You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2017/11/07 16:57:15 UTC
[2/2] sentry git commit: SENTRY-1997 - Bump sqoop dependency version
to 1.99.7. Colm O hEigeartaigh, reviewed by Sergio Pena.
SENTRY-1997 - Bump sqoop dependency version to 1.99.7. Colm O hEigeartaigh, reviewed by Sergio Pena.
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/e23fc4ef
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/e23fc4ef
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/e23fc4ef
Branch: refs/heads/master
Commit: e23fc4ef88b1ba2170d97aaa563bedc9ba521c7e
Parents: a001e44
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Nov 7 16:56:45 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Nov 7 16:56:45 2017 +0000
----------------------------------------------------------------------
pom.xml | 2 +-
sentry-tests/sentry-tests-sqoop/pom.xml | 69 +---
.../e2e/sqoop/AbstractSqoopSentryTestBase.java | 7 +-
.../tests/e2e/sqoop/JettySqoopRunner.java | 239 ++++++++++++++
.../tests/e2e/sqoop/TestConnectorEndToEnd.java | 11 +-
.../tests/e2e/sqoop/TestGrantPrivilege.java | 70 ++--
.../sentry/tests/e2e/sqoop/TestJobEndToEnd.java | 139 ++++----
.../tests/e2e/sqoop/TestLinkEndToEnd.java | 96 +++---
.../tests/e2e/sqoop/TestOwnerPrivilege.java | 59 ++--
.../tests/e2e/sqoop/TestRevokePrivilege.java | 56 ++--
.../e2e/sqoop/TestServerScopeEndToEnd.java | 75 +++--
.../tests/e2e/sqoop/TestShowPrivilege.java | 14 +-
.../tests/e2e/sqoop/TomcatSqoopRunner.java | 318 -------------------
13 files changed, 553 insertions(+), 602 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index af54480..bea2c5f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -91,7 +91,7 @@ limitations under the License.
<shiro.version>1.4.0</shiro.version>
<slf4j.version>1.7.25</slf4j.version>
<solr.version>4.10.2</solr.version>
- <sqoop.version>1.99.6</sqoop.version>
+ <sqoop.version>1.99.7</sqoop.version>
<surefire.version>2.20.1</surefire.version>
<test.sentry.hadoop.classpath>${maven.test.classpath}</test.sentry.hadoop.classpath>
<zookeeper.version>3.4.5</zookeeper.version>
http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-sqoop/pom.xml b/sentry-tests/sentry-tests-sqoop/pom.xml
index 6723c4d..7a1ac1c 100644
--- a/sentry-tests/sentry-tests-sqoop/pom.xml
+++ b/sentry-tests/sentry-tests-sqoop/pom.xml
@@ -42,6 +42,12 @@ limitations under the License.
<dependency>
<groupId>org.apache.sqoop</groupId>
<artifactId>test</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.testng</groupId>
+ <artifactId>testng</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
@@ -116,56 +122,15 @@ limitations under the License.
<version>${datanucleus-jdo.version}</version>
</dependency>
</dependencies>
- <profiles>
- <profile>
- <id>download-sqoop2</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- <property>
- <name>!skipTests</name>
- </property>
- </activation>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-dependency-plugin</artifactId>
- <executions>
- <execution>
- <id>download-deps</id>
- <phase>generate-resources</phase>
- <goals>
- <goal>copy</goal>
- </goals>
- <configuration>
- <artifactItems>
- <artifactItem>
- <groupId>org.apache.tomcat</groupId>
- <artifactId>tomcat</artifactId>
- <version>7.0.81</version>
- <type>zip</type>
- <overWrite>true</overWrite>
- <outputDirectory>target/thirdparty</outputDirectory>
- </artifactItem>
- <artifactItem>
- <groupId>org.apache.sqoop</groupId>
- <artifactId>sqoop-server</artifactId>
- <version>2.0.0-SNAPSHOT</version>
- <type>war</type>
- <overWrite>true</overWrite>
- <outputDirectory>target/thirdparty</outputDirectory>
- </artifactItem>
- </artifactItems>
- <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
- <overWriteSnapshots>true</overWriteSnapshots>
- <overWriteIfNewer>true</overWriteIfNewer>
- <stripVersion>true</stripVersion>
- </configuration>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- </profile>
- </profiles>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <reuseForks>false</reuseForks>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/AbstractSqoopSentryTestBase.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/AbstractSqoopSentryTestBase.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/AbstractSqoopSentryTestBase.java
index 2971bf8..714eeae 100644
--- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/AbstractSqoopSentryTestBase.java
+++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/AbstractSqoopSentryTestBase.java
@@ -83,7 +83,7 @@ public class AbstractSqoopSentryTestBase {
protected static final String ROLE5 = StaticUserGroupRole.ROLE_5;
protected static SentryService server;
- protected static TomcatSqoopRunner sqoopServerRunner;
+ protected static JettySqoopRunner sqoopServerRunner;
protected static File baseDir;
protected static File sqoopDir;
@@ -92,6 +92,9 @@ public class AbstractSqoopSentryTestBase {
protected static PolicyFile policyFile;
+ protected static String JDBC_CONNECTOR_NAME = "generic-jdbc-connector";
+ protected static String HDFS_CONNECTOR_NAME = "hdfs-connector";
+
@BeforeClass
public static void beforeTestEndToEnd() throws Exception {
setupConf();
@@ -163,7 +166,7 @@ public class AbstractSqoopSentryTestBase {
public static void startSqoopWithSentryEnable() throws Exception {
File sentrySitePath = new File(baseDir, "sentry-site.xml");
getClientConfig().writeXml(new FileOutputStream(sentrySitePath));
- sqoopServerRunner = new TomcatSqoopRunner(sqoopDir.toString(), SQOOP_SERVER_NAME,
+ sqoopServerRunner = new JettySqoopRunner(sqoopDir.toString(), SQOOP_SERVER_NAME,
sentrySitePath.toURI().toURL().toString());
sqoopServerRunner.start();
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/JettySqoopRunner.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/JettySqoopRunner.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/JettySqoopRunner.java
new file mode 100644
index 0000000..0069ab7
--- /dev/null
+++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/JettySqoopRunner.java
@@ -0,0 +1,239 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.tests.e2e.sqoop;
+
+import static org.junit.Assert.assertEquals;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.sqoop.client.SqoopClient;
+import org.apache.sqoop.common.test.db.DatabaseProvider;
+import org.apache.sqoop.common.test.db.DatabaseProviderFactory;
+import org.apache.sqoop.common.test.db.TableName;
+import org.apache.sqoop.common.test.utils.NetworkUtils;
+import org.apache.sqoop.model.MConfigList;
+import org.apache.sqoop.model.MJob;
+import org.apache.sqoop.model.MLink;
+import org.apache.sqoop.server.SqoopJettyServer;
+import org.apache.sqoop.test.minicluster.SqoopMiniCluster;
+import org.apache.sqoop.test.utils.SqoopUtils;
+import org.apache.sqoop.validation.Status;
+
+import com.google.common.base.Joiner;
+
+public class JettySqoopRunner {
+ private SqoopServerEnableSentry server;
+ private DatabaseProvider provider;
+ private String temporaryPath;
+
+ public JettySqoopRunner(String temporaryPath, String serverName, String sentrySite)
+ throws Exception {
+ this.temporaryPath = temporaryPath;
+ this.server = new SqoopServerEnableSentry(temporaryPath, serverName, sentrySite);
+ this.provider = DatabaseProviderFactory.getProvider(System.getProperties());
+ }
+
+ public void start() throws Exception {
+ server.start();
+ provider.start();
+ }
+
+ public void stop() throws Exception {
+ server.stop();
+ provider.stop();
+ }
+
+ /**
+ * save link.
+ *
+ * With asserts to make sure that it was created correctly.
+ * @param sqoopClient
+ * @param link
+ */
+ public void saveLink(SqoopClient client, MLink link) {
+ assertEquals(Status.OK, client.saveLink(link));
+ }
+
+ /**
+ * update link.
+ *
+ * With asserts to make sure that it was created correctly.
+ * @param sqoopClient
+ * @param link
+ * @param oldLinkName
+ */
+ public void updateLink(SqoopClient client, MLink link, String oldLinkName) {
+ assertEquals(Status.OK, client.updateLink(link, oldLinkName));
+ }
+
+
+ /**
+ * save job.
