You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sp...@apache.org on 2018/05/10 00:14:24 UTC
[15/51] [partial] sentry git commit: SENTRY-2206: Refactor out sentry
api from sentry-provider-db to own module (Steve Moist,
reviewed by Sergio Pena)
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceIntegrationBase.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceIntegrationBase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceIntegrationBase.java
deleted file mode 100644
index 94cade1..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceIntegrationBase.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.service.thrift;
-
-import java.security.PrivilegedExceptionAction;
-import java.util.Set;
-
-import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.junit.After;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class SentryGenericServiceIntegrationBase extends SentryServiceIntegrationBase {
- private static final Logger LOGGER = LoggerFactory.getLogger(SentryGenericServiceIntegrationBase.class);
- protected static final String SOLR = "SOLR";
- protected SentryGenericServiceClient client;
-
- /**
- * use the generic client to connect sentry service
- */
- @Override
- public void connectToSentryService() throws Exception {
- // The client should already be logged in when running in solr
- // therefore we must manually login in the integration tests
- if (kerberos) {
- this.client = clientUgi.doAs( new PrivilegedExceptionAction<SentryGenericServiceClient>() {
- @Override
- public SentryGenericServiceClient run() throws Exception {
- return SentryGenericServiceClientFactory.create(conf);
- }
- });
- } else {
- this.client = SentryGenericServiceClientFactory.create(conf);
- }
- }
-
- @After
- public void after() {
- try {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- Set<TSentryRole> tRoles = client.listAllRoles(ADMIN_USER, SOLR);
- for (TSentryRole tRole : tRoles) {
- client.dropRole(ADMIN_USER, tRole.getRoleName(), SOLR);
- }
- if(client != null) {
- client.close();
- }
- }
- });
- } catch (Exception e) {
- LOGGER.error(e.getMessage(), e);
- } finally {
- policyFilePath.delete();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestAuditLogForSentryGenericService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestAuditLogForSentryGenericService.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestAuditLogForSentryGenericService.java
deleted file mode 100644
index fbf8af3..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestAuditLogForSentryGenericService.java
+++ /dev/null
@@ -1,296 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.service.thrift;
-
-import static org.hamcrest.core.Is.is;
-import static org.junit.Assert.assertThat;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import java.security.PrivilegedExceptionAction;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.log4j.Level;
-import org.apache.log4j.Logger;
-import org.apache.sentry.provider.db.log.appender.AuditLoggerTestAppender;
-import org.apache.sentry.provider.db.log.util.CommandUtil;
-import org.apache.sentry.provider.db.log.util.Constants;
-import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.codehaus.jettison.json.JSONObject;
-import org.junit.After;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
-
-public class TestAuditLogForSentryGenericService extends SentryServiceIntegrationBase {
-
- private SentryGenericServiceClient client;
- private static final String COMPONENT = "SQOOP";
- private static final org.slf4j.Logger LOGGER = LoggerFactory
- .getLogger(TestAuditLogForSentryGenericService.class);
-
- @BeforeClass
- public static void setup() throws Exception {
- SentryServiceIntegrationBase.setup();
- Logger logger = Logger.getLogger("sentry.generic.authorization.ddl.logger");
- AuditLoggerTestAppender testAppender = new AuditLoggerTestAppender();
- logger.addAppender(testAppender);
- logger.setLevel(Level.INFO);
- }
-
- @Override
- @After
- public void after() {
- try {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- Set<TSentryRole> tRoles = client.listAllRoles(ADMIN_USER, COMPONENT);
- for (TSentryRole tRole : tRoles) {
- client.dropRole(ADMIN_USER, tRole.getRoleName(), COMPONENT);
- }
- if (client != null) {
- client.close();
- }
- }
- });
- } catch (Exception e) {
- // log the exception
- LOGGER.warn("Exception happened after test case.", e);
- } finally {
- policyFilePath.delete();
- }
- }
-
- /**
- * use the generic client to connect sentry service
- */
- @Override
- public void connectToSentryService() throws Exception {
- if (kerberos) {
- this.client = clientUgi.doAs(new PrivilegedExceptionAction<SentryGenericServiceClient>() {
- @Override
- public SentryGenericServiceClient run() throws Exception {
- return SentryGenericServiceClientFactory.create(conf);
- }
- });
- } else {
- this.client = SentryGenericServiceClientFactory.create(conf);
- }
- }
-
- @Test
- public void testAuditLogForGenericModel() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- String requestorUserName = ADMIN_USER;
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- String roleName = "admin_r";
- String testGroupName = "g1";
- String action = "all";
- String service = "sentryService";
- setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
- writePolicyFile();
-
- // test the audit log for create role, success
- client.createRole(requestorUserName, roleName, COMPONENT);
- Map<String, String> fieldValueMap = new HashMap<String, String>();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_CREATE_ROLE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "CREATE ROLE " + roleName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
-
- // test the audit log for create role, failed
- try {
- client.createRole(requestorUserName, roleName, COMPONENT);
- fail("Exception should have been thrown");
- } catch (Exception e) {
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_CREATE_ROLE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "CREATE ROLE " + roleName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
- }
-
- // test the audit log for add role to group, success
- client.grantRoleToGroups(requestorUserName, roleName, COMPONENT,
- Sets.newHashSet(testGroupName));
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_ADD_ROLE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT ROLE " + roleName
- + " TO GROUP " + testGroupName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
-
- // test the audit log for add role to group, failed
- try {
- client.grantRoleToGroups(requestorUserName, "invalidRole", COMPONENT,
- Sets.newHashSet(testGroupName));
- fail("Exception should have been thrown");
- } catch (Exception e) {
