You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/07/21 05:55:03 UTC
[09/51] [partial] sentry git commit: SENTRY-1205: Refactor the code
for sentry-provider-db and create sentry-service module(Colin Ma,
reviewed by Dapeng Sun)
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
deleted file mode 100644
index 7db5426..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
+++ /dev/null
@@ -1,542 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.model.kafka.validator.KafkaPrivilegeValidator;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-import org.apache.shiro.config.ConfigurationException;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.PrintStream;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import static org.junit.Assert.*;
-
-public class TestSentryShellKafka extends SentryGenericServiceIntegrationBase {
- private File confDir;
- private File confPath;
- private static String TEST_ROLE_NAME_1 = "testRole1";
- private static String TEST_ROLE_NAME_2 = "testRole2";
- private static String KAFKA = "kafka";
- private String requestorName = "";
- private String service = "kafka1";
-
- @Before
- public void prepareForTest() throws Exception {
- confDir = Files.createTempDir();
- confPath = new File(confDir, "sentry-site.xml");
- if (confPath.createNewFile()) {
- FileOutputStream to = new FileOutputStream(confPath);
- conf.writeXml(to);
- to.close();
- }
- requestorName = clientUgi.getShortUserName();//.getProperty("user.name", "");
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- setLocalGroupMapping(requestorName, requestorUserGroupNames);
- // add ADMIN_USER for the after() in SentryServiceIntegrationBase
- setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames);
- writePolicyFile();
- }
-
- @After
- public void clearTestData() throws Exception {
- FileUtils.deleteQuietly(confDir);
- }
-
- @Test
- public void testCreateDropRole() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- // test: create role with -cr
- String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
- // test: create role with --create_role
- args = new String[] { "--create_role", "-r", TEST_ROLE_NAME_2, "-conf",
- confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
-
- // validate the result, list roles with -lr
- args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() };
- SentryShellKafka sentryShell = new SentryShellKafka();
- Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
- // validate the result, list roles with --list_role
- args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
- // test: drop role with -dr
- args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
- // test: drop role with --drop_role
- args = new String[] { "--drop_role", "-r", TEST_ROLE_NAME_2, "-conf",
- confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
-
- // validate the result
- Set<TSentryRole> roles = client.listAllRoles(requestorName, KAFKA);
- assertEquals("Incorrect number of roles", 0, roles.size());
- }
- });
- }
-
- @Test
- public void testAddDeleteRoleForGroup() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- // Group names are case sensitive - mixed case names should work
- String TEST_GROUP_1 = "testGroup1";
- String TEST_GROUP_2 = "testGroup2";
- String TEST_GROUP_3 = "testGroup3";
-
- // create the role for test
- client.createRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
- client.createRole(requestorName, TEST_ROLE_NAME_2, KAFKA);
- // test: add role to group with -arg
- String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
- confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
- // test: add role to multiple groups
- args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
- "-conf",
- confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
- // test: add role to group with --add_role_group
- args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
- "-conf",
- confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
-
- // validate the result list roles with -lr and -g
- args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath() };
- SentryShellKafka sentryShell = new SentryShellKafka();
- Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
- // list roles with --list_role and -g
- args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf",
- confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
- args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf",
- confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
- // test: delete role from group with -drg
- args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
- confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
- // test: delete role to multiple groups
- args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
- "-conf",
- confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
- // test: delete role from group with --delete_role_group
- args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
- "-conf", confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
-
- // validate the result
- Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1, KAFKA);
- assertEquals("Incorrect number of roles", 0, roles.size());
- roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, KAFKA);
- assertEquals("Incorrect number of roles", 0, roles.size());
- roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, KAFKA);
- assertEquals("Incorrect number of roles", 0, roles.size());
- // clear the test data
- client.dropRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
- client.dropRole(requestorName, TEST_ROLE_NAME_2, KAFKA);
- }
- });
- }
-
- @Test
- public void testCaseSensitiveGroupName() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
-
- // create the role for test
- client.createRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
- // add role to a group (lower case)
- String[] args = {"-arg", "-r", TEST_ROLE_NAME_1, "-g", "group1", "-conf",
- confPath.getAbsolutePath()};
- SentryShellKafka.main(args);
-
- // validate the roles when group name is same case as above
- args = new String[]{"-lr", "-g", "group1", "-conf", confPath.getAbsolutePath()};
- SentryShellKafka sentryShell = new SentryShellKafka();
- Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
- // roles should be empty when group name is different case than above
- args = new String[]{"-lr", "-g", "GROUP1", "-conf", confPath.getAbsolutePath()};
- roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames);
- }
- });
- }
-
- public static String grant(boolean shortOption) {
- return shortOption ? "-gpr" : "--grant_privilege_role";
- }
-
- public static String revoke(boolean shortOption) {
- return shortOption ? "-rpr" : "--revoke_privilege_role";
- }
-
- public static String list(boolean shortOption) {
- return shortOption ? "-lp" : "--list_privilege";
- }
-
- private void assertGrantRevokePrivilege(final boolean shortOption) throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- // create the role for test
- client.createRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
- client.createRole(requestorName, TEST_ROLE_NAME_2, KAFKA);
-
- String [] privs = {
- "HOST=*->CLUSTER=kafka-cluster->action=read",