+ *
+ * With asserts to make sure that it was created correctly.
+ *
+ * @param job
+ */
+ public void saveJob(SqoopClient client, MJob job) {
+ assertEquals(Status.OK, client.saveJob(job));
+ }
+
+ /**
+ * fill link.
+ *
+ * With asserts to make sure that it was filled correctly.
+ *
+ * @param link
+ */
+ public void fillHdfsLink(MLink link) {
+ MConfigList configs = link.getConnectorLinkConfig();
+ configs.getStringInput("linkConfig.confDir").setValue(server.getConfigurationPath());
+ }
+
+ /**
+ * Fill link config based on currently active provider.
+ *
+ * @param link MLink object to fill
+ */
+ public void fillRdbmsLinkConfig(MLink link) {
+ MConfigList configs = link.getConnectorLinkConfig();
+ configs.getStringInput("linkConfig.jdbcDriver").setValue(provider.getJdbcDriver());
+ configs.getStringInput("linkConfig.connectionString").setValue(provider.getConnectionUrl());
+ configs.getStringInput("linkConfig.username").setValue(provider.getConnectionUsername());
+ configs.getStringInput("linkConfig.password").setValue(provider.getConnectionPassword());
+ }
+
+ public void fillHdfsFromConfig(MJob job) {
+ MConfigList fromConfig = job.getFromJobConfig();
+ fromConfig.getStringInput("fromJobConfig.inputDirectory").setValue(temporaryPath + "/output");
+ }
+
+ public void fillRdbmsToConfig(MJob job) {
+ MConfigList toConfig = job.getToJobConfig();
+ toConfig.getStringInput("toJobConfig.tableName").setValue(provider.
+ escapeTableName(new TableName(getClass().getSimpleName()).getTableName()));
+ }
+
+ /**
+ * get a sqoopClient for specific user
+ * @param user
+ */
+ public SqoopClient getSqoopClient(String user) {
+ setAuthenticationUser(user);
+ return new SqoopClient(server.getServerUrl());
+ }
+
+ /**
+ * Set the mock user in the Sqoop simple authentication
+ * @param user
+ */
+ private void setAuthenticationUser(String user) {
+ System.setProperty("user.name", user);
+ }
+
+ private static class SqoopServerEnableSentry extends SqoopMiniCluster {
+ private Integer port;
+ private String sentrySite;
+ private String serverName;
+ private SqoopJettyServer sqoopJettyServer;
+
+ SqoopServerEnableSentry(String temporaryPath, String serverName, String sentrySite)
+ throws Exception {
+ super(temporaryPath);
+ this.serverName = serverName;
+ this.sentrySite = sentrySite;
+ // Random port
+ this.port = NetworkUtils.findAvailablePort();
+ }
+
+ @Override
+ public Map<String, String> getSecurityConfiguration() {
+ Map<String, String> properties = new HashMap<String, String>();
+ configureAuthentication(properties);
+ configureSentryAuthorization(properties);
+ properties.put("org.apache.sqoop.jetty.port", port.toString());
+ return properties;
+ }
+
+ private void configureAuthentication(Map<String, String> properties) {
+ properties.put("org.apache.sqoop.authentication.type", "SIMPLE");
+ properties.put("org.apache.sqoop.authentication.handler",
+ "org.apache.sqoop.security.SimpleAuthenticationHandler");
+ }
+
+ private void configureSentryAuthorization(Map<String, String> properties) {
+ properties.put("org.apache.sqoop.security.authorization.handler",
+ "org.apache.sentry.sqoop.authz.SentryAuthorizationHandler");
+ properties.put("org.apache.sqoop.security.authorization.access_controller",
+ "org.apache.sentry.sqoop.authz.SentryAccessController");
+ properties.put("org.apache.sqoop.security.authorization.validator",
+ "org.apache.sentry.sqoop.authz.SentryAuthorizationValidator");
+ properties.put("org.apache.sqoop.security.authorization.server_name", serverName);
+ properties.put("sentry.sqoop.site.url", sentrySite);
+ List<String> extraClassPath = new LinkedList<String>();
+ for (String jar : System.getProperty("java.class.path").split(":")) {
+ if ((jar.contains("sentry") || jar.contains("shiro-core") || jar.contains("libthrift"))
+ && jar.endsWith("jar")) {
+ extraClassPath.add(jar);
+ }
+ }
+ properties.put("org.apache.sqoop.classpath.extra", Joiner.on(":").join(extraClassPath));
+ }
+
+ @Override
+ public void start() throws Exception {
+ prepareTemporaryPath();
+ sqoopJettyServer = new SqoopJettyServer();
+ sqoopJettyServer.startServer();
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ public void stop() throws Exception {
+ if (sqoopJettyServer != null) {
+ sqoopJettyServer.stopServerForTest();
+ }
+ }
+
+ /**
+ * Return server URL.
+ */
+ @Override
+ public String getServerUrl() {
+ if (sqoopJettyServer != null) {
+ String serverUrl = sqoopJettyServer.getServerUrl();
+ // Replace the hostname of server url with FQDN
+ String host;
+ try {
+ host = new URL(serverUrl).getHost();
+ } catch (MalformedURLException e) {
+ throw new RuntimeException("Invalid sqoop server url: " + serverUrl);
+ }
+
+ String fqdn = SqoopUtils.getLocalHostName();
+ return serverUrl.replaceFirst(host, fqdn);
+ }
+ throw new RuntimeException("Jetty server wasn't started.");
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestConnectorEndToEnd.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestConnectorEndToEnd.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestConnectorEndToEnd.java
index 27f1420..2aaf25b 100644
--- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestConnectorEndToEnd.java
+++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestConnectorEndToEnd.java
@@ -20,6 +20,7 @@ import static org.junit.Assert.assertTrue;
import org.apache.sentry.core.model.sqoop.SqoopActionConstant;
import org.apache.sqoop.client.SqoopClient;
+import org.apache.sqoop.common.SqoopProtocolConstants;
import org.apache.sqoop.model.MConnector;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
@@ -30,10 +31,10 @@ import org.junit.Test;
import com.google.common.collect.Lists;
public class TestConnectorEndToEnd extends AbstractSqoopSentryTestBase {
- private static String JDBC_CONNECTOR_NAME = "generic-jdbc-connector";
- private static String HDFS_CONNECTOR_NAME = "hdfs-connector";
+ // TODO Re-enable once https://issues.apache.org/jira/browse/SQOOP-3251 is fixed
@Test
+ @org.junit.Ignore
public void testShowAllConnector() throws Exception {
// USER3 at firstly has no privilege on any Sqoop resource
SqoopClient client = sqoopServerRunner.getSqoopClient(USER3);
@@ -45,7 +46,7 @@ public class TestConnectorEndToEnd extends AbstractSqoopSentryTestBase {
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role3 = new MRole(ROLE3);
MPrincipal group3 = new MPrincipal(GROUP3, MPrincipal.TYPE.GROUP);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
+ MResource allConnector = new MResource(SqoopProtocolConstants.ALL, MResource.TYPE.CONNECTOR);
MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
client.createRole(role3);
client.grantRole(Lists.newArrayList(role3), Lists.newArrayList(group3));
@@ -75,7 +76,7 @@ public class TestConnectorEndToEnd extends AbstractSqoopSentryTestBase {
MRole role1 = new MRole(ROLE1);
MPrincipal group1 = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP);
- MPrivilege readHdfsPriv = new MPrivilege(new MResource(String.valueOf(hdfsConnector.getPersistenceId()), MResource.TYPE.CONNECTOR),
+ MPrivilege readHdfsPriv = new MPrivilege(new MResource(hdfsConnector.getUniqueName(), MResource.TYPE.CONNECTOR),
SqoopActionConstant.READ, false);
client.createRole(role1);
client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1));
@@ -84,7 +85,7 @@ public class TestConnectorEndToEnd extends AbstractSqoopSentryTestBase {
MRole role2 = new MRole(ROLE2);
MPrincipal group2 = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP);
- MPrivilege readJdbcPriv = new MPrivilege(new MResource(String.valueOf(jdbcConnector.getPersistenceId()), MResource.TYPE.CONNECTOR),
+ MPrivilege readJdbcPriv = new MPrivilege(new MResource(String.valueOf(jdbcConnector.getUniqueName()), MResource.TYPE.CONNECTOR),
SqoopActionConstant.READ, false);
client.createRole(role2);
client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2));
http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestGrantPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestGrantPrivilege.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestGrantPrivilege.java
index 8c7753e..9a47ab3 100644
--- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestGrantPrivilege.java
+++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestGrantPrivilege.java
@@ -39,8 +39,8 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase {
public void testNotSupportGrantPrivilegeToUser() throws Exception {
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MPrincipal user1 = new MPrincipal("not_support_grant_user_1", MPrincipal.TYPE.GROUP);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
try {
client.grantPrivilege(Lists.newArrayList(user1), Lists.newArrayList(readPriv));
fail("expected not support exception happend");
@@ -53,8 +53,8 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase {
public void testNotSupportGrantPrivilegeToGroup() throws Exception {
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MPrincipal group1 = new MPrincipal("not_support_grant_group_1", MPrincipal.TYPE.GROUP);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
try {
client.grantPrivilege(Lists.newArrayList(group1), Lists.newArrayList(readPriv));
fail("expected not support exception happend");
@@ -68,21 +68,21 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase {
/**
* user1 belongs to group group1
* admin user grant role role1 to group group1
- * admin user grant read privilege on connector all to role role1
+ * admin user grant read privilege on connector HDFS_CONNECTOR_NAME to role role1
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role1 = new MRole(ROLE1);
MPrincipal group1Princ = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP);
MPrincipal role1Princ = new MPrincipal(ROLE1, MPrincipal.TYPE.ROLE);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
