You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sh...@apache.org on 2013/09/18 20:14:01 UTC
[1/2] SENTRY-6: Use one policy editor exclusively in all the end to
end tests (Sravya Tirukkovalur via Shreepadma Venugopalan
Updated Branches:
refs/heads/master 629904ff5 -> fc9e88391
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java
index 437ca03..b9f71a9 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java
@@ -26,6 +26,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@@ -42,6 +43,7 @@ public class TestRuntimeMetadataRetrieval
extends
AbstractTestWithStaticLocalFS {
private Context context;
+ private PolicyFile policyFile;
private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
private File dataDir;
private File dataFile;
@@ -54,6 +56,7 @@ public class TestRuntimeMetadataRetrieval
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
}
@After
@@ -75,20 +78,16 @@ public class TestRuntimeMetadataRetrieval
String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"};
List<String> tableNamesValidation = new ArrayList<String>();
- // edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = adminPri", "groups");
- editor.addPolicy("user_group = tab1_priv,tab2_priv,tab3_priv", "groups");
- editor.addPolicy("adminPri = server=server1", "roles");
- editor.addPolicy("tab1_priv = server=server1->db=" + dbName1 + "->table="
- + tableNames[0] + "->action=select", "roles");
- editor.addPolicy("tab2_priv = server=server1->db=" + dbName1 + "->table="
- + tableNames[1] + "->action=insert", "roles");
- editor.addPolicy("tab3_priv = server=server1->db=" + dbName1 + "->table="
- + tableNames[2] + "->action=select", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = user_group", "users");
+ policyFile
+ .addRolesToGroup("user_group", "tab1_priv,tab2_priv,tab3_priv")
+ .addPermissionsToRole("tab1_priv", "server=server1->db=" + dbName1 + "->table="
+ + tableNames[0] + "->action=select")
+ .addPermissionsToRole("tab2_priv", "server=server1->db=" + dbName1 + "->table="
+ + tableNames[1] + "->action=insert")
+ .addPermissionsToRole("tab3_priv", "server=server1->db=" + dbName1 + "->table="
+ + tableNames[2] + "->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
String user1TableNames[] = {"tb_1", "tb_2", "tb_3"};
@@ -129,15 +128,11 @@ public class TestRuntimeMetadataRetrieval
String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"};
List<String> tableNamesValidation = new ArrayList<String>();
- // edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = adminPri", "groups");
- editor.addPolicy("user_group = db_priv", "groups");
- editor.addPolicy("adminPri = server=server1", "roles");
- editor.addPolicy("db_priv = server=server1->db=" + dbName1, "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = user_group", "users");
+ policyFile
+ .addRolesToGroup("user_group", "db_priv")
+ .addPermissionsToRole("db_priv", "server=server1->db=" + dbName1)
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
String user1TableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"};
@@ -177,16 +172,12 @@ public class TestRuntimeMetadataRetrieval
String tableNames[] = {"tb_1", "tb_2", "tb_3", "newtab_3"};
List<String> tableNamesValidation = new ArrayList<String>();
- // edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = adminPri", "groups");
- editor.addPolicy("user_group = tab_priv", "groups");
- editor.addPolicy("adminPri = server=server1", "roles");
- editor.addPolicy("tab_priv = server=server1->db=" + dbName1 + "->table="
- + tableNames[3] + "->action=insert", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = user_group", "users");
+ policyFile
+ .addRolesToGroup("user_group", "tab_priv")
+ .addPermissionsToRole("tab_priv", "server=server1->db=" + dbName1 + "->table="
+ + tableNames[3] + "->action=insert")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
String adminTableNames[] = {"tb_3", "newtab_3", "tb_2", "tb_1"};
String user1TableNames[] = {"newtab_3"};
@@ -226,15 +217,11 @@ public class TestRuntimeMetadataRetrieval
String tableNames[] = {"tb_1", "tb_2", "tb_3", "newtab_3"};
List<String> tableNamesValidation = new ArrayList<String>();
- // edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = adminPri", "groups");
- editor.addPolicy("user_group = tab_priv", "groups");
- editor.addPolicy("adminPri = server=server1", "roles");
- editor.addPolicy("tab_priv = server=server1->db=" + dbName1, "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = user_group", "users");
+ policyFile
+ .addRolesToGroup("user_group", "tab_priv")
+ .addPermissionsToRole("tab_priv", "server=server1->db=" + dbName1)
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
String adminTableNames[] = {"tb_3", "newtab_3", "tb_1", "tb_2"};
String user1TableNames[] = {"tb_3", "newtab_3", "tb_1", "tb_2"};
@@ -271,14 +258,9 @@ public class TestRuntimeMetadataRetrieval
public void testShowTables5() throws Exception {
String tableNames[] = {"tb_1", "tb_2", "tb_3", "tb_4"};
- // edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = adminPri", "groups");
- editor.addPolicy("user_group = db_priv", "groups");
- editor.addPolicy("adminPri = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
-
+ policyFile
+ .addRolesToGroup("user_group", "db_priv")
+ .write(context.getPolicyFile());
Connection connection = context.createConnection("admin1", "foo");
Statement statement = context.createStatement(connection);
createTabs(statement, "default", tableNames);
@@ -301,18 +283,16 @@ public class TestRuntimeMetadataRetrieval
*/
@Test
public void testShowDatabases1() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
List<String> dbNamesValidation = new ArrayList<String>();
- editor.addPolicy("admin = adminPri", "groups");
- editor.addPolicy("group1 = db1_all", "groups");
- editor.addPolicy("db1_all = server=server1->db=db_1", "roles");
- editor.addPolicy("adminPri = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
String[] dbNames = {"db_1", "db_2", "db_3"};
String[] user1DbNames = {"db_1"};
+ policyFile
+ .addRolesToGroup("group1", "db1_all")
+ .addPermissionsToRole("db1_all", "server=server1->db=db_1")
+ .addGroupsToUser("user1", "group1")
+ .write(context.getPolicyFile());
+
Connection connection = context.createConnection("admin1", "foo");
Statement statement = context.createStatement(connection);
// create all dbs
@@ -344,19 +324,17 @@ public class TestRuntimeMetadataRetrieval
*/
@Test
public void testShowDatabases2() throws Exception {
- File policyFile = context.getPolicyFile();
String[] dbNames = {"db_1", "db_2", "db_3"};
List<String> dbNamesValidation = new ArrayList<String>();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = adminPri", "groups");
- editor.addPolicy("group1 = db1_tab,db2_tab", "groups");
- editor.addPolicy("db1_tab = server=server1->db=db_1->table=tb_1->action=select","roles");
- editor.addPolicy("db2_tab = server=server1->db=db_2->table=tb_1->action=insert","roles");
- editor.addPolicy("adminPri = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
String[] user1DbNames = {"db_1", "db_2"};
+ policyFile
+ .addRolesToGroup("group1", "db1_tab,db2_tab")
+ .addPermissionsToRole("db1_tab", "server=server1->db=db_1->table=tb_1->action=select")
+ .addPermissionsToRole("db2_tab", "server=server1->db=db_2->table=tb_1->action=insert")
+ .addGroupsToUser("user1", "group1")
+ .write(context.getPolicyFile());
+
// verify by SQL
// 1, 2
Connection connection = context.createConnection("admin1", "foo");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSandboxOps.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSandboxOps.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSandboxOps.java
index c5901b9..70c460e 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSandboxOps.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSandboxOps.java
@@ -187,24 +187,16 @@ public class TestSandboxOps extends AbstractTestWithStaticDFS {
*/
@Test
public void testNegUserPrivilegesAll() throws Exception {
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = db1_all",
- "user_group2 = db1_tab1_select",
- "[roles]",
- "db1_all = server=server1->db=db1",
- "db1_tab1_select = server=server1->db=db1->table=table_1->action=select",
- "admin_role = server=server1",
- "[users]",
- "user1 = user_group1",
- "user2 = user_group2",
- "admin = admin_group"
- };
- context.makeNewPolicy(testPolicies);
-
+ policyFile
+ .addRolesToGroup("user_group1", "db1_all")
+ .addRolesToGroup("user_group2", "db1_tab1_select")
+ .addPermissionsToRole("db1_tab1_select", "server=server1->db=db1->table=table_1->action=select")
+ .addPermissionsToRole("db1_all", "server=server1->db=db1")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .write(context.getPolicyFile());
// create dbs
- Connection adminCon = context.createConnection("admin", "foo");
+ Connection adminCon = context.createConnection("admin1", "foo");
Statement adminStmt = context.createStatement(adminCon);
String dbName = "db1";
adminStmt.execute("use default");
@@ -403,20 +395,16 @@ public class TestSandboxOps extends AbstractTestWithStaticDFS {
*/
@Test
public void testSandboxOpt17() throws Exception {
- // edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = all_db1, load_data", "groups");
- editor.addPolicy("group2 = select_tb1", "groups");
- editor.addPolicy("select_tb1 = server=server1->db=db_1->table=tbl_1->action=select", "roles");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("load_data = server=server1->uri=file://" + dataFile.toString(), "roles");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
+ policyFile
+ .addRolesToGroup("group1", "all_db1", "load_data")
+ .addRolesToGroup("group2", "select_tb1")
+ .addPermissionsToRole("select_tb1", "server=server1->db=db_1->table=tbl_1->action=select")
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.toString())
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2")
+ .write(context.getPolicyFile());
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
@@ -470,17 +458,16 @@ public class TestSandboxOps extends AbstractTestWithStaticDFS {
"test-" + (counter++)));
Path allowedDfsDir = assertCreateDfsDir(new Path(dfsBaseDir, "test-" + (counter++)));
Path restrictedDfsDir = assertCreateDfsDir(new Path(dfsBaseDir, "test-" + (counter++)));
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = all_db1, load_data", "groups");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("load_data = server=server1->uri=file://" + allowedDir.getPath() +
- ", server=server1->uri=file://" + allowedDir.getPath() +
- ", server=server1->uri=" + allowedDfsDir.toString(), "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
+
+ policyFile
+ .addRolesToGroup("group1", "all_db1", "load_data")
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addPermissionsToRole("load_data", "server=server1->uri=file://" + allowedDir.getPath() +
+ ", server=server1->uri=file://" + allowedDir.getPath() +
+ ", server=server1->uri=" + allowedDfsDir.toString())
+ .addGroupsToUser("user1", "group1")
+ .write(context.getPolicyFile());
+
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
createTable(ADMIN1, DB1, dataFile, TBL1);
@@ -536,45 +523,27 @@ public class TestSandboxOps extends AbstractTestWithStaticDFS {
// Create per-db policy file on hdfs and global policy on local.