- "HOST=h1->TOPIC=t1->action=write",
- "HOST=*->CONSUMERGROUP=cg1->action=read",
- "CLUSTER=kafka-cluster->action=write",
- "CONSUMERGROUP=cg2->action=write"
- };
- for (int i = 0; i < privs.length; ++i) {
- // test: grant privilege to role
- String [] args = new String [] { grant(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
- privs[ i ],
- "-conf", confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
- }
-
- // test the list privilege
- String [] args = new String[] { list(shortOption), "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- SentryShellKafka sentryShell = new SentryShellKafka();
- Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true);
-
- assertEquals("Incorrect number of privileges", privs.length, privilegeStrs.size());
- for (int i = 0; i < privs.length; ++i) {
- assertTrue("Expected privilege: " + privs[i] + " in " + Arrays.toString(privilegeStrs.toArray()), privilegeStrs.contains(privs[i].startsWith("HOST=") ? privs[i] : "HOST=*->" + privs[i]));
- }
-
- for (int i = 0; i < privs.length; ++i) {
- args = new String[] { revoke(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
- privs[ i ], "-conf",
- confPath.getAbsolutePath() };
- SentryShellKafka.main(args);
- Set<TSentryPrivilege> privileges = client.listPrivilegesByRoleName(requestorName,
- TEST_ROLE_NAME_1, KAFKA, service);
- assertEquals("Incorrect number of privileges. Received privileges: " + Arrays.toString(privileges.toArray()), privs.length - (i + 1), privileges.size());
- }
-
- // clear the test data
- client.dropRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
- client.dropRole(requestorName, TEST_ROLE_NAME_2, KAFKA);
- }
- });
- }
-
-
- @Test
- public void testGrantRevokePrivilegeWithShortOption() throws Exception {
- assertGrantRevokePrivilege(true);
- }
-
- @Test
- public void testGrantRevokePrivilegeWithLongOption() throws Exception {
- assertGrantRevokePrivilege(false);
- }
-
-
- @Test
- public void testNegativeCaseWithInvalidArgument() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- client.createRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
- // test: create duplicate role with -cr
- String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- SentryShellKafka sentryShell = new SentryShellKafka();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for creating duplicate role");
- } catch (SentryUserException e) {
- // expected exception
- } catch (Exception e) {
- fail ("Unexpected exception received. " + e);
- }
-
- // test: drop non-exist role with -dr
- args = new String[] { "-dr", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for dropping non-exist role");
- } catch (SentryUserException e) {
- // excepted exception
- } catch (Exception e) {
- fail ("Unexpected exception received. " + e);
- }
-
- // test: add non-exist role to group with -arg
- args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
- confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for granting non-exist role to group");
- } catch (SentryUserException e) {
- // excepted exception
- } catch (Exception e) {
- fail ("Unexpected exception received. " + e);
- }
-
- // test: drop group from non-exist role with -drg
- args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
- confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for drop group from non-exist role");
- } catch (SentryUserException e) {
- // excepted exception
- } catch (Exception e) {
- fail ("Unexpected exception received. " + e);
- }
-
- // test: grant privilege to role with the error privilege format
- args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=all",
- "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for the error privilege format, invalid key value.");
- } catch (IllegalArgumentException e) {
- // excepted exception
- } catch (Exception e) {
- fail ("Unexpected exception received. " + e);
- }
-
- // test: grant privilege to role with the error privilege hierarchy
- args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
- "consumergroup=cg1->host=h1->action=create", "-conf",
- confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for the error privilege format, invalid key value.");
- } catch (ConfigurationException e) {
- // expected exception
- } catch (Exception e) {
- fail ("Unexpected exception received. " + e);
- }
-
- // clear the test data
- client.dropRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
- }
- });
- }
-
- @Test
- public void testNegativeCaseWithoutRequiredArgument() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- String strOptionConf = "conf";
- client.createRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
- // test: the conf is required argument
- String[] args = { "-cr", "-r", TEST_ROLE_NAME_1 };
- SentryShellKafka sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + strOptionConf);
-
- // test: -r is required when create role
- args = new String[] { "-cr", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -r is required when drop role
- args = new String[] { "-dr", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -r is required when add role to group
- args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -g is required when add role to group
- args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
- // test: -r is required when delete role from group
- args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -g is required when delete role from group
- args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
- // test: -r is required when grant privilege to role
- args = new String[] { "-gpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -p is required when grant privilege to role
- args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
- // test: action is required in privilege
- args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-p", "host=*->topic=t1" };
- sentryShell = new SentryShellKafka();
- try {
- getShellResultWithOSRedirect(sentryShell, args, false);
- fail("Expected IllegalArgumentException");
- } catch (ConfigurationException e) {
- assert(("Kafka privilege must end with a valid action.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg).equals(e.getMessage()));
- } catch (Exception e) {
- fail ("Unexpected exception received. " + e);
- }
-
- // test: -r is required when revoke privilege from role
- args = new String[] { "-rpr", "-p", "host=h1", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -p is required when revoke privilege from role
- args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
- // test: command option is required for shell
- args = new String[] {"-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellKafka();
- validateMissingParameterMsgsContains(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[",
- "-arg Add role to group",
- "-cr Create role",
- "-rpr Revoke privilege from role",
- "-drg Delete role from group",
- "-lr List role",
- "-lp List privilege",
- "-gpr Grant privilege to role",
- "-dr Drop role");
-
- // clear the test data
- client.dropRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
- }
- });
- }
-
- // redirect the System.out to ByteArrayOutputStream, then execute the command and parse the result.
