You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/04/22 08:28:23 UTC
[03/13] sentry git commit: SENTRY-999: Refactor the sentry to
integrate with external components quickly (Colin Ma, reviewed by Dapeng Sun)
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/pom.xml b/sentry-policy/sentry-policy-search/pom.xml
deleted file mode 100644
index 177a62b..0000000
--- a/sentry-policy/sentry-policy-search/pom.xml
+++ /dev/null
@@ -1,87 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy</artifactId>
- <version>1.8.0-SNAPSHOT</version>
- </parent>
-
- <artifactId>sentry-policy-search</artifactId>
- <name>Sentry Policy for Search</name>
-
- <dependencies>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-common</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-minicluster</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- </dependency>
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-core-model-search</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-common</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-file</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-common</artifactId>
- <scope>test</scope>
- <type>test-jar</type>
- <version>${project.version}</version>
- </dependency>
- </dependencies>
-
-</project>
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java
deleted file mode 100644
index 054c354..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.policy.common.PolicyConstants.PRIVILEGE_PREFIX;
-
-import java.util.List;
-
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.policy.common.PrivilegeValidator;
-import org.apache.shiro.config.ConfigurationException;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.Lists;
-
-public abstract class AbstractSearchPrivilegeValidator implements PrivilegeValidator {
-
- @VisibleForTesting
- public static Iterable<SearchModelAuthorizable> parsePrivilege(String string) {
- List<SearchModelAuthorizable> result = Lists.newArrayList();
- System.err.println("privilege = " + string);
- for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
- // XXX this ugly hack is because action is not an authorizable
- if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
- SearchModelAuthorizable authorizable = SearchModelAuthorizables.from(section);
- if(authorizable == null) {
- String msg = "No authorizable found for " + section;
- throw new ConfigurationException(msg);
- }
- result.add(authorizable);
- }
- }
- return result;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java
deleted file mode 100644
index 81ff67f..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
-
-public class CollectionRequiredInPrivilege extends AbstractSearchPrivilegeValidator {
-
- @Override
- public void validate(PrivilegeValidatorContext context) throws SentryConfigurationException {
- String privilege = context.getPrivilege();
- Iterable<SearchModelAuthorizable> authorizables = parsePrivilege(privilege);
- boolean foundCollectionInAuthorizables = false;
-
- for(SearchModelAuthorizable authorizable : authorizables) {
- if(authorizable instanceof Collection) {
- foundCollectionInAuthorizables = true;
- break;
- }
- }
- if(!foundCollectionInAuthorizables) {
- String msg = "Missing collection object in " + privilege;
- throw new SentryConfigurationException(msg);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchModelAuthorizables.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchModelAuthorizables.java
deleted file mode 100644
index 252f50a..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchModelAuthorizables.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable.AuthorizableType;
-import org.apache.sentry.policy.common.KeyValue;
-
-public class SearchModelAuthorizables {
-
- public static SearchModelAuthorizable from(KeyValue keyValue) {
- String prefix = keyValue.getKey().toLowerCase();
- String name = keyValue.getValue().toLowerCase();
- for(AuthorizableType type : AuthorizableType.values()) {
- if(prefix.equalsIgnoreCase(type.name())) {
- return from(type, name);
- }
- }
- return null;
- }
- public static SearchModelAuthorizable from(String s) {
- return from(new KeyValue(s));
- }
-
- private static SearchModelAuthorizable from(AuthorizableType type, String name) {
- switch (type) {
- case Collection:
- return new Collection(name);
- default:
- return null;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
deleted file mode 100644
index e25faf2..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-// copied from apache shiro
-
-package org.apache.sentry.policy.search;
-
-import java.util.List;
-
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.policy.common.PolicyConstants;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.KeyValue;
-
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Lists;
-
-public class SearchWildcardPrivilege implements Privilege {
-
- private final ImmutableList<KeyValue> parts;
-
- public SearchWildcardPrivilege(String wildcardString) {
- wildcardString = Strings.nullToEmpty(wildcardString).trim();
- if (wildcardString.isEmpty()) {
- throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
- }
- List<KeyValue>parts = Lists.newArrayList();
- for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.trimResults().split(
- wildcardString)) {
- if (authorizable.isEmpty()) {
- throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
- }
- parts.add(new KeyValue(authorizable));
- }
- if (parts.isEmpty()) {
- throw new AssertionError("Should never occur: " + wildcardString);