@Test
public void testPerDbPolicyOnDFS() throws Exception {
- context = createContext();
- File policyFile = context.getPolicyFile();
- File db2PolicyFile = new File(baseDir.getPath(), DB2_POLICY_FILE);
-
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- "user_group2 = select_tbl2",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user1 = user_group1",
- "user2 = user_group2",
- "[databases]",
- "db2 = " + dfsBaseDir.toUri().toString() + "/" + db2PolicyFile.getName()
- };
- context.makeNewPolicy(policyFileContents);
-
- String[] db2PolicyFileContents = {
- "[groups]",
- "user_group2 = select_tbl2",
- "[roles]",
- "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
- };
- Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
- PolicyFiles.copyFilesToDir(dfsCluster.getFileSystem(), dfsBaseDir, db2PolicyFile);
+
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addDatabase("db2", dfsBaseDir.toUri().toString() + "/" + DB2_POLICY_FILE)
+ .write(context.getPolicyFile());
+
+ File db2PolicyFileHandle = new File(baseDir.getPath(), DB2_POLICY_FILE);
+
+ PolicyFile db2PolicyFile = new PolicyFile();
+ db2PolicyFile
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+ .write(db2PolicyFileHandle);
+ PolicyFiles.copyFilesToDir(dfsCluster.getFileSystem(), dfsBaseDir, db2PolicyFileHandle);
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
@@ -605,7 +574,7 @@ public class TestSandboxOps extends AbstractTestWithStaticDFS {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE db1 CASCADE");
statement.execute("DROP DATABASE db2 CASCADE");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSentryOnFailureHookLoading.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSentryOnFailureHookLoading.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSentryOnFailureHookLoading.java
index b16d00a..43469c5 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSentryOnFailureHookLoading.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSentryOnFailureHookLoading.java
@@ -19,6 +19,7 @@ package org.apache.sentry.tests.e2e;
import com.google.common.io.Resources;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.provider.file.PolicyFile;
import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
import org.junit.After;
import org.junit.Before;
@@ -38,6 +39,8 @@ import static org.junit.Assert.assertFalse;
public class TestSentryOnFailureHookLoading extends AbstractTestWithHiveServer {
private Context context;
+ private PolicyFile policyFile;
+
Map<String, String > testProperties;
private static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
@@ -46,6 +49,7 @@ public class TestSentryOnFailureHookLoading extends AbstractTestWithHiveServer {
testProperties = new HashMap<String, String>();
testProperties.put(HiveAuthzConf.AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(),
DummySentryOnFailureHook.class.getName());
+ policyFile = PolicyFile.createAdminOnServer1("admin1");
}
@After
@@ -74,29 +78,21 @@ public class TestSentryOnFailureHookLoading extends AbstractTestWithHiveServer {
context = createContext(testProperties);
- File policyFile = context.getPolicyFile();
File dataDir = context.getDataDir();
//copy data file to test dir
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_db1, load_data");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_db1 = server=server1->db=DB_1");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
+
+ policyFile
+ .addRolesToGroup("user_group1", "all_db1", "load_data")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addGroupsToUser("user1", "user_group1")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
@@ -122,7 +118,7 @@ public class TestSentryOnFailureHookLoading extends AbstractTestWithHiveServer {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.execute("DROP DATABASE DB_2 CASCADE");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestServerConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestServerConfiguration.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestServerConfiguration.java
index aaad396..2c7ed7e 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestServerConfiguration.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestServerConfiguration.java
@@ -53,7 +53,7 @@ public class TestServerConfiguration extends AbstractTestWithHiveServer {
@Before
public void setup() throws Exception {
properties = Maps.newHashMap();
- policyFile = PolicyFile.createAdminOnServer1("hive");
+ policyFile = PolicyFile.createAdminOnServer1("admin1");
}
@@ -73,7 +73,7 @@ public class TestServerConfiguration extends AbstractTestWithHiveServer {
properties.put("hive.server2.enable.impersonation", "true");
context = createContext(properties);
policyFile.write(context.getPolicyFile());
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
try {
statement.execute("create table test (a string)");
@@ -93,7 +93,7 @@ public class TestServerConfiguration extends AbstractTestWithHiveServer {
context = createContext(properties);
policyFile.write(context.getPolicyFile());
System.out.println(Files.toString(context.getPolicyFile(), Charsets.UTF_8));
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
try {
statement.execute("create table test (a string)");
@@ -111,7 +111,7 @@ public class TestServerConfiguration extends AbstractTestWithHiveServer {
context = createContext(properties);
File policyFile = context.getPolicyFile();
assertTrue("Could not delete " + policyFile, policyFile.delete());
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
try {
statement.execute("create table test (a string)");
@@ -132,7 +132,7 @@ public class TestServerConfiguration extends AbstractTestWithHiveServer {
FileOutputStream out = new FileOutputStream(policyFile);
out.write("this is not valid".getBytes(Charsets.UTF_8));
out.close();
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
try {
statement.execute("create table test (a string)");
@@ -144,18 +144,15 @@ public class TestServerConfiguration extends AbstractTestWithHiveServer {
@Test
public void testAddDeleteDFSRestriction() throws Exception {
- // edit policy file
context = createContext(properties);
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = all_db1", "groups");
- editor.addPolicy("group2 = select_tb1", "groups");
- editor.addPolicy("select_tb1 = server=server1->db=db_1->table=tbl_1->action=select", "roles");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
+
+ policyFile
+ .addRolesToGroup("group1", "all_db1")
+ .addRolesToGroup("group2", "select_tb1")
+ .addPermissionsToRole("select_tb1", "server=server1->db=db_1->table=tbl_1->action=select")
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addGroupsToUser("user1", "group1")
+ .write(context.getPolicyFile());
Connection connection = context.createConnection("user1", "password");
Statement statement = context.createStatement(connection);
@@ -176,13 +173,9 @@ public class TestServerConfiguration extends AbstractTestWithHiveServer {
@Test
public void testAccessConfigRestrictions() throws Exception {
context = createContext(properties);
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- String testUser = "user1";
+ policyFile.write(context.getPolicyFile());
+ String testUser = "user1";
// verify the config is set correctly by session hook
verifyConfig(testUser, ConfVars.SEMANTIC_ANALYZER_HOOK.varname,
HiveAuthzBindingSessionHook.SEMANTIC_HOOK);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUriPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUriPermissions.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUriPermissions.java
index cd6eb14..51ced04 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUriPermissions.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUriPermissions.java
@@ -22,6 +22,7 @@ import java.sql.Statement;
import junit.framework.Assert;
+import org.apache.sentry.provider.file.PolicyFile;
import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
import org.junit.After;
import org.junit.Before;
@@ -29,12 +30,15 @@ import org.junit.Test;
public class TestUriPermissions extends AbstractTestWithStaticLocalFS {
private Context context;
+ private PolicyFile policyFile;
+
private static final String dataFile = "/kv1.dat";
private String dataFilePath = this.getClass().getResource(dataFile).getFile();
@Before
public void setup() throws Exception {
context = createContext();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
}
@After
@@ -52,26 +56,19 @@ public class TestUriPermissions extends AbstractTestWithStaticLocalFS {
Connection userConn = null;
Statement userStmt = null;
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = db1_read, db1_write, data_read",
- "user_group2 = db1_write",
- "[roles]",
- "db1_write = server=server1->db=" + dbName + "->table=" + tabName + "->action=INSERT",
- "db1_read = server=server1->db=" + dbName + "->table=" + tabName + "->action=SELECT",
- // role below has duplicate privilege for ACCESS-178
- "data_read = server=server1->URI=file://" + dataFilePath + ", server=server1->URI=file://" + dataFilePath,
- "admin_role = server=server1",
- "[users]",
- "user1 = user_group1",
- "user2 = user_group2",
- "admin = admin_group"
- };
- context.makeNewPolicy(testPolicies);
+ policyFile
+ .addRolesToGroup("user_group1", "db1_read", "db1_write", "data_read")
+ .addRolesToGroup("user_group2", "db1_write")
+ .addPermissionsToRole("db1_write", "server=server1->db=" + dbName + "->table=" + tabName + "->action=INSERT")
+ .addPermissionsToRole("db1_read", "server=server1->db=" + dbName + "->table=" + tabName + "->action=SELECT")
+ .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFilePath
+ + ", server=server1->URI=file://" + dataFilePath)
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .write(context.getPolicyFile());
// create dbs
- Connection adminCon = context.createConnection("admin", "foo");
+ Connection adminCon = context.createConnection("admin1", "foo");
Statement adminStmt = context.createStatement(adminCon);
adminStmt.execute("use default");
adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE");
@@ -113,27 +110,20 @@ public class TestUriPermissions extends AbstractTestWithStaticLocalFS {
Connection userConn = null;
Statement userStmt = null;
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = db1_all, data_read",
- "user_group2 = db1_all",
