You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sh...@apache.org on 2013/09/18 20:14:02 UTC
[2/2] git commit: SENTRY-6: Use one policy editor exclusively in all
the end to end tests (Sravya Tirukkovalur via Shreepadma Venugopalan
SENTRY-6: Use one policy editor exclusively in all the end to end tests (Sravya Tirukkovalur via Shreepadma Venugopalan
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/fc9e8839
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/fc9e8839
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/fc9e8839
Branch: refs/heads/master
Commit: fc9e8839191fab3f7b38aa47755eeea8e71b734a
Parents: 629904f
Author: Shreepadma Venugopalan <sh...@apache.org>
Authored: Wed Sep 18 11:10:22 2013 -0700
Committer: Shreepadma Venugopalan <sh...@apache.org>
Committed: Wed Sep 18 11:12:58 2013 -0700
----------------------------------------------------------------------
.../apache/sentry/tests/e2e/TestCrossDbOps.java | 147 +++-----
.../apache/sentry/tests/e2e/TestEndToEnd.java | 27 +-
.../tests/e2e/TestExportImportPrivileges.java | 57 ++-
.../tests/e2e/TestMetadataPermissions.java | 18 +-
.../tests/e2e/TestMovingToProduction.java | 59 ++--
.../tests/e2e/TestPerDBConfiguration.java | 352 +++++++------------
.../e2e/TestPrivilegesAtDatabaseScope.java | 179 ++++------
.../e2e/TestPrivilegesAtFunctionScope.java | 52 ++-
.../tests/e2e/TestPrivilegesAtTableScope.java | 221 +++++-------
.../tests/e2e/TestRuntimeMetadataRetrieval.java | 112 +++---
.../apache/sentry/tests/e2e/TestSandboxOps.java | 127 +++----
.../e2e/TestSentryOnFailureHookLoading.java | 30 +-
.../tests/e2e/TestServerConfiguration.java | 37 +-
.../sentry/tests/e2e/TestUriPermissions.java | 117 +++---
.../sentry/tests/e2e/TestUserManagement.java | 183 +++++-----
15 files changed, 702 insertions(+), 1016 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
index 891b7c2..c822863 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
@@ -76,24 +76,15 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testShowDatabasesAndShowTables() throws Exception {
// edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = select_tab1, insert_tab2", "groups");
- editor.addPolicy("group2 = select_tab3", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy(
- "select_tab1 = server=server1->db=db1->table=tab1->action=select",
- "roles");
- editor.addPolicy(
- "select_tab3 = server=server1->db=db2->table=tab3->action=select",
- "roles");
- editor.addPolicy(
- "insert_tab2 = server=server1->db=db2->table=tab2->action=insert",
- "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
+ policyFile
+ .addRolesToGroup("group1", "select_tab1", "insert_tab2")
+ .addRolesToGroup("group2", "select_tab3")
+ .addPermissionsToRole("select_tab1", "server=server1->db=db1->table=tab1->action=select")
+ .addPermissionsToRole("select_tab3", "server=server1->db=db2->table=tab3->action=select")
+ .addPermissionsToRole("insert_tab2", "server=server1->db=db2->table=tab2->action=insert")
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2");
+ policyFile.write(context.getPolicyFile());
// admin create two databases
Connection connection = context.createConnection(ADMIN1, "foo");
@@ -203,18 +194,14 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testJDBCGetSchemasAndGetTables() throws Exception {
// edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = select_tab1, insert_tab2", "groups");
- editor.addPolicy("group2 = select_tab3", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("select_tab1 = server=server1->db=db1->table=tab1->action=select","roles");
- editor.addPolicy("select_tab3 = server=server1->db=db2->table=tab3->action=select","roles");
- editor.addPolicy("insert_tab2 = server=server1->db=db2->table=tab2->action=insert","roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
+ policyFile.addRolesToGroup("group1", "select_tab1", "insert_tab2")
+ .addRolesToGroup("group2", "select_tab3")
+ .addPermissionsToRole("select_tab1", "server=server1->db=db1->table=tab1->action=select")
+ .addPermissionsToRole("select_tab3", "server=server1->db=db2->table=tab3->action=select")
+ .addPermissionsToRole("insert_tab2", "server=server1->db=db2->table=tab2->action=insert")
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2");
+ policyFile.write(context.getPolicyFile());
// admin create two databases
Connection connection = context.createConnection(ADMIN1, "foo");
@@ -367,21 +354,14 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testDbPrivileges() throws Exception {
// edit policy file
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group = db1_all,db2_all, load_data",
- "[roles]",
- "db1_all = server=server1->db=" + DB1,
- "db2_all = server=server1->db=" + DB2,
- "load_data = server=server1->URI=file://" + dataFile.getPath(),
- "admin_role = server=server1",
- "[users]",
- "user1 = user_group",
- "user2 = user_group",
- ADMIN1 + " = admin_group"
- };
- context.makeNewPolicy(testPolicies);
+ policyFile.addRolesToGroup("user_group", "db1_all,db2_all, load_data")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + DB1)
+ .addPermissionsToRole("db2_all", "server=server1->db=" + DB2)
+ .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
+ .addGroupsToUser("user1", "user_group")
+ .addGroupsToUser("user2", "user_group");
+ policyFile.write(context.getPolicyFile());
+
dropDb(ADMIN1, DB1, DB2);
createDb(ADMIN1, DB1, DB2);
for (String user : new String[]{USER1, USER2}) {
@@ -433,18 +413,13 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testNegativeUserPrivileges() throws Exception {
// edit policy file
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group = db1_tab1_insert, db1_tab2_all",
- "[roles]",