- private Set<String> getShellResultWithOSRedirect(SentryShellKafka sentryShell,
- String[] args, boolean expectedExecuteResult) throws Exception {
- PrintStream oldOut = System.out;
- ByteArrayOutputStream outContent = new ByteArrayOutputStream();
- System.setOut(new PrintStream(outContent));
- assertEquals(expectedExecuteResult, sentryShell.executeShell(args));
- Set<String> resultSet = Sets.newHashSet(outContent.toString().split("\n"));
- System.setOut(oldOut);
- return resultSet;
- }
-
- private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) {
- if (expectedRoleNames != null && expectedRoleNames.length > 0) {
- assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length,
- expectedRoleNames.length, roleNames.size());
- Set<String> lowerCaseRoles = new HashSet<String>();
- for (String role : roleNames) {
- lowerCaseRoles.add(role.toLowerCase());
- }
-
- for (String expectedRole : expectedRoleNames) {
- assertTrue("Expected role: " + expectedRole,
- lowerCaseRoles.contains(expectedRole.toLowerCase()));
- }
- }
- }
-
- private void validateMissingParameterMsg(SentryShellKafka sentryShell, String[] args,
- String expectedErrorMsg) throws Exception {
- Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
- assertTrue("Expected error message: " + expectedErrorMsg, errorMsgs.contains(expectedErrorMsg));
- }
-
- private void validateMissingParameterMsgsContains(SentryShellKafka sentryShell, String[] args,
- String ... expectedErrorMsgsContains) throws Exception {
- Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
- boolean foundAllMessages = false;
- Iterator<String> it = errorMsgs.iterator();
- while (it.hasNext()) {
- String errorMessage = it.next();
- boolean missingExpected = false;
- for (String expectedContains : expectedErrorMsgsContains) {
- if (!errorMessage.contains(expectedContains)) {
- missingExpected = true;
- break;
- }
- }
- if (!missingExpected) {
- foundAllMessages = true;
- break;
- }
- }
- assertTrue(foundAllMessages);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
deleted file mode 100644
index d4e26e8..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
+++ /dev/null
@@ -1,525 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.io.Files;
-import com.google.common.collect.Sets;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.PrintStream;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase {
- private File confDir;
- private File confPath;
- private static String TEST_ROLE_NAME_1 = "testRole1";
- private static String TEST_ROLE_NAME_2 = "testRole2";
- private String requestorName = "";
- private String service = "service1";
-
- @Before
- public void prepareForTest() throws Exception {
- confDir = Files.createTempDir();
- confPath = new File(confDir, "sentry-site.xml");
- if (confPath.createNewFile()) {
- FileOutputStream to = new FileOutputStream(confPath);
- conf.writeXml(to);
- to.close();
- }
- requestorName = clientUgi.getShortUserName();//System.getProperty("user.name", "");
- Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
- setLocalGroupMapping(requestorName, requestorUserGroupNames);
- // add ADMIN_USER for the after() in SentryServiceIntegrationBase
- setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames);
- writePolicyFile();
- }
-
- @After
- public void clearTestData() throws Exception {
- FileUtils.deleteQuietly(confDir);
- }
-
- @Test
- public void testCreateDropRole() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- // test: create role with -cr
- String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
- // test: create role with --create_role
- args = new String[] { "--create_role", "-r", TEST_ROLE_NAME_2, "-conf",
- confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
-
- // validate the result, list roles with -lr
- args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() };
- SentryShellSolr sentryShell = new SentryShellSolr();
- Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
- // validate the result, list roles with --list_role
- args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
- // test: drop role with -dr
- args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
- // test: drop role with --drop_role
- args = new String[] { "--drop_role", "-r", TEST_ROLE_NAME_2, "-conf",
- confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
-
- // validate the result
- Set<TSentryRole> roles = client.listAllRoles(requestorName, SOLR);
- assertEquals("Incorrect number of roles", 0, roles.size());
- }
- });
- }
-
- @Test
- public void testAddDeleteRoleForGroup() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- // Group names are case sensitive - mixed case names should work
- String TEST_GROUP_1 = "testGroup1";
- String TEST_GROUP_2 = "testGroup2";
- String TEST_GROUP_3 = "testGroup3";
-
- // create the role for test
- client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
- client.createRole(requestorName, TEST_ROLE_NAME_2, SOLR);
- // test: add role to group with -arg
- String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
- confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
- // test: add role to multiple groups
- args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
- "-conf",
- confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
- // test: add role to group with --add_role_group
- args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
- "-conf",
- confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
-
- // validate the result list roles with -lr and -g
- args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath() };
- SentryShellSolr sentryShell = new SentryShellSolr();
- Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
- // list roles with --list_role and -g
- args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf",
- confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
- args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf",
- confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
- // test: delete role from group with -drg
- args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
- confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
- // test: delete role to multiple groups
- args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
- "-conf",
- confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
- // test: delete role from group with --delete_role_group
- args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
- "-conf", confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
-
- // validate the result
- Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1, SOLR);
- assertEquals("Incorrect number of roles", 0, roles.size());
- roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, SOLR);
- assertEquals("Incorrect number of roles", 0, roles.size());
- roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, SOLR);
- assertEquals("Incorrect number of roles", 0, roles.size());
- // clear the test data
- client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR);
- client.dropRole(requestorName, TEST_ROLE_NAME_2, SOLR);
- }
- });
- }
-
- @Test
- public void testCaseSensitiveGroupName() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
-
- // create the role for test
- client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