- "user_group3 = db1_tab1_all, data_read",
- "[roles]",
- "db1_all = server=server1->db=" + dbName,
- "db1_tab1_all = server=server1->db=" + dbName + "->table=" + tabName,
- "data_read = server=server1->URI=" + tabDir,
- "admin_role = server=server1",
- "[users]",
- "user1 = user_group1",
- "user2 = user_group2",
- "user3 = user_group3",
- "admin = admin_group"
- };
- context.makeNewPolicy(testPolicies);
+ policyFile
+ .addRolesToGroup("user_group1", "db1_all", "data_read")
+ .addRolesToGroup("user_group2", "db1_all")
+ .addRolesToGroup("user_group3", "db1_tab1_all", "data_read")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + dbName)
+ .addPermissionsToRole("db1_tab1_all", "server=server1->db=" + dbName + "->table=" + tabName)
+ .addPermissionsToRole("data_read", "server=server1->URI=" + tabDir)
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addGroupsToUser("user3", "user_group3")
+ .write(context.getPolicyFile());
// create dbs
- Connection adminCon = context.createConnection("admin", "foo");
+ Connection adminCon = context.createConnection("admin1", "foo");
Statement adminStmt = context.createStatement(adminCon);
adminStmt.execute("use default");
adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE");
@@ -194,25 +184,18 @@ public class TestUriPermissions extends AbstractTestWithStaticLocalFS {
Connection userConn = null;
Statement userStmt = null;
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = server1_all",
- "user_group2 = db1_all, data_read",
- "[roles]",
- "db1_all = server=server1->db=" + dbName,
- "data_read = server=server1->URI=" + tabDir,
- "admin_role = server=server1",
- "server1_all = server=server1",
- "[users]",
- "user1 = user_group1",
- "user2 = user_group2",
- "admin = admin_group"
- };
- context.makeNewPolicy(testPolicies);
+ policyFile
+ .addRolesToGroup("user_group1", "server1_all")
+ .addRolesToGroup("user_group2", "db1_all, data_read")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + dbName)
+ .addPermissionsToRole("data_read", "server=server1->URI=" + tabDir)
+ .addPermissionsToRole("server1_all", "server=server1")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .write(context.getPolicyFile());
// create dbs
- Connection adminCon = context.createConnection("admin", "foo");
+ Connection adminCon = context.createConnection("admin1", "foo");
Statement adminStmt = context.createStatement(adminCon);
adminStmt.execute("use default");
adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE");
@@ -244,24 +227,18 @@ public class TestUriPermissions extends AbstractTestWithStaticLocalFS {
Connection userConn = null;
Statement userStmt = null;
String tableDir = "file://" + context.getDataDir();
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = db1_all, data_read",
- "user_group2 = db1_all",
- "[roles]",
- "db1_all = server=server1->db=" + dbName,
- "data_read = server=server1->URI=" + tableDir,
- "admin_role = server=server1",
- "[users]",
- "user1 = user_group1",
- "user2 = user_group2",
- "admin = admin_group"
- };
- context.makeNewPolicy(testPolicies);
+
+ policyFile
+ .addRolesToGroup("user_group1", "db1_all", "data_read")
+ .addRolesToGroup("user_group2", "db1_all")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + dbName)
+ .addPermissionsToRole("data_read", "server=server1->URI=" + tableDir)
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .write(context.getPolicyFile());
// create dbs
- Connection adminCon = context.createConnection("admin", "foo");
+ Connection adminCon = context.createConnection("admin1", "foo");
Statement adminStmt = context.createStatement(adminCon);
adminStmt.execute("use default");
adminStmt.execute("DROP DATABASE IF EXISTS " + dbName + " CASCADE");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUserManagement.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUserManagement.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUserManagement.java
index fba3878..ed9fe36 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUserManagement.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUserManagement.java
@@ -26,6 +26,7 @@ import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -39,6 +40,7 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
private static final String tableComment = "Test table";
private File dataFile;
private Context context;
+ private PolicyFile policyFile;
@Before
public void setUp() throws Exception {
@@ -106,11 +108,8 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testSanity() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+ policyFile.write(context.getPolicyFile());
doCreateDbLoadDataDropDb("admin1", "admin1");
}
@@ -119,13 +118,12 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
**/
@Test
public void testAdmin1() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("admin2 = admin", "users");
- editor.addPolicy("admin3 = admin", "users");
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+ policyFile
+ .addGroupsToUser("admin2", "admin")
+ .addGroupsToUser("admin3", "admin")
+ .write(context.getPolicyFile());
+
doCreateDbLoadDataDropDb("admin1", "admin1", "admin2", "admin3");
}
@@ -135,17 +133,17 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
**/
@Test
public void testAdmin3() throws Exception {
- // edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("admin2 = admin", "users");
- editor.addPolicy("admin3 = admin", "users");
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+ policyFile
+ .addGroupsToUser("admin2", "admin")
+ .addGroupsToUser("admin3", "admin")
+ .write(context.getPolicyFile());
doCreateDbLoadDataDropDb("admin1", "admin1", "admin2", "admin3");
+
// remove admin1 from admin group
- editor.removePolicy("admin1 = admin");
+ policyFile
+ .removeGroupsFromUser("admin1", "admin")
+ .write(context.getPolicyFile());
// verify admin1 doesn't have admin privilege
Connection connection = context.createConnection("admin1", "foo");
Statement statement = connection.createStatement();
@@ -159,14 +157,15 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
**/
@Test
public void testAdmin5() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin_group1 = admin", "groups");
- editor.addPolicy("admin_group2 = admin", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin_group1, admin_group2", "users");
- editor.addPolicy("admin2 = admin_group1, admin_group2", "users");
- editor.addPolicy("admin3 = admin_group1, admin_group2", "users");
+ policyFile = new PolicyFile();
+ policyFile
+ .addRolesToGroup("admin_group1", "admin")
+ .addRolesToGroup("admin_group2", "admin")
+ .addPermissionsToRole("admin", "server=server1")
+ .addGroupsToUser("admin1", "admin_group1", "admin_group2")
+ .addGroupsToUser("admin2", "admin_group1", "admin_group2")
+ .addGroupsToUser("admin3", "admin_group1", "admin_group2")
+ .write(context.getPolicyFile());
doCreateDbLoadDataDropDb("admin1", "admin1", "admin2", "admin3");
}
@@ -175,14 +174,13 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
**/
@Test
public void testAdmin6() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin_group = admin_role", "groups");
- editor.addPolicy("admin_role = server=server1", "roles");
- editor.addPolicy("admin1 = admin_group", "users");
- editor.addPolicy("group1 = non_admin_role", "groups");
- editor.addPolicy("non_admin_role = server=server1->db=" + dbName, "roles");
- editor.addPolicy("user1 = group1", "users");
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+ policyFile
+ .addRolesToGroup("group1", "non_admin_role")
+ .addPermissionsToRole("non_admin_role", "server=server1->db=" + dbName)
+ .addGroupsToUser("user1", "group1")
+ .write(context.getPolicyFile());
+
doCreateDbLoadDataDropDb("admin1", "admin1");
Connection connection = context.createConnection("user1", "password");
Statement statement = connection.createStatement();
@@ -196,14 +194,15 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
**/
@Test
public void testGroup2() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("group1 = admin, analytics", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("analytics = server=server1->db=" + dbName, "roles");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group1", "users");
- editor.addPolicy("user3 = group1", "users");
+ policyFile = new PolicyFile();
+ policyFile
+ .addRolesToGroup("group1", "admin", "analytics")
+ .addPermissionsToRole("admin", "server=server1")
+ .addPermissionsToRole("analytics", "server=server1->db=" + dbName)
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group1")
+ .addGroupsToUser("user3", "group1")
+ .write(context.getPolicyFile());
doCreateDbLoadDataDropDb("user1", "user1", "user2", "user3");
}
/**
@@ -211,16 +210,15 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
**/
@Test
public void testGroup4() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin_group = admin_role", "groups");
- editor.addPolicy("admin_role = server=server1", "roles");
- editor.addPolicy("admin1 = admin_group", "users");
- editor.addPolicy("group1 = non_admin_role, load_data", "groups");
- editor.addPolicy("non_admin_role = server=server1->db=" + dbName, "roles");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group1", "users");
- editor.addPolicy("user3 = group1", "users");
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+ policyFile
+ .addRolesToGroup("group1", "non_admin_role", "load_data")
+ .addPermissionsToRole("non_admin_role", "server=server1->db=" + dbName)
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group1")
+ .addGroupsToUser("user3", "group1")
+ .write(context.getPolicyFile());
+
doDropDb("admin1");
for(String user : new String[]{"user1", "user2", "user3"}) {
doCreateDb("admin1");
@@ -243,17 +241,17 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
**/
@Test
public void testGroup5() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin_group = admin_role", "groups");
- editor.addPolicy("admin_role = server=server1", "roles");
- editor.addPolicy("admin1 = admin_group", "users");
- editor.addPolicy("group1 = non_admin_role, load_data", "groups");
- editor.addPolicy("non_admin_role = server=server1->db=" + dbName, "roles");
- editor.addPolicy("load_data = server=server1->URI=file://" + dataFile.getPath(), "roles");
- editor.addPolicy("group1 = group1", "users");