- "db1_tab2_all = server=server1->db=db1->table=table_2",
- "db1_tab1_insert = server=server1->db=db1->table=table_1->action=insert",
- "admin_role = server=server1", "[users]", "user3 = user_group",
- "admin = admin_group"};
-
- context.makeNewPolicy(testPolicies);
- Connection adminCon = context.createConnection("admin", "foo");
+ policyFile.addRolesToGroup("user_group", "db1_tab1_insert", "db1_tab2_all")
+ .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
+ .addPermissionsToRole("db1_tab1_insert", "server=server1->db=db1->table=table_1->action=insert")
+ .addGroupsToUser("user3", "user_group");
+ policyFile.write(context.getPolicyFile());
+
+ Connection adminCon = context.createConnection(ADMIN1, "foo");
Statement adminStmt = context.createStatement(adminCon);
String dbName = "db1";
adminStmt.execute("use default");
@@ -469,10 +444,11 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testNegativeUserDMLPrivileges() throws Exception {
policyFile
- .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
- .addRolesToGroup("group1", "db1_tab2_all")
- .addGroupsToUser("user3", "group1");
+ .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
+ .addRolesToGroup("group1", "db1_tab2_all")
+ .addGroupsToUser("user3", "group1");
policyFile.write(context.getPolicyFile());
+
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
Connection adminCon = context.createConnection(ADMIN1, "password");
@@ -510,20 +486,18 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testNegUserPrivilegesAll() throws Exception {
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = db1_all",
- "user_group2 = db1_tab1_select",
- "[roles]",
- "db1_all = server=server1->db=db1",
- "db1_tab1_select = server=server1->db=db1->table=table_1->action=select",
- "admin_role = server=server1", "[users]", "user1 = user_group1",
- "user2 = user_group2", "admin = admin_group"};
- context.makeNewPolicy(testPolicies);
+
+ policyFile
+ .addRolesToGroup("user_group1", "db1_all")
+ .addRolesToGroup("user_group2", "db1_tab1_select")
+ .addPermissionsToRole("db1_all", "server=server1->db=db1")
+ .addPermissionsToRole("db1_tab1_select", "server=server1->db=db1->table=table_1->action=select")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2");
+ policyFile.write(context.getPolicyFile());
// create dbs
- Connection adminCon = context.createConnection("admin", "foo");
+ Connection adminCon = context.createConnection(ADMIN1, "foo");
Statement adminStmt = context.createStatement(adminCon);
String dbName = "db1";
adminStmt.execute("use default");
@@ -593,9 +567,9 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testSandboxOpt9() throws Exception {
policyFile
- .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData)
- .addRolesToGroup(GROUP1, GROUP1_ROLE)
- .addGroupsToUser(USER1, GROUP1);
+ .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData)
+ .addRolesToGroup(GROUP1, GROUP1_ROLE)
+ .addGroupsToUser(USER1, GROUP1);
policyFile.write(context.getPolicyFile());
dropDb(ADMIN1, DB1, DB2);
@@ -667,21 +641,14 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
@Test
public void testCrossDbViewOperations() throws Exception {
// edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.clearOldPolicy();
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = all_db1,load_data,select_tb2", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("all_db2 = server=server1->db=db_2", "roles");
- editor.addPolicy(
- "select_tb2 = server=server1->db=db_2->table=tb_1->action=select",
- "roles");
- editor.addPolicy("load_data = server=server1->URI=file://" + dataFile.getPath(),
- "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
+ policyFile
+ .addRolesToGroup("group1", "all_db1", "load_data", "select_tb2")
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addPermissionsToRole("all_db2", "server=server1->db=db_2")
+ .addPermissionsToRole("select_tb2", "server=server1->db=db_2->table=tb_1->action=select")
+ .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
+ .addGroupsToUser("user1", "group1");
+ policyFile.write(context.getPolicyFile());
// admin create two databases
dropDb(ADMIN1, DB1, DB2);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
index a643e17..c45dfbc 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
@@ -22,6 +22,7 @@ import java.io.FileOutputStream;
import java.sql.Connection;
import java.sql.Statement;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -32,6 +33,8 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
private Context context;
private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
private File dataFile;
+ private PolicyFile policyFile;
+
@Before
public void setup() throws Exception {
@@ -40,6 +43,8 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
}
@After
@@ -64,11 +69,7 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testEndToEnd1() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin_role", "groups");
- editor.addPolicy("admin_role = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
+ policyFile.write(context.getPolicyFile());
String dbName1 = "db_1";
String dbName2 = "productionDB";
@@ -93,15 +94,17 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
connection.close();
// 3
- editor.addPolicy("user1 = group1", "users");
+ policyFile.addGroupsToUser("user1", "group1");
// 4
- editor.addPolicy("group1 = all_db1, data_uri, select_tb1, insert_tb1", "groups");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("select_tb1 = server=server1->db=productionDB->table=tb_1->action=select","roles");
- editor.addPolicy("insert_tb2 = server=server1->db=productionDB->table=tb_2->action=insert","roles");
- editor.addPolicy("insert_tb1 = server=server1->db=productionDB->table=tb_2->action=insert","roles");