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_ADD_ROLE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "GRANT ROLE invalidRole TO GROUP "
- + testGroupName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
- }
-
- // test the audit log for grant privilege, success
- TSentryPrivilege privilege = new TSentryPrivilege(COMPONENT, service, Lists.newArrayList(
- new TAuthorizable("resourceType1", "resourceName1"), new TAuthorizable("resourceType2",
- "resourceName2")), action);
- client.grantPrivilege(requestorUserName, roleName, COMPONENT, privilege);
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT,
- "GRANT ALL ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE "
- + roleName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
-
- // for error audit log
- TSentryPrivilege invalidPrivilege = new TSentryPrivilege(COMPONENT, service,
- Lists.newArrayList(new TAuthorizable("resourceType1", "resourceName1")),
- "invalidAction");
- // test the audit log for grant privilege, failed
- try {
- client.grantPrivilege(requestorUserName, roleName, COMPONENT, invalidPrivilege);
- fail("Exception should have been thrown");
- } catch (Exception e) {
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT,
- "GRANT INVALIDACTION ON resourceType1 resourceName1 TO ROLE " + roleName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
- }
-
- // test the audit log for revoke privilege, success
- client.revokePrivilege(requestorUserName, roleName, COMPONENT, privilege);
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT,
- "REVOKE ALL ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE "
- + roleName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
-
- // test the audit log for revoke privilege, failed
- try {
- client.revokePrivilege(requestorUserName, "invalidRole", COMPONENT, invalidPrivilege);
- fail("Exception should have been thrown");
- } catch (Exception e) {
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT,
- "REVOKE INVALIDACTION ON resourceType1 resourceName1 FROM ROLE invalidRole");
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
- }
-
- // test the audit log for delete role from group, success
- client.revokeRoleFromGroups(requestorUserName, roleName, COMPONENT,
- Sets.newHashSet(testGroupName));
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DELETE_ROLE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "REVOKE ROLE " + roleName
- + " FROM GROUP " + testGroupName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
- // test the audit log for delete role from group, failed
- try {
- client.revokeRoleFromGroups(requestorUserName, "invalidRole", COMPONENT,
- Sets.newHashSet(testGroupName));
- fail("Exception should have been thrown");
- } catch (Exception e) {
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DELETE_ROLE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT,
- "REVOKE ROLE invalidRole FROM GROUP " + testGroupName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
- }
- // test the audit log for drop role, success
- client.dropRole(requestorUserName, roleName, COMPONENT);
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DROP_ROLE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "DROP ROLE " + roleName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.TRUE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
- // test the audit log for drop role, failed
- try {
- client.dropRole(requestorUserName, roleName, COMPONENT);
- fail("Exception should have been thrown");
- } catch (Exception e) {
- fieldValueMap.clear();
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_DROP_ROLE);
- fieldValueMap.put(Constants.LOG_FIELD_COMPONENT, COMPONENT);
- fieldValueMap.put(Constants.LOG_FIELD_OPERATION_TEXT, "DROP ROLE " + roleName);
- fieldValueMap.put(Constants.LOG_FIELD_ALLOWED, Constants.FALSE);
- fieldValueMap.put(Constants.LOG_FIELD_IP_ADDRESS, null);
- assertAuditLog(fieldValueMap);
- }
- }
- });
- }
-
- private void assertAuditLog(Map<String, String> fieldValueMap) throws Exception {
- assertThat(AuditLoggerTestAppender.getLastLogLevel(), is(Level.INFO));
- JSONObject jsonObject = new JSONObject(AuditLoggerTestAppender.getLastLogEvent());
- if (fieldValueMap != null) {
- for (Map.Entry<String, String> entry : fieldValueMap.entrySet()) {
- String entryKey = entry.getKey();
- if (Constants.LOG_FIELD_IP_ADDRESS.equals(entryKey)) {
- assertTrue(CommandUtil.assertIPInAuditLog(jsonObject.get(entryKey).toString()));
- } else {
- assertTrue(entry.getValue().equalsIgnoreCase(jsonObject.get(entryKey).toString()));
- }
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
deleted file mode 100644
index cc72b33..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
+++ /dev/null
@@ -1,364 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.service.thrift;
-
-import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.anyListOf;
-import static org.mockito.Matchers.anySetOf;
-import static org.mockito.Matchers.anyString;
-
-import java.util.*;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
-import org.apache.sentry.core.model.solr.Collection;
-import org.apache.sentry.core.model.solr.Field;
-import org.apache.sentry.core.model.solr.SolrConstants;
-import org.apache.sentry.core.common.exception.SentryAlreadyExistsException;
-import org.apache.sentry.core.common.exception.SentryGrantDeniedException;
-import org.apache.sentry.core.common.exception.SentryInvalidInputException;
-import org.apache.sentry.core.common.exception.SentryNoSuchObjectException;
-import org.apache.sentry.provider.common.GroupMappingService;
-import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject;
-import org.apache.sentry.provider.db.generic.service.persistent.SentryStoreLayer;
-import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.Builder;
-import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
-import org.apache.sentry.provider.db.service.model.MSentryRole;
-import org.apache.sentry.core.common.utils.PolicyStoreConstants;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.apache.sentry.service.thrift.Status;
-import org.apache.sentry.service.thrift.TSentryResponseStatus;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-
-import com.google.common.collect.Sets;
-
-public class TestSentryGenericPolicyProcessor extends org.junit.Assert {
- private static final String ADMIN_GROUP = "admin_group";
- private static final String ADMIN_USER = "admin_user";
- private static final String NOT_ADMIN_USER = "not_admin_user";
- private static final String NOT_ADMIN_GROUP = "not_admin_group";
- private static final String NO_GROUP_USER = "no_group_user";
-
- private SentryStoreLayer mockStore = Mockito.mock(SentryStoreLayer.class);