- // add role to a group (lower case)
- String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "group1", "-conf",
- confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
-
- // validate the roles when group name is same case as above
- args = new String[] { "-lr", "-g", "group1", "-conf", confPath.getAbsolutePath() };
- SentryShellSolr sentryShell = new SentryShellSolr();
- Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
- // roles should be empty when group name is different case than above
- args = new String[] { "-lr", "-g", "GROUP1", "-conf", confPath.getAbsolutePath() };
- roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
- validateRoleNames(roleNames);
- }
- });
- }
-
- public static String grant(boolean shortOption) {
- return shortOption ? "-gpr" : "--grant_privilege_role";
- }
-
- public static String revoke(boolean shortOption) {
- return shortOption ? "-rpr" : "--revoke_privilege_role";
- }
-
- public static String list(boolean shortOption) {
- return shortOption ? "-lp" : "--list_privilege";
- }
-
- private void assertGrantRevokePrivilege(final boolean shortOption) throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- // create the role for test
- client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
- client.createRole(requestorName, TEST_ROLE_NAME_2, SOLR);
-
- String [] privs = {
- "Collection=*->action=*",
- "Collection=collection2->action=update",
- "Collection=collection3->action=query",
- };
- for (int i = 0; i < privs.length; ++i) {
- // test: grant privilege to role
- String [] args = new String [] { grant(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
- privs[ i ],
- "-conf", confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
- }
-
- // test the list privilege
- String [] args = new String[] { list(shortOption), "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- SentryShellSolr sentryShell = new SentryShellSolr();
- Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true);
- assertEquals("Incorrect number of privileges", privs.length, privilegeStrs.size());
- for (int i = 0; i < privs.length; ++i) {
- assertTrue("Expected privilege: " + privs[ i ], privilegeStrs.contains(privs[ i ]));
- }
-
- for (int i = 0; i < privs.length; ++i) {
- args = new String[] { revoke(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
- privs[ i ], "-conf",
- confPath.getAbsolutePath() };
- SentryShellSolr.main(args);
- Set<TSentryPrivilege> privileges = client.listPrivilegesByRoleName(requestorName,
- TEST_ROLE_NAME_1, SOLR, service);
- assertEquals("Incorrect number of privileges", privs.length - (i + 1), privileges.size());
- }
-
- // clear the test data
- client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR);
- client.dropRole(requestorName, TEST_ROLE_NAME_2, SOLR);
- }
- });
- }
-
-
- @Test
- public void testGrantRevokePrivilegeWithShortOption() throws Exception {
- assertGrantRevokePrivilege(true);
- }
-
- @Test
- public void testGrantRevokePrivilegeWithLongOption() throws Exception {
- assertGrantRevokePrivilege(false);
- }
-
-
- @Test
- public void testNegativeCaseWithInvalidArgument() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
- // test: create duplicate role with -cr
- String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- SentryShellSolr sentryShell = new SentryShellSolr();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for creating duplicate role");
- } catch (SentryUserException e) {
- // expected exception
- }
-
- // test: drop non-exist role with -dr
- args = new String[] { "-dr", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for dropping non-exist role");
- } catch (SentryUserException e) {
- // excepted exception
- }
-
- // test: add non-exist role to group with -arg
- args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
- confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for granting non-exist role to group");
- } catch (SentryUserException e) {
- // excepted exception
- }
-
- // test: drop group from non-exist role with -drg
- args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
- confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for drop group from non-exist role");
- } catch (SentryUserException e) {
- // excepted exception
- }
-
- // test: grant privilege to role with the error privilege format
- args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=*",
- "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for the error privilege format, invalid key value.");
- } catch (IllegalArgumentException e) {
- // excepted exception
- }
-
- // test: grant privilege to role with the error privilege hierarchy
- args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
- "server=server1->table=tbl1->column=col2->action=insert", "-conf",
- confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- try {
- sentryShell.executeShell(args);
- fail("Exception should be thrown for the error privilege format, invalid key value.");
- } catch (IllegalArgumentException e) {
- // expected exception
- }
-
- // clear the test data
- client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR);
- }
- });
- }
-
- @Test
- public void testNegativeCaseWithoutRequiredArgument() throws Exception {
- runTestAsSubject(new TestOperation() {
- @Override
- public void runTestAsSubject() throws Exception {
- String strOptionConf = "conf";
- client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
- // test: the conf is required argument
- String[] args = { "-cr", "-r", TEST_ROLE_NAME_1 };
- SentryShellSolr sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + strOptionConf);
-
- // test: -r is required when create role
- args = new String[] { "-cr", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -r is required when drop role
- args = new String[] { "-dr", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -r is required when add role to group
- args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -g is required when add role to group
- args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
- // test: -r is required when delete role from group
- args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -g is required when delete role from group
- args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
- // test: -r is required when grant privilege to role
- args = new String[] { "-gpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -p is required when grant privilege to role
- args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
- // test: action is required in privilege
- args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-p", "collection=collection1" };
- sentryShell = new SentryShellSolr();
- try {
- getShellResultWithOSRedirect(sentryShell, args, false);
- fail("Expected IllegalArgumentException");
- } catch (IllegalArgumentException e) {
- assert("Privilege is invalid: action required but not specified.".equals(e.getMessage()));
- }
-
- // test: -r is required when revoke privilege from role
- args = new String[] { "-rpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
- // test: -p is required when revoke privilege from role
- args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsg(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