- editor.addPolicy("user2 = group1", "users");
- editor.addPolicy("user3 = group1", "users");
+
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+ policyFile
+ .addRolesToGroup("group1", "non_admin_role", "load_data")
+ .addPermissionsToRole("non_admin_role", "server=server1->db=" + dbName)
+ .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
+ .addGroupsToUser("group1", "group1")
+ .addGroupsToUser("user2", "group1")
+ .addGroupsToUser("user3", "group1")
+ .write(context.getPolicyFile());
+
doDropDb("admin1");
for(String user : new String[]{"group1", "user2", "user3"}) {
doCreateDb("admin1");
@@ -267,17 +265,16 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
**/
@Test
public void testGroup6() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin_group = admin_role", "groups");
- editor.addPolicy("admin_role = server=server1", "roles");
- editor.addPolicy("admin1 = admin_group", "users");
- editor.addPolicy("group1~!@#$%^&*()+- = analytics, load_data", "groups");
- editor.addPolicy("analytics = server=server1->db=" + dbName, "roles");
- editor.addPolicy("load_data = server=server1->URI=file://" + dataFile.getPath(), "roles");
- editor.addPolicy("user1 = group1~!@#$%^&*()+-", "users");
- editor.addPolicy("user2 = group1~!@#$%^&*()+-", "users");
- editor.addPolicy("user3 = group1~!@#$%^&*()+-", "users");
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+ policyFile
+ .addRolesToGroup("group1~!@#$%^&*()+-", "analytics", "load_data")
+ .addPermissionsToRole("analytics", "server=server1->db=" + dbName)
+ .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
+ .addGroupsToUser("user1", "group1~!@#$%^&*()+-")
+ .addGroupsToUser("user2", "group1~!@#$%^&*()+-")
+ .addGroupsToUser("user3", "group1~!@#$%^&*()+-")
+ .write(context.getPolicyFile());
+
doDropDb("admin1");
for(String user : new String[]{"user1", "user2", "user3"}) {
doCreateDb("admin1");
@@ -291,13 +288,14 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
**/
@Test
public void testGroup7() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("group1 = admin", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("user1~!@#$%^&*()+- = group1", "users");
- editor.addPolicy("user2 = group1", "users");
- editor.addPolicy("user3 = group1", "users");
+ policyFile = new PolicyFile();
+ policyFile
+ .addRolesToGroup("group1", "admin")
+ .addPermissionsToRole("admin", "server=server1")
+ .addGroupsToUser("user1~!@#$%^&*()+-", "group1")
+ .addGroupsToUser("user2", "group1")
+ .addGroupsToUser("user3", "group1")
+ .write(context.getPolicyFile());
doCreateDbLoadDataDropDb("user1~!@#$%^&*()+-", "user1~!@#$%^&*()+-", "user2", "user3");
}
@@ -306,15 +304,14 @@ public class TestUserManagement extends AbstractTestWithStaticLocalFS {
**/
@Test
public void testGroup8() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin_group = admin_role", "groups");
- editor.addPolicy("admin_role = server=server1", "roles");
- editor.addPolicy("admin1 = admin_group", "users");
- editor.addPolicy("group1 = analytics", "groups");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group1", "users");
- editor.addPolicy("user3 = group1", "users");
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+ policyFile
+ .addRolesToGroup("group1", "analytics")
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group1")
+ .addGroupsToUser("user3", "group1")
+ .write(context.getPolicyFile());
+
Connection connection = context.createConnection("admin1", "password");
Statement statement = connection.createStatement();
statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
[2/2] git commit: SENTRY-6: Use one policy editor exclusively in all
the end to end tests (Sravya Tirukkovalur via Shreepadma Venugopalan
Posted by sh...@apache.org.
SENTRY-6: Use one policy editor exclusively in all the end to end tests (Sravya Tirukkovalur via Shreepadma Venugopalan
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/fc9e8839
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/fc9e8839
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/fc9e8839
Branch: refs/heads/master
Commit: fc9e8839191fab3f7b38aa47755eeea8e71b734a
Parents: 629904f
Author: Shreepadma Venugopalan <sh...@apache.org>
Authored: Wed Sep 18 11:10:22 2013 -0700
Committer: Shreepadma Venugopalan <sh...@apache.org>
Committed: Wed Sep 18 11:12:58 2013 -0700
----------------------------------------------------------------------
.../apache/sentry/tests/e2e/TestCrossDbOps.java | 147 +++-----
.../apache/sentry/tests/e2e/TestEndToEnd.java | 27 +-
.../tests/e2e/TestExportImportPrivileges.java | 57 ++-
.../tests/e2e/TestMetadataPermissions.java | 18 +-
.../tests/e2e/TestMovingToProduction.java | 59 ++--
.../tests/e2e/TestPerDBConfiguration.java | 352 +++++++------------
.../e2e/TestPrivilegesAtDatabaseScope.java | 179 ++++------
.../e2e/TestPrivilegesAtFunctionScope.java | 52 ++-
.../tests/e2e/TestPrivilegesAtTableScope.java | 221 +++++-------
.../tests/e2e/TestRuntimeMetadataRetrieval.java | 112 +++---
.../apache/sentry/tests/e2e/TestSandboxOps.java | 127 +++----
.../e2e/TestSentryOnFailureHookLoading.java | 30 +-
.../tests/e2e/TestServerConfiguration.java | 37 +-
.../sentry/tests/e2e/TestUriPermissions.java | 117 +++---
.../sentry/tests/e2e/TestUserManagement.java | 183 +++++-----
15 files changed, 702 insertions(+), 1016 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
index 891b7c2..c822863 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
@@ -76,24 +76,15 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testShowDatabasesAndShowTables() throws Exception {
// edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = select_tab1, insert_tab2", "groups");
- editor.addPolicy("group2 = select_tab3", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy(
- "select_tab1 = server=server1->db=db1->table=tab1->action=select",
- "roles");
- editor.addPolicy(
- "select_tab3 = server=server1->db=db2->table=tab3->action=select",
- "roles");
- editor.addPolicy(
- "insert_tab2 = server=server1->db=db2->table=tab2->action=insert",
- "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
+ policyFile
+ .addRolesToGroup("group1", "select_tab1", "insert_tab2")
+ .addRolesToGroup("group2", "select_tab3")
+ .addPermissionsToRole("select_tab1", "server=server1->db=db1->table=tab1->action=select")
+ .addPermissionsToRole("select_tab3", "server=server1->db=db2->table=tab3->action=select")
+ .addPermissionsToRole("insert_tab2", "server=server1->db=db2->table=tab2->action=insert")
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2");
+ policyFile.write(context.getPolicyFile());
// admin create two databases
Connection connection = context.createConnection(ADMIN1, "foo");
@@ -203,18 +194,14 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testJDBCGetSchemasAndGetTables() throws Exception {
// edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = select_tab1, insert_tab2", "groups");
- editor.addPolicy("group2 = select_tab3", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("select_tab1 = server=server1->db=db1->table=tab1->action=select","roles");
- editor.addPolicy("select_tab3 = server=server1->db=db2->table=tab3->action=select","roles");
- editor.addPolicy("insert_tab2 = server=server1->db=db2->table=tab2->action=insert","roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
+ policyFile.addRolesToGroup("group1", "select_tab1", "insert_tab2")
+ .addRolesToGroup("group2", "select_tab3")
+ .addPermissionsToRole("select_tab1", "server=server1->db=db1->table=tab1->action=select")
+ .addPermissionsToRole("select_tab3", "server=server1->db=db2->table=tab3->action=select")
+ .addPermissionsToRole("insert_tab2", "server=server1->db=db2->table=tab2->action=insert")
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2");
+ policyFile.write(context.getPolicyFile());
// admin create two databases
Connection connection = context.createConnection(ADMIN1, "foo");
@@ -367,21 +354,14 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testDbPrivileges() throws Exception {
// edit policy file
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group = db1_all,db2_all, load_data",
- "[roles]",
- "db1_all = server=server1->db=" + DB1,
- "db2_all = server=server1->db=" + DB2,
- "load_data = server=server1->URI=file://" + dataFile.getPath(),
- "admin_role = server=server1",
- "[users]",
- "user1 = user_group",
- "user2 = user_group",
- ADMIN1 + " = admin_group"
- };
- context.makeNewPolicy(testPolicies);
+ policyFile.addRolesToGroup("user_group", "db1_all,db2_all, load_data")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + DB1)
+ .addPermissionsToRole("db2_all", "server=server1->db=" + DB2)
+ .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
+ .addGroupsToUser("user1", "user_group")
+ .addGroupsToUser("user2", "user_group");
+ policyFile.write(context.getPolicyFile());
+
dropDb(ADMIN1, DB1, DB2);
createDb(ADMIN1, DB1, DB2);
for (String user : new String[]{USER1, USER2}) {
@@ -433,18 +413,13 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testNegativeUserPrivileges() throws Exception {
// edit policy file
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group = db1_tab1_insert, db1_tab2_all",
- "[roles]",
- "db1_tab2_all = server=server1->db=db1->table=table_2",
- "db1_tab1_insert = server=server1->db=db1->table=table_1->action=insert",
- "admin_role = server=server1", "[users]", "user3 = user_group",
- "admin = admin_group"};
-
- context.makeNewPolicy(testPolicies);
- Connection adminCon = context.createConnection("admin", "foo");
+ policyFile.addRolesToGroup("user_group", "db1_tab1_insert", "db1_tab2_all")
+ .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
+ .addPermissionsToRole("db1_tab1_insert", "server=server1->db=db1->table=table_1->action=insert")
+ .addGroupsToUser("user3", "user_group");
+ policyFile.write(context.getPolicyFile());
+
+ Connection adminCon = context.createConnection(ADMIN1, "foo");
Statement adminStmt = context.createStatement(adminCon);
String dbName = "db1";
adminStmt.execute("use default");
@@ -469,10 +444,11 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testNegativeUserDMLPrivileges() throws Exception {
policyFile
- .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
- .addRolesToGroup("group1", "db1_tab2_all")
- .addGroupsToUser("user3", "group1");