- private SentryGenericPolicyProcessor processor;
-
- @Before
- public void setup() throws Exception {
- Configuration conf = new Configuration();
- conf.set(ServerConfig.ADMIN_GROUPS, ADMIN_GROUP);
- conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, MockGroupMapping.class.getName());
- processor = new SentryGenericPolicyProcessor(conf, mockStore);
- }
-
- @Test
- public void testNotAdminOperation() throws Exception {
- String requestUser = NOT_ADMIN_USER;
- Status validateStatus = Status.ACCESS_DENIED;
- testOperation(requestUser, validateStatus);
- }
-
- private void testOperation(String requestUser, Status validateStatus) throws Exception {
- TCreateSentryRoleRequest createrequest = new TCreateSentryRoleRequest();
- createrequest.setRequestorUserName(requestUser);
- createrequest.setRoleName("r1");
- assertEquals(validateStatus, fromTSentryStatus(processor.create_sentry_role(createrequest).getStatus()));
-
- TDropSentryRoleRequest dropRequest = new TDropSentryRoleRequest();
- dropRequest.setRequestorUserName(requestUser);
- dropRequest.setRoleName("r1");
- assertEquals(validateStatus, fromTSentryStatus(processor.drop_sentry_role(dropRequest).getStatus()));
-
- TAlterSentryRoleAddGroupsRequest addRequest = new TAlterSentryRoleAddGroupsRequest();
- addRequest.setRequestorUserName(requestUser);
- addRequest.setRoleName("r1");
- addRequest.setGroups(Sets.newHashSet("g1"));
- assertEquals(validateStatus, fromTSentryStatus(processor.alter_sentry_role_add_groups(addRequest).getStatus()));
-
- TAlterSentryRoleDeleteGroupsRequest delRequest = new TAlterSentryRoleDeleteGroupsRequest();
- delRequest.setRequestorUserName(requestUser);
- delRequest.setRoleName("r1");
- delRequest.setGroups(Sets.newHashSet("g1"));
- assertEquals(validateStatus, fromTSentryStatus(processor.alter_sentry_role_delete_groups(delRequest).getStatus()));
-
- TDropPrivilegesRequest dropPrivRequest = new TDropPrivilegesRequest();
- dropPrivRequest.setRequestorUserName(requestUser);
- dropPrivRequest.setPrivilege(new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test"));
- assertEquals(validateStatus, fromTSentryStatus(processor.drop_sentry_privilege(dropPrivRequest).getStatus()));
-
- TRenamePrivilegesRequest renameRequest = new TRenamePrivilegesRequest();
- renameRequest.setRequestorUserName(requestUser);
- assertEquals(validateStatus, fromTSentryStatus(processor.rename_sentry_privilege(renameRequest).getStatus()));
- }
-
- private Status fromTSentryStatus(TSentryResponseStatus status) {
- return Status.fromCode(status.getValue());
- }
-
- @Test
- public void testAdminOperation() throws Exception {
- testOperation(ADMIN_USER, Status.OK);
- }
-
- @Test
- public void testGrantAndRevokePrivilege() throws Exception {
- setup();
-
- TSentryPrivilege tprivilege = new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test");
- tprivilege.setGrantOption(TSentryGrantOption.UNSET);
-
- TAlterSentryRoleGrantPrivilegeRequest grantRequest = new TAlterSentryRoleGrantPrivilegeRequest();
- grantRequest.setRequestorUserName(ADMIN_USER);
- grantRequest.setRoleName("r1");
- grantRequest.setPrivilege(tprivilege);
- assertEquals(Status.OK, fromTSentryStatus(processor.alter_sentry_role_grant_privilege(grantRequest).getStatus()));
-
- TAlterSentryRoleRevokePrivilegeRequest revokeRequest = new TAlterSentryRoleRevokePrivilegeRequest();
- revokeRequest.setRequestorUserName(ADMIN_USER);
- revokeRequest.setRoleName("r1");
- revokeRequest.setPrivilege(tprivilege);
- assertEquals(Status.OK, fromTSentryStatus(processor.alter_sentry_role_revoke_privilege(revokeRequest).getStatus()));
- }
-
- @Test
- public void testOperationWithException() throws Exception {
- String roleName = anyString();
- Mockito.when(mockStore.createRole(anyString(), roleName, anyString()))
- .thenThrow(new SentryAlreadyExistsException("Role: " + roleName));
-
- roleName = anyString();
- Mockito.when(mockStore.dropRole(anyString(), roleName, anyString()))
- .thenThrow(new SentryNoSuchObjectException("Role: " + roleName ));
-
- roleName = anyString();
- Mockito.when(mockStore.alterRoleAddGroups(anyString(), roleName, anySetOf(String.class),anyString()))
- .thenThrow(new SentryNoSuchObjectException("Role: " + roleName));
-
- roleName = anyString();
- Mockito.when(mockStore.alterRoleDeleteGroups(anyString(), roleName, anySetOf(String.class), anyString()))
- .thenThrow(new SentryNoSuchObjectException("Role: " + roleName));
-
- roleName = anyString();
- Mockito.when(mockStore.alterRoleGrantPrivilege(anyString(), roleName, any(PrivilegeObject.class), anyString()))
- .thenThrow(new SentryGrantDeniedException("Role: " + roleName + " is not allowed to do grant"));
-
- roleName = anyString();
- Mockito.when(mockStore.alterRoleRevokePrivilege(anyString(), roleName, any(PrivilegeObject.class), anyString()))
- .thenThrow(new SentryGrantDeniedException("Role: " + roleName + " is not allowed to do grant"));
-
- Mockito.when(mockStore.dropPrivilege(anyString(), any(PrivilegeObject.class), anyString()))
- .thenThrow(new SentryInvalidInputException("Invalid input privilege object"));
-
- Mockito.when(mockStore.renamePrivilege(anyString(), anyString(), anyListOf(Authorizable.class),
- anyListOf(Authorizable.class), anyString()))
- .thenThrow(new RuntimeException("Unknown error"));
-
- setup();
-
- TCreateSentryRoleRequest createrequest = new TCreateSentryRoleRequest();
- createrequest.setRequestorUserName(ADMIN_USER);
- createrequest.setRoleName("r1");
- assertEquals(Status.ALREADY_EXISTS, fromTSentryStatus(processor.create_sentry_role(createrequest).getStatus()));
-
- TDropSentryRoleRequest dropRequest = new TDropSentryRoleRequest();
- dropRequest.setRequestorUserName(ADMIN_USER);
- dropRequest.setRoleName("r1");
- assertEquals(Status.NO_SUCH_OBJECT, fromTSentryStatus(processor.drop_sentry_role(dropRequest).getStatus()));
-
- TAlterSentryRoleAddGroupsRequest addRequest = new TAlterSentryRoleAddGroupsRequest();
- addRequest.setRequestorUserName(ADMIN_USER);
- addRequest.setRoleName("r1");
- addRequest.setGroups(Sets.newHashSet("g1"));
- assertEquals(Status.NO_SUCH_OBJECT, fromTSentryStatus(processor.alter_sentry_role_add_groups(addRequest).getStatus()));
-
- TAlterSentryRoleDeleteGroupsRequest delRequest = new TAlterSentryRoleDeleteGroupsRequest();
- delRequest.setRequestorUserName(ADMIN_USER);
- delRequest.setRoleName("r1");
- delRequest.setGroups(Sets.newHashSet("g1"));
- assertEquals(Status.NO_SUCH_OBJECT, fromTSentryStatus(processor.alter_sentry_role_delete_groups(delRequest).getStatus()));
-
- TDropPrivilegesRequest dropPrivRequest = new TDropPrivilegesRequest();
- dropPrivRequest.setRequestorUserName(ADMIN_USER);