client.createRole(role1);
client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1Princ));
client.grantPrivilege(Lists.newArrayList(role1Princ), Lists.newArrayList(readPrivilege));
// check user1 has privilege on role1
client = sqoopServerRunner.getSqoopClient(USER1);
- assertTrue(client.getPrivilegesByPrincipal(role1Princ, allConnector).size() == 1);
+ assertTrue(client.getPrivilegesByPrincipal(role1Princ, hdfsConnector).size() == 1);
}
@Test
@@ -90,21 +90,21 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase {
/**
* user2 belongs to group group2
* admin user grant role role2 to group group2
- * admin user grant write privilege on connector all to role role2
+ * admin user grant write privilege on connector HDFS_CONNECTOR_NAME to role role2
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role2 = new MRole(ROLE2);
MPrincipal group2Princ = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP);
MPrincipal role2Princ = new MPrincipal(ROLE2, MPrincipal.TYPE.ROLE);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege writePrivilege = new MPrivilege(allConnector, SqoopActionConstant.WRITE, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege writePrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.WRITE, false);
client.createRole(role2);
client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2Princ));
client.grantPrivilege(Lists.newArrayList(role2Princ), Lists.newArrayList(writePrivilege));
// check user2 has one privilege on role2
client = sqoopServerRunner.getSqoopClient(USER2);
- assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 1);
+ assertTrue(client.getPrivilegesByPrincipal(role2Princ, hdfsConnector).size() == 1);
// grant privilege to role role2 again
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
@@ -112,7 +112,7 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase {
// check user2 has only one privilege on role2
client = sqoopServerRunner.getSqoopClient(USER2);
- assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 1);
+ assertTrue(client.getPrivilegesByPrincipal(role2Princ, hdfsConnector).size() == 1);
}
@Test
@@ -120,23 +120,23 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase {
/**
* user3 belongs to group group3
* admin user grant role role3 to group group3
- * admin user grant all privilege on connector all to role role3
+ * admin user grant all privilege on connector HDFS_CONNECTOR_NAME to role role3
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role3 = new MRole(ROLE3);
MPrincipal group3Princ = new MPrincipal(GROUP3, MPrincipal.TYPE.GROUP);
MPrincipal role3Princ = new MPrincipal(ROLE3, MPrincipal.TYPE.ROLE);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege allPrivilege = new MPrivilege(allConnector, SqoopActionConstant.ALL_NAME, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege allPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.ALL_NAME, false);
client.createRole(role3);
client.grantRole(Lists.newArrayList(role3), Lists.newArrayList(group3Princ));
client.grantPrivilege(Lists.newArrayList(role3Princ), Lists.newArrayList(allPrivilege));
// check user3 has one privilege on role3
client = sqoopServerRunner.getSqoopClient(USER3);
- assertTrue(client.getPrivilegesByPrincipal(role3Princ, allConnector).size() == 1);
+ assertTrue(client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).size() == 1);
// user3 has the all action on role3
- MPrivilege user3Privilege = client.getPrivilegesByPrincipal(role3Princ, allConnector).get(0);
+ MPrivilege user3Privilege = client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).get(0);
assertEquals(user3Privilege.getAction(), SqoopActionConstant.ALL_NAME);
/**
@@ -145,13 +145,13 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase {
* no impact on the role3
*/
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
+ MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
client.grantPrivilege(Lists.newArrayList(role3Princ), Lists.newArrayList(readPrivilege));
// check user3 has only one privilege on role3
client = sqoopServerRunner.getSqoopClient(USER3);
- assertTrue(client.getPrivilegesByPrincipal(role3Princ, allConnector).size() == 1);
+ assertTrue(client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).size() == 1);
// user3 has the all action on role3
- user3Privilege = client.getPrivilegesByPrincipal(role3Princ, allConnector).get(0);
+ user3Privilege = client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).get(0);
assertEquals(user3Privilege.getAction(), SqoopActionConstant.ALL_NAME);
}
@@ -160,38 +160,38 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase {
/**
* user4 belongs to group group4
* admin user grant role role4 to group group4
- * admin user grant read privilege on connector all to role role4
+ * admin user grant read privilege on connector HDFS_CONNECTOR_NAME to role role4
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role4 = new MRole(ROLE4);
MPrincipal group4Princ = new MPrincipal(GROUP4, MPrincipal.TYPE.GROUP);
MPrincipal role4Princ = new MPrincipal(ROLE4, MPrincipal.TYPE.ROLE);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
client.createRole(role4);
client.grantRole(Lists.newArrayList(role4), Lists.newArrayList(group4Princ));
client.grantPrivilege(Lists.newArrayList(role4Princ), Lists.newArrayList(readPrivilege));
// check user4 has one privilege on role1
client = sqoopServerRunner.getSqoopClient(USER4);
- assertTrue(client.getPrivilegesByPrincipal(role4Princ, allConnector).size() == 1);
+ assertTrue(client.getPrivilegesByPrincipal(role4Princ, hdfsConnector).size() == 1);
// user4 has the read action on collector all
- MPrivilege user4Privilege = client.getPrivilegesByPrincipal(role4Princ, allConnector).get(0);
+ MPrivilege user4Privilege = client.getPrivilegesByPrincipal(role4Princ, hdfsConnector).get(0);
assertEquals(user4Privilege.getAction().toLowerCase(), SqoopActionConstant.READ);
/**
- * admin user grant write privilege on connector all to role role4
+ * admin user grant write privilege on connector HDFS_CONNECTOR_NAME to role role4
*/
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- MPrivilege writePrivilege = new MPrivilege(allConnector, SqoopActionConstant.WRITE, false);
+ MPrivilege writePrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.WRITE, false);
client.grantPrivilege(Lists.newArrayList(role4Princ), Lists.newArrayList(writePrivilege));
// check user4 has two privileges on role1
client = sqoopServerRunner.getSqoopClient(USER4);
- assertTrue(client.getPrivilegesByPrincipal(role4Princ, allConnector).size() == 2);
- // user4 has the read and write action on collector all
+ assertTrue(client.getPrivilegesByPrincipal(role4Princ, hdfsConnector).size() == 2);
+ // user4 has the read and write action on collector HDFS_CONNECTOR_NAME
List<String> actions = Lists.newArrayList();
- for (MPrivilege privilege : client.getPrivilegesByPrincipal(role4Princ, allConnector)) {
+ for (MPrivilege privilege : client.getPrivilegesByPrincipal(role4Princ, hdfsConnector)) {
actions.add(privilege.getAction().toLowerCase());
}
assertEquals(2, actions.size());
@@ -199,19 +199,19 @@ public class TestGrantPrivilege extends AbstractSqoopSentryTestBase {
assertTrue(actions.contains(SqoopActionConstant.WRITE));
/**
- * admin user grant all privilege on connector all to role role4
+ * admin user grant all privilege on connector HDFS_CONNECTOR_NAME to role role4
* because the all privilege includes the read and write privileges, these privileges will
* be removed
*/
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- MPrivilege allPrivilege = new MPrivilege(allConnector, SqoopActionConstant.ALL_NAME, false);
+ MPrivilege allPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.ALL_NAME, false);
client.grantPrivilege(Lists.newArrayList(role4Princ), Lists.newArrayList(allPrivilege));
// check user4 has only privilege on role1
client = sqoopServerRunner.getSqoopClient(USER4);
- assertTrue(client.getPrivilegesByPrincipal(role4Princ, allConnector).size() == 1);
+ assertTrue(client.getPrivilegesByPrincipal(role4Princ, hdfsConnector).size() == 1);
// user4 has the all action on role3
- user4Privilege = client.getPrivilegesByPrincipal(role4Princ, allConnector).get(0);
+ user4Privilege = client.getPrivilegesByPrincipal(role4Princ, hdfsConnector).get(0);
assertEquals(user4Privilege.getAction(), SqoopActionConstant.ALL_NAME);
}
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestJobEndToEnd.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestJobEndToEnd.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestJobEndToEnd.java
index 636e269..e993905 100644
--- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestJobEndToEnd.java
+++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestJobEndToEnd.java
@@ -16,6 +16,7 @@
*/
package org.apache.sentry.tests.e2e.sqoop;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -39,28 +40,31 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
* ADMIN_USER create two links and one job
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- MLink rdbmsLink = client.createLink("generic-jdbc-connector");
+ MLink rdbmsLink = client.createLink(JDBC_CONNECTOR_NAME);
sqoopServerRunner.fillRdbmsLinkConfig(rdbmsLink);
+ rdbmsLink.setName("JDBC_link1");
sqoopServerRunner.saveLink(client, rdbmsLink);
- MLink hdfsLink = client.createLink("hdfs-connector");
+ MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME);
sqoopServerRunner.fillHdfsLink(hdfsLink);
+ hdfsLink.setName("HDFS_link1");
sqoopServerRunner.saveLink(client, hdfsLink);
- MJob job1 = client.createJob(hdfsLink.getPersistenceId(), rdbmsLink.getPersistenceId());
+ MJob job1 = client.createJob(hdfsLink.getName(), rdbmsLink.getName());
// set HDFS "FROM" config for the job, since the connector test case base class only has utilities for HDFS!