+ .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
+ .addRolesToGroup("group1", "db1_tab2_all")
+ .addGroupsToUser("user3", "group1");
policyFile.write(context.getPolicyFile());
+
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
Connection adminCon = context.createConnection(ADMIN1, "password");
@@ -510,20 +486,18 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testNegUserPrivilegesAll() throws Exception {
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = db1_all",
- "user_group2 = db1_tab1_select",
- "[roles]",
- "db1_all = server=server1->db=db1",
- "db1_tab1_select = server=server1->db=db1->table=table_1->action=select",
- "admin_role = server=server1", "[users]", "user1 = user_group1",
- "user2 = user_group2", "admin = admin_group"};
- context.makeNewPolicy(testPolicies);
+
+ policyFile
+ .addRolesToGroup("user_group1", "db1_all")
+ .addRolesToGroup("user_group2", "db1_tab1_select")
+ .addPermissionsToRole("db1_all", "server=server1->db=db1")
+ .addPermissionsToRole("db1_tab1_select", "server=server1->db=db1->table=table_1->action=select")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2");
+ policyFile.write(context.getPolicyFile());
// create dbs
- Connection adminCon = context.createConnection("admin", "foo");
+ Connection adminCon = context.createConnection(ADMIN1, "foo");
Statement adminStmt = context.createStatement(adminCon);
String dbName = "db1";
adminStmt.execute("use default");
@@ -593,9 +567,9 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testSandboxOpt9() throws Exception {
policyFile
- .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData)
- .addRolesToGroup(GROUP1, GROUP1_ROLE)
- .addGroupsToUser(USER1, GROUP1);
+ .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData)
+ .addRolesToGroup(GROUP1, GROUP1_ROLE)
+ .addGroupsToUser(USER1, GROUP1);
policyFile.write(context.getPolicyFile());
dropDb(ADMIN1, DB1, DB2);
@@ -667,21 +641,14 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testCrossDbViewOperations() throws Exception {
// edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.clearOldPolicy();
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = all_db1,load_data,select_tb2", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("all_db2 = server=server1->db=db_2", "roles");
- editor.addPolicy(
- "select_tb2 = server=server1->db=db_2->table=tb_1->action=select",
- "roles");
- editor.addPolicy("load_data = server=server1->URI=file://" + dataFile.getPath(),
- "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
+ policyFile
+ .addRolesToGroup("group1", "all_db1", "load_data", "select_tb2")
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addPermissionsToRole("all_db2", "server=server1->db=db_2")
+ .addPermissionsToRole("select_tb2", "server=server1->db=db_2->table=tb_1->action=select")
+ .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
+ .addGroupsToUser("user1", "group1");
+ policyFile.write(context.getPolicyFile());
// admin create two databases
dropDb(ADMIN1, DB1, DB2);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
index a643e17..c45dfbc 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
@@ -22,6 +22,7 @@ import java.io.FileOutputStream;
import java.sql.Connection;
import java.sql.Statement;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -32,6 +33,8 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
private Context context;
private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
private File dataFile;
+ private PolicyFile policyFile;
+
@Before
public void setup() throws Exception {
@@ -40,6 +43,8 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
}
@After
@@ -64,11 +69,7 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testEndToEnd1() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin_role", "groups");
- editor.addPolicy("admin_role = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
+ policyFile.write(context.getPolicyFile());
String dbName1 = "db_1";
String dbName2 = "productionDB";
@@ -93,15 +94,17 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
connection.close();
// 3
- editor.addPolicy("user1 = group1", "users");
+ policyFile.addGroupsToUser("user1", "group1");
// 4
- editor.addPolicy("group1 = all_db1, data_uri, select_tb1, insert_tb1", "groups");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("select_tb1 = server=server1->db=productionDB->table=tb_1->action=select","roles");
- editor.addPolicy("insert_tb2 = server=server1->db=productionDB->table=tb_2->action=insert","roles");
- editor.addPolicy("insert_tb1 = server=server1->db=productionDB->table=tb_2->action=insert","roles");
- editor.addPolicy("data_uri = server=server1->uri=file://" + dataDir.getPath(), "roles");
+ policyFile
+ .addRolesToGroup("group1", "all_db1", "data_uri", "select_tb1", "insert_tb1")
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addPermissionsToRole("select_tb1", "server=server1->db=productionDB->table=tb_1->action=select")
+ .addPermissionsToRole("insert_tb2", "server=server1->db=productionDB->table=tb_2->action=insert")
+ .addPermissionsToRole("insert_tb1", "server=server1->db=productionDB->table=tb_2->action=insert")
+ .addPermissionsToRole("data_uri", "server=server1->uri=file://" + dataDir.getPath());
+ policyFile.write(context.getPolicyFile());
// 5
connection = context.createConnection("user1", "foo");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
index 89f7f04..22fe430 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
@@ -24,6 +24,7 @@ import java.sql.Connection;
import java.sql.Statement;
import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -32,6 +33,7 @@ import com.google.common.io.Resources;
public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
private File dataFile;
+ private PolicyFile policyFile;
@Before
public void setup() throws Exception {
@@ -40,6 +42,7 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
}
@After
@@ -55,22 +58,15 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
Statement statement = null;
String dumpDir = context.getDFSUri().toString() + "/hive_data_dump";
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = db1_read, db1_write, data_dump",
- "user_group2 = db1_read, db1_write",
- "[roles]",
- "db1_write = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT",
- "db1_read = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT",
- "data_dump = server=server1->URI=" + dumpDir,
- "admin_role = server=server1",
- "[users]",
- "user1 = user_group1",
- "user2 = user_group2",
- ADMIN1 + " = admin_group"
- };
- context.makeNewPolicy(testPolicies);
+ policyFile
+ .addRolesToGroup("user_group1", "db1_read", "db1_write", "data_dump")
+ .addRolesToGroup("user_group2", "db1_read", "db1_write")
+ .addPermissionsToRole("db1_write", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT")
+ .addPermissionsToRole("db1_read", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT")
+ .addPermissionsToRole("data_dump", "server=server1->URI=" + dumpDir)
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2");
+ policyFile.write(context.getPolicyFile());
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
@@ -107,24 +103,17 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
Statement statement = null;
String exportDir = context.getDFSUri().toString() + "/hive_export1";
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = tab1_read, tab1_write, db1_all, data_read, data_export",
- "user_group2 = tab1_write, tab1_read",
- "[roles]",
- "tab1_write = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT",
- "tab1_read = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT",
- "db1_all = server=server1->db=" + DB1,
- "data_read = server=server1->URI=file://" + dataFile.getPath(),
- "data_export = server=server1->URI=" + exportDir,
- "admin_role = server=server1",
- "[users]",
- "user1 = user_group1",
- "user2 = user_group2",
- ADMIN1 + " = admin_group"
- };
- context.makeNewPolicy(testPolicies);
+ policyFile
+ .addRolesToGroup("user_group1", "tab1_read", "tab1_write", "db1_all", "data_read", "data_export")
+ .addRolesToGroup("user_group2", "tab1_write", "tab1_read")
+ .addPermissionsToRole("tab1_write", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT")
+ .addPermissionsToRole("tab1_read", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + DB1)
+ .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile.getPath())
+ .addPermissionsToRole("data_export", "server=server1->URI=" + exportDir)
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2");
+ policyFile.write(context.getPolicyFile());
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
index 6036eaa..f3d493f 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
@@ -22,6 +22,7 @@ import java.sql.Statement;
import junit.framework.Assert;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -29,9 +30,14 @@ import org.junit.Test;
public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
private Context context;
+ private PolicyFile policyFile;
+
@Before
public void setup() throws Exception {
context = createContext();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
+/*
String testPolicies[] = {
"[groups]",
"admin_group = admin_role",
@@ -47,7 +53,17 @@ public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
"admin = admin_group"
};
context.makeNewPolicy(testPolicies);
- Connection adminCon = context.createConnection("admin", "foo");
+*/
+ policyFile
+ .addRolesToGroup("user_group1", "db1_all", "db2_all")
+ .addRolesToGroup("user_group2", "db1_all")
+ .addPermissionsToRole("db1_all", "server=server1->db=db1")
+ .addPermissionsToRole("db2_all", "server=server1->db=db2")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .write(context.getPolicyFile());
+
+ Connection adminCon = context.createConnection(ADMIN1, "foo");
Statement adminStmt = context.createStatement(adminCon);
for (String dbName : new String[] { "db1", "db2" }) {
adminStmt.execute("USE default");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
index dba6d9f..c7b5e31 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
@@ -28,6 +28,7 @@ import java.sql.Statement;
import junit.framework.Assert;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -37,6 +38,8 @@ import com.google.common.io.Resources;
public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