- }
- this.parts = ImmutableList.copyOf(parts);
- }
-
-
- @Override
- public boolean implies(Privilege p) {
- // By default only supports comparisons with other SearchWildcardPermissions
- if (!(p instanceof SearchWildcardPrivilege)) {
- return false;
- }
-
- SearchWildcardPrivilege wp = (SearchWildcardPrivilege) p;
-
- List<KeyValue> otherParts = wp.parts;
- if(equals(wp)) {
- return true;
- }
- int index = 0;
- for (KeyValue otherPart : otherParts) {
- // If this privilege has less parts than the other privilege, everything
- // after the number of parts contained
- // in this privilege is automatically implied, so return true
- if (parts.size() - 1 < index) {
- return true;
- } else {
- KeyValue part = parts.get(index);
- // are the keys even equal
- if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
- return false;
- }
- if (!impliesKeyValue(part, otherPart)) {
- return false;
- }
- index++;
- }
- }
- // If this privilege has more parts than
- // the other parts, only imply it if
- // all of the other parts are wildcards
- for (; index < parts.size(); index++) {
- KeyValue part = parts.get(index);
- if (!part.getValue().equals(SearchConstants.ALL)) {
- return false;
- }
- }
-
- return true;
- }
-
- private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
- Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
- "Please report, this method should not be called with two different keys");
- if(policyPart.getValue().equals(SearchConstants.ALL) || policyPart.equals(requestPart)) {
- return true;
- } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
- && SearchConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
- /* privilege request is to match with any object of given type */
- return true;
- }
- return false;
- }
-
- @Override
- public String toString() {
- return PolicyConstants.AUTHORIZABLE_JOINER.join(parts);
- }
-
- @Override
- public boolean equals(Object o) {
- if (o instanceof SearchWildcardPrivilege) {
- SearchWildcardPrivilege wp = (SearchWildcardPrivilege) o;
- return parts.equals(wp.parts);
- }
- return false;
- }
-
- @Override
- public int hashCode() {
- return parts.hashCode();
- }
-
- public static class SearchWildcardPrivilegeFactory implements PrivilegeFactory {
- @Override
- public Privilege createPrivilege(String privilege) {
- return new SearchWildcardPrivilege(privilege);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
deleted file mode 100644
index c71036e..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.util.Set;
-
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.PrivilegeValidator;
-import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.ProviderBackendContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableSet;
-
-/**
- * A PolicyEngine for a search service.
- */
-public class SimpleSearchPolicyEngine implements PolicyEngine {
-
- private static final Logger LOGGER = LoggerFactory
- .getLogger(SimpleSearchPolicyEngine.class);
-
- private final ProviderBackend providerBackend;
-
- public SimpleSearchPolicyEngine(ProviderBackend providerBackend) {
- this.providerBackend = providerBackend;
- ProviderBackendContext context = new ProviderBackendContext();
- context.setAllowPerDatabase(false);
- context.setValidators(createPrivilegeValidators());
- this.providerBackend.initialize(context);
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PrivilegeFactory getPrivilegeFactory() {
- return new SearchWildcardPrivilege.SearchWildcardPrivilegeFactory();
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public ImmutableSet<String> getAllPrivileges(Set<String> groups,
- ActiveRoleSet roleSet) throws SentryConfigurationException {
- return getPrivileges(groups, roleSet);
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizationHierarchy ) {
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("Getting permissions for {}", groups);
- }
- ImmutableSet<String> result = providerBackend.getPrivileges(groups, roleSet);
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("result = " + result);
- }
- return result;
- }
-
- @Override
- public ImmutableSet<String> getAllPrivileges(Set<String> groups, Set<String> users,
- ActiveRoleSet roleSet) throws SentryConfigurationException {
- return getPrivileges(groups, users, roleSet);
- }
-
- @Override
- public ImmutableSet<String> getPrivileges(Set<String> groups, Set<String> users,
- ActiveRoleSet roleSet, Authorizable... authorizationHierarchy) {
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("Getting permissions for groups: {}, users: {}", groups, users);
- }
- ImmutableSet<String> result = providerBackend.getPrivileges(groups, users, roleSet);
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("result = " + result);
- }
- return result;
- }
-
- @Override
- public void validatePolicy(boolean strictValidation)
- throws SentryConfigurationException {
- providerBackend.validatePolicy(strictValidation);
- }
-
- public static ImmutableList<PrivilegeValidator> createPrivilegeValidators() {
- return ImmutableList.<PrivilegeValidator>of(new CollectionRequiredInPrivilege());
- }
-
- @Override
- public void close() {
- if (providerBackend != null) {
- providerBackend.close();
- }
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java
deleted file mode 100644
index 1a9b1a1..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Set;
-import java.util.TreeSet;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public abstract class AbstractTestSearchPolicyEngine {
