGroupCmd implements Command { + + private String roleName; + private String groups; + private String component; + + public DeleteRoleFromGroupCmd(String roleName, String groups, String component) { + this.groups = groups; + this.roleName = roleName; + this.component = component; + } + + @Override + public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { + Set groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR)); + client.deleteRoleToGroups(requestorName, roleName, component, groupSet); + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java index bad47ef..6b68d06 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java @@ -42,7 +42,7 @@ public class ListRolesCmd implements Command { if (StringUtils.isEmpty(groupName)) { roles = client.listAllRoles(requestorName, component); } else { - throw new UnsupportedOperationException("List roles by group name not supported"); + roles = client.listRolesByGroupName(requestorName, groupName, component); } if (roles != null) { for (TSentryRole role : roles) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java index 3b2e233..6ddc1de 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java @@ -62,6 +62,8 @@ abstract public class SentryShellCommon { public final static String OPTION_DESC_PRIVILEGE = "Privilege string"; public final static String PREFIX_MESSAGE_MISSING_OPTION = "Missing required option: "; + public final static String GROUP_SPLIT_CHAR = ","; + /** * parse arguments * @@ -69,8 +71,8 @@ abstract public class SentryShellCommon { * -conf,--sentry_conf sentry config file path * -cr,--create_role -r create role * -dr,--drop_role -r drop role - * -arg,--add_role_group -r -g add group to role - * -drg,--delete_role_group -r -g delete group from role + * -arg,--add_role_group -r -g add role to group + * -drg,--delete_role_group -r -g delete role from group * -gpr,--grant_privilege_role -r -p grant privilege to role * -rpr,--revoke_privilege_role -r -p revoke privilege from role * -lr,--list_role -g list roles for group @@ -89,10 +91,10 @@ abstract public class SentryShellCommon { Option drOpt = new Option("dr", "drop_role", false, "Drop role"); drOpt.setRequired(false); - Option argOpt = new Option("arg", "add_role_group", false, "Add group to role"); + Option argOpt = new Option("arg", "add_role_group", false, "Add role to group"); argOpt.setRequired(false); - Option drgOpt = new Option("drg", "delete_role_group", false, "Delete group from role"); + Option drgOpt = new Option("drg", "delete_role_group", false, "Delete role from group"); drgOpt.setRequired(false); Option gprOpt = new Option("gpr", "grant_privilege_role", false, "Grant privilege to role"); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java index 39d3591..07a3de4 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java @@ -19,6 +19,7 @@ package org.apache.sentry.provider.db.tools.command.hive; import com.google.common.collect.Sets; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.provider.db.tools.SentryShellCommon; import java.util.Set; @@ -37,7 +38,7 @@ public class GrantRoleToGroupsCmd implements Command { @Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { - Set groups = Sets.newHashSet(groupNamesStr.split(CommandUtil.SPLIT_CHAR)); + Set groups = Sets.newHashSet(groupNamesStr.split(SentryShellCommon.GROUP_SPLIT_CHAR)); client.grantRoleToGroups(requestorName, roleName, groups); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java index ae56e99..f1a87a8 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java @@ -30,6 +30,7 @@ import java.io.File; import java.io.FileOutputStream; import java.io.PrintStream; import java.security.PrivilegedExceptionAction; +import java.util.HashSet; import java.util.Iterator; import java.util.Set; import javax.security.auth.Subject; @@ -98,21 +99,13 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() }; SentryShellSolr sentryShell = new SentryShellSolr(); Set roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 2, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName) - || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); // validate the result, list roles with --list_role args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 2, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName) - || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); // test: drop role with -dr args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() }; @@ -129,87 +122,78 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { }); } - // this is not supported, just check that all the permutations - // give a reasonable error @Test public void testAddDeleteRoleForGroup() throws Exception { runTestAsSubject(new TestOperation() { @Override public void runTestAsSubject() throws Exception { - // test: add role to multiple groups - String[] args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup2,testGroup3", + // Must lower case group names, see SENTRY-1035 + final boolean lowerCaseGroupNames = true; + String TEST_GROUP_1 = lowerCaseGroupNames ? "testgroup1" : "testGroup1"; + String TEST_GROUP_2 = lowerCaseGroupNames ? "testgroup2" : "testGroup2"; + String TEST_GROUP_3 = lowerCaseGroupNames ? "testgroup3" : "testGroup3"; + + // create the role for test + client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR); + client.createRole(requestorName, TEST_ROLE_NAME_2, SOLR); + // test: add role to group with -arg + String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf", + confPath.getAbsolutePath() }; + SentryShellSolr.main(args); + // test: add role to multiple groups + args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3, "-conf", confPath.getAbsolutePath() }; - SentryShellSolr sentryShell = new SentryShellSolr(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } - + SentryShellSolr.main(args); // test: add role to group with --add_role_group - args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", + args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellSolr(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } + SentryShellSolr.main(args); - args = new String[] { "-lr", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellSolr(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } + // validate the result list roles with -lr and -g + args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath() }; + SentryShellSolr sentryShell = new SentryShellSolr(); + Set roleNames = getShellResultWithOSRedirect(sentryShell, args, true); + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); // list roles with --list_role and -g - args = new String[] { "--list_role", "-g", "testGroup2", "-conf", + args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } + roleNames = getShellResultWithOSRedirect(sentryShell, args, true); + validateRoleNames(roleNames, TEST_ROLE_NAME_1); - // test: delete group from role with -drg - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf", + args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } + roleNames = getShellResultWithOSRedirect(sentryShell, args, true); + validateRoleNames(roleNames, TEST_ROLE_NAME_1); - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup2,testGroup3", + // test: delete role from group with -drg + args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf", + confPath.getAbsolutePath() }; + SentryShellSolr.main(args); + // test: delete role to multiple groups + args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3, "-conf", confPath.getAbsolutePath() }; - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } - - // test: delete group from role with --delete_role_group - args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", + SentryShellSolr.main(args); + // test: delete role from group with --delete_role_group + args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath() }; - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } + SentryShellSolr.main(args); + + // validate the result + Set roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1, SOLR); + assertEquals("Incorrect number of roles", 