private Context context;
private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
+ private PolicyFile policyFile;
+
@Before
public void setUp() throws Exception {
@@ -45,6 +48,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
}
@After
@@ -72,23 +76,19 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testMovingTable1() throws Exception {
- File policyFile = context.getPolicyFile();
- Assert.assertTrue(policyFile.delete() && policyFile.createNewFile());
-
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = all_db1, load_data, select_proddb_tbl1, insert_proddb_tbl1", "groups");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("load_data = server=server1->uri=file://" + dataDir.getPath(), "roles");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
+ policyFile
+ .addRolesToGroup("group1", "all_db1", "load_data", "select_proddb_tbl1", "insert_proddb_tbl1")
+ .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataDir.getPath())
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2")
+ .write(context.getPolicyFile());
String dbName1 = "db_1";
String dbName2 = "proddb";
String tableName1 = "tb_1";
- Connection connection = context.createConnection("admin1", "foo");
+
+ Connection connection = context.createConnection(ADMIN1, "foo");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
statement.execute("DROP DATABASE IF EXISTS " + dbName2 + " CASCADE");
@@ -110,14 +110,18 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
statement.execute("LOAD DATA INPATH 'file://" + dataDir.getPath()
+ "' INTO TABLE " + tableName1);
- editor.addPolicy("insert_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=insert", "roles");
+ policyFile
+ .addPermissionsToRole("insert_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=insert")
+ .write(context.getPolicyFile());
statement.execute("USE " + dbName2);
statement.execute("INSERT OVERWRITE TABLE "
+ tableName1 + " SELECT * FROM " + dbName1
+ "." + tableName1);
// b
- editor.addPolicy("select_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=select", "roles");
+ policyFile
+ .addPermissionsToRole("select_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=select")
+ .write(context.getPolicyFile());
ResultSet resultSet = statement.executeQuery("SELECT * FROM " + tableName1 + " LIMIT 10");
int count = 0;
while(resultSet.next()) {
@@ -154,16 +158,13 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testMovingTable2() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = all_db1, load_data, select_proddb_tbl1, insert_proddb_tbl1", "groups");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("load_data = server=server1->uri=file://" + dataDir.getPath(), "roles");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
+ policyFile
+ .addRolesToGroup("group1", "all_db1", "load_data", "select_proddb_tbl1", "insert_proddb_tbl1")
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataDir.getPath())
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2")
+ .write(context.getPolicyFile());
String dbName1 = "db_1";
String dbName2 = "proddb";
@@ -189,13 +190,17 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
statement.execute("LOAD DATA INPATH 'file://" + dataDir.getPath()
+ "' INTO TABLE " + dbName1 + "." + tableName1);
- editor.addPolicy("insert_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=insert", "roles");
+ policyFile
+ .addPermissionsToRole("insert_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=insert")
+ .write(context.getPolicyFile());
statement.execute("INSERT OVERWRITE TABLE "
+ dbName2 + "." + tableName1 + " SELECT * FROM " + dbName1
+ "." + tableName1);
// b
- editor.addPolicy("select_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=select", "roles");
+ policyFile
+ .addPermissionsToRole("select_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=select")
+ .write(context.getPolicyFile());
assertTrue("user1 should be able to select data from "
+ dbName2 + "." + dbName2 + "." + tableName1, statement.execute("SELECT * FROM "
+ dbName2 + "." + tableName1 + " LIMIT 10"));
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
index 7fb7f6c..8d520fc 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
@@ -26,8 +26,10 @@ import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
+import org.apache.sentry.provider.file.PolicyFile;
import org.apache.sentry.provider.file.SimplePolicyEngine;
import org.junit.After;
+import org.junit.Before;
import org.junit.Test;
import com.google.common.base.Charsets;
@@ -43,6 +45,22 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
private static final String DB2_POLICY_FILE = "db2-policy-file.ini";
private Context context;
+ private File dataFile;
+ private PolicyFile policyFile;
+
+ @Before
+ public void setup() throws Exception {
+ context = createContext();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
+ File dataDir = context.getDataDir();
+ //copy data file to test dir
+ dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
+ FileOutputStream to = new FileOutputStream(dataFile);
+ Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
+ to.close();
+
+ }
@After
public void teardown() throws Exception {
@@ -53,49 +71,24 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
@Test
public void testPerDB() throws Exception {
- context = createContext();
- File policyFile = context.getPolicyFile();
- File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- "user_group2 = select_tbl2",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user1 = user_group1",
- "user2 = user_group2",
- "[databases]",
- "db2 = " + db2PolicyFile.getPath(),
- };
- context.makeNewPolicy(policyFileContents);
-
- String[] db2PolicyFileContents = {
- "[groups]",
- "user_group2 = select_tbl2",
- "[roles]",
- "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
- };
- Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
+ PolicyFile db2PolicyFile = new PolicyFile();
+ File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+ db2PolicyFile
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+ .write(db2PolicyFileHandle);
+
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addDatabase("db2", db2PolicyFileHandle.getPath())
+ .write(context.getPolicyFile());
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection(ADMIN1, "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
@@ -143,7 +136,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection(ADMIN1, "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE db1 CASCADE");
statement.execute("DROP DATABASE db2 CASCADE");
@@ -162,70 +155,40 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
String DB3_POLICY_FILE = "db3-policy-file.ini";
String DB4_POLICY_FILE = "db4-policy-file.ini";
- context = createContext();
- File policyFile = context.getPolicyFile();
- File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
- File db3PolicyFile = new File(policyFile.getParent(), DB3_POLICY_FILE);
- File db4PolicyFile = new File(policyFile.getParent(), DB4_POLICY_FILE);
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- "user_group2 = select_tbl2",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user1 = user_group1",
- "user2 = user_group2",
- "user3 = user_group3",
- "user4 = user_group4",
- "[databases]",
- "db2 = " + db2PolicyFile.getPath(),
- "db3 = " + db3PolicyFile.getPath(),
- "db4 = " + db4PolicyFile.getPath(),
- };
- context.makeNewPolicy(policyFileContents);
-
- String[] db2PolicyFileContents = {
- "[groups]",
- "user_group2 = select_tbl2",
- "[roles]",
- "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
- };
- String[] db3PolicyFileContents = {
- "[groups]",
- "user_group3 = select_tbl3_BAD",
- "[roles]",
- "select_tbl3_BAD = server=server1->db=db3------>table->action=select"
- };
- String[] db4PolicyFileContents = {
- "[groups]",
- "user_group4 = select_tbl4",
- "[roles]",
- "select_tbl4 = server=server1->db=db4->table=tbl4->action=select"
- };
-
- Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
- Files.write(Joiner.on("\n").join(db3PolicyFileContents), db3PolicyFile, Charsets.UTF_8);
- Files.write(Joiner.on("\n").join(db4PolicyFileContents), db4PolicyFile, Charsets.UTF_8);
+ File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+ File db3PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB3_POLICY_FILE);
+ File db4PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB4_POLICY_FILE);
+
+ PolicyFile db2PolicyFile = new PolicyFile();
+ PolicyFile db3PolicyFile = new PolicyFile();
+ PolicyFile db4PolicyFile = new PolicyFile();
+ db2PolicyFile
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+ .write(db2PolicyFileHandle);
+ db3PolicyFile
+ .addRolesToGroup("user_group3", "select_tbl3_BAD")
+ .addPermissionsToRole("select_tbl3_BAD", "server=server1->db=db3------>table->action=select")
+ .write(db3PolicyFileHandle);
+ db4PolicyFile
+ .addRolesToGroup("user_group4", "select_tbl4")
+ .addPermissionsToRole("select_tbl4", "server=server1->db=db4->table=tbl4->action=select")
+ .write(db4PolicyFileHandle);
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addGroupsToUser("user3", "user_group3")
+ .addGroupsToUser("user4", "user_group4")
+ .addDatabase("db2", db2PolicyFileHandle.getPath())
+ .addDatabase("db3", db3PolicyFileHandle.getPath())
+ .addDatabase("db4", db4PolicyFileHandle.getPath())
+ .write(context.getPolicyFile());
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection(ADMIN1, "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
@@ -290,7 +253,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection(ADMIN1, "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE db1 CASCADE");
statement.execute("DROP DATABASE db2 CASCADE");
@@ -302,54 +265,30 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
@Test
public void testPerDBPolicyFileWithURI() throws Exception {
- context = createContext();
- File policyFile = context.getPolicyFile();
- File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- "user_group2 = select_tbl2",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user1 = user_group1",
- "user2 = user_group2",
- "[databases]",
- "db2 = " + db2PolicyFile.getPath(),
- };
- context.makeNewPolicy(policyFileContents);
-
- String[] db2PolicyFileContents = {
- "[groups]",
- "user_group2 = select_tbl2, data_read, insert_tbl2",
- "[roles]",