- private static final String ANALYST_PURCHASES_UPDATE = "collection=purchases->action=update";
- private static final String ANALYST_ANALYST1_ALL = "collection=analyst1";
- private static final String ANALYST_JRANALYST1_ACTION_ALL = "collection=jranalyst1->action=*";
- private static final String ANALYST_TMPCOLLECTION_UPDATE = "collection=tmpcollection->action=update";
- private static final String ANALYST_TMPCOLLECTION_QUERY = "collection=tmpcollection->action=query";
- private static final String JRANALYST_JRANALYST1_ALL = "collection=jranalyst1";
- private static final String JRANALYST_PURCHASES_PARTIAL_QUERY = "collection=purchases_partial->action=query";
- private static final String ADMIN_COLLECTION_ALL = "collection=*";
-
- private PolicyEngine policy;
- private static File baseDir;
-
- @BeforeClass
- public static void setupClazz() throws IOException {
- baseDir = Files.createTempDir();
- }
-
- @AfterClass
- public static void teardownClazz() throws IOException {
- if(baseDir != null) {
- FileUtils.deleteQuietly(baseDir);
- }
- }
-
- protected void setPolicy(PolicyEngine policy) {
- this.policy = policy;
- }
- protected static File getBaseDir() {
- return baseDir;
- }
- @Before
- public void setup() throws IOException {
- afterSetup();
- }
- @After
- public void teardown() throws IOException {
- beforeTeardown();
- }
- protected void afterSetup() throws IOException {
-
- }
-
- protected void beforeTeardown() throws IOException {
-
- }
-
- @Test
- public void testManager() throws Exception {
- Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
- ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
- ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
- ANALYST_TMPCOLLECTION_QUERY, JRANALYST_JRANALYST1_ALL,
- JRANALYST_PURCHASES_PARTIAL_QUERY));
- Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPrivileges(set("manager"), ActiveRoleSet.ALL))
- .toString());
- }
-
- @Test
- public void testAnalyst() throws Exception {
- Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
- ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
- ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
- ANALYST_TMPCOLLECTION_QUERY));
- Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL))
- .toString());
- }
-
- @Test
- public void testJuniorAnalyst() throws Exception {
- Set<String> expected = Sets.newTreeSet(Sets
- .newHashSet(JRANALYST_JRANALYST1_ALL,
- JRANALYST_PURCHASES_PARTIAL_QUERY));
- Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
- .toString());
- }
-
- @Test
- public void testAdmin() throws Exception {
- Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ADMIN_COLLECTION_ALL));
- Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL))
- .toString());
- }
-
- private static Set<String> set(String... values) {
- return Sets.newHashSet(values);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java
deleted file mode 100644
index be23e15..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.IOException;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.file.SimpleFileProviderBackend;
-
-public class SearchPolicyFileBackend extends SimpleSearchPolicyEngine {
- public SearchPolicyFileBackend(String resource) throws IOException{
- super(new SimpleFileProviderBackend(new Configuration(), resource));
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java
deleted file mode 100644
index f0bb622..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.search;
-
-import org.junit.Assert;
-
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
-import org.apache.shiro.config.ConfigurationException;
-import org.junit.Test;
-
-public class TestCollectionRequiredInRole {
-
- @Test
- public void testEmptyRole() throws Exception {
- CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
-
- // check no db
- try {
- collRequiredInRole.validate(new PrivilegeValidatorContext("index=index1"));
- Assert.fail("Expected ConfigurationException");
- } catch (ConfigurationException e) {
- // expected
- }
-
- // check with db
- try {
- collRequiredInRole.validate(new PrivilegeValidatorContext("db1","index=index2"));
- Assert.fail("Expected ConfigurationException");
- } catch (ConfigurationException e) {
- // expected
- }
- }
-
- @Test
- public void testCollectionWithoutAction() throws Exception {
- CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
- collRequiredInRole.validate(new PrivilegeValidatorContext("collection=nodb"));
- collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db"));
- }
-
- @Test
- public void testCollectionWithAction() throws Exception {
- CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
- collRequiredInRole.validate(new PrivilegeValidatorContext(null,"collection=nodb->action=query"));
- collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db->action=update"));
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java
deleted file mode 100644
index 9e1b1a7..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.EnumSet;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAction;
-import org.apache.sentry.provider.common.MockGroupMappingServiceProvider;
-import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFiles;
-import org.junit.After;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Objects;
-import com.google.common.collect.HashMultimap;
-import com.google.common.collect.Multimap;
-import com.google.common.io.Files;
-
-
-public class TestSearchAuthorizationProviderGeneralCases {
-
- private static final Logger LOGGER = LoggerFactory