- // test: command option is required for shell
- args = new String[] {"-conf", confPath.getAbsolutePath() };
- sentryShell = new SentryShellSolr();
- validateMissingParameterMsgsContains(sentryShell, args,
- SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[",
- "-arg Add role to group",
- "-cr Create role",
- "-rpr Revoke privilege from role",
- "-drg Delete role from group",
- "-lr List role",
- "-lp List privilege",
- "-gpr Grant privilege to role",
- "-dr Drop role");
-
- // clear the test data
- client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR);
- }
- });
- }
-
- // redirect the System.out to ByteArrayOutputStream, then execute the command and parse the result.
- private Set<String> getShellResultWithOSRedirect(SentryShellSolr sentryShell,
- String[] args, boolean expectedExecuteResult) throws Exception {
- PrintStream oldOut = System.out;
- ByteArrayOutputStream outContent = new ByteArrayOutputStream();
- System.setOut(new PrintStream(outContent));
- assertEquals(expectedExecuteResult, sentryShell.executeShell(args));
- Set<String> resultSet = Sets.newHashSet(outContent.toString().split("\n"));
- System.setOut(oldOut);
- return resultSet;
- }
-
- private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) {
- if (expectedRoleNames != null && expectedRoleNames.length > 0) {
- assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length,
- expectedRoleNames.length, roleNames.size());
- Set<String> lowerCaseRoles = new HashSet<String>();
- for (String role : roleNames) {
- lowerCaseRoles.add(role.toLowerCase());
- }
-
- for (String expectedRole : expectedRoleNames) {
- assertTrue("Expected role: " + expectedRole,
- lowerCaseRoles.contains(expectedRole.toLowerCase()));
- }
- }
- }
-
- private void validateMissingParameterMsg(SentryShellSolr sentryShell, String[] args,
- String expectedErrorMsg) throws Exception {
- Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
- assertTrue("Expected error message: " + expectedErrorMsg, errorMsgs.contains(expectedErrorMsg));
- }
-
- private void validateMissingParameterMsgsContains(SentryShellSolr sentryShell, String[] args,
- String ... expectedErrorMsgsContains) throws Exception {
- Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
- boolean foundAllMessages = false;
- Iterator<String> it = errorMsgs.iterator();
- while (it.hasNext()) {
- String errorMessage = it.next();
- boolean missingExpected = false;
- for (String expectedContains : expectedErrorMsgsContains) {
- if (!errorMessage.contains(expectedContains)) {
- missingExpected = true;
- break;
- }
- }
- if (!missingExpected) {
- foundAllMessages = true;
- break;
- }
- }
- assertTrue(foundAllMessages);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/appender/TestRollingFileWithoutDeleteAppender.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/appender/TestRollingFileWithoutDeleteAppender.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/appender/TestRollingFileWithoutDeleteAppender.java
deleted file mode 100644
index ca9062b..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/appender/TestRollingFileWithoutDeleteAppender.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.log.appender;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-import static org.junit.Assert.assertTrue;
-
-import java.io.File;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.log4j.Logger;
-import org.apache.log4j.PatternLayout;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.io.Files;
-
-public class TestRollingFileWithoutDeleteAppender {
- private Logger sentryLogger = Logger.getRootLogger();
- private File dataDir;
-
- @Before
- public void init() {
- dataDir = Files.createTempDir();
- }
-
- @Test
- public void testRollOver() throws Throwable {
- if (dataDir == null) {
- fail("Excepted temp folder for audit log is created.");
- }
- RollingFileWithoutDeleteAppender appender = new RollingFileWithoutDeleteAppender(
- new PatternLayout("%m%n"), dataDir.getPath() + "/auditLog.log");
- appender.setMaximumFileSize(100);
- sentryLogger.addAppender(appender);
- // Write exactly 10 bytes with each log
- for (int i = 0; i < 99; i++) {
- if (i < 10) {
- sentryLogger.debug("Hello---" + i);
- } else if (i < 100) {
- sentryLogger.debug("Hello--" + i);
- }
- }
-
- if (dataDir != null) {
- File[] files = dataDir.listFiles();
- if (files != null) {
- assertEquals(files.length, 10);
- } else {
- fail("Excepted 10 log files.");
- }
- } else {
- fail("Excepted 10 log files.");
- }
-
- }
-
- /***
- * Generate log enough to cause a single rollover. Verify the file name format
- * @throws Throwable
- */
- @Test
- public void testFileNamePattern() throws Throwable {
- if (dataDir == null) {
- fail("Excepted temp folder for audit log is created.");
- }
- RollingFileWithoutDeleteAppender appender = new RollingFileWithoutDeleteAppender(
- new PatternLayout("%m%n"), dataDir.getPath() + "/auditLog.log");
- appender.setMaximumFileSize(10);
- sentryLogger.addAppender(appender);
- sentryLogger.debug("123456789012345");
- File[] files = dataDir.listFiles();
- if (files != null) {
- assertEquals(files.length, 2);
- assertTrue(files[0].getName().contains("auditLog.log."));
- assertTrue(files[1].getName().contains("auditLog.log."));
- } else {
- fail("Excepted 2 log files.");
- }
- }
-
- @After
- public void destroy() {
- if (dataDir != null) {
- FileUtils.deleteQuietly(dataDir);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestDbAuditMetadataLogEntity.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestDbAuditMetadataLogEntity.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestDbAuditMetadataLogEntity.java
deleted file mode 100644
index 3d336af..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestDbAuditMetadataLogEntity.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.log.entity;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-
-import org.apache.sentry.provider.db.log.util.Constants;
-import org.codehaus.jackson.JsonNode;
-import org.codehaus.jackson.node.ContainerNode;
-import org.junit.Test;
-
-public class TestDbAuditMetadataLogEntity {
-
- @Test
- public void testToJsonFormatLog() throws Throwable {
- DBAuditMetadataLogEntity amle = new DBAuditMetadataLogEntity("serviceName", "userName",
- "impersonator", "ipAddress", "operation", "eventTime", "operationText", "allowed",
- "objectType", "component", "databaseName", "tableName", "columnName", "resourcePath");
- String jsonAuditLog = amle.toJsonFormatLog();
- ContainerNode rootNode = AuditMetadataLogEntity.parse(jsonAuditLog);
- assertEntryEquals(rootNode, Constants.LOG_FIELD_SERVICE_NAME, "serviceName");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_USER_NAME, "userName");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_IMPERSONATOR,
- "impersonator");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_IP_ADDRESS, "ipAddress");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_OPERATION, "operation");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_EVENT_TIME, "eventTime");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_OPERATION_TEXT,
- "operationText");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_ALLOWED, "allowed");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_DATABASE_NAME,