- dropPrivRequest.setPrivilege(new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test"));
- assertEquals(Status.INVALID_INPUT, fromTSentryStatus(processor.drop_sentry_privilege(dropPrivRequest).getStatus()));
-
- TRenamePrivilegesRequest renameRequest = new TRenamePrivilegesRequest();
- renameRequest.setRequestorUserName(ADMIN_USER);
- assertEquals(Status.RUNTIME_ERROR, fromTSentryStatus(processor.rename_sentry_privilege(renameRequest).getStatus()));
-
- TSentryPrivilege tprivilege = new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test");
- tprivilege.setGrantOption(TSentryGrantOption.UNSET);
-
- TAlterSentryRoleGrantPrivilegeRequest grantRequest = new TAlterSentryRoleGrantPrivilegeRequest();
- grantRequest.setRequestorUserName(ADMIN_USER);
- grantRequest.setRoleName("r1");
- grantRequest.setPrivilege(tprivilege);
- assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_grant_privilege(grantRequest).getStatus()));
-
- TAlterSentryRoleRevokePrivilegeRequest revokeRequest = new TAlterSentryRoleRevokePrivilegeRequest();
- revokeRequest.setRequestorUserName(ADMIN_USER);
- revokeRequest.setRoleName("r1");
- revokeRequest.setPrivilege(tprivilege);
- assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_revoke_privilege(revokeRequest).getStatus()));
- }
-
- @Test
- public void testUserWithNoGroup() throws Exception {
- setup();
-
- TCreateSentryRoleRequest createrequest = new TCreateSentryRoleRequest();
- createrequest.setRequestorUserName(NO_GROUP_USER);
- createrequest.setRoleName("r1");
- assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.create_sentry_role(createrequest).getStatus()));
-
- TDropSentryRoleRequest dropRequest = new TDropSentryRoleRequest();
- dropRequest.setRequestorUserName(NO_GROUP_USER);
- dropRequest.setRoleName("r1");
- assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.drop_sentry_role(dropRequest).getStatus()));
-
- TAlterSentryRoleAddGroupsRequest addRequest = new TAlterSentryRoleAddGroupsRequest();
- addRequest.setRequestorUserName(NO_GROUP_USER);
- addRequest.setRoleName("r1");
- addRequest.setGroups(Sets.newHashSet("g1"));
- assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_add_groups(addRequest).getStatus()));
-
- TAlterSentryRoleDeleteGroupsRequest delRequest = new TAlterSentryRoleDeleteGroupsRequest();
- delRequest.setRequestorUserName(NO_GROUP_USER);
- delRequest.setRoleName("r1");
- delRequest.setGroups(Sets.newHashSet("g1"));
- assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.alter_sentry_role_delete_groups(delRequest).getStatus()));
-
- TDropPrivilegesRequest dropPrivRequest = new TDropPrivilegesRequest();
- dropPrivRequest.setRequestorUserName(NO_GROUP_USER);
- dropPrivRequest.setPrivilege(new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test"));
- assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.drop_sentry_privilege(dropPrivRequest).getStatus()));
-
- TRenamePrivilegesRequest renameRequest = new TRenamePrivilegesRequest();
- renameRequest.setRequestorUserName(NO_GROUP_USER);
- assertEquals(Status.ACCESS_DENIED, fromTSentryStatus(processor.rename_sentry_privilege(renameRequest).getStatus()));
-
- // Can't test GrantPrivilege / RevokePrivilege since the authorization happens
- // in the persistence layer, which isn't setup in this test.
- }
-
- @Test
- public void testGetRolesAndPrivileges() throws Exception {
- String roleName = "r1";
- String groupName = "g1";
- PrivilegeObject queryPrivilege = new Builder()
- .setComponent("SOLR")
- .setAction(SolrConstants.QUERY)
- .setService("service1")
- .setAuthorizables(Arrays.asList(new Collection("c1"), new Field("f1")))
- .build();
- PrivilegeObject updatePrivilege = new Builder(queryPrivilege)
- .setAction(SolrConstants.UPDATE)
- .build();
-
- MSentryGMPrivilege mSentryGMPrivilege = new MSentryGMPrivilege("SOLR", "service1",
- Arrays.asList(new Collection("c1"), new Field("f1")),
- SolrConstants.QUERY, true);
-
- MSentryRole role = new MSentryRole("r1", 290);
- mSentryGMPrivilege.setRoles(Sets.newHashSet(role));
-
- Mockito.when(mockStore.getRolesByGroups(anyString(), anySetOf(String.class)))
- .thenReturn(Sets.newHashSet(roleName));
-
- Mockito.when(mockStore.getPrivilegesByProvider(anyString(), anyString(), anySetOf(String.class),
- anySetOf(String.class), anyListOf(Authorizable.class)))
- .thenReturn(Sets.newHashSet(queryPrivilege, updatePrivilege));
-
- Mockito.when(mockStore.getGroupsByRoles(anyString(), anySetOf(String.class)))
- .thenReturn(Sets.newHashSet(groupName));
-
- Mockito.when(mockStore.getPrivilegesByAuthorizable(anyString(), anyString(), anySetOf(String.class), anyListOf(Authorizable.class)))
- .thenReturn(Sets.newHashSet(mSentryGMPrivilege));
-
- Mockito.when(mockStore.getAllRoleNames())
- .thenReturn(Sets.newHashSet(roleName));
-
- TListSentryPrivilegesRequest request1 = new TListSentryPrivilegesRequest();
- request1.setRoleName(roleName);
- request1.setRequestorUserName(ADMIN_USER);
- TListSentryPrivilegesResponse response1 = processor.list_sentry_privileges_by_role(request1);
- assertEquals(Status.OK, fromTSentryStatus(response1.getStatus()));
- assertEquals(2, response1.getPrivileges().size());
-
- TListSentryRolesRequest request2 = new TListSentryRolesRequest();
- request2.setRequestorUserName(ADMIN_USER);
- request2.setGroupName(groupName);
- TListSentryRolesResponse response2 = processor.list_sentry_roles_by_group(request2);
- assertEquals(Status.OK, fromTSentryStatus(response2.getStatus()));
- assertEquals(1, response2.getRoles().size());
-
- TListSentryPrivilegesForProviderRequest request3 = new TListSentryPrivilegesForProviderRequest();
- request3.setGroups(Sets.newHashSet(groupName));
- request3.setRoleSet(new TSentryActiveRoleSet(true, null));
- TListSentryPrivilegesForProviderResponse response3 = processor.list_sentry_privileges_for_provider(request3);
- assertEquals(Status.OK, fromTSentryStatus(response3.getStatus()));
- assertEquals(2, response3.getPrivileges().size());
-
- // Optional parameters activeRoleSet and requested group name are both provided.
- TListSentryPrivilegesByAuthRequest request4 = new TListSentryPrivilegesByAuthRequest();
- request4.setGroups(Sets.newHashSet(groupName));
- request4.setRoleSet(new TSentryActiveRoleSet(true, null));
- request4.setRequestorUserName(ADMIN_USER);
- Set<String> authorizablesSet = Sets.newHashSet("Collection=c1->Field=f1");
- request4.setAuthorizablesSet(authorizablesSet);
-
- TListSentryPrivilegesByAuthResponse response4 = processor.list_sentry_privileges_by_authorizable(request4);
- assertEquals(Status.OK, fromTSentryStatus(response4.getStatus()));
- assertEquals(1, response4.getPrivilegesMapByAuth().size());
-
- // Optional parameters activeRoleSet and requested group name are both not provided.