- "select_tbl2 = server=server1->db=db2->table=tbl2->action=select",
- "insert_tbl2 = server=server1->db=db2->table=tbl2->action=insert",
- "data_read = server=server1->URI=file://" + dataFile
- };
- Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
+ File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addDatabase("db2", db2PolicyFileHandle.getPath())
+ .write(context.getPolicyFile());
+
+ PolicyFile db2PolicyFile = new PolicyFile();
+ db2PolicyFile
+ .addRolesToGroup("user_group2", "select_tbl2", "data_read", "insert_tbl2")
+ .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+ .addPermissionsToRole("insert_tbl2", "server=server1->db=db2->table=tbl2->action=insert")
+ .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile)
+ .write(db2PolicyFileHandle);
// ugly hack: needs to go away once this becomes a config property. Note that this property
// will not be set with external HS and this test will fail. Hope is this fix will go away
// by then.
System.setProperty(SimplePolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection(ADMIN1, "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
@@ -399,7 +338,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection(ADMIN1, "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE db1 CASCADE");
statement.execute("DROP DATABASE db2 CASCADE");
@@ -414,36 +353,15 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testDefaultDb() throws Exception {
- context = createContext();
- File policyFile = context.getPolicyFile();
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user_1 = user_group1",
- "user_2 = user_group2",
- };
- context.makeNewPolicy(policyFileContents);
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user_1", "user_group1")
+ .addGroupsToUser("user_2", "user_group2")
+ .write(context.getPolicyFile());
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection(ADMIN1, "hive");
Statement statement = context.createStatement(connection);
statement.execute("USE default");
@@ -475,62 +393,34 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
@Test
public void testDefaultDBwithDbPolicy() throws Exception {
- context = createContext();
- File policyFile = context.getPolicyFile();
- File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
- File defaultPolicyFile = new File(policyFile.getParent(), "default-policy-file.ini");
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
- assertTrue("Could not delete " + defaultPolicyFile,!defaultPolicyFile.exists() || defaultPolicyFile.delete());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- "user_group2 = select_tbl2",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user_1 = user_group1",
- "user_2 = user_group2",
- "user_3 = user_group3",
- "[databases]",
- "db2 = " + db2PolicyFile.getPath(),
- "default = " + defaultPolicyFile.getPath()
- };
- context.makeNewPolicy(policyFileContents);
-
- String[] db2PolicyFileContents = {
- "[groups]",
- "user_group2 = select_tbl2",
- "[roles]",
- "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
- };
- Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
-
- String[] defautlPolicyFileContents = {
- "[groups]",
- "user_group2 = select_def",
- "[roles]",
- "select_def = server=server1->db=default->table=dtab->action=select"
- };
- Files.write(Joiner.on("\n").join(defautlPolicyFileContents), defaultPolicyFile, Charsets.UTF_8);
-
+ File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+ File defaultPolicyFileHandle = new File(context.getPolicyFile().getParent(), "default.ini");
+
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user_1", "user_group1")
+ .addGroupsToUser("user_2", "user_group2")
+ .addGroupsToUser("user_3", "user_group3")
+ .addDatabase("db2", db2PolicyFileHandle.getPath())
+ .addDatabase("default", defaultPolicyFileHandle.getPath())
+ .write(context.getPolicyFile());
+
+ PolicyFile db2PolicyFile = new PolicyFile();
+ db2PolicyFile
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+ .write(db2PolicyFileHandle);
+
+ PolicyFile defaultPolicyFile = new PolicyFile();
+ defaultPolicyFile
+ .addRolesToGroup("user_group2", "select_def")
+ .addPermissionsToRole("select_def", "server=server1->db=default->table=dtab->action=select")
+ .write(defaultPolicyFileHandle);
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection(ADMIN1, "hive");
Statement statement = context.createStatement(connection);
statement.execute("USE default");
statement.execute("CREATE TABLE dtab(B INT, A STRING) " +
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
index 7330d4a..69bfddc 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
@@ -32,6 +32,7 @@ import java.util.Map;
import junit.framework.Assert;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -44,12 +45,16 @@ import com.google.common.io.Resources;
public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
private Context context;
+ private File dataFile;
+ private PolicyFile policyFile;
+
Map <String, String >testProperties;
private static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
@Before
public void setup() throws Exception {
testProperties = new HashMap<String, String>();
+ policyFile = PolicyFile.createAdminOnServer1("admin1");
}
@After
@@ -66,33 +71,25 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
public void testAllPrivilege() throws Exception {
context = createContext(testProperties);
- File policyFile = context.getPolicyFile();
- File dataDir = context.getDataDir();
//copy data file to test dir
+ File dataDir = context.getDataDir();
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_db1, load_data");
- context.append("user_group2 = all_db2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_db1 = server=server1->db=DB_1");
- context.append("all_db2 = server=server1->db=DB_2");
- context.append("load_data = server=server1->uri=file://" + dataFile.getPath());
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
- context.append("user2 = user_group2");
+
+ policyFile
+ .addRolesToGroup("user_group1", "all_db1", "load_data")
+ .addRolesToGroup("user_group2", "all_db2")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addPermissionsToRole("all_db2", "server=server1->db=DB_2")
+ .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath())
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
@@ -170,7 +167,7 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.execute("DROP DATABASE DB_2 CASCADE");
@@ -186,36 +183,27 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
public void testAllPrivilegeOnObjectOwnedByAdmin() throws Exception {
context = createContext(testProperties);
- File policyFile = context.getPolicyFile();
- File dataDir = context.getDataDir();
//copy data file to test dir
+ File dataDir = context.getDataDir();
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
File externalTblDir = new File(dataDir, "exttab");
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_db1, load_data, exttab");
- context.append("user_group2 = all_db2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_db1 = server=server1->db=DB_1");
- context.append("all_db2 = server=server1->db=DB_2");
- context.append("exttab = server=server1->uri=file://" + dataDir.getPath());
- context.append("load_data = server=server1->uri=file://" + dataFile.getPath());
-
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
- context.append("user2 = user_group2");
+
+ policyFile
+ .addRolesToGroup("user_group1", "all_db1", "load_data", "exttab")
+ .addRolesToGroup("user_group2", "all_db2")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addPermissionsToRole("all_db2", "server=server1->db=DB_2")
+ .addPermissionsToRole("exttab", "server=server1->uri=file://" + dataDir.getPath())
+ .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath())
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
@@ -301,7 +289,7 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.execute("DROP DATABASE DB_2 CASCADE");
@@ -322,28 +310,21 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
public void testUseDbPrivilege() throws Exception {
context = createContext(testProperties);
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_db1");
- context.append("user_group2 = select_db2");
- context.append("user_group3 = all_db3");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_db1 = server=server1->db=DB_1");
- context.append("select_db2 = server=server1->db=DB_2->table=tab_2->action=select");
- context.append("all_db3 = server=server1->db=DB_3");
-
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
- context.append("user2 = user_group2");
- context.append("user3 = user_group3");
+ policyFile
+ .addRolesToGroup("user_group1", "all_db1")
+ .addRolesToGroup("user_group2", "select_db2")
+ .addRolesToGroup("user_group3", "all_db3")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addPermissionsToRole("select_db2", "server=server1->db=DB_2->table=tab_2->action=select")
+ .addPermissionsToRole("all_db3", "server=server1->db=DB_3")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addGroupsToUser("user3", "user_group3")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("CREATE DATABASE DB_1");
@@ -395,26 +376,19 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
public void testDefaultDbPrivilege() throws Exception {
context = createContext(testProperties);
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_db1");
- context.append("user_group2 = select_db2");
- context.append("user_group3 = all_default");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_db1 = server=server1->db=DB_1");
- context.append("select_db2 = server=server1->db=DB_2->table=tab_2->action=select");
- context.append("all_default = server=server1->db=default");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
- context.append("user2 = user_group2");
- context.append("user3 = user_group3");
-
- Connection connection = context.createConnection("hive", "hive");
+ policyFile
+ .addRolesToGroup("user_group1", "all_db1")
+ .addRolesToGroup("user_group2", "select_db2")
+ .addRolesToGroup("user_group3", "all_default")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addPermissionsToRole("select_db2", "server=server1->db=DB_2->table=tab_2->action=select")
+ .addPermissionsToRole("all_default", "server=server1->db=default")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addGroupsToUser("user3", "user_group3")