- "databaseName");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_TABLE_NAME, "tableName");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_COLUMN_NAME, "columnName");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_RESOURCE_PATH,
- "resourcePath");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_OBJECT_TYPE, "objectType");
- }
-
- void assertEntryEquals(ContainerNode rootNode, String key, String value) {
- JsonNode node = assertNodeContains(rootNode, key);
- assertEquals(value, node.getTextValue());
- }
-
- private JsonNode assertNodeContains(ContainerNode rootNode, String key) {
- JsonNode node = rootNode.get(key);
- if (node == null) {
- fail("No entry of name \"" + key + "\" found in " + rootNode.toString());
- }
- return node;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestGMAuditMetadataLogEntity.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestGMAuditMetadataLogEntity.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestGMAuditMetadataLogEntity.java
deleted file mode 100644
index bbee1b4..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestGMAuditMetadataLogEntity.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.log.entity;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.sentry.provider.db.log.util.Constants;
-import org.codehaus.jackson.JsonNode;
-import org.codehaus.jackson.node.ContainerNode;
-import org.junit.Test;
-
-public class TestGMAuditMetadataLogEntity {
- @Test
- public void testToJsonFormatLog() throws Throwable {
-
- Map<String, String> privilegesMap = new HashMap<String, String>();
- privilegesMap.put("resourceType1", "resourceName1");
- privilegesMap.put("resourceType2", "resourceName2");
- privilegesMap.put("resourceType3", "resourceName3");
- privilegesMap.put("resourceType4", "resourceName4");
- GMAuditMetadataLogEntity gmamle = new GMAuditMetadataLogEntity("serviceName", "userName",
- "impersonator", "ipAddress", "operation", "eventTime", "operationText", "allowed",
- "objectType", "component", privilegesMap);
- String jsonAuditLog = gmamle.toJsonFormatLog();
- ContainerNode rootNode = AuditMetadataLogEntity.parse(jsonAuditLog);
- assertEntryEquals(rootNode, Constants.LOG_FIELD_SERVICE_NAME, "serviceName");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_USER_NAME, "userName");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_IMPERSONATOR, "impersonator");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_IP_ADDRESS, "ipAddress");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_OPERATION, "operation");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_EVENT_TIME, "eventTime");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_OPERATION_TEXT, "operationText");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_ALLOWED, "allowed");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_OBJECT_TYPE, "objectType");
- assertEntryEquals(rootNode, Constants.LOG_FIELD_COMPONENT, "component");
- assertEntryEquals(rootNode, "resourceType1", "resourceName1");
- assertEntryEquals(rootNode, "resourceType2", "resourceName2");
- assertEntryEquals(rootNode, "resourceType3", "resourceName3");
- assertEntryEquals(rootNode, "resourceType4", "resourceName4");
- }
-
- void assertEntryEquals(ContainerNode rootNode, String key, String value) {
- JsonNode node = assertNodeContains(rootNode, key);
- assertEquals(value, node.getTextValue());
- }
-
- private JsonNode assertNodeContains(ContainerNode rootNode, String key) {
- JsonNode node = rootNode.get(key);
- if (node == null) {
- fail("No entry of name \"" + key + "\" found in " + rootNode.toString());
- }
- return node;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
deleted file mode 100644
index 1ec8840..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
+++ /dev/null
@@ -1,272 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.log.entity;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.provider.db.log.util.Constants;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeResponse;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeResponse;
-import org.apache.sentry.provider.db.service.thrift.TCreateSentryRoleRequest;
-import org.apache.sentry.provider.db.service.thrift.TCreateSentryRoleResponse;
-import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleRequest;
-import org.apache.sentry.provider.db.service.thrift.TDropSentryRoleResponse;
-import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.service.thrift.ThriftUtil;
-import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.apache.sentry.service.thrift.Status;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.Sets;
-
-public class TestJsonLogEntityFactory {
-
- private static Configuration conf;
-
- private static String TEST_IP = "localhost/127.0.0.1";
- private static String TEST_IMPERSONATOR = "impersonator";
- private static String TEST_ROLE_NAME = "testRole";
- private static String TEST_USER_NAME = "requestUser";
- private static String TEST_DATABASE_NAME = "testDB";
- private static String TEST_TABLE_NAME = "testTable";
- private static String TEST_GROUP = "testGroup";
-
- @BeforeClass
- public static void init() {
- conf = new Configuration();
- conf.set(ServerConfig.SENTRY_SERVICE_NAME,
- ServerConfig.SENTRY_SERVICE_NAME_DEFAULT);
- ThriftUtil.setIpAddress(TEST_IP);
- ThriftUtil.setImpersonator(TEST_IMPERSONATOR);
- }
-
- @Test
- public void testCreateRole() {
- TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
- TCreateSentryRoleResponse response = new TCreateSentryRoleResponse();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
- response.setStatus(Status.OK());
- DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory
- .getInstance().createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.TRUE, Constants.OPERATION_CREATE_ROLE,
- "CREATE ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE);
-
- response.setStatus(Status.InvalidInput("", null));
- amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.FALSE, Constants.OPERATION_CREATE_ROLE,
- "CREATE ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE);
- }
-
- @Test
- public void testDropRole() {
- TDropSentryRoleRequest request = new TDropSentryRoleRequest();
- TDropSentryRoleResponse response = new TDropSentryRoleResponse();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
- response.setStatus(Status.OK());
- DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory
- .getInstance().createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.TRUE, Constants.OPERATION_DROP_ROLE,
- "DROP ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE);
-
- response.setStatus(Status.InvalidInput("", null));
- amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.FALSE, Constants.OPERATION_DROP_ROLE,
- "DROP ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE);
- }
-
- @Test
- public void testGrantRole() {
- TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
-
- TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse();
-
- TSentryPrivilege privilege = getPrivilege(AccessConstants.ALL,
- PrivilegeScope.DATABASE.name(), TEST_DATABASE_NAME, null, null, null);
- Set<TSentryPrivilege> privileges = Sets.newHashSet();
- privileges.add(privilege);
- request.setPrivileges(privileges);
- response.setStatus(Status.OK());