- .getLogger(TestSearchAuthorizationProviderGeneralCases.class);
-
- private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap
- .create();
-
- private static final Subject SUB_ADMIN = new Subject("admin1");
- private static final Subject SUB_MANAGER = new Subject("manager1");
- private static final Subject SUB_ANALYST = new Subject("analyst1");
- private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1");
-
- private static final Collection COLL_PURCHASES = new Collection("purchases");
- private static final Collection COLL_ANALYST1 = new Collection("analyst1");
- private static final Collection COLL_JRANALYST1 = new Collection("jranalyst1");
- private static final Collection COLL_TMP = new Collection("tmpcollection");
- private static final Collection COLL_PURCHASES_PARTIAL = new Collection("purchases_partial");
-
- private static final SearchModelAction QUERY = SearchModelAction.QUERY;
- private static final SearchModelAction UPDATE = SearchModelAction.UPDATE;
-
- static {
- USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin"));
- USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager"));
- USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst"));
- USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(),
- Arrays.asList("jranalyst"));
- }
-
- private final ResourceAuthorizationProvider authzProvider;
- private File baseDir;
-
- public TestSearchAuthorizationProviderGeneralCases() throws IOException {
- baseDir = Files.createTempDir();
- PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini");
- authzProvider = new HadoopGroupResourceAuthorizationProvider(
- new SearchPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath()),
- new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP));
-
- }
-
- @After
- public void teardown() {
- if(baseDir != null) {
- FileUtils.deleteQuietly(baseDir);
- }
- }
-
- private void doTestAuthProviderOnCollection(Subject subject,
- Collection collection, Set<? extends Action> expectedPass) throws Exception {
- Set<SearchModelAction> allActions = EnumSet.of(SearchModelAction.ALL, SearchModelAction.QUERY, SearchModelAction.UPDATE);
- for(SearchModelAction action : allActions) {
- doTestResourceAuthorizationProvider(subject, collection,
- EnumSet.of(action), expectedPass.contains(action));
- }
- }
-
- private void doTestResourceAuthorizationProvider(Subject subject,
- Collection collection,
- Set<? extends Action> privileges, boolean expected) throws Exception {
- List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] {
- collection
- });
- Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
- helper.add("Subject", subject).add("Collection", collection)
- .add("Privileges", privileges).add("authzHierarchy", authzHierarchy);
- LOGGER.info("Running with " + helper.toString());
- Assert.assertEquals(helper.toString(), expected,
- authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
- LOGGER.info("Passed " + helper.toString());
- }
-
- @Test
- public void testAdmin() throws Exception {
- Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES, allActions);
- doTestAuthProviderOnCollection(SUB_ADMIN, COLL_ANALYST1, allActions);
- doTestAuthProviderOnCollection(SUB_ADMIN, COLL_JRANALYST1, allActions);
- doTestAuthProviderOnCollection(SUB_ADMIN, COLL_TMP, allActions);
- doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES_PARTIAL, allActions);
- }
-
- @Test
- public void testManager() throws Exception {
- Set<SearchModelAction> updateOnly = EnumSet.of(SearchModelAction.UPDATE);
- doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES, updateOnly);
-
- Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_MANAGER, COLL_ANALYST1, allActions);
- doTestAuthProviderOnCollection(SUB_MANAGER, COLL_JRANALYST1, allActions);
-
- Set<SearchModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
- doTestAuthProviderOnCollection(SUB_MANAGER, COLL_TMP, queryUpdateOnly);
-
- Set<SearchModelAction> queryOnly = EnumSet.of(SearchModelAction.QUERY);
- doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES_PARTIAL, queryOnly);
- }
-
- @Test
- public void testAnalyst() throws Exception {
- Set<SearchModelAction> updateOnly = EnumSet.of(SearchModelAction.UPDATE);
- doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES, updateOnly);
-
- Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_ANALYST, COLL_ANALYST1, allActions);
- doTestAuthProviderOnCollection(SUB_ANALYST, COLL_JRANALYST1, allActions);
-
- Set<SearchModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
- doTestAuthProviderOnCollection(SUB_ANALYST, COLL_TMP, queryUpdateOnly);
-
- Set<SearchModelAction> noActions = EnumSet.noneOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES_PARTIAL, noActions);
- }
-
- @Test
- public void testJuniorAnalyst() throws Exception {
- Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_JRANALYST1, allActions);
-
- Set<SearchModelAction> queryOnly = EnumSet.of(SearchModelAction.QUERY);
- doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES_PARTIAL, queryOnly);
-
- Set<SearchModelAction> noActions = EnumSet.noneOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES, noActions);
- doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_ANALYST1, noActions);
- doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_TMP, noActions);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java
deleted file mode 100644
index 3cd0b75..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java
+++ /dev/null
@@ -1,82 +0,0 @@
