You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/04/22 08:38:10 UTC
[1/2] sentry git commit: SENTRY-1213: Remove unnecessary file (Colin
Ma, reviewed by Dapeng Sun)
Repository: sentry
Updated Branches:
refs/heads/master d94e900af -> c49ea3a8e
http://git-wip-us.apache.org/repos/asf/sentry/blob/c49ea3a8/SENTRY-999.001.patch
----------------------------------------------------------------------
diff --git a/SENTRY-999.001.patch b/SENTRY-999.001.patch
deleted file mode 100644
index 865a343..0000000
--- a/SENTRY-999.001.patch
+++ /dev/null
@@ -1,18685 +0,0 @@
-diff --git a/pom.xml b/pom.xml
-index e288593..914f436 100644
---- a/pom.xml
-+++ b/pom.xml
-@@ -475,7 +475,7 @@ limitations under the License.
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
-- <artifactId>sentry-policy-db</artifactId>
-+ <artifactId>sentry-policy-engine</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
-@@ -485,21 +485,6 @@ limitations under the License.
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
-- <artifactId>sentry-policy-search</artifactId>
-- <version>${project.version}</version>
-- </dependency>
-- <dependency>
-- <groupId>org.apache.sentry</groupId>
-- <artifactId>sentry-policy-sqoop</artifactId>
-- <version>${project.version}</version>
-- </dependency>
-- <dependency>
-- <groupId>org.apache.sentry</groupId>
-- <artifactId>sentry-policy-kafka</artifactId>
-- <version>${project.version}</version>
-- </dependency>
-- <dependency>
-- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-dist</artifactId>
- <version>${project.version}</version>
- </dependency>
-diff --git a/sentry-binding/sentry-binding-hive-common/pom.xml b/sentry-binding/sentry-binding-hive-common/pom.xml
-index 5f00dd2..18b422d 100644
---- a/sentry-binding/sentry-binding-hive-common/pom.xml
-+++ b/sentry-binding/sentry-binding-hive-common/pom.xml
-@@ -71,10 +71,6 @@ limitations under the License.
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-cache</artifactId>
-- </dependency>
-- <dependency>
-- <groupId>org.apache.sentry</groupId>
-- <artifactId>sentry-policy-db</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.hadoop</groupId>
-diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryIniPolicyFileFormatter.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryIniPolicyFileFormatter.java
-index 630bef3..06fe1fe 100644
---- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryIniPolicyFileFormatter.java
-+++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryIniPolicyFileFormatter.java
-@@ -24,7 +24,7 @@ import java.util.Map;
- import java.util.Set;
-
- import org.apache.hadoop.conf.Configuration;
--import org.apache.sentry.policy.common.PolicyConstants;
-+import org.apache.sentry.core.common.utils.SentryConstants;
- import org.apache.sentry.provider.common.PolicyFileConstants;
- import org.apache.sentry.provider.common.ProviderBackendContext;
- import org.apache.sentry.provider.file.SimpleFileProviderBackend;
-@@ -152,8 +152,8 @@ public class SentryIniPolicyFileFormatter implements SentryPolicyFileFormatter {
- List<String> lines = Lists.newArrayList();
- lines.add("[" + name + "]");
- for (Map.Entry<String, Set<String>> entry : mappingData.entrySet()) {
-- lines.add(PolicyConstants.KV_JOINER.join(entry.getKey(),
-- PolicyConstants.ROLE_JOINER.join(entry.getValue())));
-+ lines.add(SentryConstants.KV_JOINER.join(entry.getKey(),
-+ SentryConstants.ROLE_JOINER.join(entry.getValue())));
- }
- return Joiner.on(NL).join(lines);
- }
-diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
-index 0a1d0e8..775a1f5 100644
---- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
-+++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
-@@ -34,11 +34,13 @@ import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
- import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
- import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
- import org.apache.sentry.core.common.ActiveRoleSet;
-+import org.apache.sentry.core.common.Model;
- import org.apache.sentry.core.common.Subject;
- import org.apache.sentry.core.model.db.AccessConstants;
- import org.apache.sentry.core.model.db.DBModelAction;
- import org.apache.sentry.core.model.db.DBModelAuthorizable;
- import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
-+import org.apache.sentry.core.model.db.HivePrivilegeModel;
- import org.apache.sentry.core.model.db.Server;
- import org.apache.sentry.policy.common.PolicyEngine;
- import org.apache.sentry.provider.cache.PrivilegeCache;
-@@ -60,6 +62,7 @@ public class HiveAuthzBinding {
- private static final Splitter ROLE_SET_SPLITTER = Splitter.on(",").trimResults()
- .omitEmptyStrings();
- public static final String HIVE_BINDING_TAG = "hive.authz.bindings.tag";
-+ public static final String HIVE_POLICY_ENGINE_OLD = "org.apache.sentry.policy.db.SimpleDBPolicyEngine";
-
- private final HiveConf hiveConf;
- private final Server authServer;
-@@ -206,6 +209,11 @@ public class HiveAuthzBinding {
- String providerBackendName = authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar());
- String policyEngineName = authzConf.get(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar());
-
-+ // for the backward compatibility
-+ if (HIVE_POLICY_ENGINE_OLD.equals(policyEngineName)) {
-+ policyEngineName = AuthzConfVars.AUTHZ_POLICY_ENGINE.getDefault();
-+ }
-+
- LOG.debug("Using authorization provider " + authProviderName +
- " with resource " + resourceName + ", policy engine "
- + policyEngineName + ", provider backend " + providerBackendName);
-@@ -216,19 +224,28 @@ public class HiveAuthzBinding {
- ProviderBackend providerBackend = (ProviderBackend) providerBackendConstructor.
- newInstance(new Object[] {authzConf, resourceName});
-
-+ // create backendContext
-+ ProviderBackendContext context = new ProviderBackendContext();
-+ context.setAllowPerDatabase(true);
-+ context.setValidators(HivePrivilegeModel.getInstance().getPrivilegeValidators(serverName));
-+ // initialize the backend with the context
-+ providerBackend.initialize(context);
-+
-+
- // load the policy engine class
- Constructor<?> policyConstructor =
-- Class.forName(policyEngineName).getDeclaredConstructor(String.class, ProviderBackend.class);
-+ Class.forName(policyEngineName).getDeclaredConstructor(ProviderBackend.class);
- policyConstructor.setAccessible(true);
- PolicyEngine policyEngine = (PolicyEngine) policyConstructor.
-- newInstance(new Object[] {serverName, providerBackend});
-+ newInstance(new Object[] {providerBackend});
-
-
- // load the authz provider class
- Constructor<?> constrctor =
-- Class.forName(authProviderName).getDeclaredConstructor(String.class, PolicyEngine.class);
-+ Class.forName(authProviderName).getDeclaredConstructor(String.class, PolicyEngine.class, Model.class);
- constrctor.setAccessible(true);
-- return (AuthorizationProvider) constrctor.newInstance(new Object[] {resourceName, policyEngine});
-+ return (AuthorizationProvider) constrctor.newInstance(new Object[] {resourceName, policyEngine,
-+ HivePrivilegeModel.getInstance()});
- }
-
- // Instantiate the authz provider using PrivilegeCache, this method is used for metadata filter function.
-@@ -238,7 +255,13 @@ public class HiveAuthzBinding {
- String authProviderName = authzConf.get(AuthzConfVars.AUTHZ_PROVIDER.getVar());
- String resourceName =
- authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar());
-- String policyEngineName = authzConf.get(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar());
-+ String policyEngineName = authzConf.get(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar(),
-+ AuthzConfVars.AUTHZ_POLICY_ENGINE.getDefault());
-+
-+ // for the backward compatibility
-+ if (HIVE_POLICY_ENGINE_OLD.equals(policyEngineName)) {
-+ policyEngineName = AuthzConfVars.AUTHZ_POLICY_ENGINE.getDefault();
-+ }
-
- LOG.debug("Using authorization provider " + authProviderName +
- " with resource " + resourceName + ", policy engine "
-@@ -251,19 +274,19 @@ public class HiveAuthzBinding {
-
- // load the policy engine class
- Constructor<?> policyConstructor =
-- Class.forName(policyEngineName).getDeclaredConstructor(String.class, ProviderBackend.class);
-+ Class.forName(policyEngineName).getDeclaredConstructor(ProviderBackend.class);
- policyConstructor.setAccessible(true);
- PolicyEngine policyEngine = (PolicyEngine) policyConstructor.