- editor.addPolicy("data_uri = server=server1->uri=file://" + dataDir.getPath(), "roles");
+ policyFile
+ .addRolesToGroup("group1", "all_db1", "data_uri", "select_tb1", "insert_tb1")
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addPermissionsToRole("select_tb1", "server=server1->db=productionDB->table=tb_1->action=select")
+ .addPermissionsToRole("insert_tb2", "server=server1->db=productionDB->table=tb_2->action=insert")
+ .addPermissionsToRole("insert_tb1", "server=server1->db=productionDB->table=tb_2->action=insert")
+ .addPermissionsToRole("data_uri", "server=server1->uri=file://" + dataDir.getPath());
+ policyFile.write(context.getPolicyFile());
// 5
connection = context.createConnection("user1", "foo");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
index 89f7f04..22fe430 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
@@ -24,6 +24,7 @@ import java.sql.Connection;
import java.sql.Statement;
import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -32,6 +33,7 @@ import com.google.common.io.Resources;
public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
private File dataFile;
+ private PolicyFile policyFile;
@Before
public void setup() throws Exception {
@@ -40,6 +42,7 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
}
@After
@@ -55,22 +58,15 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
Statement statement = null;
String dumpDir = context.getDFSUri().toString() + "/hive_data_dump";
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = db1_read, db1_write, data_dump",
- "user_group2 = db1_read, db1_write",
- "[roles]",
- "db1_write = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT",
- "db1_read = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT",
- "data_dump = server=server1->URI=" + dumpDir,
- "admin_role = server=server1",
- "[users]",
- "user1 = user_group1",
- "user2 = user_group2",
- ADMIN1 + " = admin_group"
- };
- context.makeNewPolicy(testPolicies);
+ policyFile
+ .addRolesToGroup("user_group1", "db1_read", "db1_write", "data_dump")
+ .addRolesToGroup("user_group2", "db1_read", "db1_write")
+ .addPermissionsToRole("db1_write", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT")
+ .addPermissionsToRole("db1_read", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT")
+ .addPermissionsToRole("data_dump", "server=server1->URI=" + dumpDir)
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2");
+ policyFile.write(context.getPolicyFile());
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
@@ -107,24 +103,17 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
Statement statement = null;
String exportDir = context.getDFSUri().toString() + "/hive_export1";
- String testPolicies[] = {
- "[groups]",
- "admin_group = admin_role",
- "user_group1 = tab1_read, tab1_write, db1_all, data_read, data_export",
- "user_group2 = tab1_write, tab1_read",
- "[roles]",
- "tab1_write = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT",
- "tab1_read = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT",
- "db1_all = server=server1->db=" + DB1,
- "data_read = server=server1->URI=file://" + dataFile.getPath(),
- "data_export = server=server1->URI=" + exportDir,
- "admin_role = server=server1",
- "[users]",
- "user1 = user_group1",
- "user2 = user_group2",
- ADMIN1 + " = admin_group"
- };
- context.makeNewPolicy(testPolicies);
+ policyFile
+ .addRolesToGroup("user_group1", "tab1_read", "tab1_write", "db1_all", "data_read", "data_export")
+ .addRolesToGroup("user_group2", "tab1_write", "tab1_read")
+ .addPermissionsToRole("tab1_write", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT")
+ .addPermissionsToRole("tab1_read", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + DB1)
+ .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile.getPath())
+ .addPermissionsToRole("data_export", "server=server1->URI=" + exportDir)
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2");
+ policyFile.write(context.getPolicyFile());
dropDb(ADMIN1, DB1);
createDb(ADMIN1, DB1);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
index 6036eaa..f3d493f 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
@@ -22,6 +22,7 @@ import java.sql.Statement;
import junit.framework.Assert;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -29,9 +30,14 @@ import org.junit.Test;
public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
private Context context;
+ private PolicyFile policyFile;
+
@Before
public void setup() throws Exception {
context = createContext();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
+/*
String testPolicies[] = {
"[groups]",
"admin_group = admin_role",
@@ -47,7 +53,17 @@ public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
"admin = admin_group"
};
context.makeNewPolicy(testPolicies);
- Connection adminCon = context.createConnection("admin", "foo");
+*/
+ policyFile
+ .addRolesToGroup("user_group1", "db1_all", "db2_all")
+ .addRolesToGroup("user_group2", "db1_all")
+ .addPermissionsToRole("db1_all", "server=server1->db=db1")
+ .addPermissionsToRole("db2_all", "server=server1->db=db2")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .write(context.getPolicyFile());
+
+ Connection adminCon = context.createConnection(ADMIN1, "foo");
Statement adminStmt = context.createStatement(adminCon);
for (String dbName : new String[] { "db1", "db2" }) {
adminStmt.execute("USE default");
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
index dba6d9f..c7b5e31 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
@@ -28,6 +28,7 @@ import java.sql.Statement;
import junit.framework.Assert;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -37,6 +38,8 @@ import com.google.common.io.Resources;