- /*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.EnumSet;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAction;
-import org.apache.sentry.provider.common.AuthorizationProvider;
-import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.io.Files;
-
-public class TestSearchAuthorizationProviderSpecialCases {
- private AuthorizationProvider authzProvider;
- private PolicyFile policyFile;
- private File baseDir;
- private File iniFile;
- private String initResource;
- @Before
- public void setup() throws IOException {
- baseDir = Files.createTempDir();
- iniFile = new File(baseDir, "policy.ini");
- initResource = "file://" + iniFile.getPath();
- policyFile = new PolicyFile();
- }
-
- @After
- public void teardown() throws IOException {
- if(baseDir != null) {
- FileUtils.deleteQuietly(baseDir);
- }
- }
-
- @Test
- public void testDuplicateEntries() throws Exception {
- Subject user1 = new Subject("user1");
- Collection collection1 = new Collection("collection1");
- Set<? extends Action> actions = EnumSet.allOf(SearchModelAction.class);
- policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
- .addRolesToGroup("group1", true, "role1", "role1")
- .addPermissionsToRole("role1", true, "collection=" + collection1.getName(),
- "collection=" + collection1.getName());
- policyFile.write(iniFile);
- SearchPolicyFileBackend policy = new SearchPolicyFileBackend(initResource);
- authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
- List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(collection1);
- Assert.assertTrue(authorizableHierarchy.toString(),
- authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java
deleted file mode 100644
index 94fe9f0..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.search;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.junit.Test;
-
-public class TestSearchModelAuthorizables {
-
- @Test
- public void testCollection() throws Exception {
- Collection coll = (Collection)SearchModelAuthorizables.from("CoLleCtiOn=collection1");
- assertEquals("collection1", coll.getName());
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testNoKV() throws Exception {
- System.out.println(SearchModelAuthorizables.from("nonsense"));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyKey() throws Exception {
- System.out.println(SearchModelAuthorizables.from("=v"));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyValue() throws Exception {
- System.out.println(SearchModelAuthorizables.from("k="));
- }
-
- @Test
- public void testNotAuthorizable() throws Exception {
- assertNull(SearchModelAuthorizables.from("k=v"));
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java
deleted file mode 100644
index 5c14ab6..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hdfs.MiniDFSCluster;
-import org.apache.sentry.provider.file.PolicyFiles;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-
-public class TestSearchPolicyEngineDFS extends AbstractTestSearchPolicyEngine {
-
- private static MiniDFSCluster dfsCluster;
- private static FileSystem fileSystem;
- private static Path root;
- private static Path etc;
-
- @BeforeClass
- public static void setupLocalClazz() throws IOException {
- File baseDir = getBaseDir();
- Assert.assertNotNull(baseDir);
- File dfsDir = new File(baseDir, "dfs");
- Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs());
- Configuration conf = new Configuration();
- conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
- dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
- fileSystem = dfsCluster.getFileSystem();
- root = new Path(fileSystem.getUri().toString());
- etc = new Path(root, "/etc");
- fileSystem.mkdirs(etc);
- }
-
- @AfterClass
- public static void teardownLocalClazz() {
- if(dfsCluster != null) {
- dfsCluster.shutdown();
- }
- }
-
- @Override
- protected void afterSetup() throws IOException {
- fileSystem.delete(etc, true);
- fileSystem.mkdirs(etc);
- PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini");
- setPolicy(new SearchPolicyFileBackend(new Path(etc,
- "test-authz-provider.ini").toString()));
- }
-
- @Override
- protected void beforeTeardown() throws IOException {
- fileSystem.delete(etc, true);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java
deleted file mode 100644
index 593afe7..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.provider.file.PolicyFiles;
-
-public class TestSearchPolicyEngineLocalFS extends AbstractTestSearchPolicyEngine {
-
- @Override
- protected void afterSetup() throws IOException {
- File baseDir = getBaseDir();
- Assert.assertNotNull(baseDir);
- Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
- PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini");
- setPolicy(new SearchPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath()));
- }
- @Override
- protected void beforeTeardown() throws IOException {
- File baseDir = getBaseDir();
- Assert.assertNotNull(baseDir);
- FileUtils.deleteQuietly(baseDir);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java
deleted file mode 100644
index 0993cc4..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Collections;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Charsets;
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public class TestSearchPolicyNegative {
-
- @SuppressWarnings("unused")
- private static final Logger LOGGER = LoggerFactory
- .getLogger(TestSearchPolicyNegative.class);
-
- private File baseDir;
- private File globalPolicyFile;
- private File otherPolicyFile;