- TListSentryPrivilegesByAuthRequest request5 = new TListSentryPrivilegesByAuthRequest();
- request5.setRequestorUserName("not_" + ADMIN_USER);
- authorizablesSet = Sets.newHashSet("Collection=c1->Field=f2");
- request5.setAuthorizablesSet(authorizablesSet);
-
- TListSentryPrivilegesByAuthResponse response5 = processor.list_sentry_privileges_by_authorizable(request5);
- assertEquals(Status.OK, fromTSentryStatus(response5.getStatus()));
- assertEquals(1, response5.getPrivilegesMapByAuth().size());
- }
-
- @Test(expected=SentrySiteConfigurationException.class)
- public void testConfigCannotCreateNotificationHandler() throws Exception {
- Configuration conf = new Configuration();
- conf.set(PolicyStoreConstants.SENTRY_GENERIC_POLICY_NOTIFICATION,"junk");
- SentryGenericPolicyProcessor.createHandlers(conf);
- }
-
- public static class MockGroupMapping implements GroupMappingService {
- public MockGroupMapping(Configuration conf, String resource) { //NOPMD
- }
- @Override
- public Set<String> getGroups(String user) {
- if (user.equalsIgnoreCase(ADMIN_USER)) {
- return Sets.newHashSet(ADMIN_GROUP);
- } else if (user.equalsIgnoreCase(NOT_ADMIN_USER)){
- return Sets.newHashSet(NOT_ADMIN_GROUP);
- } else {
- return Collections.emptySet();
- }
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceClient.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceClient.java
deleted file mode 100644
index 5813626..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceClient.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.service.thrift;
-
-import java.util.Set;
-
-import org.apache.sentry.service.thrift.SentryServiceFactory;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.Sets;
-
-public class TestSentryGenericServiceClient extends SentryGenericServiceIntegrationBase {
-
- @BeforeClass
- public static void setup() throws Exception {
- beforeSetup();
- setupConf();
- startSentryService();
- afterSetup();
- kerberos = false;
- }
-
- @Test
- public void testConnectionWhenReconnect() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- String requestorUserName = ADMIN_USER;
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- String roleName = "admin_r";
- setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
- writePolicyFile();
-
- client.dropRoleIfExists(requestorUserName, roleName, "solr");
- client.createRole(requestorUserName, roleName, "solr");
- stopSentryService();
- server = SentryServiceFactory.create(conf);
- startSentryService();
- client.dropRole(requestorUserName, roleName, "solr");
- }
- });
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java
deleted file mode 100644
index 5364d10..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java
+++ /dev/null
@@ -1,503 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.service.thrift;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.model.solr.Collection;
-import org.apache.sentry.core.model.solr.Field;
-import org.apache.sentry.core.model.solr.SolrConstants;
-import org.junit.Test;
-
-import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
-
-public class TestSentryGenericServiceIntegration extends SentryGenericServiceIntegrationBase {
-
- @Test
- public void testCreateDropShowRole() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String requestorUserName = ADMIN_USER;
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- String roleName = "admin_r";
- setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
- writePolicyFile();
-
- client.dropRoleIfExists(requestorUserName, roleName, SOLR);
-
- client.createRole(requestorUserName, roleName, SOLR);
-
- client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(requestorUserGroupNames));
-
- Set<TSentryRole> roles = client.listUserRoles(requestorUserName,SOLR);
- assertEquals("Incorrect number of roles", 1, roles.size());
- for (TSentryRole role:roles) {
- assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName));
- }
- client.dropRole(requestorUserName, roleName, SOLR);
- }});
- }
-
- @Test
- public void testAddDeleteRoleToGroup() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String requestorUserName = ADMIN_USER;
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- String testGroupName = "g1";
- String roleName = "admin_r";
- setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
- setLocalGroupMapping(requestorUserName, Sets.newHashSet(testGroupName));
- writePolicyFile();
-
- client.dropRoleIfExists(requestorUserName, roleName, SOLR);
-
- client.createRole(requestorUserName, roleName, SOLR);
-
- client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(testGroupName));
-
- Set<TSentryRole> roles = client.listUserRoles(requestorUserName,SOLR);
- assertEquals("Incorrect number of roles", 1, roles.size());
- for (TSentryRole role:roles) {
- assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName));
- assertTrue(role.getGroups().size() == 1);
- for (String group :role.getGroups()) {
- assertEquals(testGroupName, group);
- }
- }
-
- client.revokeRoleFromGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(testGroupName));
- roles = client.listUserRoles(requestorUserName,SOLR);
- assertEquals("Incorrect number of roles", 0, roles.size());
-
- client.dropRole(requestorUserName, roleName, SOLR);
- }});
- }
-
- @Test
- public void testGranRevokePrivilege() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String requestorUserName = ADMIN_USER;
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
- writePolicyFile();
- String roleName1 = "admin_r1";
- String roleName2 = "admin_r2";
-
- client.dropRoleIfExists(requestorUserName, roleName1, SOLR);
- client.createRole(requestorUserName, roleName1, SOLR);
-
- client.dropRoleIfExists(requestorUserName, roleName2, SOLR);
- client.createRole(requestorUserName, roleName2, SOLR);
-
- TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))),
- SolrConstants.QUERY);
-
- TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))),
- SolrConstants.UPDATE);
-
- client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege);
- client.grantPrivilege(requestorUserName, roleName2, SOLR, updatePrivilege);
-
- client.revokePrivilege(requestorUserName, roleName1, SOLR, queryPrivilege);
- client.revokePrivilege(requestorUserName, roleName2, SOLR, updatePrivilege);
- }});
- }
-
- @Test
- public void testMultipleRolesSamePrivilege() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String requestorUserName = ADMIN_USER;
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
- writePolicyFile();
- String roleName1 = "admin_r1";
- String roleName2 = "admin_r2";
-
- client.dropRoleIfExists(requestorUserName, roleName1, SOLR);
- client.createRole(requestorUserName, roleName1, SOLR);
-
- client.dropRoleIfExists(requestorUserName, roleName2, SOLR);
- client.createRole(requestorUserName, roleName2, SOLR);
-
- TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))),
- SolrConstants.QUERY);
-
- client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege);
- Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1, SOLR, "service1");
- assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1);
-
- client.grantPrivilege(requestorUserName, roleName2, SOLR, queryPrivilege);
- listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2, SOLR, "service1");
- assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1);
- }});
- }
-
- @Test
- public void testShowRoleGrant() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String requestorUserName = ADMIN_USER;
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- String roleName = "admin_r1";
- String groupName = "group1";
- setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
- setLocalGroupMapping(requestorUserName, Sets.newHashSet(groupName));