-- newInstance(new Object[] {serverName, providerBackend});
-+ newInstance(new Object[] {providerBackend});
-
- // load the authz provider class
- Constructor<?> constrctor =
-- Class.forName(authProviderName).getDeclaredConstructor(String.class, PolicyEngine.class);
-+ Class.forName(authProviderName).getDeclaredConstructor(String.class, PolicyEngine.class, Model.class);
- constrctor.setAccessible(true);
-- return (AuthorizationProvider) constrctor.newInstance(new Object[] {resourceName, policyEngine});
-+ return (AuthorizationProvider) constrctor.newInstance(new Object[] {resourceName, policyEngine,
-+ HivePrivilegeModel.getInstance()});
- }
-
--
- /**
- * Validate the privilege for the given operation for the given subject
- * @param hiveOp
-diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
-index 5a89af2..ad19b37 100644
---- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
-+++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
-@@ -92,7 +92,7 @@ public class HiveAuthzConf extends Configuration {
- "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider"),
- AUTHZ_PROVIDER_RESOURCE("sentry.hive.provider.resource", ""),
- AUTHZ_PROVIDER_BACKEND("sentry.hive.provider.backend", "org.apache.sentry.provider.file.SimpleFileProviderBackend"),
-- AUTHZ_POLICY_ENGINE("sentry.hive.policy.engine", "org.apache.sentry.policy.db.SimpleDBPolicyEngine"),
-+ AUTHZ_POLICY_ENGINE("sentry.hive.policy.engine", "org.apache.sentry.policy.engine.common.CommonPolicyEngine"),
- AUTHZ_POLICY_FILE_FORMATTER(
- "sentry.hive.policy.file.formatter",
- "org.apache.sentry.binding.hive.SentryIniPolicyFileFormatter"),
-diff --git a/sentry-binding/sentry-binding-hive/pom.xml b/sentry-binding/sentry-binding-hive/pom.xml
-index b769488..07aaae3 100644
---- a/sentry-binding/sentry-binding-hive/pom.xml
-+++ b/sentry-binding/sentry-binding-hive/pom.xml
-@@ -70,6 +70,31 @@ limitations under the License.
- <artifactId>sentry-binding-hive-common</artifactId>
- </dependency>
- <dependency>
-+ <groupId>org.apache.sentry</groupId>
-+ <artifactId>sentry-core-common</artifactId>
-+ </dependency>
-+ <dependency>
-+ <groupId>org.apache.sentry</groupId>
-+ <artifactId>sentry-core-model-db</artifactId>
-+ </dependency>
-+ <dependency>
-+ <groupId>org.apache.sentry</groupId>
-+ <artifactId>sentry-provider-common</artifactId>
-+ </dependency>
-+ <!-- required for SentryGrantRevokeTask -->
-+ <dependency>
-+ <groupId>org.apache.sentry</groupId>
-+ <artifactId>sentry-provider-db</artifactId>
-+ </dependency>
-+ <dependency>
-+ <groupId>org.apache.sentry</groupId>
-+ <artifactId>sentry-provider-file</artifactId>
-+ </dependency>
-+ <dependency>
-+ <groupId>org.apache.sentry</groupId>
-+ <artifactId>sentry-provider-cache</artifactId>
-+ </dependency>
-+ <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-common</artifactId>
- <scope>provided</scope>
-@@ -90,6 +115,11 @@ limitations under the License.
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-db</artifactId>
- </dependency>
-+ <dependency>
-+ <groupId>org.apache.hadoop</groupId>
-+ <artifactId>hadoop-minicluster</artifactId>
-+ <scope>test</scope>
-+ </dependency>
- </dependencies>
-
- </project>
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryIniPolicyFileFormatter.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryIniPolicyFileFormatter.java
-index 2bfc339..0e7ee3d 100644
---- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryIniPolicyFileFormatter.java
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryIniPolicyFileFormatter.java
-@@ -25,7 +25,7 @@ import java.util.Map;
- import java.util.Set;
-
- import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
--import org.apache.sentry.policy.common.PolicyConstants;
-+import org.apache.sentry.core.common.utils.SentryConstants;
- import org.apache.sentry.provider.common.PolicyFileConstants;
- import org.junit.Test;
-
-@@ -208,8 +208,8 @@ public class TestSentryIniPolicyFileFormatter {
- for (String actualPrivilege : actualPrivileges) {
- boolean isFound = exceptedPrivileges.contains(actualPrivilege);
- if (!isFound) {
-- String withOptionPrivilege = PolicyConstants.AUTHORIZABLE_JOINER.join(actualPrivilege,
-- PolicyConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME,
-+ String withOptionPrivilege = SentryConstants.AUTHORIZABLE_JOINER.join(actualPrivilege,
-+ SentryConstants.KV_JOINER.join(PolicyFileConstants.PRIVILEGE_GRANT_OPTION_NAME,
- "false"));
- isFound = exceptedPrivileges.contains(withOptionPrivilege);
- }
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/AbstractTestSimplePolicyEngine.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/AbstractTestSimplePolicyEngine.java
-new file mode 100644
-index 0000000..df8443c
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/AbstractTestSimplePolicyEngine.java
-@@ -0,0 +1,156 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements. See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.sentry.policy.hive;
-+
-+import java.io.File;
-+import java.io.IOException;
-+import java.util.Set;
-+import java.util.TreeSet;
-+
-+import org.junit.Assert;
-+
-+import org.apache.commons.io.FileUtils;
-+import org.apache.sentry.core.common.ActiveRoleSet;
-+import org.apache.sentry.policy.common.PolicyEngine;
-+import org.junit.After;
-+import org.junit.AfterClass;
-+import org.junit.Before;
-+import org.junit.BeforeClass;
-+import org.junit.Test;
-+
-+import com.google.common.collect.Sets;
-+import com.google.common.io.Files;
-+
-+public abstract class AbstractTestSimplePolicyEngine {
-+ private static final String PERM_SERVER1_CUSTOMERS_SELECT = "server=server1->db=customers->table=purchases->action=select";
-+ private static final String PERM_SERVER1_CUSTOMERS_DB_CUSTOMERS_PARTIAL_SELECT = "server=server1->db=customers->table=purchases_partial->action=select";
-+ private static final String PERM_SERVER1_ANALYST_ALL = "server=server1->db=analyst1";
-+ private static final String PERM_SERVER1_JUNIOR_ANALYST_ALL = "server=server1->db=jranalyst1";
-+ private static final String PERM_SERVER1_JUNIOR_ANALYST_READ = "server=server1->db=jranalyst1->table=*->action=select";
-+ private static final String PERM_SERVER1_OTHER_GROUP_DB_CUSTOMERS_SELECT = "server=server1->db=other_group_db->table=purchases->action=select";
-+
-+ private static final String PERM_SERVER1_ADMIN = "server=server1";
-+ private PolicyEngine policy;
-+ private static File baseDir;
-+
-+ @BeforeClass
-+ public static void setupClazz() throws IOException {
-+ baseDir = Files.createTempDir();
-+ }
-+
-+ @AfterClass
-+ public static void teardownClazz() throws IOException {
-+ if(baseDir != null) {
-+ FileUtils.deleteQuietly(baseDir);
-+ }
-+ }
-+
-+ protected void setPolicy(PolicyEngine policy) {
-+ this.policy = policy;
-+ }
-+ protected static File getBaseDir() {
-+ return baseDir;
-+ }
-+ @Before
-+ public void setup() throws IOException {
-+ afterSetup();
-+ }
-+ @After
-+ public void teardown() throws IOException {
-+ beforeTeardown();
-+ }
-+ protected void afterSetup() throws IOException {
-+
-+ }
-+
-+ protected void beforeTeardown() throws IOException {
-+
-+ }
-+
-+ @Test
-+ public void testManager() throws Exception {
-+ Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
-+ PERM_SERVER1_CUSTOMERS_SELECT, PERM_SERVER1_ANALYST_ALL,
-+ PERM_SERVER1_JUNIOR_ANALYST_ALL, PERM_SERVER1_JUNIOR_ANALYST_READ,
-+ PERM_SERVER1_CUSTOMERS_DB_CUSTOMERS_PARTIAL_SELECT
-+ ));
-+ Assert.assertEquals(expected.toString(),
-+ new TreeSet<String>(policy.getAllPrivileges(set("manager"), ActiveRoleSet.ALL))
-+ .toString());
-+ }
-+
-+ @Test
-+ public void testAnalyst() throws Exception {
-+ Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
-+ PERM_SERVER1_CUSTOMERS_SELECT, PERM_SERVER1_ANALYST_ALL,
-+ PERM_SERVER1_JUNIOR_ANALYST_READ));
-+ Assert.assertEquals(expected.toString(),
-+ new TreeSet<String>(policy.getAllPrivileges(set("analyst"), ActiveRoleSet.ALL))
-+ .toString());
-+ }
-+
-+ @Test
-+ public void testJuniorAnalyst() throws Exception {
-+ Set<String> expected = Sets.newTreeSet(Sets
-+ .newHashSet(PERM_SERVER1_JUNIOR_ANALYST_ALL,
-+ PERM_SERVER1_CUSTOMERS_DB_CUSTOMERS_PARTIAL_SELECT));
-+ Assert.assertEquals(expected.toString(),
-+ new TreeSet<String>(policy.getAllPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
-+ .toString());
-+ }
-+
-+ @Test
-+ public void testAdmin() throws Exception {
-+ Set<String> expected = Sets.newTreeSet(Sets.newHashSet(PERM_SERVER1_ADMIN));
-+ Assert.assertEquals(expected.toString(),
-+ new TreeSet<String>(policy.getAllPrivileges(set("admin"), ActiveRoleSet.ALL))
-+ .toString());
-+ }
-+
-+
-+ @Test
-+ public void testOtherGroup() throws Exception {
-+ Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
-+ PERM_SERVER1_OTHER_GROUP_DB_CUSTOMERS_SELECT));
-+ Assert.assertEquals(expected.toString(),
-+ new TreeSet<String>(policy.getAllPrivileges(set("other_group"), ActiveRoleSet.ALL))
-+ .toString());
-+ }
-+
-+ @Test
-+ public void testDbAll() throws Exception {
-+ Set<String> expected = Sets.newTreeSet(Sets
-+ .newHashSet(PERM_SERVER1_JUNIOR_ANALYST_ALL,
-+ PERM_SERVER1_CUSTOMERS_DB_CUSTOMERS_PARTIAL_SELECT));
-+ Assert.assertEquals(expected.toString(),
-+ new TreeSet<String>(policy.getAllPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
-+ .toString());
-+ }
-+
-+ @Test
-+ public void testDbAllforOtherGroup() throws Exception {
-+ Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
-+ PERM_SERVER1_OTHER_GROUP_DB_CUSTOMERS_SELECT));