sqoopServerRunner.fillHdfsFromConfig(job1);
// set the RDBM "TO" config here
sqoopServerRunner.fillRdbmsToConfig(job1);
// create job
+ job1.setName("HDFS_JDBS_job1");
sqoopServerRunner.saveJob(client, job1);
/**
- * ADMIN_USER grant read privilege on all job to role1
+ * ADMIN_USER grant read privilege on "HDFS_JDBS_job1" job to role1
*/
MRole role1 = new MRole(ROLE1);
MPrincipal group1 = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP);
- MResource allJob = new MResource(SqoopActionConstant.ALL, MResource.TYPE.JOB);
- MPrivilege readAllPrivilege = new MPrivilege(allJob,SqoopActionConstant.READ, false);
+ MResource hdfsJdbcJob = new MResource("HDFS_JDBS_job1", MResource.TYPE.JOB);
+ MPrivilege readAllPrivilege = new MPrivilege(hdfsJdbcJob, SqoopActionConstant.READ, false);
client.createRole(role1);
client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(role1.getName(), MPrincipal.TYPE.ROLE)),
@@ -71,7 +75,7 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
*/
MRole role2 = new MRole(ROLE2);
MPrincipal group2 = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP);
- MResource job1Resource = new MResource(String.valueOf(job1.getPersistenceId()), MResource.TYPE.JOB);
+ MResource job1Resource = new MResource(String.valueOf(job1.getName()), MResource.TYPE.JOB);
MPrivilege readJob1Privilege = new MPrivilege(job1Resource,SqoopActionConstant.READ, false);
client.createRole(role2);
client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2));
@@ -82,7 +86,7 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
client = sqoopServerRunner.getSqoopClient(USER1);
try {
assertTrue(client.getJobs().size() == 1);
- assertTrue(client.getJob(job1.getPersistenceId()) != null);
+ assertTrue(client.getJob(job1.getName()) != null);
} catch (Exception e) {
fail("unexpected Authorization exception happend");
}
@@ -91,23 +95,22 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
client = sqoopServerRunner.getSqoopClient(USER2);
try {
assertTrue(client.getJobs().size() == 1);
- assertTrue(client.getJob(job1.getPersistenceId()) != null);
+ assertTrue(client.getJob(job1.getName()) != null);
} catch (Exception e) {
fail("unexpected Authorization exception happend");
}
// user3 can't show job1
client = sqoopServerRunner.getSqoopClient(USER3);
+ assertTrue(client.getJobs().size() == 0);
try {
- assertTrue(client.getJobs().size() == 0);
- client.getJob(job1.getPersistenceId());
- fail("expected Authorization exception happend");
- } catch (Exception e) {
- assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
+ assertNull(client.getJob(job1.getName()));
+ } catch (IndexOutOfBoundsException ex) {
+ // This try statement can be removed when https://issues.apache.org/jira/browse/SQOOP-3250 is fixed
}
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- client.deleteJob(job1.getPersistenceId());
+ client.deleteJob(job1.getName());
}
@Test
@@ -116,64 +119,77 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
* ADMIN_USER create two links and one job
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- MLink rdbmsLink = client.createLink("generic-jdbc-connector");
+ MLink rdbmsLink = client.createLink(JDBC_CONNECTOR_NAME);
sqoopServerRunner.fillRdbmsLinkConfig(rdbmsLink);
rdbmsLink.setName("rdbm_testUpdateJob");
sqoopServerRunner.saveLink(client, rdbmsLink);
- MLink hdfsLink = client.createLink("hdfs-connector");
+ MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME);
sqoopServerRunner.fillHdfsLink(hdfsLink);
hdfsLink.setName("hdfs_testUpdateJob");
sqoopServerRunner.saveLink(client, hdfsLink);
- MJob job2 = client.createJob(hdfsLink.getPersistenceId(), rdbmsLink.getPersistenceId());
+ MJob job2 = client.createJob(hdfsLink.getName(), rdbmsLink.getName());
// set HDFS "FROM" config for the job, since the connector test case base class only has utilities for HDFS!