- DBAuditMetadataLogEntity amle = new DBAuditMetadataLogEntity();
- Set<JsonLogEntity> amles = JsonLogEntityFactory
- .getInstance().createJsonLogEntitys(request, response, conf);
- assertEquals(amles.size(),1);
- amle = (DBAuditMetadataLogEntity) amles.iterator().next();
-
- assertCommon(amle, Constants.TRUE, Constants.OPERATION_GRANT_PRIVILEGE,
- "GRANT ALL ON DATABASE testDB TO ROLE testRole", TEST_DATABASE_NAME,
- null, null, Constants.OBJECT_TYPE_PRINCIPAL);
-
- privilege = getPrivilege(AccessConstants.ALL, PrivilegeScope.TABLE.name(),
- null, TEST_TABLE_NAME, null, null);
- privileges = Sets.newHashSet();
- privileges.add(privilege);
- request.setPrivileges(privileges);
- response.setStatus(Status.InvalidInput("", null));
- amles = JsonLogEntityFactory.getInstance()
- .createJsonLogEntitys(request, response, conf);
- assertEquals(amles.size(),1);
- amle = (DBAuditMetadataLogEntity) amles.iterator().next();
-
- assertCommon(amle, Constants.FALSE, Constants.OPERATION_GRANT_PRIVILEGE,
- "GRANT ALL ON TABLE testTable TO ROLE testRole", null, TEST_TABLE_NAME,
- null, Constants.OBJECT_TYPE_PRINCIPAL);
- }
-
- @Test
- public void testRevokeRole() {
- TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
- TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
-
- TSentryPrivilege privilege = getPrivilege(AccessConstants.ALL,
- PrivilegeScope.DATABASE.name(), TEST_DATABASE_NAME, null, null, null);
- Set<TSentryPrivilege> privileges = Sets.newHashSet();
- privileges.add(privilege);
- request.setPrivileges(privileges);
- response.setStatus(Status.OK());
- DBAuditMetadataLogEntity amle = new DBAuditMetadataLogEntity();
- Set<JsonLogEntity> amles = JsonLogEntityFactory
- .getInstance().createJsonLogEntitys(request, response, conf);
- assertEquals(amles.size(),1);
- amle = (DBAuditMetadataLogEntity) amles.iterator().next();
-
- assertCommon(amle, Constants.TRUE, Constants.OPERATION_REVOKE_PRIVILEGE,
- "REVOKE ALL ON DATABASE testDB FROM ROLE testRole", TEST_DATABASE_NAME,
- null, null, Constants.OBJECT_TYPE_PRINCIPAL);
-
- privilege = getPrivilege(AccessConstants.ALL, PrivilegeScope.TABLE.name(),
- null, TEST_TABLE_NAME, null, null);
- privileges = Sets.newHashSet();
- privileges.add(privilege);
- request.setPrivileges(privileges);
- response.setStatus(Status.InvalidInput("", null));
- amles = JsonLogEntityFactory.getInstance()
- .createJsonLogEntitys(request, response, conf);
- assertEquals(amles.size(),1);
- amle = (DBAuditMetadataLogEntity) amles.iterator().next();
-
- assertCommon(amle, Constants.FALSE, Constants.OPERATION_REVOKE_PRIVILEGE,
- "REVOKE ALL ON TABLE testTable FROM ROLE testRole", null,
- TEST_TABLE_NAME, null, Constants.OBJECT_TYPE_PRINCIPAL);
- }
-
- @Test
- public void testAddRole() {
- TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest();
- TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
- request.setGroups(getGroups());
- response.setStatus(Status.OK());
- DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory
- .getInstance().createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.TRUE, Constants.OPERATION_ADD_ROLE,
- "GRANT ROLE testRole TO GROUP testGroup", null, null, null,
- Constants.OBJECT_TYPE_ROLE);
-
- response.setStatus(Status.InvalidInput("", null));
- amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.FALSE, Constants.OPERATION_ADD_ROLE,
- "GRANT ROLE testRole TO GROUP testGroup", null, null, null,
- Constants.OBJECT_TYPE_ROLE);
- }
-
- @Test
- public void testDeleteRole() {
- TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest();
- TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
- request.setGroups(getGroups());
- response.setStatus(Status.OK());
- DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory
- .getInstance().createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.TRUE, Constants.OPERATION_DELETE_ROLE,
- "REVOKE ROLE testRole FROM GROUP testGroup", null, null, null,
- Constants.OBJECT_TYPE_ROLE);
-
- response.setStatus(Status.InvalidInput("", null));
- amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.FALSE, Constants.OPERATION_DELETE_ROLE,
- "REVOKE ROLE testRole FROM GROUP testGroup", null, null, null,
- Constants.OBJECT_TYPE_ROLE);
- }
-
- private void assertCommon(DBAuditMetadataLogEntity amle,
- String allowedExcepted, String operationExcepted,
- String operationTextExcepted, String databaseNameExcepted,
- String tableNameExcepted, String resourcePathExcepted,
- String objectTypeExcepted) {
- assertEquals(ServerConfig.SENTRY_SERVICE_NAME_DEFAULT,
- amle.getServiceName());
- assertEquals(TEST_IP, amle.getIpAddress());
- assertEquals(TEST_USER_NAME, amle.getUserName());
- assertEquals(TEST_IMPERSONATOR, amle.getImpersonator());
- assertEquals(allowedExcepted, amle.getAllowed());
- assertEquals(operationExcepted, amle.getOperation());
- assertEquals(operationTextExcepted, amle.getOperationText());
- assertEquals(tableNameExcepted, amle.getTableName());
- assertEquals(databaseNameExcepted, amle.getDatabaseName());
- assertEquals(resourcePathExcepted, amle.getResourcePath());
- assertEquals(objectTypeExcepted, amle.getObjectType());
- }
-
- private TSentryPrivilege getPrivilege(String action, String privilegeScope,
- String dbName, String tableName, String serverName, String URI) {
- TSentryPrivilege privilege = new TSentryPrivilege();
- privilege.setAction(action);
- privilege.setPrivilegeScope(privilegeScope);
- privilege.setDbName(dbName);
- privilege.setTableName(tableName);
- privilege.setServerName(serverName);
- privilege.setURI(URI);
- return privilege;
- }
-
- private Set<TSentryGroup> getGroups() {
- Set<TSentryGroup> groups = new LinkedHashSet<TSentryGroup>();
- TSentryGroup group = new TSentryGroup();
- group.setGroupName(TEST_GROUP);
- groups.add(group);
- return groups;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/f1332300/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
deleted file mode 100644
index dfae5ab..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
+++ /dev/null
@@ -1,259 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.log.entity;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
-import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest;
-import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleResponse;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.log.util.Constants;
-import org.apache.sentry.provider.db.service.thrift.ThriftUtil;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.apache.sentry.service.thrift.Status;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class TestJsonLogEntityFactoryGM {
-
- private static Configuration conf;
- private static String TEST_IP = "localhost/127.0.0.1";
- private static String TEST_IMPERSONATOR = "impersonator";
- private static String TEST_ROLE_NAME = "testRole";
- private static String TEST_USER_NAME = "requestUser";
- private static String TEST_GROUP = "testGroup";
- private static String TEST_ACTION = "action";
- private static String TEST_COMPONENT = "component";
- private static Map<String, String> TEST_PRIVILEGES_MAP = new HashMap<String, String>();
-
- @BeforeClass
- public static void init() {
- conf = new Configuration();
- conf.set(ServerConfig.SENTRY_SERVICE_NAME, ServerConfig.SENTRY_SERVICE_NAME_DEFAULT);