public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
private Context context;
private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
+ private PolicyFile policyFile;
+
@Before
public void setUp() throws Exception {
@@ -45,6 +48,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
}
@After
@@ -72,23 +76,19 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testMovingTable1() throws Exception {
- File policyFile = context.getPolicyFile();
- Assert.assertTrue(policyFile.delete() && policyFile.createNewFile());
-
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = all_db1, load_data, select_proddb_tbl1, insert_proddb_tbl1", "groups");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("load_data = server=server1->uri=file://" + dataDir.getPath(), "roles");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
+ policyFile
+ .addRolesToGroup("group1", "all_db1", "load_data", "select_proddb_tbl1", "insert_proddb_tbl1")
+ .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataDir.getPath())
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2")
+ .write(context.getPolicyFile());
String dbName1 = "db_1";
String dbName2 = "proddb";
String tableName1 = "tb_1";
- Connection connection = context.createConnection("admin1", "foo");
+
+ Connection connection = context.createConnection(ADMIN1, "foo");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
statement.execute("DROP DATABASE IF EXISTS " + dbName2 + " CASCADE");
@@ -110,14 +110,18 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
statement.execute("LOAD DATA INPATH 'file://" + dataDir.getPath()
+ "' INTO TABLE " + tableName1);
- editor.addPolicy("insert_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=insert", "roles");
+ policyFile
+ .addPermissionsToRole("insert_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=insert")
+ .write(context.getPolicyFile());
statement.execute("USE " + dbName2);
statement.execute("INSERT OVERWRITE TABLE "
+ tableName1 + " SELECT * FROM " + dbName1
+ "." + tableName1);
// b
- editor.addPolicy("select_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=select", "roles");
+ policyFile
+ .addPermissionsToRole("select_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=select")
+ .write(context.getPolicyFile());
ResultSet resultSet = statement.executeQuery("SELECT * FROM " + tableName1 + " LIMIT 10");
int count = 0;
while(resultSet.next()) {
@@ -154,16 +158,13 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testMovingTable2() throws Exception {
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = all_db1, load_data, select_proddb_tbl1, insert_proddb_tbl1", "groups");
- editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
- editor.addPolicy("load_data = server=server1->uri=file://" + dataDir.getPath(), "roles");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
+ policyFile
+ .addRolesToGroup("group1", "all_db1", "load_data", "select_proddb_tbl1", "insert_proddb_tbl1")
+ .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+ .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataDir.getPath())
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2")
+ .write(context.getPolicyFile());
String dbName1 = "db_1";
String dbName2 = "proddb";
@@ -189,13 +190,17 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
statement.execute("LOAD DATA INPATH 'file://" + dataDir.getPath()
+ "' INTO TABLE " + dbName1 + "." + tableName1);
- editor.addPolicy("insert_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=insert", "roles");
+ policyFile
+ .addPermissionsToRole("insert_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=insert")
+ .write(context.getPolicyFile());
statement.execute("INSERT OVERWRITE TABLE "
+ dbName2 + "." + tableName1 + " SELECT * FROM " + dbName1
+ "." + tableName1);
// b
- editor.addPolicy("select_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=select", "roles");
+ policyFile
+ .addPermissionsToRole("select_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=select")
+ .write(context.getPolicyFile());
assertTrue("user1 should be able to select data from "
+ dbName2 + "." + dbName2 + "." + tableName1, statement.execute("SELECT * FROM "
+ dbName2 + "." + tableName1 + " LIMIT 10"));
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
index 7fb7f6c..8d520fc 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
@@ -26,8 +26,10 @@ import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
+import org.apache.sentry.provider.file.PolicyFile;
import org.apache.sentry.provider.file.SimplePolicyEngine;
import org.junit.After;
+import org.junit.Before;
import org.junit.Test;
import com.google.common.base.Charsets;
@@ -43,6 +45,22 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
private static final String DB2_POLICY_FILE = "db2-policy-file.ini";
private Context context;
+ private File dataFile;
+ private PolicyFile policyFile;
+
+ @Before
+ public void setup() throws Exception {
+ context = createContext();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
+ File dataDir = context.getDataDir();
+ //copy data file to test dir
+ dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
+ FileOutputStream to = new FileOutputStream(dataFile);
+ Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
+ to.close();
+
+ }
@After
public void teardown() throws Exception {
@@ -53,49 +71,24 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
@Test
public void testPerDB() throws Exception {
- context = createContext();
- File policyFile = context.getPolicyFile();
- File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- "user_group2 = select_tbl2",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user1 = user_group1",
- "user2 = user_group2",
- "[databases]",