-
- @Before
- public void setup() {
- baseDir = Files.createTempDir();
- globalPolicyFile = new File(baseDir, "global.ini");
- otherPolicyFile = new File(baseDir, "other.ini");
- }
-
- @After
- public void teardown() {
- if(baseDir != null) {
- FileUtils.deleteQuietly(baseDir);
- }
- }
-
- private void append(String from, File to) throws IOException {
- Files.append(from + "\n", to, Charsets.UTF_8);
- }
-
- @Test
- public void testPerDbFileException() throws Exception {
- append("[databases]", globalPolicyFile);
- append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile);
- append("[groups]", otherPolicyFile);
- append("other_group = some_role", otherPolicyFile);
- append("[roles]", otherPolicyFile);
- append("some_role = collection=c1", otherPolicyFile);
- SearchPolicyFileBackend policy = new SearchPolicyFileBackend(globalPolicyFile.getPath());
- Assert.assertEquals(Collections.emptySet(),
- policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL));
- }
-
- @Test
- public void testCollectionRequiredInRole() throws Exception {
- append("[groups]", globalPolicyFile);
- append("group = some_role", globalPolicyFile);
- append("[roles]", globalPolicyFile);
- append("some_role = action=query", globalPolicyFile);
- PolicyEngine policy = new SearchPolicyFileBackend(globalPolicyFile.getPath());
- ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
- Assert.assertTrue(permissions.toString(), permissions.isEmpty());
- }
-
- @Test
- public void testGroupIncorrect() throws Exception {
- append("[groups]", globalPolicyFile);
- append("group = malicious_role", globalPolicyFile);
- append("[roles]", globalPolicyFile);
- append("malicious_role = collection=*", globalPolicyFile);
- PolicyEngine policy = new SearchPolicyFileBackend(globalPolicyFile.getPath());
- ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL);
- Assert.assertTrue(permissions.toString(), permissions.isEmpty());
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java
deleted file mode 100644
index 3cf4a39..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.search;
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_SEPARATOR;
-
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.KeyValue;
-import org.junit.Test;
-
-public class TestSearchWildcardPrivilege extends org.junit.Assert {
-
- private static final String ALL = SearchConstants.ALL;
-
- @Test
- public void testSimpleNoAction() throws Exception {
- Privilege collection1 = create(new KeyValue("collection", "coll1"));
- Privilege collection2 = create(new KeyValue("collection", "coll2"));
- Privilege collection1Case = create(new KeyValue("colleCtIon", "coLl1"));
-
- assertTrue(collection1.implies(collection1));
- assertTrue(collection2.implies(collection2));
- assertTrue(collection1.implies(collection1Case));
- assertTrue(collection1Case.implies(collection1));
-
- assertFalse(collection1.implies(collection2));
- assertFalse(collection1Case.implies(collection2));
- assertFalse(collection2.implies(collection1));
- assertFalse(collection2.implies(collection1Case));
- }
-
- @Test
- public void testSimpleAction() throws Exception {
- Privilege query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- Privilege update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- Privilege queryCase =
- create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy"));
-
- assertTrue(query.implies(query));
- assertTrue(update.implies(update));
- assertTrue(query.implies(queryCase));
- assertTrue(queryCase.implies(query));
-
- assertFalse(query.implies(update));
- assertFalse(queryCase.implies(update));
- assertFalse(update.implies(query));
- assertFalse(update.implies(queryCase));
- }
-
- @Test
- public void testRoleShorterThanRequest() throws Exception {
- Privilege collection1 = create(new KeyValue("collection", "coll1"));
- Privilege query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- Privilege update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- Privilege all =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
-
- assertTrue(collection1.implies(query));
- assertTrue(collection1.implies(update));
- assertTrue(collection1.implies(all));
-
- assertFalse(query.implies(collection1));
- assertFalse(update.implies(collection1));
- assertTrue(all.implies(collection1));
- }
-
- @Test
- public void testCollectionAll() throws Exception {
- Privilege collectionAll = create(new KeyValue("collection", ALL));
- Privilege collection1 = create(new KeyValue("collection", "coll1"));
- assertTrue(collectionAll.implies(collection1));
- assertTrue(collection1.implies(collectionAll));
-
- Privilege allUpdate =
- create(new KeyValue("collection", ALL), new KeyValue("action", "update"));
- Privilege allQuery =
- create(new KeyValue("collection", ALL), new KeyValue("action", "query"));
- Privilege coll1Update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- Privilege coll1Query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- assertTrue(allUpdate.implies(coll1Update));
- assertTrue(allQuery.implies(coll1Query));
- assertTrue(coll1Update.implies(allUpdate));
- assertTrue(coll1Query.implies(allQuery));
- assertFalse(allUpdate.implies(coll1Query));
- assertFalse(coll1Update.implies(coll1Query));
- assertFalse(allQuery.implies(coll1Update));
- assertFalse(coll1Query.implies(allUpdate));
- assertFalse(allUpdate.implies(allQuery));
- assertFalse(allQuery.implies(allUpdate));
- assertFalse(coll1Update.implies(coll1Query));
- assertFalse(coll1Query.implies(coll1Update));