-+ Assert.assertEquals(expected.toString(),
-+ new TreeSet<String>(policy.getAllPrivileges(set("other_group"), ActiveRoleSet.ALL))
-+ .toString());
-+ }
-+
-+ private static Set<String> set(String... values) {
-+ return Sets.newHashSet(values);
-+ }
-+}
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/DBPolicyTestUtil.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/DBPolicyTestUtil.java
-new file mode 100644
-index 0000000..854acbe
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/DBPolicyTestUtil.java
-@@ -0,0 +1,45 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements. See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.sentry.policy.hive;
-+
-+import org.apache.hadoop.conf.Configuration;
-+import org.apache.sentry.core.model.db.HivePrivilegeModel;
-+import org.apache.sentry.policy.common.PolicyEngine;
-+import org.apache.sentry.policy.engine.common.CommonPolicyEngine;
-+import org.apache.sentry.provider.common.ProviderBackend;
-+import org.apache.sentry.provider.common.ProviderBackendContext;
-+import org.apache.sentry.provider.file.SimpleFileProviderBackend;
-+
-+import java.io.IOException;
-+
-+public class DBPolicyTestUtil {
-+
-+ public static PolicyEngine createPolicyEngineForTest(String server, String resource) throws IOException {
-+
-+ ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource);
-+
-+ // create backendContext
-+ ProviderBackendContext context = new ProviderBackendContext();
-+ context.setAllowPerDatabase(true);
-+ context.setValidators(HivePrivilegeModel.getInstance().getPrivilegeValidators(server));
-+ // initialize the backend with the context
-+ providerBackend.initialize(context);
-+
-+
-+ return new CommonPolicyEngine(providerBackend);
-+ }
-+}
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestDBModelAuthorizables.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestDBModelAuthorizables.java
-new file mode 100644
-index 0000000..fba2e1c
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestDBModelAuthorizables.java
-@@ -0,0 +1,77 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one
-+ * or more contributor license agreements. See the NOTICE file
-+ * distributed with this work for additional information
-+ * regarding copyright ownership. The ASF licenses this file
-+ * to you under the Apache License, Version 2.0 (the
-+ * "License"); you may not use this file except in compliance
-+ * with the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing,
-+ * software distributed under the License is distributed on an
-+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-+ * KIND, either express or implied. See the License for the
-+ * specific language governing permissions and limitations
-+ * under the License.
-+ */
-+
-+package org.apache.sentry.policy.hive;
-+import static junit.framework.Assert.assertEquals;
-+import static junit.framework.Assert.assertNull;
-+
-+import org.apache.sentry.core.model.db.AccessURI;
-+import org.apache.sentry.core.model.db.DBModelAuthorizables;
-+import org.apache.sentry.core.model.db.Database;
-+import org.apache.sentry.core.model.db.Server;
-+import org.apache.sentry.core.model.db.Table;
-+import org.apache.sentry.core.model.db.View;
-+import org.junit.Test;
-+
-+public class TestDBModelAuthorizables {
-+
-+ @Test
-+ public void testServer() throws Exception {
-+ Server server = (Server) DBModelAuthorizables.from("SeRvEr=server1");
-+ assertEquals("server1", server.getName());
-+ }
-+ @Test
-+ public void testDb() throws Exception {
-+ Database db = (Database)DBModelAuthorizables.from("dB=db1");
-+ assertEquals("db1", db.getName());
-+ }
-+ @Test
-+ public void testTable() throws Exception {
-+ Table table = (Table)DBModelAuthorizables.from("tAbLe=t1");
-+ assertEquals("t1", table.getName());
-+ }
-+ @Test
-+ public void testView() throws Exception {
-+ View view = (View)DBModelAuthorizables.from("vIeW=v1");
-+ assertEquals("v1", view.getName());
-+ }
-+ @Test
-+ public void testURI() throws Exception {
-+ AccessURI uri = (AccessURI)DBModelAuthorizables.from("UrI=hdfs://uri1:8200/blah");
-+ assertEquals("hdfs://uri1:8200/blah", uri.getName());
-+ }
-+
-+ @Test(expected=IllegalArgumentException.class)
-+ public void testNoKV() throws Exception {
-+ System.out.println(DBModelAuthorizables.from("nonsense"));
-+ }
-+
-+ @Test(expected=IllegalArgumentException.class)
-+ public void testEmptyKey() throws Exception {
-+ System.out.println(DBModelAuthorizables.from("=v"));
-+ }
-+ @Test(expected=IllegalArgumentException.class)
-+ public void testEmptyValue() throws Exception {
-+ System.out.println(DBModelAuthorizables.from("k="));
-+ }
-+ @Test
-+ public void testNotAuthorizable() throws Exception {
-+ assertNull(DBModelAuthorizables.from("k=v"));
-+ }
-+}
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestDatabaseRequiredInRole.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestDatabaseRequiredInRole.java
-new file mode 100644
-index 0000000..24f3ae9
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestDatabaseRequiredInRole.java
-@@ -0,0 +1,50 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one
-+ * or more contributor license agreements. See the NOTICE file
-+ * distributed with this work for additional information
-+ * regarding copyright ownership. The ASF licenses this file
-+ * to you under the Apache License, Version 2.0 (the
-+ * "License"); you may not use this file except in compliance
-+ * with the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing,
-+ * software distributed under the License is distributed on an
-+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-+ * KIND, either express or implied. See the License for the
-+ * specific language governing permissions and limitations
-+ * under the License.
-+ */
-+package org.apache.sentry.policy.hive;
-+
-+import org.junit.Assert;
-+
-+import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
-+import org.apache.sentry.core.model.db.validator.DatabaseRequiredInPrivilege;
-+import org.apache.shiro.config.ConfigurationException;
-+import org.junit.Test;
-+
-+public class TestDatabaseRequiredInRole {
-+
-+ @Test
-+ public void testURIInPerDbPolicyFile() throws Exception {
-+ DatabaseRequiredInPrivilege dbRequiredInRole = new DatabaseRequiredInPrivilege();
-+ System.setProperty("sentry.allow.uri.db.policyfile", "true");
-+ dbRequiredInRole.validate(new PrivilegeValidatorContext("db1",
-+ "server=server1->URI=file:///user/db/warehouse/tab1"));
-+ System.setProperty("sentry.allow.uri.db.policyfile", "false");
-+ }
-+
-+ @Test
-+ public void testURIWithDBInPerDbPolicyFile() throws Exception {
-+ DatabaseRequiredInPrivilege dbRequiredInRole = new DatabaseRequiredInPrivilege();
-+ try {
-+ dbRequiredInRole.validate(new PrivilegeValidatorContext("db1",
-+ "server=server1->db=db1->URI=file:///user/db/warehouse/tab1"));
-+ Assert.fail("Expected ConfigurationException");
-+ } catch (ConfigurationException e) {
-+ // expected
-+ }
-+ }
-+}
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestPolicyParsingNegative.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestPolicyParsingNegative.java
-new file mode 100644
-index 0000000..4dc8812
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestPolicyParsingNegative.java
-@@ -0,0 +1,194 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements. See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.sentry.policy.hive;
-+
-+import java.io.File;
-+import java.io.IOException;
-+
-+import org.junit.Assert;
-+
-+import org.apache.commons.io.FileUtils;
-+import org.apache.sentry.core.common.ActiveRoleSet;
-+import org.apache.sentry.policy.common.PolicyEngine;
-+import org.apache.sentry.provider.file.PolicyFile;
-+import org.junit.After;
-+import org.junit.Before;
-+import org.junit.Test;
-+import org.slf4j.Logger;
-+import org.slf4j.LoggerFactory;
-+
-+import com.google.common.base.Charsets;
-+import com.google.common.collect.ImmutableSet;
-+import com.google.common.collect.Sets;
-+import com.google.common.io.Files;
-+
-+public class TestPolicyParsingNegative {
-+
-+ @SuppressWarnings("unused")
-+ private static final Logger LOGGER = LoggerFactory
-+ .getLogger(TestPolicyParsingNegative.class);
-+
-+ private File baseDir;
-+ private File globalPolicyFile;
-+ private File otherPolicyFile;
-+
-+ @Before
-+ public void setup() {
-+ baseDir = Files.createTempDir();
-+ globalPolicyFile = new File(baseDir, "global.ini");
-+ otherPolicyFile = new File(baseDir, "other.ini");
-+ }
-+
-+ @After
-+ public void teardown() {
-+ if(baseDir != null) {
-+ FileUtils.deleteQuietly(baseDir);
-+ }
-+ }
-+
-+ private void append(String from, File to) throws IOException {
-+ Files.append(from + "\n", to, Charsets.UTF_8);
-+ }
-+
-+ @Test
-+ public void testUnauthorizedDbSpecifiedInDBPolicyFile() throws Exception {
-+ append("[databases]", globalPolicyFile);
-+ append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile);
-+ append("[groups]", otherPolicyFile);
-+ append("other_group = malicious_role", otherPolicyFile);
-+ append("[roles]", otherPolicyFile);
-+ append("malicious_role = server=server1->db=customers->table=purchases->action=select", otherPolicyFile);
-+ PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath());
-+ ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL);
-+ Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-+ }
-+ @Test
-+ public void testPerDbFileCannotContainUsersOrDatabases() throws Exception {