- "db2 = " + db2PolicyFile.getPath(),
- };
- context.makeNewPolicy(policyFileContents);
-
- String[] db2PolicyFileContents = {
- "[groups]",
- "user_group2 = select_tbl2",
- "[roles]",
- "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
- };
- Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
+ PolicyFile db2PolicyFile = new PolicyFile();
+ File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+ db2PolicyFile
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+ .write(db2PolicyFileHandle);
+
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addDatabase("db2", db2PolicyFileHandle.getPath())
+ .write(context.getPolicyFile());
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection(ADMIN1, "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
@@ -143,7 +136,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection(ADMIN1, "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE db1 CASCADE");
statement.execute("DROP DATABASE db2 CASCADE");
@@ -162,70 +155,40 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
String DB3_POLICY_FILE = "db3-policy-file.ini";
String DB4_POLICY_FILE = "db4-policy-file.ini";
- context = createContext();
- File policyFile = context.getPolicyFile();
- File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
- File db3PolicyFile = new File(policyFile.getParent(), DB3_POLICY_FILE);
- File db4PolicyFile = new File(policyFile.getParent(), DB4_POLICY_FILE);
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- "user_group2 = select_tbl2",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user1 = user_group1",
- "user2 = user_group2",
- "user3 = user_group3",
- "user4 = user_group4",
- "[databases]",
- "db2 = " + db2PolicyFile.getPath(),
- "db3 = " + db3PolicyFile.getPath(),
- "db4 = " + db4PolicyFile.getPath(),
- };
- context.makeNewPolicy(policyFileContents);
-
- String[] db2PolicyFileContents = {
- "[groups]",
- "user_group2 = select_tbl2",
- "[roles]",
- "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
- };
- String[] db3PolicyFileContents = {
- "[groups]",
- "user_group3 = select_tbl3_BAD",
- "[roles]",
- "select_tbl3_BAD = server=server1->db=db3------>table->action=select"
- };
- String[] db4PolicyFileContents = {
- "[groups]",
- "user_group4 = select_tbl4",
- "[roles]",
- "select_tbl4 = server=server1->db=db4->table=tbl4->action=select"
- };
-
- Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
- Files.write(Joiner.on("\n").join(db3PolicyFileContents), db3PolicyFile, Charsets.UTF_8);
- Files.write(Joiner.on("\n").join(db4PolicyFileContents), db4PolicyFile, Charsets.UTF_8);
+ File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+ File db3PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB3_POLICY_FILE);
+ File db4PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB4_POLICY_FILE);
+
+ PolicyFile db2PolicyFile = new PolicyFile();
+ PolicyFile db3PolicyFile = new PolicyFile();
+ PolicyFile db4PolicyFile = new PolicyFile();
+ db2PolicyFile
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+ .write(db2PolicyFileHandle);
+ db3PolicyFile
+ .addRolesToGroup("user_group3", "select_tbl3_BAD")
+ .addPermissionsToRole("select_tbl3_BAD", "server=server1->db=db3------>table->action=select")
+ .write(db3PolicyFileHandle);
+ db4PolicyFile
+ .addRolesToGroup("user_group4", "select_tbl4")
+ .addPermissionsToRole("select_tbl4", "server=server1->db=db4->table=tbl4->action=select")
+ .write(db4PolicyFileHandle);
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addGroupsToUser("user3", "user_group3")
+ .addGroupsToUser("user4", "user_group4")
+ .addDatabase("db2", db2PolicyFileHandle.getPath())
+ .addDatabase("db3", db3PolicyFileHandle.getPath())
+ .addDatabase("db4", db4PolicyFileHandle.getPath())
+ .write(context.getPolicyFile());
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection(ADMIN1, "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
@@ -290,7 +253,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection(ADMIN1, "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE db1 CASCADE");
statement.execute("DROP DATABASE db2 CASCADE");
@@ -302,54 +265,30 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
@Test
public void testPerDBPolicyFileWithURI() throws Exception {
- context = createContext();
- File policyFile = context.getPolicyFile();
- File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- "user_group2 = select_tbl2",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user1 = user_group1",
- "user2 = user_group2",
- "[databases]",
- "db2 = " + db2PolicyFile.getPath(),
- };
- context.makeNewPolicy(policyFileContents);
-
- String[] db2PolicyFileContents = {
- "[groups]",
- "user_group2 = select_tbl2, data_read, insert_tbl2",
- "[roles]",
- "select_tbl2 = server=server1->db=db2->table=tbl2->action=select",
- "insert_tbl2 = server=server1->db=db2->table=tbl2->action=insert",
- "data_read = server=server1->URI=file://" + dataFile
- };
- Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
+ File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addDatabase("db2", db2PolicyFileHandle.getPath())
+ .write(context.getPolicyFile());
+
+ PolicyFile db2PolicyFile = new PolicyFile();
+ db2PolicyFile
+ .addRolesToGroup("user_group2", "select_tbl2", "data_read", "insert_tbl2")
+ .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+ .addPermissionsToRole("insert_tbl2", "server=server1->db=db2->table=tbl2->action=insert")
+ .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile)
+ .write(db2PolicyFileHandle);
// ugly hack: needs to go away once this becomes a config property. Note that this property
// will not be set with external HS and this test will fail. Hope is this fix will go away
// by then.