+ .write(context.getPolicyFile());
+
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("use default");
context.close();
@@ -448,26 +422,19 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
testProperties.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "true");
context = createContext(testProperties);
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_default");
- context.append("user_group2 = select_default");
- context.append("user_group3 = all_db1");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_default = server=server1->db=default");
- context.append("select_default = server=server1->db=default->table=tab_2->action=select");
- context.append("all_db1 = server=server1->db=DB_1");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
- context.append("user2 = user_group2");
- context.append("user3 = user_group3");
-
- Connection connection = context.createConnection("hive", "hive");
+ policyFile
+ .addRolesToGroup("user_group1", "all_default")
+ .addRolesToGroup("user_group2", "select_default")
+ .addRolesToGroup("user_group3", "all_db1")
+ .addPermissionsToRole("all_default", "server=server1->db=default")
+ .addPermissionsToRole("select_default", "server=server1->db=default->table=tab_2->action=select")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addGroupsToUser("user3", "user_group3")
+ .write(context.getPolicyFile());
+
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("use default");
context.close();
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
index 90d6214..25746c1 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
@@ -25,6 +25,7 @@ import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -36,6 +37,7 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
private File dataDir;
private File dataFile;
+ private PolicyFile policyFile;
@Before
public void setup() throws Exception {
@@ -45,6 +47,8 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
}
@After
@@ -64,21 +68,18 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
public void testFuncPrivileges1() throws Exception {
String dbName1 = "db_1";
String tableName1 = "tb_1";
- // edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = db1_all,UDF_JAR", "groups");
- editor.addPolicy("group2 = db1_tab1,UDF_JAR", "groups");
- editor.addPolicy("group3 = db1_tab1", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("db1_all = server=server1->db=" + dbName1, "roles");
- editor.addPolicy("db1_tab1 = server=server1->db=" + dbName1 + "->table=" + tableName1, "roles");
- editor.addPolicy("UDF_JAR = server=server1->uri=file://${user.home}/.m2", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
- editor.addPolicy("user3 = group3", "users");
+
+ policyFile
+ .addRolesToGroup("group1", "db1_all", "UDF_JAR")
+ .addRolesToGroup("group2", "db1_tab1", "UDF_JAR")
+ .addRolesToGroup("group3", "db1_tab1")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1)
+ .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1)
+ .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2")
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2")
+ .addGroupsToUser("user3", "group3")
+ .write(context.getPolicyFile());
Connection connection = context.createConnection("admin1", "foo");
Statement statement = context.createStatement(connection);
@@ -145,18 +146,15 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
String dbName1 = "db1";
String tableName1 = "tab1";
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = db1_all,UDF_JAR", "groups");
- editor.addPolicy("group2 = db1_tab1,UDF_JAR", "groups");
- editor.addPolicy("group3 = db1_tab1", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("db1_all = server=server1->db=" + dbName1, "roles");
- editor.addPolicy("db1_tab1 = server=server1->db=" + dbName1 + "->table=" + tableName1, "roles");
- editor.addPolicy("UDF_JAR = server=server1->uri=file://${user.home}/.m2", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
+ policyFile
+ .addRolesToGroup("group1", "db1_all", "UDF_JAR")
+ .addRolesToGroup("group2", "db1_tab1", "UDF_JAR")
+ .addRolesToGroup("group3", "db1_tab1")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1)
+ .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1)
+ .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2")
+ .addGroupsToUser("user1", "group1")
+ .write(context.getPolicyFile());
Connection connection = context.createConnection("admin1", "password");
Statement statement = connection.createStatement();
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
index 21bc846..ed4509e 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
@@ -30,6 +30,7 @@ import java.sql.Statement;
import junit.framework.Assert;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -39,17 +40,18 @@ import com.google.common.io.Resources;
/* Tests privileges at table scope within a single database.
*/
-public class TestPrivilegesAtTableScope
- extends
- AbstractTestWithStaticLocalFS {
+public class TestPrivilegesAtTableScope extends AbstractTestWithStaticLocalFS {
private Context context;
+ private PolicyFile policyFile;
+
private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
private final String MULTI_TYPE_DATA_FILE_NAME = "emp.dat";
@Before
public void setup() throws Exception {
context = createContext();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
}
@After
@@ -66,32 +68,23 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testInsertAndSelect() throws Exception {
- File policyFile = context.getPolicyFile();
File dataDir = context.getDataDir();
// copy data file to test dir
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
-
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab1, insert_tab1, select_tab2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
- context.append("insert_tab1 = server=server1->db=DB_1->table=TAB_1->action=insert");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab1", "insert_tab1", "select_tab2")
+ .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+ .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("CREATE DATABASE DB_1");
@@ -135,7 +128,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// connect as admin and drop tab_1
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("USE DB_1");
statement.execute("DROP TABLE TAB_1");
@@ -157,7 +150,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -172,31 +165,22 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testInsert() throws Exception {
- File policyFile = context.getPolicyFile();
File dataDir = context.getDataDir();
// copy data file to test dir
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
-
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = insert_tab1, select_tab2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("insert_tab1 = server=server1->db=DB_1->table=TAB_1->action=insert");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "insert_tab1", "select_tab2")
+ .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("CREATE DATABASE DB_1");
@@ -254,7 +238,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -268,31 +252,23 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testSelect() throws Exception {
- File policyFile = context.getPolicyFile();
- File dataDir = context.getDataDir();
// copy data file to test dir
+ File dataDir = context.getDataDir();
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab1, select_tab2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
- context.append("insert_tab1 = server=server1->db=DB_1->table=TAB_1->action=insert");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab1", "select_tab2")
+ .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+ .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -351,7 +327,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -365,30 +341,22 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testTableViewJoin() throws Exception {
- File policyFile = context.getPolicyFile();
- File dataDir = context.getDataDir();
// copy data file to test dir
+ File dataDir = context.getDataDir();
File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab1, select_tab2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab1", "select_tab2")
+ .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -436,7 +404,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -450,32 +418,23 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testTableViewJoin2() throws Exception {
- File policyFile = context.getPolicyFile();
+
File dataDir = context.getDataDir();
// copy data file to test dir
File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab2");
- // roles: privileges -> role
-
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
-
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab2")
+ .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -531,7 +490,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -545,31 +504,22 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testTableViewJoin3() throws Exception {
- File policyFile = context.getPolicyFile();
File dataDir = context.getDataDir();
// copy data file to test dir
File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
-
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab2, select_view1");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_view1 = server=server1->db=DB_1->table=VIEW_1->action=select");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab2", "select_view1")
+ .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -641,7 +591,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -655,31 +605,22 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testTableViewJoin4() throws Exception {
- File policyFile = context.getPolicyFile();
File dataDir = context.getDataDir();
// copy data file to test dir
File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
-
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab1, select_view1");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_view1 = server=server1->db=DB_1->table=VIEW_1->action=select");
- context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab1", "select_view1")
+ .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select")
+ .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -728,7 +669,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();