-+ PolicyEngine policy;
-+ ImmutableSet<String> permissions;
-+ PolicyFile policyFile;
-+ // test sanity
-+ policyFile = PolicyFile.setAdminOnServer1("admin");
-+ policyFile.addGroupsToUser("admin1", "admin");
-+ policyFile.write(globalPolicyFile);
-+ policyFile.write(otherPolicyFile);
-+ policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath());
-+ permissions = policy.getAllPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL);
-+ Assert.assertEquals(permissions.toString(), "[server=server1]");
-+ // test to ensure [users] fails parsing of per-db file
-+ policyFile.addDatabase("other", otherPolicyFile.getPath());
-+ policyFile.write(globalPolicyFile);
-+ policyFile.write(otherPolicyFile);
-+ policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath());
-+ permissions = policy.getAllPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL);
-+ Assert.assertEquals(permissions.toString(), "[server=server1]");
-+ // test to ensure [databases] fails parsing of per-db file
-+ // by removing the user mapping from the per-db policy file
-+ policyFile.removeGroupsFromUser("admin1", "admin")
-+ .write(otherPolicyFile);
-+ policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath());
-+ permissions = policy.getAllPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL);
-+ Assert.assertEquals(permissions.toString(), "[server=server1]");
-+ }
-+
-+ @Test
-+ public void testDatabaseRequiredInRole() throws Exception {
-+ append("[databases]", globalPolicyFile);
-+ append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile);
-+ append("[groups]", otherPolicyFile);
-+ append("other_group = malicious_role", otherPolicyFile);
-+ append("[roles]", otherPolicyFile);
-+ append("malicious_role = server=server1", otherPolicyFile);
-+ PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath());
-+ ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL);
-+ Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-+ }
-+
-+ @Test
-+ public void testServerAll() throws Exception {
-+ append("[groups]", globalPolicyFile);
-+ append("group = malicious_role", globalPolicyFile);
-+ append("[roles]", globalPolicyFile);
-+ append("malicious_role = server=*", globalPolicyFile);
-+ PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath());
-+ ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
-+ Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-+ }
-+
-+ @Test
-+ public void testServerIncorrect() throws Exception {
-+ append("[groups]", globalPolicyFile);
-+ append("group = malicious_role", globalPolicyFile);
-+ append("[roles]", globalPolicyFile);
-+ append("malicious_role = server=server2", globalPolicyFile);
-+ PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath());
-+ ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
-+ Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-+ }
-+
-+ @Test
-+ public void testAll() throws Exception {
-+ append("[groups]", globalPolicyFile);
-+ append("group = malicious_role", globalPolicyFile);
-+ append("[roles]", globalPolicyFile);
-+ append("malicious_role = *", globalPolicyFile);
-+ PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath());
-+ ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
-+ Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-+ }
-+
-+ /**
-+ * Create policy file with multiple per db files.
-+ * Verify that a file with bad format is the only one that's ignored
-+ * @throws Exception
-+ */
-+ @Test
-+ public void testMultiDbWithErrors() throws Exception {
-+ File db1PolicyFile = new File(baseDir, "db1.ini");
-+ File db2PolicyFile = new File(baseDir, "db2.ini");
-+
-+ // global policy file
-+ append("[databases]", globalPolicyFile);
-+ append("db1 = " + db1PolicyFile.getPath(), globalPolicyFile);
-+ append("db2 = " + db2PolicyFile.getPath(), globalPolicyFile);
-+ append("[groups]", globalPolicyFile);
-+ append("db3_group = db3_rule", globalPolicyFile);
-+ append("[roles]", globalPolicyFile);
-+ append("db3_rule = server=server1->db=db3->table=sales->action=select", globalPolicyFile);
-+
-+ //db1 policy file with badly formatted rule
-+ append("[groups]", db1PolicyFile);
-+ append("db1_group = bad_rule", db1PolicyFile);
-+ append("[roles]", db1PolicyFile);
-+ append("bad_rule = server=server1->db=customers->=purchases->action=", db1PolicyFile);
-+
-+ //db2 policy file with proper rule
-+ append("[groups]", db2PolicyFile);
-+ append("db2_group = db2_rule", db2PolicyFile);
-+ append("[roles]", db2PolicyFile);
-+ append("db2_rule = server=server1->db=db2->table=purchases->action=select", db2PolicyFile);
-+
-+ PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath());
-+
-+ // verify that the db1 rule is empty
-+ ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("db1_group"), ActiveRoleSet.ALL);
-+ Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-+
-+ permissions = policy.getAllPrivileges(Sets.newHashSet("db2_group"), ActiveRoleSet.ALL);
-+ Assert.assertEquals(permissions.toString(), 1, permissions.size());
-+ }
-+}
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java
-new file mode 100644
-index 0000000..403eb6a
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderGeneralCases.java
-@@ -0,0 +1,195 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements. See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.sentry.policy.hive;
-+
-+import java.io.File;
-+import java.io.IOException;
-+import java.util.Arrays;
-+import java.util.EnumSet;
-+import java.util.List;
-+import java.util.Set;
-+
-+import com.google.common.collect.Sets;
-+import junit.framework.Assert;
-+
-+import org.apache.commons.io.FileUtils;
-+import org.apache.sentry.core.common.Action;
-+import org.apache.sentry.core.common.ActiveRoleSet;
-+import org.apache.sentry.core.common.Authorizable;
-+import org.apache.sentry.core.common.Subject;
-+import org.apache.sentry.core.model.db.AccessConstants;
-+import org.apache.sentry.core.model.db.DBModelAction;
-+import org.apache.sentry.core.model.db.Database;
-+import org.apache.sentry.core.model.db.HivePrivilegeModel;
-+import org.apache.sentry.core.model.db.Server;
-+import org.apache.sentry.core.model.db.Table;
-+import org.apache.sentry.provider.common.GroupMappingService;
-+import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
-+import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
-+import org.apache.sentry.provider.file.PolicyFiles;
-+import org.junit.After;
-+import org.junit.Test;
-+import org.slf4j.Logger;
-+import org.slf4j.LoggerFactory;
-+
-+import com.google.common.base.Objects;
-+import com.google.common.collect.HashMultimap;
-+import com.google.common.collect.Multimap;
-+import com.google.common.io.Files;
-+
-+
-+public class TestResourceAuthorizationProviderGeneralCases {
-+
-+ private static final Logger LOGGER = LoggerFactory
-+ .getLogger(TestResourceAuthorizationProviderGeneralCases.class);
-+
-+ private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap
-+ .create();
-+
-+ private static final Subject SUB_ADMIN = new Subject("admin1");
-+ private static final Subject SUB_MANAGER = new Subject("manager1");
-+ private static final Subject SUB_ANALYST = new Subject("analyst1");
-+ private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1");
-+
-+ private static final Server SVR_SERVER1 = new Server("server1");
-+ private static final Server SVR_ALL = new Server(AccessConstants.ALL);
-+
-+ private static final Database DB_CUSTOMERS = new Database("customers");
-+ private static final Database DB_ANALYST = new Database("analyst1");
-+ private static final Database DB_JR_ANALYST = new Database("jranalyst1");
-+
-+ private static final Table TBL_PURCHASES = new Table("purchases");
-+
-+ private static final Set<? extends Action> ALL = EnumSet.of(DBModelAction.ALL);
-+ private static final Set<? extends Action> SELECT = EnumSet.of(DBModelAction.SELECT);
-+ private static final Set<? extends Action> INSERT = EnumSet.of(DBModelAction.INSERT);
-+
-+ static {
-+ USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin"));
-+ USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager"));
-+ USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst"));
-+ USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(),
-+ Arrays.asList("jranalyst"));
-+ }
-+
-+ private final ResourceAuthorizationProvider authzProvider;
-+ private File baseDir;
-+
-+ public TestResourceAuthorizationProviderGeneralCases() throws IOException {
-+ baseDir = Files.createTempDir();
-+ PolicyFiles.copyToDir(baseDir, "hive-policy-test-authz-provider.ini", "hive-policy-test-authz-provider-other-group.ini");
-+ authzProvider = new HadoopGroupResourceAuthorizationProvider(
-+ DBPolicyTestUtil.createPolicyEngineForTest("server1",
-+ new File(baseDir, "hive-policy-test-authz-provider.ini").getPath()),
-+ new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP), HivePrivilegeModel.getInstance());
-+
-+ }
-+
-+ @After
-+ public void teardown() {
-+ if(baseDir != null) {
-+ FileUtils.deleteQuietly(baseDir);
-+ }
-+ }
-+
-+ private void doTestAuthorizables(
-+ Subject subject, Set<? extends Action> privileges, boolean expected,
-+ Authorizable... authorizables) throws Exception {
-+ List<Authorizable> authzHierarchy = Arrays.asList(authorizables);
-+ Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
-+ helper.add("authorizables", authzHierarchy).add("Privileges", privileges);
-+ LOGGER.info("Running with " + helper.toString());
-+ Assert.assertEquals(helper.toString(), expected,