- ThriftUtil.setIpAddress(TEST_IP);
- ThriftUtil.setImpersonator(TEST_IMPERSONATOR);
- TEST_PRIVILEGES_MAP.put("resourceType1", "resourceName1");
- TEST_PRIVILEGES_MAP.put("resourceType2", "resourceName2");
- TEST_PRIVILEGES_MAP.put("resourceType3", "resourceName3");
- }
-
- @Test
- public void testCreateRole() {
- TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
- TCreateSentryRoleResponse response = new TCreateSentryRoleResponse();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
- response.setStatus(Status.OK());
- GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.TRUE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole",
- Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>());
-
- response.setStatus(Status.InvalidInput("", null));
- amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
- request, response, conf);
- assertCommon(amle, Constants.FALSE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole",
- Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>());
- }
-
- @Test
- public void testDropRole() {
- TDropSentryRoleRequest request = new TDropSentryRoleRequest();
- TDropSentryRoleResponse response = new TDropSentryRoleResponse();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
- response.setStatus(Status.OK());
- GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory
- .getInstance().createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.TRUE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole",
- Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>());
-
- response.setStatus(Status.InvalidInput("", null));
- amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
- request, response, conf);
- assertCommon(amle, Constants.FALSE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole",
- Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>());
- }
-
- @Test
- public void testGrantRole() {
- TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
-
- TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse();
-
- TSentryPrivilege privilege = getPrivilege();
- request.setPrivilege(privilege);
- response.setStatus(Status.OK());
- GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(
- request, response, conf);
- assertCommon(
- amle,
- Constants.TRUE,
- Constants.OPERATION_GRANT_PRIVILEGE,
- "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 TO ROLE testRole",
- Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP);
-
- response.setStatus(Status.InvalidInput("", null));
- amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
- request, response, conf);
- assertCommon(
- amle,
- Constants.FALSE,
- Constants.OPERATION_GRANT_PRIVILEGE,
- "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 TO ROLE testRole",
- Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP);
- }
-
- @Test
- public void testRevokeRole() {
- TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
- TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
-
- TSentryPrivilege privilege = getPrivilege();
- request.setPrivilege(privilege);
- response.setStatus(Status.OK());
- GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, response, conf);
- assertCommon(
- amle,
- Constants.TRUE,
- Constants.OPERATION_REVOKE_PRIVILEGE,
- "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 FROM ROLE testRole",
- Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP);
-
- response.setStatus(Status.InvalidInput("", null));
- amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
- request, response, conf);
-
- assertCommon(
- amle,
- Constants.FALSE,
- Constants.OPERATION_REVOKE_PRIVILEGE,
- "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 FROM ROLE testRole",
- Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP);
- }
-
- @Test
- public void testAddRole() {
- TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest();
- TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
- request.setGroups(getGroups());
- response.setStatus(Status.OK());
- GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
- .createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.TRUE, Constants.OPERATION_ADD_ROLE,
- "GRANT ROLE testRole TO GROUP testGroup", Constants.OBJECT_TYPE_ROLE,
- new HashMap<String, String>());
-
- response.setStatus(Status.InvalidInput("", null));
- amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
- request, response, conf);
- assertCommon(amle, Constants.FALSE, Constants.OPERATION_ADD_ROLE,
- "GRANT ROLE testRole TO GROUP testGroup", Constants.OBJECT_TYPE_ROLE,
- new HashMap<String, String>());
- }
-
- @Test
- public void testDeleteRole() {
- TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest();
- TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse();
- request.setRequestorUserName(TEST_USER_NAME);
- request.setRoleName(TEST_ROLE_NAME);
- request.setGroups(getGroups());
- response.setStatus(Status.OK());
- GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory
- .getInstance().createJsonLogEntity(request, response, conf);
- assertCommon(amle, Constants.TRUE, Constants.OPERATION_DELETE_ROLE,
- "REVOKE ROLE testRole FROM GROUP testGroup", Constants.OBJECT_TYPE_ROLE,
- new HashMap<String, String>());
-
- response.setStatus(Status.InvalidInput("", null));
- amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
- request, response, conf);
- assertCommon(amle, Constants.FALSE, Constants.OPERATION_DELETE_ROLE,
- "REVOKE ROLE testRole FROM GROUP testGroup", Constants.OBJECT_TYPE_ROLE,
- new HashMap<String, String>());
- }
-
- private void assertCommon(GMAuditMetadataLogEntity amle, String allowedExcepted,
- String operationExcepted, String operationTextExcepted, String objectTypeExcepted,
- Map<String, String> privilegesExcepted) {
- assertEquals(ServerConfig.SENTRY_SERVICE_NAME_DEFAULT, amle.getServiceName());
- assertEquals(TEST_IP, amle.getIpAddress());
- assertEquals(TEST_USER_NAME, amle.getUserName());
- assertEquals(TEST_IMPERSONATOR, amle.getImpersonator());
- assertEquals(allowedExcepted, amle.getAllowed());
- assertEquals(operationExcepted, amle.getOperation());
- assertEquals(operationTextExcepted, amle.getOperationText());
- assertEquals(objectTypeExcepted, amle.getObjectType());
- assertPrivilegesMap(privilegesExcepted, amle.getPrivilegesMap());
- }
-
- private void assertPrivilegesMap(Map<String, String> privilegesExcepted,
- Map<String, String> privilegesActual) {
- assertEquals(privilegesExcepted.size(), privilegesActual.size());
- for (Map.Entry<String, String> privilege : privilegesExcepted.entrySet()) {
- assertEquals(privilege.getValue(), privilegesActual.get(privilege.getKey()));
- }
- }
-
- private TSentryPrivilege getPrivilege() {
- TSentryPrivilege privilege = new TSentryPrivilege();
- privilege.setAction(TEST_ACTION);
- privilege.setComponent(TEST_COMPONENT);
- List<TAuthorizable> authorizables = new ArrayList<TAuthorizable>();
- authorizables.add(new TAuthorizable("resourceType1", "resourceName1"));
- authorizables.add(new TAuthorizable("resourceType2", "resourceName2"));
- authorizables.add(new TAuthorizable("resourceType3", "resourceName3"));
- privilege.setAuthorizables(authorizables);
- return privilege;
- }
-
- private Set<String> getGroups() {
- Set<String> groups = new HashSet<String>();
- groups.add(TEST_GROUP);
- return groups;
- }
-}