- writePolicyFile();
-
- client.dropRoleIfExists(requestorUserName, roleName, SOLR);
- client.createRole(requestorUserName, roleName, SOLR);
- client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(groupName));
-
- Set<TSentryRole> groupRoles = client.listRolesByGroupName(requestorUserName, groupName,SOLR);
- assertTrue(groupRoles.size() == 1);
- for (TSentryRole role:groupRoles) {
- assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName));
- assertTrue(role.getGroups().size() == 1);
- for (String group :role.getGroups()) {
- assertEquals(groupName, group);
- }
- }
-
- client.dropRole(requestorUserName, roleName, SOLR);
- }});
- }
-
- @Test
- public void testShowGrant() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String requestorUserName = ADMIN_USER;
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- String roleName = "admin_r1";
- setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
- writePolicyFile();
-
- client.dropRoleIfExists(requestorUserName, roleName, SOLR);
- client.createRole(requestorUserName, roleName, SOLR);
-
- TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))),
- SolrConstants.QUERY);
-
- TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))),
- SolrConstants.UPDATE);
-
- client.grantPrivilege(requestorUserName, roleName, SOLR, updatePrivilege);
- client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege);
- Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1");
- assertTrue(privileges.size() == 2);
-
- client.revokePrivilege(requestorUserName, roleName, SOLR, updatePrivilege);
- privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1");
- assertTrue(privileges.size() == 1);
- }});
- }
-
- @Test
- public void testSameGrantTwice() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String requestorUserName = ADMIN_USER;
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
- writePolicyFile();
- String roleName = "admin_r1";
-
- client.createRole(requestorUserName, roleName, SOLR);
-
- TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))),
- SolrConstants.QUERY);
-
- client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege);
- assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1").size());
- }});
- }
-
- @Test
- public void testGrantRevokeWithGrantOption() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String adminUser = ADMIN_USER;
- Set<String> adminGroup = Sets.newHashSet(ADMIN_GROUP);
- String grantOptionUser = "user1";
- Set<String> grantOptionGroup = Sets.newHashSet("group1");
- String noGrantOptionUser = "user2";
- Set<String> noGrantOptionGroup = Sets.newHashSet("group2");
-
- setLocalGroupMapping(adminUser, adminGroup);
- setLocalGroupMapping(grantOptionUser, grantOptionGroup);
- setLocalGroupMapping(noGrantOptionUser, noGrantOptionGroup);
- writePolicyFile();
-
- String grantRole = "grant_r";
- String noGrantRole = "no_grant_r";
- String testRole = "test_role";
-
- client.createRole(adminUser, grantRole, SOLR);
- client.createRole(adminUser, noGrantRole, SOLR);
- client.createRole(adminUser, testRole, SOLR);
-
- TSentryPrivilege grantPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"))),
- SolrConstants.QUERY);
- grantPrivilege.setGrantOption(TSentryGrantOption.TRUE);
-
- TSentryPrivilege noGrantPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"))),
- SolrConstants.QUERY);
- noGrantPrivilege.setGrantOption(TSentryGrantOption.FALSE);
-
- TSentryPrivilege testPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))),
- SolrConstants.QUERY);
- testPrivilege.setGrantOption(TSentryGrantOption.FALSE);
-
- client.grantPrivilege(adminUser, grantRole, SOLR, grantPrivilege);
- client.grantPrivilege(adminUser, noGrantRole, SOLR, noGrantPrivilege);
-
- client.grantRoleToGroups(adminUser, grantRole, SOLR, grantOptionGroup);
- client.grantRoleToGroups(adminUser, noGrantRole, SOLR, noGrantOptionGroup);
-
- try {
- client.grantPrivilege(grantOptionUser,testRole,SOLR, testPrivilege);
- } catch (SentryUserException e) {
- fail("grantOptionUser failed grant privilege to user");
- }
-
- try {
- client.grantPrivilege(noGrantOptionUser, testRole, SOLR, testPrivilege);
- fail("noGrantOptionUser can't grant privilege to user");
- } catch (SentryUserException e) {
- }
-
- try {
- client.revokePrivilege(grantOptionUser, testRole, SOLR, testPrivilege);
- } catch(SentryUserException e) {
- fail("grantOptionUser failed revoke privilege to user");
- }
-
- try {
- client.revokePrivilege(noGrantOptionUser, testRole, SOLR, testPrivilege);
- fail("noGrantOptionUser can't revoke privilege to user");
- } catch (SentryUserException e) {
- }
- }});
- }
-
- @Test
- public void testGetPrivilegeByHierarchy() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String adminUser = ADMIN_USER;
- Set<String> adminGroup = Sets.newHashSet(ADMIN_GROUP);
- String testRole = "role1";
- Set<String> testGroup = Sets.newHashSet("group1");
- String testUser = "user1";
- setLocalGroupMapping(adminUser, adminGroup);
- setLocalGroupMapping(testUser, testGroup);
- writePolicyFile();
-
-
- client.createRole(adminUser, testRole, SOLR);
- client.grantRoleToGroups(adminUser, testRole, SOLR, testGroup);
-
- TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))),
- SolrConstants.QUERY);
-
- TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c2"), new Field("f2"))),
- SolrConstants.UPDATE);
-
- client.grantPrivilege(adminUser, testRole, SOLR, queryPrivilege);
- client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege);
-
- assertEquals(2, client.listAllPrivilegesByRoleName(testUser, testRole, SOLR, "service1").size());
-
- assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole,
- SOLR, "service1", Arrays.asList(new Collection("c1"))).size());
-
- assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole,
- SOLR, "service1", Arrays.asList(new Collection("c2"))).size());
-
- assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole,
- SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size());
-
- assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole,
- SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size());
-
- //test listPrivilegesForProvider by group(testGroup)
- ActiveRoleSet roleSet = ActiveRoleSet.ALL;
-
- assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet,
- testGroup, Arrays.asList(new Collection("c1"))).size());
-
- assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet,
- testGroup, Arrays.asList(new Collection("c2"))).size());
-
- assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet,
- testGroup, Arrays.asList(new Collection("c1"), new Field("f1"))).size());
-
- assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet,
- testGroup, Arrays.asList(new Collection("c2"), new Field("f2"))).size());
- }});
- }
-
- @Test
- public void testGetPrivilegeByAuthorizable() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String adminUser = ADMIN_USER;
- Set<String> adminGroup = Sets.newHashSet(ADMIN_GROUP);
- String testRole = "role1";
- Set<String> testGroup = Sets.newHashSet("group1");
- String testUser = "user1";
- setLocalGroupMapping(adminUser, adminGroup);
- setLocalGroupMapping(testUser, testGroup);
- writePolicyFile();
-
- client.createRole(adminUser, testRole, SOLR);
- client.grantRoleToGroups(adminUser, testRole, SOLR, adminGroup);
-
- TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))),
- SolrConstants.QUERY);
-
- TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f2"))),
- SolrConstants.UPDATE);
-
- client.grantPrivilege(adminUser, testRole, SOLR, queryPrivilege);
- client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege);
-
- //test listPrivilegesbyAuthorizable without requested group and active role set.