System.setProperty(SimplePolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection(ADMIN1, "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
@@ -399,7 +338,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection(ADMIN1, "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE db1 CASCADE");
statement.execute("DROP DATABASE db2 CASCADE");
@@ -414,36 +353,15 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
*/
@Test
public void testDefaultDb() throws Exception {
- context = createContext();
- File policyFile = context.getPolicyFile();
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user_1 = user_group1",
- "user_2 = user_group2",
- };
- context.makeNewPolicy(policyFileContents);
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user_1", "user_group1")
+ .addGroupsToUser("user_2", "user_group2")
+ .write(context.getPolicyFile());
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection(ADMIN1, "hive");
Statement statement = context.createStatement(connection);
statement.execute("USE default");
@@ -475,62 +393,34 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
@Test
public void testDefaultDBwithDbPolicy() throws Exception {
- context = createContext();
- File policyFile = context.getPolicyFile();
- File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
- File defaultPolicyFile = new File(policyFile.getParent(), "default-policy-file.ini");
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
- assertTrue("Could not delete " + defaultPolicyFile,!defaultPolicyFile.exists() || defaultPolicyFile.delete());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- "user_group2 = select_tbl2",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user_1 = user_group1",
- "user_2 = user_group2",
- "user_3 = user_group3",
- "[databases]",
- "db2 = " + db2PolicyFile.getPath(),
- "default = " + defaultPolicyFile.getPath()
- };
- context.makeNewPolicy(policyFileContents);
-
- String[] db2PolicyFileContents = {
- "[groups]",
- "user_group2 = select_tbl2",
- "[roles]",
- "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
- };
- Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
-
- String[] defautlPolicyFileContents = {
- "[groups]",
- "user_group2 = select_def",
- "[roles]",
- "select_def = server=server1->db=default->table=dtab->action=select"
- };
- Files.write(Joiner.on("\n").join(defautlPolicyFileContents), defaultPolicyFile, Charsets.UTF_8);
-
+ File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+ File defaultPolicyFileHandle = new File(context.getPolicyFile().getParent(), "default.ini");
+
+ policyFile
+ .addRolesToGroup("user_group1", "select_tbl1")
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+ .addGroupsToUser("user_1", "user_group1")
+ .addGroupsToUser("user_2", "user_group2")
+ .addGroupsToUser("user_3", "user_group3")
+ .addDatabase("db2", db2PolicyFileHandle.getPath())
+ .addDatabase("default", defaultPolicyFileHandle.getPath())
+ .write(context.getPolicyFile());
+
+ PolicyFile db2PolicyFile = new PolicyFile();
+ db2PolicyFile
+ .addRolesToGroup("user_group2", "select_tbl2")
+ .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+ .write(db2PolicyFileHandle);
+
+ PolicyFile defaultPolicyFile = new PolicyFile();
+ defaultPolicyFile
+ .addRolesToGroup("user_group2", "select_def")
+ .addPermissionsToRole("select_def", "server=server1->db=default->table=dtab->action=select")
+ .write(defaultPolicyFileHandle);
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection(ADMIN1, "hive");
Statement statement = context.createStatement(connection);
statement.execute("USE default");
statement.execute("CREATE TABLE dtab(B INT, A STRING) " +
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
index 7330d4a..69bfddc 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
@@ -32,6 +32,7 @@ import java.util.Map;
import junit.framework.Assert;
import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -44,12 +45,16 @@ import com.google.common.io.Resources;
public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
private Context context;
+ private File dataFile;
+ private PolicyFile policyFile;
+
Map <String, String >testProperties;
private static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
@Before
public void setup() throws Exception {
testProperties = new HashMap<String, String>();
+ policyFile = PolicyFile.createAdminOnServer1("admin1");
}
@After
@@ -66,33 +71,25 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
public void testAllPrivilege() throws Exception {
context = createContext(testProperties);
- File policyFile = context.getPolicyFile();
- File dataDir = context.getDataDir();
//copy data file to test dir
+ File dataDir = context.getDataDir();
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_db1, load_data");
- context.append("user_group2 = all_db2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_db1 = server=server1->db=DB_1");
- context.append("all_db2 = server=server1->db=DB_2");
- context.append("load_data = server=server1->uri=file://" + dataFile.getPath());
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
- context.append("user2 = user_group2");
+
+ policyFile
+ .addRolesToGroup("user_group1", "all_db1", "load_data")
+ .addRolesToGroup("user_group2", "all_db2")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addPermissionsToRole("all_db2", "server=server1->db=DB_2")
+ .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath())
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
@@ -170,7 +167,7 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.execute("DROP DATABASE DB_2 CASCADE");
@@ -186,36 +183,27 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
public void testAllPrivilegeOnObjectOwnedByAdmin() throws Exception {
context = createContext(testProperties);
- File policyFile = context.getPolicyFile();
- File dataDir = context.getDataDir();
//copy data file to test dir
+ File dataDir = context.getDataDir();
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
File externalTblDir = new File(dataDir, "exttab");
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_db1, load_data, exttab");
- context.append("user_group2 = all_db2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_db1 = server=server1->db=DB_1");
- context.append("all_db2 = server=server1->db=DB_2");
- context.append("exttab = server=server1->uri=file://" + dataDir.getPath());
- context.append("load_data = server=server1->uri=file://" + dataFile.getPath());
-
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
- context.append("user2 = user_group2");
+
+ policyFile
+ .addRolesToGroup("user_group1", "all_db1", "load_data", "exttab")
+ .addRolesToGroup("user_group2", "all_db2")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addPermissionsToRole("all_db2", "server=server1->db=DB_2")
+ .addPermissionsToRole("exttab", "server=server1->uri=file://" + dataDir.getPath())
+ .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath())
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
@@ -301,7 +289,7 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
connection.close();
//test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.execute("DROP DATABASE DB_2 CASCADE");
@@ -322,28 +310,21 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
public void testUseDbPrivilege() throws Exception {
context = createContext(testProperties);
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_db1");
- context.append("user_group2 = select_db2");