-+ authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
-+ LOGGER.info("Passed " + helper.toString());
-+ }
-+
-+ private void doTestResourceAuthorizationProvider(Subject subject,
-+ Server server, Database database, Table table,
-+ Set<? extends Action> privileges, boolean expected) throws Exception {
-+ List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] {
-+ server, database, table
-+ });
-+ Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
-+ helper.add("Subject", subject).add("Server", server).add("DB", database)
-+ .add("Table", table).add("Privileges", privileges).add("authzHierarchy", authzHierarchy);
-+ LOGGER.info("Running with " + helper.toString());
-+ Assert.assertEquals(helper.toString(), expected,
-+ authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
-+ LOGGER.info("Passed " + helper.toString());
-+ }
-+
-+ @Test
-+ public void testAdmin() throws Exception {
-+ doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, true);
-+ doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
-+ doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, true);
-+ doTestAuthorizables(SUB_ADMIN, SELECT, true, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES);
-+
-+ }
-+ @Test
-+ public void testManager() throws Exception {
-+ doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false);
-+ doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
-+ doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false);
-+ doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
-+ }
-+ @Test
-+ public void testAnalyst() throws Exception {
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false);
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false);
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
-+
-+ // analyst sandbox
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, ALL, true);
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, SELECT, true);
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, INSERT, true);
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_ANALYST, TBL_PURCHASES, SELECT, true);
-+
-+ // jr analyst sandbox
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, ALL, false);
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true);
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, INSERT, false);
-+ doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true);
-+ }
-+ @Test
-+ public void testJuniorAnalyst() throws Exception {
-+ doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false);
-+ doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, false);
-+ doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false);
-+ doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, false);
-+ // jr analyst sandbox
-+ doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, ALL, true);
-+ doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true);
-+ doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, INSERT, true);
-+ doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_ALL, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true);
-+ }
-+
-+ public class MockGroupMappingServiceProvider implements GroupMappingService {
-+ private final Multimap<String, String> userToGroupMap;
-+
-+ public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) {
-+ this.userToGroupMap = userToGroupMap;
-+ }
-+
-+ @Override
-+ public Set<String> getGroups(String user) {
-+ return Sets.newHashSet(userToGroupMap.get(user));
-+ }
-+ }
-+}
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderSpecialCases.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderSpecialCases.java
-new file mode 100644
-index 0000000..6fe9e6b
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestResourceAuthorizationProviderSpecialCases.java
-@@ -0,0 +1,124 @@
-+ /*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements. See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.sentry.policy.hive;
-+
-+import java.io.File;
-+import java.io.IOException;
-+import java.util.EnumSet;
-+import java.util.List;
-+import java.util.Set;
-+
-+import org.junit.Assert;
-+
-+import org.apache.commons.io.FileUtils;
-+import org.apache.sentry.core.common.Action;
-+import org.apache.sentry.core.common.ActiveRoleSet;
-+import org.apache.sentry.core.common.Authorizable;
-+import org.apache.sentry.core.common.Subject;
-+import org.apache.sentry.core.model.db.AccessURI;
-+import org.apache.sentry.core.model.db.DBModelAction;
-+import org.apache.sentry.core.model.db.HivePrivilegeModel;
-+import org.apache.sentry.core.model.db.Server;
-+import org.apache.sentry.policy.common.PolicyEngine;
-+import org.apache.sentry.provider.common.AuthorizationProvider;
-+import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
-+import org.apache.sentry.provider.file.PolicyFile;
-+import org.junit.After;
-+import org.junit.Before;
-+import org.junit.Test;
-+
-+import com.google.common.collect.ImmutableList;
-+import com.google.common.io.Files;
-+
-+public class TestResourceAuthorizationProviderSpecialCases {
-+ private AuthorizationProvider authzProvider;
-+ private PolicyFile policyFile;
-+ private File baseDir;
-+ private File iniFile;
-+ private String initResource;
-+ @Before
-+ public void setup() throws IOException {
-+ baseDir = Files.createTempDir();
-+ iniFile = new File(baseDir, "policy.ini");
-+ initResource = "file://" + iniFile.getPath();
-+ policyFile = new PolicyFile();
-+ }
-+
-+ @After
-+ public void teardown() throws IOException {
-+ if(baseDir != null) {
-+ FileUtils.deleteQuietly(baseDir);
-+ }
-+ }
-+
-+ @Test
-+ public void testDuplicateEntries() throws Exception {
-+ Subject user1 = new Subject("user1");
-+ Server server1 = new Server("server1");
-+ AccessURI uri = new AccessURI("file:///path/to/");
-+ Set<? extends Action> actions = EnumSet.of(DBModelAction.ALL, DBModelAction.SELECT, DBModelAction.INSERT);
-+ policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
-+ .addRolesToGroup("group1", true, "role1", "role1")
-+ .addPermissionsToRole("role1", true, "server=" + server1.getName() + "->uri=" + uri.getName(),
-+ "server=" + server1.getName() + "->uri=" + uri.getName());
-+ policyFile.write(iniFile);
-+ PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest(server1.getName(), initResource);
-+ authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy, HivePrivilegeModel.getInstance());
-+ List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri);
-+ Assert.assertTrue(authorizableHierarchy.toString(),
-+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-+ }
-+ @Test
-+ public void testNonAbolutePath() throws Exception {
-+ Subject user1 = new Subject("user1");
-+ Server server1 = new Server("server1");
-+ AccessURI uri = new AccessURI("file:///path/to/");
-+ Set<? extends Action> actions = EnumSet.of(DBModelAction.ALL, DBModelAction.SELECT, DBModelAction.INSERT);
-+ policyFile.addGroupsToUser(user1.getName(), "group1")
-+ .addRolesToGroup("group1", "role1")
-+ .addPermissionsToRole("role1", "server=" + server1.getName() + "->uri=" + uri.getName());
-+ policyFile.write(iniFile);
-+ PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest(server1.getName(), initResource);
-+ authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy, HivePrivilegeModel.getInstance());
-+ // positive test
-+ List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri);
-+ Assert.assertTrue(authorizableHierarchy.toString(),
-+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-+ // negative tests
-+ // TODO we should support the case of /path/to/./ but let's to that later
-+ uri = new AccessURI("file:///path/to/./");
-+ authorizableHierarchy = ImmutableList.of(server1, uri);
-+ Assert.assertFalse(authorizableHierarchy.toString(),
-+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-+ uri = new AccessURI("file:///path/to/../");
-+ authorizableHierarchy = ImmutableList.of(server1, uri);
-+ Assert.assertFalse(authorizableHierarchy.toString(),
-+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-+ uri = new AccessURI("file:///path/to/../../");
-+ authorizableHierarchy = ImmutableList.of(server1, uri);
-+ Assert.assertFalse(authorizableHierarchy.toString(),
-+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-+ uri = new AccessURI("file:///path/to/dir/../../");
-+ authorizableHierarchy = ImmutableList.of(server1, uri);
-+ Assert.assertFalse(authorizableHierarchy.toString(),
-+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-+ }
-+ @Test(expected=IllegalArgumentException.class)
-+ public void testInvalidPath() throws Exception {
-+ new AccessURI(":invaliduri");
-+ }
-+}
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineDFS.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineDFS.java
-new file mode 100644
-index 0000000..97cf615
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineDFS.java
-@@ -0,0 +1,115 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements. See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.sentry.policy.hive;
-+
-+import java.io.File;
-+import java.io.IOException;
-+import java.util.Set;
-+
-+import org.junit.Assert;
-+
-+import org.apache.hadoop.conf.Configuration;
-+import org.apache.hadoop.fs.FileSystem;
-+import org.apache.hadoop.fs.Path;
-+import org.apache.hadoop.hdfs.MiniDFSCluster;
-+import org.apache.sentry.core.common.ActiveRoleSet;
-+import org.apache.sentry.policy.common.PolicyEngine;
-+import org.apache.sentry.provider.file.PolicyFile;
-+import org.apache.sentry.provider.file.PolicyFiles;