- assertEquals(1, client.listPrivilegesbyAuthorizable(SOLR, "service1", adminUser,
- Sets.newHashSet(new String("Collection=c1->Field=f1")), null, null).size());
-
- //test listPrivilegesbyAuthorizable with requested group (testGroup)
- Map<String, TSentryPrivilegeMap> privilegeMap = client.listPrivilegesbyAuthorizable(SOLR,
- "service1", adminUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), testGroup, null);
- TSentryPrivilegeMap actualMap = privilegeMap.get(new String("Collection=c1->Field=f1"));
- assertEquals(0, actualMap.getPrivilegeMap().size());
-
- //test listPrivilegesbyAuthorizable with active role set.
- ActiveRoleSet roleSet = ActiveRoleSet.ALL;
- assertEquals(1, client.listPrivilegesbyAuthorizable(SOLR, "service1", adminUser,
- Sets.newHashSet(new String("Collection=c1->Field=f1")), null, roleSet).size());
- privilegeMap = client.listPrivilegesbyAuthorizable(SOLR,
- "service1", adminUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), null, roleSet);
- actualMap = privilegeMap.get(new String("Collection=c1->Field=f1"));
- assertEquals(1, actualMap.getPrivilegeMap().size());
-
- privilegeMap = client.listPrivilegesbyAuthorizable(SOLR,
- "service1", testUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), null, roleSet);
- actualMap = privilegeMap.get(new String("Collection=c1->Field=f1"));
- assertEquals(0, actualMap.getPrivilegeMap().size());
-
- // grant tesRole to testGroup.
- client.grantRoleToGroups(adminUser, testRole, SOLR, testGroup);
-
- privilegeMap = client.listPrivilegesbyAuthorizable(SOLR,
- "service1", testUser, Sets.newHashSet(new String("Collection=c1")), null, roleSet);
- actualMap = privilegeMap.get(new String("Collection=c1"));
- assertEquals(1, actualMap.getPrivilegeMap().size());
- assertEquals(2, actualMap.getPrivilegeMap().get(testRole).size());
- }});
- }
-
- @Test
- public void testDropAndRenamePrivilege() throws Exception {
- runTestAsSubject(new TestOperation(){
- @Override
- public void runTestAsSubject() throws Exception {
- String requestorUserName = ADMIN_USER;
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
- writePolicyFile();
- String roleName = "admin_r1";
-
- client.createRole(requestorUserName, roleName, SOLR);
-
- TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))),
- SolrConstants.QUERY);
- client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege);
-
- assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName,
- SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size());
-
- assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName,
- SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size());
-
- client.renamePrivilege(requestorUserName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1")),
- Arrays.asList(new Collection("c2"), new Field("f2")));
-
- assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName,
- SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size());
-
- assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName,
- SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size());
-
- TSentryPrivilege dropPrivilege = new TSentryPrivilege(SOLR, "service1",
- fromAuthorizable(Arrays.asList(new Collection("c2"), new Field("f2"))),
- SolrConstants.QUERY);
-
- client.dropPrivilege(requestorUserName, SOLR, dropPrivilege);
-
- assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName,
- SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size());
- }});
- }
-
- private List<TAuthorizable> fromAuthorizable(List<? extends Authorizable> authorizables) {
- List<TAuthorizable> tAuthorizables = Lists.newArrayList();
- for (Authorizable authorizable : authorizables) {
- tAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
- }
- return tAuthorizables;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
index b1c2365..307f38e 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
@@ -26,24 +26,24 @@ import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.core.model.db.AccessConstants;
import org.apache.sentry.provider.db.log.util.Constants;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeResponse;
-import org.apache.sentry.provider.db.service.thrift.TCreateSentryRoleRequest;
-import org.apache.sentry.provider.db.service.thrift.TCreateSentryRoleResponse;
-import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleRequest;
-import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleResponse;
-import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.api.common.ApiConstants.PrivilegeScope;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleAddGroupsRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleAddGroupsResponse;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleDeleteGroupsResponse;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleGrantPrivilegeResponse;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleRevokePrivilegeResponse;
+import org.apache.sentry.api.service.thrift.TCreateSentryRoleRequest;
+import org.apache.sentry.api.service.thrift.TCreateSentryRoleResponse;
+import org.apache.sentry.api.service.thrift.TDropSentryRoleRequest;
+import org.apache.sentry.api.service.thrift.TDropSentryRoleResponse;
+import org.apache.sentry.api.service.thrift.TSentryGroup;
+import org.apache.sentry.api.service.thrift.TSentryPrivilege;
import org.apache.sentry.core.common.utils.ThriftUtil;
-import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.apache.sentry.service.thrift.Status;
+import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
+import org.apache.sentry.api.common.Status;
import org.junit.BeforeClass;
import org.junit.Test;
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
index 4f35a44..8623a09 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
@@ -28,24 +28,24 @@ import java.util.Map;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
-import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
+import org.apache.sentry.api.generic.thrift.TAlterSentryRoleAddGroupsRequest;
+import org.apache.sentry.api.generic.thrift.TAlterSentryRoleAddGroupsResponse;
+import org.apache.sentry.api.generic.thrift.TAlterSentryRoleDeleteGroupsRequest;
+import org.apache.sentry.api.generic.thrift.TAlterSentryRoleDeleteGroupsResponse;
+import org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest;
+import org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeResponse;
+import org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+import org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeResponse;
+import org.apache.sentry.api.generic.thrift.TAuthorizable;
+import org.apache.sentry.api.generic.thrift.TCreateSentryRoleRequest;
+import org.apache.sentry.api.generic.thrift.TCreateSentryRoleResponse;
+import org.apache.sentry.api.generic.thrift.TDropSentryRoleRequest;
+import org.apache.sentry.api.generic.thrift.TDropSentryRoleResponse;
+import org.apache.sentry.api.generic.thrift.TSentryPrivilege;
import org.apache.sentry.provider.db.log.util.Constants;
import org.apache.sentry.core.common.utils.ThriftUtil;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.apache.sentry.service.thrift.Status;
+import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
+import org.apache.sentry.api.common.Status;
import org.junit.BeforeClass;
import org.junit.Test;
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
index 8cf0e70..2b2c411 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
@@ -23,12 +23,12 @@ import java.util.List;
import java.util.Set;
import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
+import org.apache.sentry.api.generic.thrift.TAuthorizable;
+import org.apache.sentry.api.common.ApiConstants.PrivilegeScope;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
+import org.apache.sentry.api.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+import org.apache.sentry.api.service.thrift.TSentryGrantOption;
+import org.apache.sentry.api.service.thrift.TSentryPrivilege;
import org.junit.Assert;
import org.junit.Test;
@@ -308,9 +308,9 @@ public class TestCommandUtil extends Assert {
// generate the command without grant option
@Test
public void testCreateCmdForGrantOrRevokeGMPrivilege1() {
- org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest();
- org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest();
- org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege();