- context.append("user_group3 = all_db3");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_db1 = server=server1->db=DB_1");
- context.append("select_db2 = server=server1->db=DB_2->table=tab_2->action=select");
- context.append("all_db3 = server=server1->db=DB_3");
-
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
- context.append("user2 = user_group2");
- context.append("user3 = user_group3");
+ policyFile
+ .addRolesToGroup("user_group1", "all_db1")
+ .addRolesToGroup("user_group2", "select_db2")
+ .addRolesToGroup("user_group3", "all_db3")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addPermissionsToRole("select_db2", "server=server1->db=DB_2->table=tab_2->action=select")
+ .addPermissionsToRole("all_db3", "server=server1->db=DB_3")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addGroupsToUser("user3", "user_group3")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("CREATE DATABASE DB_1");
@@ -395,26 +376,19 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
public void testDefaultDbPrivilege() throws Exception {
context = createContext(testProperties);
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_db1");
- context.append("user_group2 = select_db2");
- context.append("user_group3 = all_default");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_db1 = server=server1->db=DB_1");
- context.append("select_db2 = server=server1->db=DB_2->table=tab_2->action=select");
- context.append("all_default = server=server1->db=default");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
- context.append("user2 = user_group2");
- context.append("user3 = user_group3");
-
- Connection connection = context.createConnection("hive", "hive");
+ policyFile
+ .addRolesToGroup("user_group1", "all_db1")
+ .addRolesToGroup("user_group2", "select_db2")
+ .addRolesToGroup("user_group3", "all_default")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addPermissionsToRole("select_db2", "server=server1->db=DB_2->table=tab_2->action=select")
+ .addPermissionsToRole("all_default", "server=server1->db=default")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addGroupsToUser("user3", "user_group3")
+ .write(context.getPolicyFile());
+
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("use default");
context.close();
@@ -448,26 +422,19 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
testProperties.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "true");
context = createContext(testProperties);
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group1 = all_default");
- context.append("user_group2 = select_default");
- context.append("user_group3 = all_db1");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("all_default = server=server1->db=default");
- context.append("select_default = server=server1->db=default->table=tab_2->action=select");
- context.append("all_db1 = server=server1->db=DB_1");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group1");
- context.append("user2 = user_group2");
- context.append("user3 = user_group3");
-
- Connection connection = context.createConnection("hive", "hive");
+ policyFile
+ .addRolesToGroup("user_group1", "all_default")
+ .addRolesToGroup("user_group2", "select_default")
+ .addRolesToGroup("user_group3", "all_db1")
+ .addPermissionsToRole("all_default", "server=server1->db=default")
+ .addPermissionsToRole("select_default", "server=server1->db=default->table=tab_2->action=select")
+ .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+ .addGroupsToUser("user1", "user_group1")
+ .addGroupsToUser("user2", "user_group2")
+ .addGroupsToUser("user3", "user_group3")
+ .write(context.getPolicyFile());
+
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("use default");
context.close();
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
index 90d6214..25746c1 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
@@ -25,6 +25,7 @@ import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -36,6 +37,7 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
private File dataDir;
private File dataFile;
+ private PolicyFile policyFile;
@Before
public void setup() throws Exception {
@@ -45,6 +47,8 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
}
@After
@@ -64,21 +68,18 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
public void testFuncPrivileges1() throws Exception {
String dbName1 = "db_1";
String tableName1 = "tb_1";
- // edit policy file
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = db1_all,UDF_JAR", "groups");
- editor.addPolicy("group2 = db1_tab1,UDF_JAR", "groups");
- editor.addPolicy("group3 = db1_tab1", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("db1_all = server=server1->db=" + dbName1, "roles");
- editor.addPolicy("db1_tab1 = server=server1->db=" + dbName1 + "->table=" + tableName1, "roles");
- editor.addPolicy("UDF_JAR = server=server1->uri=file://${user.home}/.m2", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
- editor.addPolicy("user2 = group2", "users");
- editor.addPolicy("user3 = group3", "users");
+
+ policyFile
+ .addRolesToGroup("group1", "db1_all", "UDF_JAR")
+ .addRolesToGroup("group2", "db1_tab1", "UDF_JAR")
+ .addRolesToGroup("group3", "db1_tab1")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1)
+ .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1)
+ .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2")
+ .addGroupsToUser("user1", "group1")
+ .addGroupsToUser("user2", "group2")
+ .addGroupsToUser("user3", "group3")
+ .write(context.getPolicyFile());
Connection connection = context.createConnection("admin1", "foo");
Statement statement = context.createStatement(connection);
@@ -145,18 +146,15 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
String dbName1 = "db1";
String tableName1 = "tab1";
- File policyFile = context.getPolicyFile();
- PolicyFileEditor editor = new PolicyFileEditor(policyFile);
- editor.addPolicy("admin = admin", "groups");
- editor.addPolicy("group1 = db1_all,UDF_JAR", "groups");
- editor.addPolicy("group2 = db1_tab1,UDF_JAR", "groups");
- editor.addPolicy("group3 = db1_tab1", "groups");
- editor.addPolicy("admin = server=server1", "roles");
- editor.addPolicy("db1_all = server=server1->db=" + dbName1, "roles");
- editor.addPolicy("db1_tab1 = server=server1->db=" + dbName1 + "->table=" + tableName1, "roles");
- editor.addPolicy("UDF_JAR = server=server1->uri=file://${user.home}/.m2", "roles");
- editor.addPolicy("admin1 = admin", "users");
- editor.addPolicy("user1 = group1", "users");
+ policyFile
+ .addRolesToGroup("group1", "db1_all", "UDF_JAR")
+ .addRolesToGroup("group2", "db1_tab1", "UDF_JAR")
+ .addRolesToGroup("group3", "db1_tab1")
+ .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1)
+ .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1)
+ .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2")
+ .addGroupsToUser("user1", "group1")
+ .write(context.getPolicyFile());
Connection connection = context.createConnection("admin1", "password");
Statement statement = connection.createStatement();
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
index 21bc846..ed4509e 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
@@ -30,6 +30,7 @@ import java.sql.Statement;
import junit.framework.Assert;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -39,17 +40,18 @@ import com.google.common.io.Resources;
/* Tests privileges at table scope within a single database.