sqoopServerRunner.fillHdfsFromConfig(job2);
// set the RDBM "TO" config here
sqoopServerRunner.fillRdbmsToConfig(job2);
// create job
+ job2.setName("HDFS_RDBM_job1");
sqoopServerRunner.saveJob(client, job2);
/**
* ADMIN_USER grant update privilege on job2 to role4
- * ADMIN_USER grant read privilege on all connector to role4
- * ADMIN_USER grant read privilege on all link to role4
+ * ADMIN_USER grant read privilege on the HDFS_CONNECTOR_NAME and JDBC_CONNECTOR_NAME connector to role4
+ * ADMIN_USER grant read privilege on "rdbm_testUpdateJob" and "hdfs_testUpdateJob" link to role4
*/
MRole role4 = new MRole(ROLE4);
MPrincipal group4 = new MPrincipal(GROUP4, MPrincipal.TYPE.GROUP);
- MResource job2Resource = new MResource(String.valueOf(job2.getPersistenceId()), MResource.TYPE.JOB);
- MPrivilege writeJob2Privilege = new MPrivilege(job2Resource,SqoopActionConstant.WRITE, false);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readConnectorPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
- MResource allLink = new MResource(SqoopActionConstant.ALL, MResource.TYPE.LINK);
- MPrivilege readLinkPriv = new MPrivilege(allLink,SqoopActionConstant.READ, false);
+ MResource job2Resource = new MResource(String.valueOf(job2.getName()), MResource.TYPE.JOB);
+ MPrivilege writeJob2Privilege = new MPrivilege(job2Resource, SqoopActionConstant.WRITE, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MResource jdbcConnector = new MResource(JDBC_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readConnectorPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
+ MPrivilege readConnectorPriv2 = new MPrivilege(jdbcConnector, SqoopActionConstant.READ, false);
+ MResource rdbmLink = new MResource("rdbm_testUpdateJob", MResource.TYPE.LINK);
+ MResource hdfsLinkResource = new MResource("hdfs_testUpdateJob", MResource.TYPE.LINK);
+ MPrivilege readLinkPriv = new MPrivilege(rdbmLink, SqoopActionConstant.READ, false);
+ MPrivilege readLinkPriv2 = new MPrivilege(hdfsLinkResource, SqoopActionConstant.READ, false);
client.createRole(role4);
client.grantRole(Lists.newArrayList(role4), Lists.newArrayList(group4));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)),
- Lists.newArrayList(writeJob2Privilege, readConnectorPriv, readLinkPriv));
+ Lists.newArrayList(writeJob2Privilege, readConnectorPriv, readConnectorPriv2, readLinkPriv, readLinkPriv2));
// user4 can't show job2
client = sqoopServerRunner.getSqoopClient(USER4);
+ assertTrue(client.getJobs().size() == 0);
try {
- assertTrue(client.getJobs().size() == 0);
- client.getJob(job2.getPersistenceId());
- fail("expected Authorization exception happend");
- } catch (Exception e) {
- assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
+ assertNull(client.getJob(job2.getName()));
+ } catch (IndexOutOfBoundsException ex) {
+ // This try statement can be removed when https://issues.apache.org/jira/browse/SQOOP-3250 is fixed
}
+
// user4 can update job2
- try {
- job2.setName("job2_update_user4_1");
- client.updateJob(job2);
- } catch (Exception e) {
- fail("unexpected Authorization exception happend");
- }
+ String oldJobName = job2.getName();
+ job2.setName("job2_update_user4_1");
+ client.updateJob(job2, oldJobName);
+
+ // Update back to the old name again
+ SqoopClient adminClient = sqoopServerRunner.getSqoopClient(ADMIN_USER);
+ MResource job2UpdatedResource = new MResource("job2_update_user4_1", MResource.TYPE.JOB);
+ MPrivilege writeJob2UpdatedPrivilege = new MPrivilege(job2UpdatedResource, SqoopActionConstant.WRITE, false);
+ adminClient.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)),
+ Lists.newArrayList(writeJob2UpdatedPrivilege));
+
+ job2.setName(oldJobName);
+ client.updateJob(job2, "job2_update_user4_1");
+
// user3 can't update job2
client = sqoopServerRunner.getSqoopClient(USER3);
try {
assertTrue(client.getJobs().size() == 0);
job2.setName("job2_update_user3_1");
- client.updateJob(job2);
+ client.updateJob(job2, oldJobName);
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
@@ -181,7 +197,7 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
// user3 can't delete job2
try {
- client.deleteJob(job2.getPersistenceId());
+ client.deleteJob(oldJobName);
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
@@ -190,7 +206,7 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
//user4 can delete job2 because user4 has write privilege on job2
client = sqoopServerRunner.getSqoopClient(USER4);
try {
- client.deleteJob(job2.getPersistenceId());
+ client.deleteJob(oldJobName);
} catch (Exception e) {
fail("unexpected Authorization exception happend");
}
@@ -205,41 +221,46 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
* ADMIN_USER create two links and one job
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- MLink rdbmsLink = client.createLink("generic-jdbc-connector");
+ MLink rdbmsLink = client.createLink(JDBC_CONNECTOR_NAME);
sqoopServerRunner.fillRdbmsLinkConfig(rdbmsLink);
rdbmsLink.setName("rdbm_testEnableAndStartJob");
sqoopServerRunner.saveLink(client, rdbmsLink);
- MLink hdfsLink = client.createLink("hdfs-connector");
+ MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME);
sqoopServerRunner.fillHdfsLink(hdfsLink);
hdfsLink.setName("hdfs_testEnableAndStartJob");
sqoopServerRunner.saveLink(client, hdfsLink);
- MJob job2 = client.createJob(hdfsLink.getPersistenceId(), rdbmsLink.getPersistenceId());
+ MJob job2 = client.createJob(hdfsLink.getName(), rdbmsLink.getName());
// set HDFS "FROM" config for the job, since the connector test case base class only has utilities for HDFS!
sqoopServerRunner.fillHdfsFromConfig(job2);
// set the RDBM "TO" config here
sqoopServerRunner.fillRdbmsToConfig(job2);
// create job
+ job2.setName("HDFS_RDBM_job1");
sqoopServerRunner.saveJob(client, job2);
/**
* ADMIN_USER grant update privilege on job2 to role4
- * ADMIN_USER grant read privilege on all connector to role4
- * ADMIN_USER grant read privilege on all link to role4
+ * ADMIN_USER grant read privilege on HDFS_CONNECTOR_NAME and JDBC_CONNECTOR_NAME connector to role4
+ * ADMIN_USER grant read privilege on "rdbm_testEnableAndStartJob" and "hdfs_testEnableAndStartJob" link to role4
*/
MRole role4 = new MRole(ROLE4);
MPrincipal group4 = new MPrincipal(GROUP4, MPrincipal.TYPE.GROUP);
- MResource job2Resource = new MResource(String.valueOf(job2.getPersistenceId()), MResource.TYPE.JOB);
+ MResource job2Resource = new MResource(String.valueOf(job2.getName()), MResource.TYPE.JOB);
MPrivilege writeJob2Privilege = new MPrivilege(job2Resource,SqoopActionConstant.WRITE, false);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readConnectorPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
- MResource allLink = new MResource(SqoopActionConstant.ALL, MResource.TYPE.LINK);
- MPrivilege readLinkPriv = new MPrivilege(allLink,SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MResource jdbcConnector = new MResource(JDBC_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readConnectorPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
+ MPrivilege readConnectorPriv2 = new MPrivilege(jdbcConnector, SqoopActionConstant.READ, false);
+ MResource rdbmLink = new MResource("rdbm_testEnableAndStartJob", MResource.TYPE.LINK);
+ MResource hdfsLinkResource = new MResource("hdfs_testEnableAndStartJob", MResource.TYPE.LINK);
+ MPrivilege readLinkPriv = new MPrivilege(rdbmLink, SqoopActionConstant.READ, false);
+ MPrivilege readLinkPriv2 = new MPrivilege(hdfsLinkResource, SqoopActionConstant.READ, false);
client.createRole(role4);
client.grantRole(Lists.newArrayList(role4), Lists.newArrayList(group4));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)),
- Lists.newArrayList(writeJob2Privilege, readConnectorPriv, readLinkPriv));
+ Lists.newArrayList(writeJob2Privilege, readConnectorPriv, readConnectorPriv2, readLinkPriv, readLinkPriv2));
/**
@@ -258,14 +279,14 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
// user5 can't enable and start job2
client = sqoopServerRunner.getSqoopClient(USER5);
try {
- client.enableJob(job2.getPersistenceId(), true);
+ client.enableJob(job2.getName(), true);
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
}
try {
- client.startJob(job2.getPersistenceId());
+ client.startJob(job2.getName());
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
@@ -274,14 +295,14 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