+ org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest();
+ org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest();
+ org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = getGMPrivilege();
grantRequest.setPrivilege(privilege);
revokeRequest.setPrivilege(privilege);
@@ -327,11 +327,11 @@ public class TestCommandUtil extends Assert {
// generate the command with grant option
@Test
public void testCreateCmdForGrantOrRevokeGMPrivilege2() {
- org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest();
- org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest();
- org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege();
+ org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest();
+ org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest();
+ org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = getGMPrivilege();
privilege
- .setGrantOption(org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption.TRUE);
+ .setGrantOption(org.apache.sentry.api.generic.thrift.TSentryGrantOption.TRUE);
grantRequest.setPrivilege(privilege);
revokeRequest.setPrivilege(privilege);
@@ -379,14 +379,14 @@ public class TestCommandUtil extends Assert {
return request;
}
- private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest getGrantGMPrivilegeRequest() {
- org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest();
+ private org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest getGrantGMPrivilegeRequest() {
+ org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest request = new org.apache.sentry.api.generic.thrift.TAlterSentryRoleGrantPrivilegeRequest();
request.setRoleName("testRole");
return request;
}
- private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest getRevokeGMPrivilegeRequest() {
- org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest();
+ private org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest getRevokeGMPrivilegeRequest() {
+ org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest request = new org.apache.sentry.api.generic.thrift.TAlterSentryRoleRevokePrivilegeRequest();
request.setRoleName("testRole");
return request;
}
@@ -403,8 +403,8 @@ public class TestCommandUtil extends Assert {
return privilege;
}
- private org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege getGMPrivilege() {
- org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = new org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege();
+ private org.apache.sentry.api.generic.thrift.TSentryPrivilege getGMPrivilege() {
+ org.apache.sentry.api.generic.thrift.TSentryPrivilege privilege = new org.apache.sentry.api.generic.thrift.TSentryPrivilege();
privilege.setAction("ACTION");
privilege.setComponent("COMPONENT");
List<TAuthorizable> authorizables = new ArrayList<TAuthorizable>();
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java
index 4b38635..0c66dd2 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollower.java
@@ -54,9 +54,9 @@ import org.apache.sentry.hdfs.UniquePathsUpdate;
import org.apache.sentry.service.thrift.SentryHMSClient;
import org.apache.sentry.service.thrift.HiveConnectionFactory;
import org.apache.sentry.service.thrift.HiveSimpleConnectionFactory;
-import org.apache.sentry.service.thrift.ServiceConstants;
+import org.apache.sentry.service.common.ServiceConstants;
import org.apache.sentry.service.thrift.HMSClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
+import org.apache.sentry.api.service.thrift.TSentryAuthorizable;
import static org.apache.sentry.hdfs.ServiceConstants.ServerConfig.SENTRY_SERVICE_FULL_UPDATE_PUBSUB;
import org.junit.Before;
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java
index 91c90f9..4e8a2e6 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestHMSFollowerSentryStoreIntegration.java
@@ -33,10 +33,10 @@ import org.apache.hadoop.hive.metastore.messaging.EventMessage;
import org.apache.hadoop.hive.metastore.messaging.EventMessage.EventType;
import org.apache.sentry.binding.metastore.messaging.json.SentryJSONMessageFactory;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.api.service.thrift.TSentryPrivilege;
import org.apache.sentry.service.thrift.HiveSimpleConnectionFactory;
import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestLeaderStatusMonitor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestLeaderStatusMonitor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestLeaderStatusMonitor.java
index 395516c..f6592ec 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestLeaderStatusMonitor.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestLeaderStatusMonitor.java
@@ -25,7 +25,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import static java.lang.Thread.sleep;
-import static org.apache.sentry.service.thrift.ServiceConstants.ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM;
+import static org.apache.sentry.service.common.ServiceConstants.ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestNotificationProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestNotificationProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestNotificationProcessor.java
index 923faff..f227bb4 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestNotificationProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestNotificationProcessor.java
@@ -33,8 +33,8 @@ import org.apache.hadoop.hive.metastore.api.Table;
import org.apache.hadoop.hive.metastore.messaging.EventMessage;
import org.apache.sentry.binding.metastore.messaging.json.SentryJSONMessageFactory;
import org.apache.sentry.hdfs.UniquePathsUpdate;
-import org.apache.sentry.service.thrift.ServiceConstants;
-import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
+import org.apache.sentry.service.common.ServiceConstants;
+import org.apache.sentry.api.service.thrift.TSentryAuthorizable;
import org.junit.After;
import org.junit.BeforeClass;
import org.junit.Test;
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 679a097..152c0ce 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -64,16 +64,16 @@ import org.apache.sentry.provider.db.service.model.MSentryPermChange;
import org.apache.sentry.provider.db.service.model.MSentryPathChange;
import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
import org.apache.sentry.provider.db.service.model.MSentryRole;
-import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
-import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.service.thrift.TSentryRole;
+import org.apache.sentry.api.service.thrift.TSentryActiveRoleSet;
+import org.apache.sentry.api.service.thrift.TSentryAuthorizable;
+import org.apache.sentry.api.service.thrift.TSentryGrantOption;
+import org.apache.sentry.api.service.thrift.TSentryGroup;
+import org.apache.sentry.api.service.thrift.TSentryPrivilege;
+import org.apache.sentry.api.service.thrift.TSentryRole;
import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.service.thrift.SentryServiceUtil;
-import org.apache.sentry.service.thrift.ServiceConstants;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.apache.sentry.api.common.SentryServiceUtil;
+import org.apache.sentry.service.common.ServiceConstants;
+import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
http://git-wip-us.apache.org/repos/asf/sentry/blob/af8ea0ac/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java
index b085ac3..ebc8c31 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java
@@ -33,13 +33,13 @@ import org.apache.sentry.provider.db.service.model.MSentryGroup;
import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
import org.apache.sentry.provider.db.service.model.MSentryRole;
import org.apache.sentry.provider.db.service.model.MSentryUser;
-import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryMappingData;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.api.common.ApiConstants.PrivilegeScope;
+import org.apache.sentry.api.service.thrift.TSentryGrantOption;
+import org.apache.sentry.api.service.thrift.TSentryMappingData;
+import org.apache.sentry.api.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.service.thrift.SentryServiceUtil;
-import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.apache.sentry.api.common.SentryServiceUtil;
+import org.apache.sentry.service.common.ServiceConstants.ServerConfig;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;