-+import org.junit.AfterClass;
-+import org.junit.BeforeClass;
-+import org.junit.Test;
-+
-+import com.google.common.collect.ImmutableSet;
-+import com.google.common.collect.Sets;
-+import com.google.common.io.Files;
-+
-+public class TestSimpleDBPolicyEngineDFS extends AbstractTestSimplePolicyEngine {
-+
-+ private static MiniDFSCluster dfsCluster;
-+ private static FileSystem fileSystem;
-+ private static Path root;
-+ private static Path etc;
-+
-+ @BeforeClass
-+ public static void setupLocalClazz() throws IOException {
-+ File baseDir = getBaseDir();
-+ Assert.assertNotNull(baseDir);
-+ File dfsDir = new File(baseDir, "dfs");
-+ Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs());
-+ Configuration conf = new Configuration();
-+ conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
-+ dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
-+ fileSystem = dfsCluster.getFileSystem();
-+ root = new Path(fileSystem.getUri().toString());
-+ etc = new Path(root, "/etc");
-+ fileSystem.mkdirs(etc);
-+ }
-+ @AfterClass
-+ public static void teardownLocalClazz() {
-+ if(dfsCluster != null) {
-+ dfsCluster.shutdown();
-+ }
-+ }
-+
-+ @Override
-+ protected void afterSetup() throws IOException {
-+ fileSystem.delete(etc, true);
-+ fileSystem.mkdirs(etc);
-+ PolicyFiles.copyToDir(fileSystem, etc, "hive-policy-test-authz-provider.ini", "hive-policy-test-authz-provider-other-group.ini");
-+ setPolicy(DBPolicyTestUtil.createPolicyEngineForTest("server1",
-+ new Path(etc, "hive-policy-test-authz-provider.ini").toString()));
-+ }
-+ @Override
-+ protected void beforeTeardown() throws IOException {
-+ fileSystem.delete(etc, true);
-+ }
-+
-+ @Test
-+ public void testMultiFSPolicy() throws Exception {
-+ File globalPolicyFile = new File(Files.createTempDir(), "global-policy.ini");
-+ File dbPolicyFile = new File(Files.createTempDir(), "db11-policy.ini");
-+
-+ // Create global policy file
-+ PolicyFile dbPolicy = new PolicyFile()
-+ .addPermissionsToRole("db11_role", "server=server1->db=db11")
-+ .addRolesToGroup("group1", "db11_role");
-+
-+ dbPolicy.write(dbPolicyFile);
-+ Path dbPolicyPath = new Path(etc, "db11-policy.ini");
-+
-+ // create per-db policy file
-+ PolicyFile globalPolicy = new PolicyFile()
-+ .addPermissionsToRole("admin_role", "server=server1")
-+ .addRolesToGroup("admin_group", "admin_role")
-+ .addGroupsToUser("db", "admin_group");
-+ globalPolicy.addDatabase("db11", dbPolicyPath.toUri().toString());
-+ globalPolicy.write(globalPolicyFile);
-+
-+
-+ PolicyFiles.copyFilesToDir(fileSystem, etc, globalPolicyFile);
-+ PolicyFiles.copyFilesToDir(fileSystem, etc, dbPolicyFile);
-+ PolicyEngine multiFSEngine =
-+ DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath());
-+
-+ Set<String> dbGroups = Sets.newHashSet();
-+ dbGroups.add("group1");
-+ ImmutableSet<String> dbPerms =
-+ multiFSEngine.getAllPrivileges(dbGroups, ActiveRoleSet.ALL);
-+ Assert.assertEquals("No DB permissions found", 1, dbPerms.size());
-+ }
-+}
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineLocalFS.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineLocalFS.java
-new file mode 100644
-index 0000000..c986d7e
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/policy/hive/TestSimpleDBPolicyEngineLocalFS.java
-@@ -0,0 +1,44 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements. See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.sentry.policy.hive;
-+
-+import java.io.File;
-+import java.io.IOException;
-+
-+import org.junit.Assert;
-+
-+import org.apache.commons.io.FileUtils;
-+import org.apache.sentry.provider.file.PolicyFiles;
-+
-+public class TestSimpleDBPolicyEngineLocalFS extends AbstractTestSimplePolicyEngine {
-+
-+ @Override
-+ protected void afterSetup() throws IOException {
-+ File baseDir = getBaseDir();
-+ Assert.assertNotNull(baseDir);
-+ Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
-+ PolicyFiles.copyToDir(baseDir, "hive-policy-test-authz-provider.ini", "hive-policy-test-authz-provider-other-group.ini");
-+ setPolicy(DBPolicyTestUtil.createPolicyEngineForTest("server1",
-+ new File(baseDir, "hive-policy-test-authz-provider.ini").getPath()));
-+ }
-+ @Override
-+ protected void beforeTeardown() throws IOException {
-+ File baseDir = getBaseDir();
-+ Assert.assertNotNull(baseDir);
-+ FileUtils.deleteQuietly(baseDir);
-+ }
-+}
-diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/privilege/hive/TestCommonPrivilegeForHive.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/privilege/hive/TestCommonPrivilegeForHive.java
-new file mode 100644
-index 0000000..c719802
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/privilege/hive/TestCommonPrivilegeForHive.java
-@@ -0,0 +1,344 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements. See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.sentry.privilege.hive;
-+
-+import junit.framework.Assert;
-+import org.apache.sentry.core.common.Model;
-+import org.apache.sentry.core.common.utils.KeyValue;
-+import org.apache.sentry.core.common.utils.PathUtils;
-+import org.apache.sentry.core.common.utils.SentryConstants;
-+import org.apache.sentry.core.model.db.AccessConstants;
-+import org.apache.sentry.core.model.db.HivePrivilegeModel;
-+import org.apache.sentry.policy.common.CommonPrivilege;
-+import org.apache.sentry.policy.common.Privilege;
-+import org.junit.Before;
-+import org.junit.Test;
-+
-+import static junit.framework.Assert.assertFalse;
-+import static junit.framework.Assert.assertTrue;
-+
-+public class TestCommonPrivilegeForHive {
-+
-+ private Model hivePrivilegeModel;
-+
-+ private static final String ALL = AccessConstants.ALL;
-+
-+ private static final CommonPrivilege ROLE_SERVER_SERVER1_DB_ALL =
-+ create(new KeyValue("server", "server1"), new KeyValue("db", ALL));
-+ private static final CommonPrivilege ROLE_SERVER_SERVER1_DB_DB1 =
-+ create(new KeyValue("server", "server1"), new KeyValue("db", "db1"));
-+ private static final CommonPrivilege ROLE_SERVER_SERVER2_DB_ALL =
-+ create(new KeyValue("server", "server2"), new KeyValue("db", ALL));
-+ private static final CommonPrivilege ROLE_SERVER_SERVER2_DB_DB1 =
-+ create(new KeyValue("server", "server2"), new KeyValue("db", "db1"));
-+ private static final CommonPrivilege ROLE_SERVER_ALL_DB_ALL =
-+ create(new KeyValue("server", ALL), new KeyValue("db", ALL));
-+ private static final CommonPrivilege ROLE_SERVER_ALL_DB_DB1 =
-+ create(new KeyValue("server", ALL), new KeyValue("db", "db1"));
-+
-+ private static final CommonPrivilege ROLE_SERVER_SERVER1_URI_URI1 =
-+ create(new KeyValue("server", "server1"), new KeyValue("uri",
-+ "hdfs://namenode:8020/path/to/uri1"));
-+ private static final CommonPrivilege ROLE_SERVER_SERVER1_URI_URI2 =
-+ create(new KeyValue("server", "server1"), new KeyValue("uri",
-+ "hdfs://namenode:8020/path/to/uri2/"));
-+ private static final CommonPrivilege ROLE_SERVER_SERVER1_URI_ALL =
-+ create(new KeyValue("server", "server1"), new KeyValue("uri", ALL));
-+
-+ private static final CommonPrivilege ROLE_SERVER_SERVER1 =
-+ create(new KeyValue("server", "server1"));
-+
-+ private static final CommonPrivilege REQUEST_SERVER1_DB1 =
-+ create(new KeyValue("server", "server1"), new KeyValue("db", "db1"));
-+ private static final CommonPrivilege REQUEST_SERVER2_DB1 =
-+ create(new KeyValue("server", "server2"), new KeyValue("db", "db1"));
-+ private static final CommonPrivilege REQUEST_SERVER1_DB2 =
-+ create(new KeyValue("server", "server1"), new KeyValue("db", "db2"));
-+ private static final CommonPrivilege REQUEST_SERVER2_DB2 =
-+ create(new KeyValue("server", "server2"), new KeyValue("db", "db2"));
-+
-+ private static final CommonPrivilege REQUEST_SERVER1_URI1 =
-+ create(new KeyValue("server", "server1"), new KeyValue("uri",
-+ "hdfs://namenode:8020/path/to/uri1/some/file"));
-+ private static final CommonPrivilege REQUEST_SERVER1_URI2 =
-+ create(new KeyValue("server", "server1"), new KeyValue("uri",
-+ "hdfs://namenode:8020/path/to/uri2/some/other/file"));
-+
-+ private static final CommonPrivilege REQUEST_SERVER1_OTHER =
-+ create(new KeyValue("server", "server2"), new KeyValue("other", "thing"));
-+
-+ private static final CommonPrivilege REQUEST_SERVER1 =
-+ create(new KeyValue("server", "server2"));
-+
-+ @Before
-+ public void prepareData() {
-+ hivePrivilegeModel = HivePrivilegeModel.getInstance();
-+ }
-+
-+ @Test
-+ public void testOther() throws Exception {
-+ assertFalse(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1_OTHER, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER1_OTHER.implies(ROLE_SERVER_ALL_DB_ALL, hivePrivilegeModel));
-+ }
-+
-+ @Test
-+ public void testRoleShorterThanRequest() throws Exception {
-+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_DB1, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_DB2, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER2_DB1, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER2_DB2, hivePrivilegeModel));
-+
-+ assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1, hivePrivilegeModel));
-+ }
-+
-+ @Test
-+ public void testRolesAndRequests() throws Exception {
-+ // ROLE_SERVER_SERVER1_DB_ALL
-+ assertTrue(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER1_DB1, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER2_DB1, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER1_DB2, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(REQUEST_SERVER2_DB2, hivePrivilegeModel));
-+
-+ // test inverse