// user3 can't enable and start job2
client = sqoopServerRunner.getSqoopClient(USER3);
try {
- client.enableJob(job2.getPersistenceId(), true);
+ client.enableJob(job2.getName(), true);
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
}
try {
- client.startJob(job2.getPersistenceId());
+ client.startJob(job2.getName());
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
@@ -290,9 +311,9 @@ public class TestJobEndToEnd extends AbstractSqoopSentryTestBase {
// user4 can enable or start job2
client = sqoopServerRunner.getSqoopClient(USER4);
try {
- client.enableJob(job2.getPersistenceId(), false);
- client.enableJob(job2.getPersistenceId(), true);
- client.deleteJob(job2.getPersistenceId());
+ client.enableJob(job2.getName(), false);
+ client.enableJob(job2.getName(), true);
+ client.deleteJob(job2.getName());
} catch (Exception e) {
fail("unexpected Authorization exception happend");
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestLinkEndToEnd.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestLinkEndToEnd.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestLinkEndToEnd.java
index 8c8a91d..e29493c 100644
--- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestLinkEndToEnd.java
+++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestLinkEndToEnd.java
@@ -16,6 +16,7 @@
*/
package org.apache.sentry.tests.e2e.sqoop;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -48,29 +49,28 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase {
* ADMIN_USER create a hdfs link
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- MLink hdfsLink = client.createLink("hdfs-connector");
+ MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME);
sqoopServerRunner.fillHdfsLink(hdfsLink);
+ hdfsLink.setName("hdfs-link1");
sqoopServerRunner.saveLink(client, hdfsLink);
/**
- * ADMIN_USER grant read privilege on all link to role1
+ * ADMIN_USER grant read privilege on "hdfs-link1" link to role1
*/
MRole role1 = new MRole(ROLE1);
MPrincipal group1 = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP);
- MResource allLink = new MResource(SqoopActionConstant.ALL, MResource.TYPE.LINK);
- MPrivilege readAllPrivilege = new MPrivilege(allLink,SqoopActionConstant.READ, false);
+ MResource hdfsLinkResource = new MResource("hdfs-link1", MResource.TYPE.LINK);
+ MPrivilege readHdfsLinkPrivilege = new MPrivilege(hdfsLinkResource, SqoopActionConstant.READ, false);
dropAndCreateRole(client, role1);
client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(role1.getName(), MPrincipal.TYPE.ROLE)),
- Lists.newArrayList(readAllPrivilege));
+ Lists.newArrayList(readHdfsLinkPrivilege));
/**
* ADMIN_USER grant read privilege on hdfs link to role2
*/
MRole role2 = new MRole(ROLE2);
MPrincipal group2 = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP);
- MResource hdfsLinkResource = new MResource(String.valueOf(hdfsLink.getPersistenceId()), MResource.TYPE.LINK);
- MPrivilege readHdfsLinkPrivilege = new MPrivilege(hdfsLinkResource,SqoopActionConstant.READ, false);
dropAndCreateRole(client, role2);
client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(role2.getName(), MPrincipal.TYPE.ROLE)),
@@ -80,7 +80,7 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase {
client = sqoopServerRunner.getSqoopClient(USER1);
try {
assertTrue(client.getLinks().size() == 1);
- assertTrue(client.getLink(hdfsLink.getPersistenceId()) != null);
+ assertTrue(client.getLink(hdfsLink.getName()) != null);
} catch (Exception e) {
fail("unexpected Authorization exception happend");
}
@@ -89,23 +89,22 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase {
client = sqoopServerRunner.getSqoopClient(USER2);
try {
assertTrue(client.getLinks().size() == 1);
- assertTrue(client.getLink(hdfsLink.getPersistenceId()) != null);
+ assertTrue(client.getLink(hdfsLink.getName()) != null);
} catch (Exception e) {
fail("unexpected Authorization exception happend");
}
// user3 can't show hdfs link
client = sqoopServerRunner.getSqoopClient(USER3);
+ assertTrue(client.getLinks().size() == 0);
try {
- assertTrue(client.getLinks().size() == 0);
- client.getLink(hdfsLink.getPersistenceId());
- fail("expected Authorization exception happend");
- } catch (Exception e) {
- assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
+ assertNull(client.getLink(hdfsLink.getName()));
+ } catch (IndexOutOfBoundsException ex) {
+ // This try statement can be removed when https://issues.apache.org/jira/browse/SQOOP-3250 is fixed
}
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- client.deleteLink(hdfsLink.getPersistenceId());
+ client.deleteLink(hdfsLink.getName());
}
@Test
@@ -114,55 +113,69 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase {
* ADMIN_USER create a hdfs link
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- MLink hdfsLink = client.createLink("hdfs-connector");
+ MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME);
sqoopServerRunner.fillHdfsLink(hdfsLink);
+ hdfsLink.setName("hdfs-link1");
sqoopServerRunner.saveLink(client, hdfsLink);
/**
* ADMIN_USER grant update privilege on hdfs link to role4
- * ADMIN_USER grant read privilege on all connector to role4
+ * ADMIN_USER grant read privilege on HDFS_CONNECTOR_NAME connector to role4
*/
MRole role4 = new MRole(ROLE4);
MPrincipal group4 = new MPrincipal(GROUP4, MPrincipal.TYPE.GROUP);
- MResource hdfsLinkResource = new MResource(String.valueOf(hdfsLink.getPersistenceId()), MResource.TYPE.LINK);
+ MResource hdfsLinkResource = new MResource(String.valueOf(hdfsLink.getName()), MResource.TYPE.LINK);
MPrivilege writeHdfsPrivilege = new MPrivilege(hdfsLinkResource,SqoopActionConstant.WRITE, false);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readConnectorPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readConnectorPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
dropAndCreateRole(client, role4);
client.grantRole(Lists.newArrayList(role4), Lists.newArrayList(group4));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)),
Lists.newArrayList(writeHdfsPrivilege, readConnectorPriv));
// user4 can't show hdfs link
+
client = sqoopServerRunner.getSqoopClient(USER4);
+ assertTrue(client.getLinks().size() == 0);
try {
- assertTrue(client.getLinks().size() == 0);
- client.getLink(hdfsLink.getPersistenceId());
- fail("expected Authorization exception happend");
- } catch (Exception e) {
- assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
+ assertNull(client.getLink(hdfsLink.getName()));
+ } catch (IndexOutOfBoundsException ex) {
+ // This try statement can be removed when https://issues.apache.org/jira/browse/SQOOP-3250 is fixed
}
+
// user4 can update hdfs link
try {
hdfsLink.setName("hdfs_link_update_user4_1");
- client.updateLink(hdfsLink);
+ client.updateLink(hdfsLink, "hdfs-link1");
+
+ MResource updatedHdfsLinkResource = new MResource("hdfs_link_update_user4_1", MResource.TYPE.LINK);
+ MPrivilege updatedWriteHdfsPrivilege = new MPrivilege(updatedHdfsLinkResource, SqoopActionConstant.WRITE, false);
+ SqoopClient adminClient = sqoopServerRunner.getSqoopClient(ADMIN_USER);
+ adminClient.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)),
+ Lists.newArrayList(updatedWriteHdfsPrivilege));
+
+ // Now update it back
+ hdfsLink.setName("hdfs-link1");
+ client.updateLink(hdfsLink, "hdfs_link_update_user4_1");
} catch (Exception e) {
fail("unexpected Authorization exception happend");
}
+
// user3 can't update hdfs link
client = sqoopServerRunner.getSqoopClient(USER3);
try {
assertTrue(client.getLinks().size() == 0);
hdfsLink.setName("hdfs_link_update_user3_1");
- client.updateLink(hdfsLink);
+ client.updateLink(hdfsLink, "hdfs-link1");
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
+ hdfsLink.setName("hdfs-link1");
}
// user3 can't delete hdfs link
try {
- client.deleteLink(hdfsLink.getPersistenceId());
+ client.deleteLink(hdfsLink.getName());
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
@@ -171,7 +184,7 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase {
//user4 can delete hdfs link because user4 has write privilege on hdfs link
client = sqoopServerRunner.getSqoopClient(USER4);
try {
- client.deleteLink(hdfsLink.getPersistenceId());
+ client.deleteLink(hdfsLink.getName());
} catch (Exception e) {
fail("unexpected Authorization exception happend");
}
@@ -186,20 +199,21 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase {
* ADMIN_USER create a hdfs link
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
- MLink hdfsLink = client.createLink("hdfs-connector");
+ MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME);
sqoopServerRunner.fillHdfsLink(hdfsLink);
+ hdfsLink.setName("hdfs-link1");
sqoopServerRunner.saveLink(client, hdfsLink);
/**
* ADMIN_USER grant read privilege on hdfs link to role4
- * ADMIN_USER grant read privilege on all connector to role4
+ * ADMIN_USER grant read privilege on HDFS_CONNECTOR_NAME connector to role4
*/
MRole role4 = new MRole(ROLE4);
MPrincipal group4 = new MPrincipal(GROUP4, MPrincipal.TYPE.GROUP);
- MResource hdfsLinkResource = new MResource(String.valueOf(hdfsLink.getPersistenceId()), MResource.TYPE.LINK);
+ MResource hdfsLinkResource = new MResource(String.valueOf(hdfsLink.getName()), MResource.TYPE.LINK);
MPrivilege readHdfsPrivilege = new MPrivilege(hdfsLinkResource,SqoopActionConstant.READ, false);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readConnectorPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readConnectorPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
dropAndCreateRole(client, role4);
client.grantRole(Lists.newArrayList(role4), Lists.newArrayList(group4));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(role4.getName(), MPrincipal.TYPE.ROLE)),
@@ -207,11 +221,11 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase {
/**
* ADMIN_USER grant write privilege on hdfs link to role5
- * ADMIN_USER grant read privilege on all connector to role5
+ * ADMIN_USER grant read privilege on HDFS_CONNECTOR_NAME connector to role5
*/
MRole role5 = new MRole(ROLE5);
MPrincipal group5 = new MPrincipal(GROUP5, MPrincipal.TYPE.GROUP);
- MPrivilege writeHdfsPrivilege = new MPrivilege(hdfsLinkResource,SqoopActionConstant.WRITE, false);
+ MPrivilege writeHdfsPrivilege = new MPrivilege(hdfsLinkResource, SqoopActionConstant.WRITE, false);
dropAndCreateRole(client, role5);
client.grantRole(Lists.newArrayList(role5), Lists.newArrayList(group5));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(role5.getName(), MPrincipal.TYPE.ROLE)),
@@ -220,22 +234,22 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase {
// user4 can't enable hdfs link
client = sqoopServerRunner.getSqoopClient(USER4);
try {
- client.enableLink(hdfsLink.getPersistenceId(), true);
+ client.enableLink(hdfsLink.getName(), true);
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
}
- // user5 can enbale hdfs link
+ // user5 can enable hdfs link
client = sqoopServerRunner.getSqoopClient(USER5);
try {
- client.enableLink(hdfsLink.getPersistenceId(), true);
+ client.enableLink(hdfsLink.getName(), true);
} catch (Exception e) {
fail("unexpected Authorization exception happend");
}
// user3 can't update hdfs link
client = sqoopServerRunner.getSqoopClient(USER3);
try {
- client.enableLink(hdfsLink.getPersistenceId(), true);
+ client.enableLink(hdfsLink.getName(), true);
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
@@ -248,6 +262,6 @@ public class TestLinkEndToEnd extends AbstractSqoopSentryTestBase {
} catch (Exception e) {
// nothing to do if cleanup fails
}
- client.deleteLink(hdfsLink.getPersistenceId());
+ client.deleteLink(hdfsLink.getName());
}
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestOwnerPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestOwnerPrivilege.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestOwnerPrivilege.java
index abef80c..bdf1d51 100644
--- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestOwnerPrivilege.java
+++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestOwnerPrivilege.java
@@ -42,34 +42,36 @@ public class TestOwnerPrivilege extends AbstractSqoopSentryTestBase {
SqoopClient client = sqoopServerRunner.getSqoopClient(USER1);
assertTrue(client.getConnectors().size() == 0);
/**
- * ADMIN_USER grant read action privilege on connector all to role ROLE1
+ * ADMIN_USER grant read action privilege on connector HDFS_CONNECTOR_NAME to role ROLE1
* ADMIN_USER grant role ROLE1 to group GROUP1
*/
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role1 = new MRole(ROLE1);
MPrincipal group1 = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
client.createRole(role1);
client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(role1.getName(), MPrincipal.TYPE.ROLE)),
Lists.newArrayList(readPriv));
- // check USER1 has the read privilege on all connector
+ // check USER1 has the read privilege on HDFS_CONNECTOR_NAME connector
client = sqoopServerRunner.getSqoopClient(USER1);
- assertTrue(client.getConnectors().size() > 0);
+ assertEquals(client.getConnectors().size(), 1);
// USER1 create a new HDFS link
- MLink hdfsLink = client.createLink("hdfs-connector");
+ MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME);
+ hdfsLink.setName("HDFS_link1");
sqoopServerRunner.fillHdfsLink(hdfsLink);
sqoopServerRunner.saveLink(client, hdfsLink);
// USER1 is the owner of HDFS link, so he can show and update HDFS link
- assertEquals(client.getLink(hdfsLink.getPersistenceId()), hdfsLink);
+ assertEquals(client.getLink(hdfsLink.getName()).getName(), hdfsLink.getName());
// USER1 update the name of HDFS link
+ String oldLinkName = hdfsLink.getName();
hdfsLink.setName("HDFS_update1");
- sqoopServerRunner.updateLink(client, hdfsLink);
+ sqoopServerRunner.updateLink(client, hdfsLink, oldLinkName);
// USER2 has no privilege on HDFS link
client = sqoopServerRunner.getSqoopClient(USER2);
@@ -77,7 +79,7 @@ public class TestOwnerPrivilege extends AbstractSqoopSentryTestBase {
//delete the HDFS link
client = sqoopServerRunner.getSqoopClient(USER1);
- client.deleteLink(hdfsLink.getPersistenceId());
+ client.deleteLink(hdfsLink.getName());
}
@Test
@@ -86,41 +88,47 @@ public class TestOwnerPrivilege extends AbstractSqoopSentryTestBase {
SqoopClient client = sqoopServerRunner.getSqoopClient(USER3);
assertTrue(client.getConnectors().size() == 0);
/**
- * ADMIN_USER grant read action privilege on connector all to role ROLE3
+ * ADMIN_USER grant read action privilege on connector HDFS_CONNECTOR_NAME and JDBC_CONNECTOR_NAME to role ROLE3
* ADMIN_USER grant role ROLE3 to group GROUP3
*/
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role3 = new MRole(ROLE3);
MPrincipal group3 = new MPrincipal(GROUP3, MPrincipal.TYPE.GROUP);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MResource jdbcConnector = new MResource(JDBC_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
+ MPrivilege readPriv2 = new MPrivilege(jdbcConnector, SqoopActionConstant.READ, false);
client.createRole(role3);
client.grantRole(Lists.newArrayList(role3), Lists.newArrayList(group3));
client.grantPrivilege(Lists.newArrayList(new MPrincipal(ROLE3, MPrincipal.TYPE.ROLE)),
- Lists.newArrayList(readPriv));
+ Lists.newArrayList(readPriv, readPriv2));
- // check USER3 has the read privilege on all connector
+ // check USER3 has the read privilege on the connectors
client = sqoopServerRunner.getSqoopClient(USER3);
- assertTrue(client.getConnectors().size() > 0);
+ assertEquals(client.getConnectors().size(), 2);
// USER3 create two links: hdfs link and rdbm link
- MLink rdbmsLink = client.createLink("generic-jdbc-connector");
+ MLink rdbmsLink = client.createLink(JDBC_CONNECTOR_NAME);
+ rdbmsLink.setName("JDBC_link1");
sqoopServerRunner.fillRdbmsLinkConfig(rdbmsLink);
sqoopServerRunner.saveLink(client, rdbmsLink);
- MLink hdfsLink = client.createLink("hdfs-connector");
+ MLink hdfsLink = client.createLink(HDFS_CONNECTOR_NAME);
+ hdfsLink.setName("HDFS_link1");
sqoopServerRunner.fillHdfsLink(hdfsLink);
sqoopServerRunner.saveLink(client, hdfsLink);
// USER3 is the owner of hdfs and link, so he can show and update hdfs link
assertTrue(client.getLinks().size() == 2);
+ String oldLinkName = hdfsLink.getName();
hdfsLink.setName("HDFS_update2");
- client.updateLink(hdfsLink);
+ client.updateLink(hdfsLink, oldLinkName);
+ oldLinkName = rdbmsLink.getName();
rdbmsLink.setName("RDBM_update");
- client.updateLink(rdbmsLink);
+ client.updateLink(rdbmsLink, oldLinkName);
// USER_3 create a job: transfer date from HDFS to RDBM
- MJob job1 = client.createJob(hdfsLink.getPersistenceId(), rdbmsLink.getPersistenceId());
+ MJob job1 = client.createJob(hdfsLink.getName(), rdbmsLink.getName());
// set HDFS "FROM" config for the job, since the connector test case base class only has utilities for HDFS!