0, roles.size()); + roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, SOLR); + assertEquals("Incorrect number of roles", 0, roles.size()); + roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, SOLR); + assertEquals("Incorrect number of roles", 0, roles.size()); + // clear the test data + client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR); + client.dropRole(requestorName, TEST_ROLE_NAME_2, SOLR); } }); } @@ -311,6 +295,28 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { // excepted exception } + // test: add non-exist role to group with -arg + args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", + confPath.getAbsolutePath() }; + sentryShell = new SentryShellSolr(); + try { + sentryShell.executeShell(args); + fail("Exception should be thrown for granting non-exist role to group"); + } catch (SentryUserException e) { + // excepted exception + } + + // test: drop group from non-exist role with -drg + args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", + confPath.getAbsolutePath() }; + sentryShell = new SentryShellSolr(); + try { + sentryShell.executeShell(args); + fail("Exception should be thrown for drop group from non-exist role"); + } catch (SentryUserException e) { + // excepted exception + } + // test: grant privilege to role with the error privilege format args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=*", "-conf", confPath.getAbsolutePath() }; @@ -365,25 +371,25 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -r is required when add group to role + // test: -r is required when add role to group args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -g is required when add group to role + // test: -g is required when add role to group args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME); - // test: -r is required when delete group from role + // test: -r is required when delete role from group args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -g is required when delete group from role + // test: -g is required when delete role from group args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); validateMissingParameterMsg(sentryShell, args, @@ -428,10 +434,10 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { sentryShell = new SentryShellSolr(); validateMissingParameterMsgsContains(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[", - "-arg Add group to role", + "-arg Add role to group", "-cr Create role", "-rpr Revoke privilege from role", - "-drg Delete group from role", + "-drg Delete role from group", "-lr List role", "-lp List privilege", "-gpr Grant privilege to role", @@ -455,6 +461,22 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { return resultSet; } + private void validateRoleNames(Set roleNames, String ... expectedRoleNames) { + if (expectedRoleNames != null && expectedRoleNames.length > 0) { + assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length, + expectedRoleNames.length, roleNames.size()); + Set lowerCaseRoles = new HashSet(); + for (String role : roleNames) { + lowerCaseRoles.add(role.toLowerCase()); + } + + for (String expectedRole : expectedRoleNames) { + assertTrue("Expected role: " + expectedRole, + lowerCaseRoles.contains(expectedRole.toLowerCase())); + } + } + } + private void validateMissingParameterMsg(SentryShellSolr sentryShell, String[] args, String expectedErrorMsg) throws Exception { Set errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java index 7883929..6cb1925 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java @@ -26,6 +26,7 @@ import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileOutputStream; import java.io.PrintStream; +import java.util.HashSet; import java.util.Iterator; import java.util.Set; @@ -92,21 +93,13 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() }; SentryShellHive sentryShell = new SentryShellHive(); Set roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 2, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName) - || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); // validate the result, list roles with --list_role args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 2, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName) - || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); // test: drop role with -dr args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() }; @@ -131,7 +124,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { // create the role for test client.createRole(requestorName, TEST_ROLE_NAME_1); client.createRole(requestorName, TEST_ROLE_NAME_2); - // test: add group to role with -arg + // test: add role to group with -arg String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); @@ -150,32 +143,23 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { args = new String[] { "-lr", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; SentryShellHive sentryShell = new SentryShellHive(); Set roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 2, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName) - || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); + // list roles with --list_role and -g args = new String[] { "--list_role", "-g", "testGroup2", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 1, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1); args = new String[] { "--list_role", "-g", "testGroup3", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 1, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1); - // test: delete group from role with -drg + // test: delete role from group with -drg args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); @@ -184,7 +168,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); - // test: delete group from role with --delete_role_group + // test: delete role from group with --delete_role_group args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); @@ -426,7 +410,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { // excepted exception } - // test: add group to non-exist role with -arg + // test: add non-exist role to group with -arg args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); @@ -502,25 +486,25 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -r is required when add group to role + // test: -r is required when add role to group args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -g is required when add group to role + // test: -g is required when add role to group args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME); - // test: -r is required when delete group from role + // test: -r is required when delete role from group args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -g is required when delete group from role + // test: -g is required when delete role from group args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); validateMissingParameterMsg(sentryShell, args, @@ -555,10 +539,10 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { sentryShell = new SentryShellHive(); validateMissingParameterMsgsContains(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[", - "-arg Add group to role", + "-arg Add role to group", "-cr Create role", "-rpr Revoke privilege from role", - "-drg Delete group from role", + "-drg Delete role from group", "-lr List role", "-lp List privilege", "-gpr Grant privilege to role", @@ -582,6 +566,22 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { return resultSet; } + private void validateRoleNames(Set roleNames, String ... expectedRoleNames) { + if (expectedRoleNames != null && expectedRoleNames.length > 0) { + assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length, + expectedRoleNames.length, roleNames.size()); + Set lowerCaseRoles = new HashSet(); + for (String role : roleNames) { + lowerCaseRoles.add(role.toLowerCase()); + } + + for (String expectedRole : expectedRoleNames) { + assertTrue("Expected role: " + expectedRole, + lowerCaseRoles.contains(expectedRole.toLowerCase())); + } + } + } + private void validateMissingParameterMsg(SentryShellHive sentryShell, String[] args, String exceptedErrorMsg) throws Exception { Set errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);