-+ assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER1_DB_ALL, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER1_DB_ALL, hivePrivilegeModel));
-+ assertTrue(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER1_DB_ALL, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER1_DB_ALL, hivePrivilegeModel));
-+
-+ // ROLE_SERVER_SERVER1_DB_DB1
-+ assertTrue(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER1_DB1, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER2_DB1, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER1_DB2, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1_DB_DB1.implies(REQUEST_SERVER2_DB2, hivePrivilegeModel));
-+
-+ // test inverse
-+ assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER1_DB_DB1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER1_DB_DB1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER1_DB_DB1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER1_DB_DB1, hivePrivilegeModel));
-+
-+ // ROLE_SERVER_SERVER2_DB_ALL
-+ assertFalse(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER1_DB1, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER2_DB1, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER1_DB2, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER2_DB_ALL.implies(REQUEST_SERVER2_DB2, hivePrivilegeModel));
-+
-+ // test inverse
-+ assertFalse(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER2_DB_ALL, hivePrivilegeModel));
-+ assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER2_DB_ALL, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER2_DB_ALL, hivePrivilegeModel));
-+ assertTrue(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER2_DB_ALL, hivePrivilegeModel));
-+
-+ // ROLE_SERVER_SERVER2_DB_DB1
-+ assertFalse(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER1_DB1, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER2_DB1, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER1_DB2, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER2_DB_DB1.implies(REQUEST_SERVER2_DB2, hivePrivilegeModel));
-+
-+ assertFalse(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_SERVER2_DB_DB1, hivePrivilegeModel));
-+ assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_SERVER2_DB_DB1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_SERVER2_DB_DB1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_SERVER2_DB_DB1, hivePrivilegeModel));
-+
-+ // ROLE_SERVER_ALL_DB_ALL
-+ assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1_DB1, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER2_DB1, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER1_DB2, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_ALL_DB_ALL.implies(REQUEST_SERVER2_DB2, hivePrivilegeModel));
-+
-+ // test inverse
-+ assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_ALL_DB_ALL, hivePrivilegeModel));
-+ assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_ALL_DB_ALL, hivePrivilegeModel));
-+ assertTrue(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_ALL_DB_ALL, hivePrivilegeModel));
-+ assertTrue(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_ALL_DB_ALL, hivePrivilegeModel));
-+
-+ // ROLE_SERVER_ALL_DB_DB1
-+ assertTrue(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1_DB1, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER2_DB1, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1_DB2, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER2_DB2, hivePrivilegeModel));
-+
-+ // test inverse
-+ assertTrue(REQUEST_SERVER1_DB1.implies(ROLE_SERVER_ALL_DB_DB1, hivePrivilegeModel));
-+ assertTrue(REQUEST_SERVER2_DB1.implies(ROLE_SERVER_ALL_DB_DB1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER1_DB2.implies(ROLE_SERVER_ALL_DB_DB1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER2_DB2.implies(ROLE_SERVER_ALL_DB_DB1, hivePrivilegeModel));
-+
-+ // uri
-+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI1, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI2, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI2, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER1_URI_ALL.implies(REQUEST_SERVER1_URI1, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER1_URI_ALL.implies(REQUEST_SERVER1_URI2, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER1.implies(REQUEST_SERVER1_URI2, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER1_URI_URI1.implies(REQUEST_SERVER1_URI1, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1_URI_URI1.implies(REQUEST_SERVER1_URI2, hivePrivilegeModel));
-+ assertTrue(ROLE_SERVER_SERVER1_URI_URI2.implies(REQUEST_SERVER1_URI2, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1_URI_URI2.implies(REQUEST_SERVER1_URI1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER2_DB2.implies(REQUEST_SERVER1_URI1, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_ALL_DB_DB1.implies(REQUEST_SERVER1_URI1, hivePrivilegeModel));
-+ // test inverse
-+ assertTrue(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1_URI_ALL, hivePrivilegeModel));
-+ assertTrue(REQUEST_SERVER1_URI2.implies(ROLE_SERVER_SERVER1_URI_ALL, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1_URI_URI1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER1_URI2.implies(ROLE_SERVER_SERVER1_URI_URI1, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER1_URI2.implies(ROLE_SERVER_SERVER1_URI_URI2, hivePrivilegeModel));
-+ assertFalse(REQUEST_SERVER1_URI1.implies(ROLE_SERVER_SERVER1_URI_URI2, hivePrivilegeModel));
-+ };
-+
-+ @Test
-+ public void testUnexpected() throws Exception {
-+ Privilege p = new Privilege() {
-+ @Override
-+ public boolean implies(Privilege p, Model m) {
-+ return false;
-+ }
-+ };
-+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(null, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.implies(p, hivePrivilegeModel));
-+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.equals(null));
-+ assertFalse(ROLE_SERVER_SERVER1_DB_ALL.equals(p));
-+
-+ Assert.assertEquals(ROLE_SERVER_SERVER1_DB_ALL.hashCode(),
-+ create(ROLE_SERVER_SERVER1_DB_ALL.toString()).hashCode());
-+ }
-+
-+ @Test(expected=IllegalArgumentException.class)
-+ public void testNullString() throws Exception {
-+ System.out.println(create((String)null));
-+ }
-+
-+ @Test(expected=IllegalArgumentException.class)
-+ public void testEmptyString() throws Exception {
-+ System.out.println(create(""));
-+ }
-+
-+ @Test(expected=IllegalArgumentException.class)
-+ public void testEmptyKey() throws Exception {
-+ System.out.println(create(SentryConstants.KV_JOINER.join("", "db1")));
-+ }
-+
-+ @Test(expected=IllegalArgumentException.class)
-+ public void testEmptyValue() throws Exception {
-+ System.out.println(create(SentryConstants.KV_JOINER.join("db", "")));
-+ }
-+
-+ @Test(expected=IllegalArgumentException.class)
-+ public void testEmptyPart() throws Exception {
-+ System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
-+ join(SentryConstants.KV_JOINER.join("server", "server1"), "")));
-+ }
-+
-+ @Test(expected=IllegalArgumentException.class)
-+ public void testOnlySeperators() throws Exception {
-+ System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
-+ join(SentryConstants.KV_SEPARATOR, SentryConstants.KV_SEPARATOR,
-+ SentryConstants.KV_SEPARATOR)));
-+ }
-+
-+ @Test
-+ public void testImpliesURIPositive() throws Exception {
-+ assertTrue(PathUtils.impliesURI("hdfs://namenode:8020/path", "hdfs://namenode:8020/path/to/some/dir"));
-+ assertTrue(PathUtils.impliesURI("hdfs://namenode:8020/path", "hdfs://namenode:8020/path"));
-+ assertTrue(PathUtils.impliesURI("file:///path", "file:///path/to/some/dir"));
-+ assertTrue(PathUtils.impliesURI("file:///path", "file:///path"));
-+ }
-+
-+ @Test
-+ public void testImpliesURINegative() throws Exception {
-+ // relative path
-+ assertFalse(PathUtils.impliesURI("hdfs://namenode:8020/path", "hdfs://namenode:8020/path/to/../../other"));
-+ assertFalse(PathUtils.impliesURI("file:///path", "file:///path/to/../../other"));
-+ // bad policy
-+ assertFalse(PathUtils.impliesURI("blah", "hdfs://namenode:8020/path/to/some/dir"));
-+ // bad request
-+ assertFalse(PathUtils.impliesURI("hdfs://namenode:8020/path", "blah"));
-+ // scheme
-+ assertFalse(PathUtils.impliesURI("hdfs://namenode:8020/path", "file:///path/to/some/dir"));
-+ assertFalse(PathUtils.impliesURI("hdfs://namenode:8020/path", "file://namenode:8020/path/to/some/dir"));
-+ // hostname
-+ assertFalse(PathUtils.impliesURI("hdfs://namenode1:8020/path", "hdfs://namenode2:8020/path/to/some/dir"));
-+ // port
-+ assertFalse(PathUtils.impliesURI("hdfs://namenode:8020/path", "hdfs://namenode:8021/path/to/some/dir"));
-+ // mangled path
-+ assertFalse(PathUtils.impliesURI("hdfs://namenode:8020/path", "hdfs://namenode:8020/pathFooBar"));
-+ // ends in /
-+ assertTrue(PathUtils.impliesURI("hdfs://namenode:8020/path/", "hdfs://namenode:8020/path/FooBar"));
-+ }
-+
-+ @Test
-+ public void testActionHierarchy() throws Exception {
-+ String dbName = "db1";
-+ CommonPrivilege dbAll = create(new KeyValue("server", "server1"),
-+ new KeyValue("db", dbName), new KeyValue("action", "ALL"));
-+
-+ CommonPrivilege dbSelect = create(new KeyValue("server", "server1"),
-+ new KeyValue("db", dbName), new KeyValue("action", "SELECT"));
-+ CommonPrivilege dbInsert = create(new KeyValue("server", "server1"),
-+ new KeyValue("db", dbName), new KeyValue("action", "INSERT"));
-+ CommonPrivilege dbAlter = create(new KeyValue("server", "server1"),