*/
-public class TestPrivilegesAtTableScope
- extends
- AbstractTestWithStaticLocalFS {
+public class TestPrivilegesAtTableScope extends AbstractTestWithStaticLocalFS {
private Context context;
+ private PolicyFile policyFile;
+
private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
private final String MULTI_TYPE_DATA_FILE_NAME = "emp.dat";
@Before
public void setup() throws Exception {
context = createContext();
+ policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
}
@After
@@ -66,32 +68,23 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testInsertAndSelect() throws Exception {
- File policyFile = context.getPolicyFile();
File dataDir = context.getDataDir();
// copy data file to test dir
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
-
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab1, insert_tab1, select_tab2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
- context.append("insert_tab1 = server=server1->db=DB_1->table=TAB_1->action=insert");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab1", "insert_tab1", "select_tab2")
+ .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+ .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("CREATE DATABASE DB_1");
@@ -135,7 +128,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// connect as admin and drop tab_1
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("USE DB_1");
statement.execute("DROP TABLE TAB_1");
@@ -157,7 +150,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -172,31 +165,22 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testInsert() throws Exception {
- File policyFile = context.getPolicyFile();
File dataDir = context.getDataDir();
// copy data file to test dir
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
-
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = insert_tab1, select_tab2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("insert_tab1 = server=server1->db=DB_1->table=TAB_1->action=insert");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "insert_tab1", "select_tab2")
+ .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
statement.execute("CREATE DATABASE DB_1");
@@ -254,7 +238,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -268,31 +252,23 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testSelect() throws Exception {
- File policyFile = context.getPolicyFile();
- File dataDir = context.getDataDir();
// copy data file to test dir
+ File dataDir = context.getDataDir();
File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab1, select_tab2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
- context.append("insert_tab1 = server=server1->db=DB_1->table=TAB_1->action=insert");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab1", "select_tab2")
+ .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+ .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -351,7 +327,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -365,30 +341,22 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testTableViewJoin() throws Exception {
- File policyFile = context.getPolicyFile();
- File dataDir = context.getDataDir();
// copy data file to test dir
+ File dataDir = context.getDataDir();
File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab1, select_tab2");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab1", "select_tab2")
+ .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -436,7 +404,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -450,32 +418,23 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testTableViewJoin2() throws Exception {
- File policyFile = context.getPolicyFile();
+
File dataDir = context.getDataDir();
// copy data file to test dir
File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab2");
- // roles: privileges -> role
-
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
-
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab2")
+ .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -531,7 +490,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -545,31 +504,22 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testTableViewJoin3() throws Exception {
- File policyFile = context.getPolicyFile();
File dataDir = context.getDataDir();
// copy data file to test dir
File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
-
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab2, select_view1");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_view1 = server=server1->db=DB_1->table=VIEW_1->action=select");
- context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab2", "select_view1")
+ .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select")
+ .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -641,7 +591,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();
@@ -655,31 +605,22 @@ public class TestPrivilegesAtTableScope
*/
@Test
public void testTableViewJoin4() throws Exception {
- File policyFile = context.getPolicyFile();
File dataDir = context.getDataDir();
// copy data file to test dir
File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
FileOutputStream to = new FileOutputStream(dataFile);
Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
to.close();
- // delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- // groups : role -> group
-
- context.append("[groups]");
- context.append("admin = all_server");
- context.append("user_group = select_tab1, select_view1");
- // roles: privileges -> role
- context.append("[roles]");
- context.append("all_server = server=server1");
- context.append("select_view1 = server=server1->db=DB_1->table=VIEW_1->action=select");
- context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
- // users: users -> groups
- context.append("[users]");
- context.append("hive = admin");
- context.append("user1 = user_group");
+
+ policyFile
+ .addRolesToGroup("user_group", "select_tab1", "select_view1")
+ .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select")
+ .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+ .addGroupsToUser("user1", "user_group")
+ .write(context.getPolicyFile());
+
// setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
+ Connection connection = context.createConnection("admin1", "hive");
Statement statement = context.createStatement(connection);
statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -728,7 +669,7 @@ public class TestPrivilegesAtTableScope
connection.close();
// test cleanup
- connection = context.createConnection("hive", "hive");
+ connection = context.createConnection("admin1", "hive");
statement = context.createStatement(connection);
statement.execute("DROP DATABASE DB_1 CASCADE");
statement.close();