-
- // test different length paths
- assertTrue(collectionAll.implies(allUpdate));
- assertTrue(collectionAll.implies(allQuery));
- assertTrue(collectionAll.implies(coll1Update));
- assertTrue(collectionAll.implies(coll1Query));
- assertFalse(allUpdate.implies(collectionAll));
- assertFalse(allQuery.implies(collectionAll));
- assertFalse(coll1Update.implies(collectionAll));
- assertFalse(coll1Query.implies(collectionAll));
- }
-
- @Test
- public void testActionAll() throws Exception {
- Privilege coll1All =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
- Privilege coll1Update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- Privilege coll1Query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- assertTrue(coll1All.implies(coll1All));
- assertTrue(coll1All.implies(coll1Update));
- assertTrue(coll1All.implies(coll1Query));
- assertFalse(coll1Update.implies(coll1All));
- assertFalse(coll1Query.implies(coll1All));
-
- // test different lengths
- Privilege coll1 =
- create(new KeyValue("collection", "coll1"));
- assertTrue(coll1All.implies(coll1));
- assertTrue(coll1.implies(coll1All));
- }
-
- @Test
- public void testUnexpected() throws Exception {
- Privilege p = new Privilege() {
- @Override
- public boolean implies(Privilege p) {
- return false;
- }
- };
- Privilege collection1 = create(new KeyValue("collection", "coll1"));
- assertFalse(collection1.implies(null));
- assertFalse(collection1.implies(p));
- assertFalse(collection1.equals(null));
- assertFalse(collection1.equals(p));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testNullString() throws Exception {
- System.out.println(create((String)null));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyString() throws Exception {
- System.out.println(create(""));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyKey() throws Exception {
- System.out.println(create(KV_JOINER.join("collection", "")));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyValue() throws Exception {
- System.out.println(create(KV_JOINER.join("", "coll1")));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyPart() throws Exception {
- System.out.println(create(AUTHORIZABLE_JOINER.
- join(KV_JOINER.join("collection1", "coll1"), "")));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testOnlySeperators() throws Exception {
- System.out.println(create(AUTHORIZABLE_JOINER.
- join(KV_SEPARATOR, KV_SEPARATOR, KV_SEPARATOR)));
- }
-
- static SearchWildcardPrivilege create(KeyValue... keyValues) {
- return create(AUTHORIZABLE_JOINER.join(keyValues));
-
- }
- static SearchWildcardPrivilege create(String s) {
- return new SearchWildcardPrivilege(s);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties b/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties
deleted file mode 100644
index c41373c..0000000
--- a/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-# Define some default values that can be overridden by system properties.
-#
-# For testing, it may also be convenient to specify
-
-log4j.rootLogger=DEBUG,console
-
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.target=System.err
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n
-
-log4j.logger.org.apache.hadoop.conf.Configuration=INFO
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini b/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini
deleted file mode 100644
index 8af8162..0000000
--- a/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini
+++ /dev/null
@@ -1,31 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-[groups]
-manager = analyst_role, junior_analyst_role
-analyst = analyst_role
-jranalyst = junior_analyst_role
-admin = admin
-
-[roles]
-analyst_role = collection=purchases->action=update, \
- collection=analyst1, \
- collection=jranalyst1->action=*, \
- collection=tmpcollection->action=update, \
- collection=tmpcollection->action=query
-junior_analyst_role = collection=jranalyst1, collection=purchases_partial->action=query
-admin = collection=*
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/pom.xml b/sentry-policy/sentry-policy-sqoop/pom.xml
deleted file mode 100644
index 84d031a..0000000
--- a/sentry-policy/sentry-policy-sqoop/pom.xml
+++ /dev/null
@@ -1,80 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-policy</artifactId>
- <version>1.8.0-SNAPSHOT</version>
- </parent>
-
- <artifactId>sentry-policy-sqoop</artifactId>
- <name>Sentry Policy for Sqoop</name>
-
- <dependencies>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-common</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-minicluster</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- </dependency>
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-core-model-sqoop</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-common</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-file</artifactId>
- </dependency>
- </dependencies>
-
-</project>
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java
deleted file mode 100644
index ef1c88b..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.policy.common.PolicyConstants.PRIVILEGE_PREFIX;
-
-import java.util.List;
-
-import org.apache.sentry.core.model.sqoop.Server;
-import org.apache.sentry.core.model.sqoop.SqoopAuthorizable;
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
-import org.apache.sentry.policy.common.PrivilegeValidator;
-import org.apache.shiro.config.ConfigurationException;
-
-import com.google.common.collect.Lists;
-