-+ new KeyValue("db", dbName), new KeyValue("action", "ALTER"));
-+ CommonPrivilege dbCreate = create(new KeyValue("server", "server1"),
-+ new KeyValue("db", dbName), new KeyValue("action", "CREATE"));
-+ CommonPrivilege dbDrop = create(new KeyValue("server", "server1"),
-+ new KeyValue("db", dbName), new KeyValue("action", "DROP"));
-+ CommonPrivilege dbIndex = create(new KeyValue("server", "server1"),
-+ new KeyValue("db", dbName), new KeyValue("action", "INDEX"));
-+ CommonPrivilege dbLock = create(new KeyValue("server", "server1"),
-+ new KeyValue("db", dbName), new KeyValue("action", "LOCK"));
-+
-+ assertTrue(dbAll.implies(dbSelect, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbInsert, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbAlter, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbCreate, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbDrop, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbIndex, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbLock, hivePrivilegeModel));
-+
-+ dbAll = create(new KeyValue("server", "server1"),
-+ new KeyValue("db", dbName), new KeyValue("action", "*"));
-+
-+ assertTrue(dbAll.implies(dbSelect, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbInsert, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbAlter, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbCreate, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbDrop, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbIndex, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbLock, hivePrivilegeModel));
-+
-+ dbAll = create(new KeyValue("server", "server1"),
-+ new KeyValue("db", dbName));
-+
-+ assertTrue(dbAll.implies(dbSelect, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbInsert, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbAlter, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbCreate, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbDrop, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbIndex, hivePrivilegeModel));
-+ assertTrue(dbAll.implies(dbLock, hivePrivilegeModel));
-+ }
-+
-+ static CommonPrivilege create(KeyValue... keyValues) {
-+ return create(SentryConstants.AUTHORIZABLE_JOINER.join(keyValues));
-+ }
-+
-+ static CommonPrivilege create(String s) {
-+ return new CommonPrivilege(s);
-+ }
-+}
-diff --git a/sentry-binding/sentry-binding-hive/src/test/resources/hive-policy-test-authz-provider-other-group.ini b/sentry-binding/sentry-binding-hive/src/test/resources/hive-policy-test-authz-provider-other-group.ini
-new file mode 100644
-index 0000000..cd3695c
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/resources/hive-policy-test-authz-provider-other-group.ini
-@@ -0,0 +1,22 @@
-+# Licensed to the Apache Software Foundation (ASF) under one
-+# or more contributor license agreements. See the NOTICE file
-+# distributed with this work for additional information
-+# regarding copyright ownership. The ASF licenses this file
-+# to you under the Apache License, Version 2.0 (the
-+# "License"); you may not use this file except in compliance
-+# with the License. You may obtain a copy of the License at
-+#
-+# http://www.apache.org/licenses/LICENSE-2.0
-+#
-+# Unless required by applicable law or agreed to in writing,
-+# software distributed under the License is distributed on an
-+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-+# KIND, either express or implied. See the License for the
-+# specific language governing permissions and limitations
-+# under the License.
-+
-+[groups]
-+other_group = analyst_role
-+
-+[roles]
-+analyst_role = server=server1->db=other_group_db->table=purchases->action=select
-\ No newline at end of file
-diff --git a/sentry-binding/sentry-binding-hive/src/test/resources/hive-policy-test-authz-provider.ini b/sentry-binding/sentry-binding-hive/src/test/resources/hive-policy-test-authz-provider.ini
-new file mode 100644
-index 0000000..e9114ef
---- /dev/null
-+++ b/sentry-binding/sentry-binding-hive/src/test/resources/hive-policy-test-authz-provider.ini
-@@ -0,0 +1,32 @@
-+# Licensed to the Apache Software Foundation (ASF) under one
-+# or more contributor license agreements. See the NOTICE file
-+# distributed with this work for additional information
-+# regarding copyright ownership. The ASF licenses this file
-+# to you under the Apache License, Version 2.0 (the
-+# "License"); you may not use this file except in compliance
-+# with the License. You may obtain a copy of the License at
-+#
-+# http://www.apache.org/licenses/LICENSE-2.0
-+#
-+# Unless required by applicable law or agreed to in writing,
-+# software distributed under the License is distributed on an
-+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-+# KIND, either express or implied. See the License for the
-+# specific language governing permissions and limitations
-+# under the License.
-+
-+[databases]
-+other_group_db = hive-policy-test-authz-provider-other-group.ini
-+
-+[groups]
-+manager = analyst_role, junior_analyst_role
-+analyst = analyst_role
-+jranalyst = junior_analyst_role
-+admin = admin
-+
-+[roles]
-+analyst_role = server=server1->db=customers->table=purchases->action=select, \
-+ server=server1->db=analyst1, \
-+ server=server1->db=jranalyst1->table=*->action=select
-+junior_analyst_role = server=server1->db=jranalyst1, server=server1->db=customers->table=purchases_partial->action=select
-+admin = server=server1
-diff --git a/sentry-binding/sentry-binding-kafka/pom.xml b/sentry-binding/sentry-binding-kafka/pom.xml
-index 15d3de5..f6f212b 100644
---- a/sentry-binding/sentry-binding-kafka/pom.xml
-+++ b/sentry-binding/sentry-binding-kafka/pom.xml
-@@ -45,10 +45,6 @@ limitations under the License.
- </dependency>
- <dependency>
- <groupId>org.apache.sentry</groupId>
-- <artifactId>sentry-policy-kafka</artifactId>
-- </dependency>
-- <dependency>
-- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-provider-common</artifactId>
- </dependency>
- <dependency>
-@@ -73,5 +69,10 @@ limitations under the License.
- <artifactId>kafka_2.11</artifactId>
- <scope>provided</scope>
- </dependency>
-+ <dependency>
-+ <groupId>org.apache.hadoop</groupId>
-+ <artifactId>hadoop-minicluster</artifactId>
-+ <scope>test</scope>
-+ </dependency>
- </dependencies>
- </project>
-diff --git a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
-index c6600a0..15f7359 100644
---- a/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
-+++ b/sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java
-@@ -42,16 +42,19 @@ import org.apache.kafka.common.security.auth.KafkaPrincipal;
- import org.apache.sentry.SentryUserException;
- import org.apache.sentry.core.common.ActiveRoleSet;
- import org.apache.sentry.core.common.Authorizable;
-+import org.apache.sentry.core.common.Model;
- import org.apache.sentry.core.common.Subject;
- import org.apache.sentry.core.model.kafka.KafkaActionFactory;
- import org.apache.sentry.core.model.kafka.KafkaActionFactory.KafkaAction;
- import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
-+import org.apache.sentry.core.model.kafka.KafkaPrivilegeModel;
- import org.apache.sentry.kafka.ConvertUtil;
- import org.apache.sentry.kafka.conf.KafkaAuthConf.AuthzConfVars;
- import org.apache.sentry.policy.common.PolicyEngine;
- import org.apache.sentry.provider.common.AuthorizationComponent;
- import org.apache.sentry.provider.common.AuthorizationProvider;
- import org.apache.sentry.provider.common.ProviderBackend;
-+import org.apache.sentry.provider.common.ProviderBackendContext;
- import org.apache.sentry.provider.db.generic.SentryGenericProviderBackend;
- import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
- import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
-@@ -72,491 +75,497 @@ import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY
-
- public class KafkaAuthBinding {
-
-- private static final Logger LOG = LoggerFactory.getLogger(KafkaAuthBinding.class);
-- private static final String COMPONENT_TYPE = AuthorizationComponent.KAFKA;
-- private static final String COMPONENT_NAME = COMPONENT_TYPE;
-+ private static final Logger LOG = LoggerFactory.getLogger(KafkaAuthBinding.class);
-+ private static final String COMPONENT_TYPE = AuthorizationComponent.KAFKA;
-+ private static final String COMPONENT_NAME = COMPONENT_TYPE;
-
-- private static Boolean kerberosInit;
-+ private static Boolean kerberosInit;
-
-- private final Configuration authConf;
-- private final AuthorizationProvider authProvider;
-- private final KafkaActionFactory actionFactory = KafkaActionFactory.getInstance();
-+ private
<TRUNCATED>
[2/2] sentry git commit: SENTRY-1213: Remove unnecessary file (Colin
Ma, reviewed by Dapeng Sun)
Posted by co...@apache.org.
SENTRY-1213: Remove unnecessary file (Colin Ma, reviewed by Dapeng Sun)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/c49ea3a8
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/c49ea3a8
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/c49ea3a8
Branch: refs/heads/master
Commit: c49ea3a8ef04bff8d6766d26a9eb212cc382d965
Parents: d94e900
Author: Colin Ma <co...@apache.org>
Authored: Fri Apr 22 15:09:07 2016 +0800
Committer: Colin Ma <co...@apache.org>
Committed: Fri Apr 22 15:09:07 2016 +0800
----------------------------------------------------------------------
SENTRY-999.001.patch | 18685 --------------------------------------------
1 file changed, 18685 deletions(-)
----------------------------------------------------------------------