sqoopServerRunner.fillHdfsFromConfig(job1);
@@ -128,6 +136,7 @@ public class TestOwnerPrivilege extends AbstractSqoopSentryTestBase {
sqoopServerRunner.fillRdbmsToConfig(job1);
// create job
+ job1.setName("HDFS_RDBM_job1");
sqoopServerRunner.saveJob(client, job1);
/**
@@ -137,18 +146,18 @@ public class TestOwnerPrivilege extends AbstractSqoopSentryTestBase {
client = sqoopServerRunner.getSqoopClient(USER4);
assertTrue(client.getJobs().size() == 0);
try {
- client.deleteJob(job1.getPersistenceId());
+ client.deleteJob(job1.getName());
fail("expected Authorization exception happend");
} catch (Exception e) {
assertCausedMessage(e, SecurityError.AUTH_0014.getMessage());
}
client = sqoopServerRunner.getSqoopClient(USER3);
- assertEquals(client.getJob(job1.getPersistenceId()), job1);
- client.deleteJob(job1.getPersistenceId());
+ assertEquals(client.getJob(job1.getName()).getName(), job1.getName());
+ client.deleteJob(job1.getName());
// delete the HDFS and RDBM links
- client.deleteLink(hdfsLink.getPersistenceId());
- client.deleteLink(rdbmsLink.getPersistenceId());
+ client.deleteLink(hdfsLink.getName());
+ client.deleteLink(rdbmsLink.getName());
}
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e23fc4ef/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestRevokePrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestRevokePrivilege.java b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestRevokePrivilege.java
index f71595c..29c559c 100644
--- a/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestRevokePrivilege.java
+++ b/sentry-tests/sentry-tests-sqoop/src/test/java/org/apache/sentry/tests/e2e/sqoop/TestRevokePrivilege.java
@@ -36,8 +36,8 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase {
public void testNotSupportRevokePrivilegeFromUser() throws Exception {
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MPrincipal user1 = new MPrincipal("not_support_revoke_user_1", MPrincipal.TYPE.GROUP);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
try {
client.revokePrivilege(Lists.newArrayList(user1), Lists.newArrayList(readPriv));
fail("expected not support exception happend");
@@ -50,8 +50,8 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase {
public void testNotSupportRevokePrivilegeFromGroup() throws Exception {
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MPrincipal group1 = new MPrincipal("not_support_revoke_group_1", MPrincipal.TYPE.GROUP);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readPriv = new MPrivilege(allConnector,SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readPriv = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
try {
client.revokePrivilege(Lists.newArrayList(group1), Lists.newArrayList(readPriv));
fail("expected not support exception happend");
@@ -65,13 +65,13 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase {
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole testRole = new MRole("noexist_privilege_role1");
MPrincipal testPrinc = new MPrincipal(testRole.getName(), MPrincipal.TYPE.ROLE);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
client.createRole(testRole);
- assertTrue(client.getPrivilegesByPrincipal(testPrinc, allConnector).size() == 0);
+ assertTrue(client.getPrivilegesByPrincipal(testPrinc, hdfsConnector).size() == 0);
client.revokePrivilege(Lists.newArrayList(testPrinc), Lists.newArrayList(readPrivilege));
- assertTrue(client.getPrivilegesByPrincipal(testPrinc, allConnector).size() == 0);
+ assertTrue(client.getPrivilegesByPrincipal(testPrinc, hdfsConnector).size() == 0);
}
@@ -80,21 +80,21 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase {
/**
* user1 belongs to group group1
* admin user grant role role1 to group group1
- * admin user grant read privilege on connector all to role role1
+ * admin user grant read privilege on connector HDFS_CONNECTOR_NAME to role role1
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role1 = new MRole(ROLE1);
MPrincipal group1Princ = new MPrincipal(GROUP1, MPrincipal.TYPE.GROUP);
MPrincipal role1Princ = new MPrincipal(ROLE1, MPrincipal.TYPE.ROLE);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
client.createRole(role1);
client.grantRole(Lists.newArrayList(role1), Lists.newArrayList(group1Princ));
client.grantPrivilege(Lists.newArrayList(role1Princ), Lists.newArrayList(readPrivilege));
// check user1 has privilege on role1
client = sqoopServerRunner.getSqoopClient(USER1);
- assertTrue(client.getPrivilegesByPrincipal(role1Princ, allConnector).size() == 1);
+ assertTrue(client.getPrivilegesByPrincipal(role1Princ, hdfsConnector).size() == 1);
// admin user revoke read privilege from role1
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
@@ -102,7 +102,7 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase {
// check user1 has no privilege on role1
client = sqoopServerRunner.getSqoopClient(USER1);
- assertTrue(client.getPrivilegesByPrincipal(role1Princ, allConnector).size() == 0);
+ assertTrue(client.getPrivilegesByPrincipal(role1Princ, hdfsConnector).size() == 0);
}
@Test
@@ -110,31 +110,31 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase {
/**
* user2 belongs to group group2
* admin user grant role role2 to group group2
- * admin user grant read and write privilege on connector all to role role2
+ * admin user grant read and write privilege on connector HDFS_CONNECTOR_NAME to role role2
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role2 = new MRole(ROLE2);
MPrincipal group2Princ = new MPrincipal(GROUP2, MPrincipal.TYPE.GROUP);
MPrincipal role2Princ = new MPrincipal(ROLE2, MPrincipal.TYPE.ROLE);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege writePrivilege = new MPrivilege(allConnector, SqoopActionConstant.WRITE, false);
- MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege writePrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.WRITE, false);
+ MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
client.createRole(role2);
client.grantRole(Lists.newArrayList(role2), Lists.newArrayList(group2Princ));
client.grantPrivilege(Lists.newArrayList(role2Princ), Lists.newArrayList(writePrivilege, readPrivilege));
// check user2 has two privileges on role2
client = sqoopServerRunner.getSqoopClient(USER2);
- assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 2);
+ assertTrue(client.getPrivilegesByPrincipal(role2Princ, hdfsConnector).size() == 2);
// admin user revoke all privilege from role2
- MPrivilege allPrivilege = new MPrivilege(allConnector, SqoopActionConstant.ALL_NAME, false);
+ MPrivilege allPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.ALL_NAME, false);
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
client.revokePrivilege(Lists.newArrayList(role2Princ), Lists.newArrayList(allPrivilege));
// check user2 has no privilege on role2
client = sqoopServerRunner.getSqoopClient(USER2);
- assertTrue(client.getPrivilegesByPrincipal(role2Princ, allConnector).size() == 0);
+ assertTrue(client.getPrivilegesByPrincipal(role2Princ, hdfsConnector).size() == 0);
}
@Test
@@ -142,34 +142,34 @@ public class TestRevokePrivilege extends AbstractSqoopSentryTestBase {
/**
* user3 belongs to group group3
* admin user grant role role3 to group group3
- * admin user grant all privilege on connector all to role role3
+ * admin user grant all privilege on connector HDFS_CONNECTOR_NAME to role role3
*/
SqoopClient client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
MRole role3 = new MRole(ROLE3);
MPrincipal group3Princ = new MPrincipal(GROUP3, MPrincipal.TYPE.GROUP);
MPrincipal role3Princ = new MPrincipal(ROLE3, MPrincipal.TYPE.ROLE);
- MResource allConnector = new MResource(SqoopActionConstant.ALL, MResource.TYPE.CONNECTOR);
- MPrivilege allPrivilege = new MPrivilege(allConnector, SqoopActionConstant.ALL_NAME, false);
+ MResource hdfsConnector = new MResource(HDFS_CONNECTOR_NAME, MResource.TYPE.CONNECTOR);
+ MPrivilege allPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.ALL_NAME, false);
client.createRole(role3);
client.grantRole(Lists.newArrayList(role3), Lists.newArrayList(group3Princ));
client.grantPrivilege(Lists.newArrayList(role3Princ), Lists.newArrayList(allPrivilege));
// check user3 has one privilege on role3
client = sqoopServerRunner.getSqoopClient(USER3);
- assertTrue(client.getPrivilegesByPrincipal(role3Princ, allConnector).size() == 1);
+ assertTrue(client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).size() == 1);
// user3 has the all action on role3
- MPrivilege user3Privilege = client.getPrivilegesByPrincipal(role3Princ, allConnector).get(0);
+ MPrivilege user3Privilege = client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).get(0);
assertEquals(user3Privilege.getAction(), SqoopActionConstant.ALL_NAME);
// admin user revoke the read privilege on connector all from role role3
- MPrivilege readPrivilege = new MPrivilege(allConnector, SqoopActionConstant.READ, false);
+ MPrivilege readPrivilege = new MPrivilege(hdfsConnector, SqoopActionConstant.READ, false);
client = sqoopServerRunner.getSqoopClient(ADMIN_USER);
client.revokePrivilege(Lists.newArrayList(role3Princ), Lists.newArrayList(readPrivilege));
// check user3 has only the write privilege on role3
client = sqoopServerRunner.getSqoopClient(USER3);
- assertTrue(client.getPrivilegesByPrincipal(role3Princ, allConnector).size() == 1);
- user3Privilege = client.getPrivilegesByPrincipal(role3Princ, allConnector).get(0);
+ assertTrue(client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).size() == 1);
+ user3Privilege = client.getPrivilegesByPrincipal(role3Princ, hdfsConnector).get(0);
assertEquals(user3Privilege.getAction().toLowerCase(), SqoopActionConstant.WRITE);
}
}