-public class ServerNameRequiredMatch implements PrivilegeValidator {
- private final String sqoopServerName;
- public ServerNameRequiredMatch(String sqoopServerName) {
- this.sqoopServerName = sqoopServerName;
- }
- @Override
- public void validate(PrivilegeValidatorContext context)
- throws ConfigurationException {
- Iterable<SqoopAuthorizable> authorizables = parsePrivilege(context.getPrivilege());
- boolean match = false;
- for (SqoopAuthorizable authorizable : authorizables) {
- if (authorizable instanceof Server && authorizable.getName().equalsIgnoreCase(sqoopServerName)) {
- match = true;
- break;
- }
- }
- if (!match) {
- String msg = "server=[name] in " + context.getPrivilege()
- + " is required. The name is expected " + sqoopServerName;
- throw new ConfigurationException(msg);
- }
- }
-
- private Iterable<SqoopAuthorizable> parsePrivilege(String string) {
- List<SqoopAuthorizable> result = Lists.newArrayList();
- for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
- if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
- SqoopAuthorizable authorizable = SqoopModelAuthorizables.from(section);
- if(authorizable == null) {
- String msg = "No authorizable found for " + section;
- throw new ConfigurationException(msg);
- }
- result.add(authorizable);
- }
- }
- return result;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
deleted file mode 100644
index 13f78c6..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.util.Set;
-
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.PrivilegeValidator;
-import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.ProviderBackendContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableSet;
-
-public class SimpleSqoopPolicyEngine implements PolicyEngine {
- private static final Logger LOGGER = LoggerFactory.getLogger(SimpleSqoopPolicyEngine.class);
- private final ProviderBackend providerBackend;
-
- public SimpleSqoopPolicyEngine(String sqoopServerName, ProviderBackend providerBackend) {
- this.providerBackend = providerBackend;
- ProviderBackendContext context = new ProviderBackendContext();
- context.setAllowPerDatabase(false);
- context.setValidators(ImmutableList.<PrivilegeValidator>of(new ServerNameRequiredMatch(sqoopServerName)));
- this.providerBackend.initialize(context);
- }
- @Override
- public PrivilegeFactory getPrivilegeFactory() {
- return new SqoopWildcardPrivilege.Factory();
- }
-
- @Override
- public ImmutableSet<String> getAllPrivileges(Set<String> groups,
- ActiveRoleSet roleSet) throws SentryConfigurationException {
- return getPrivileges(groups, roleSet);
- }
-
- @Override
- public ImmutableSet<String> getPrivileges(Set<String> groups,
- ActiveRoleSet roleSet, Authorizable... authorizableHierarchy)
- throws SentryConfigurationException {
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("Getting permissions for {}", groups);
- }
- ImmutableSet<String> result = providerBackend.getPrivileges(groups, roleSet);
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("result = " + result);
- }
- return result;
- }
-
- @Override
- public ImmutableSet<String> getAllPrivileges(Set<String> groups, Set<String> users,
- ActiveRoleSet roleSet) throws SentryConfigurationException {
- return getPrivileges(groups, users, roleSet);
- }
-
- @Override
- public ImmutableSet<String> getPrivileges(Set<String> groups, Set<String> users,
- ActiveRoleSet roleSet, Authorizable... authorizationHierarchy) {
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("Getting permissions for groups: {}, users: {}", groups, users);
- }
- ImmutableSet<String> result = providerBackend.getPrivileges(groups, users, roleSet);
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("result = " + result);
- }
- return result;
- }
-
- @Override
- public void close() {
- if (providerBackend != null) {
- providerBackend.close();
- }
- }
-
- @Override
- public void validatePolicy(boolean strictValidation)
- throws SentryConfigurationException {
- if (providerBackend != null) {
- providerBackend.validatePolicy(strictValidation);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopModelAuthorizables.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopModelAuthorizables.java
deleted file mode 100644
index b03b4dc..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopModelAuthorizables.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import org.apache.sentry.core.model.sqoop.Connector;
-import org.apache.sentry.core.model.sqoop.Job;
-import org.apache.sentry.core.model.sqoop.Link;
-import org.apache.sentry.core.model.sqoop.Server;
-import org.apache.sentry.core.model.sqoop.SqoopAuthorizable;
-import org.apache.sentry.core.model.sqoop.SqoopAuthorizable.AuthorizableType;
-import org.apache.sentry.policy.common.KeyValue;
-
-public class SqoopModelAuthorizables {
- public static SqoopAuthorizable from(KeyValue keyValue) {
- String prefix = keyValue.getKey().toLowerCase();
- String name = keyValue.getValue().toLowerCase();
- for (AuthorizableType type : AuthorizableType.values()) {
- if(prefix.equalsIgnoreCase(type.name())) {
- return from(type, name);
- }
- }
- return null;
- }
-
- public static SqoopAuthorizable from(String keyValue) {
- return from(new KeyValue(keyValue));
- }
-
- public static SqoopAuthorizable from(AuthorizableType type, String name) {
- switch(type) {
- case SERVER:
- return new Server(name);
- case JOB:
- return new Job(name);
- case CONNECTOR:
- return new Connector(name);
- case LINK:
- return new Link(name);
- default:
- return null;
- }
- }
-}