You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2017/11/16 09:57:03 UTC
[26/32] sentry git commit: SENTRY-1475: Integrate Sentry with Solr 7
authorization framework. (Hrishikesh Gadre,
reviewed by Kalyan Kumar Kalvagadda)
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
index 7a88d90..f060b82 100644
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
@@ -18,7 +18,6 @@ package org.apache.sentry.binding.solr;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
-
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -36,15 +35,16 @@ import org.apache.commons.io.FileUtils;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.security.GroupMappingServiceProvider;
-import org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException;
import org.apache.sentry.binding.solr.authz.SolrAuthzBinding;
import org.apache.sentry.binding.solr.conf.SolrAuthzConf;
import org.apache.sentry.binding.solr.conf.SolrAuthzConf.AuthzConfVars;
+import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAction;
import org.apache.sentry.core.common.exception.SentryGroupNotFoundException;
import org.apache.sentry.core.common.utils.PolicyFiles;
+import org.apache.sentry.core.model.solr.Collection;
+import org.apache.sentry.core.model.solr.SolrModelAction;
+import org.apache.solr.security.AuthorizationResponse;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -58,7 +58,7 @@ import com.google.common.io.Resources;
*/
public class TestSolrAuthzBinding {
private static final String RESOURCE_PATH = "test-authz-provider.ini";
- private SolrAuthzConf authzConf = new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+ private SolrAuthzConf authzConf = new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
private File baseDir;
private Collection infoCollection = new Collection("info");
@@ -68,11 +68,11 @@ public class TestSolrAuthzBinding {
private Subject sergeant1 = new Subject("sergeant1");
private Subject general1 = new Subject("general1");
- private EnumSet<SearchModelAction> querySet = EnumSet.of(SearchModelAction.QUERY);
- private EnumSet<SearchModelAction> updateSet = EnumSet.of(SearchModelAction.UPDATE);
- private EnumSet<SearchModelAction> allSet = EnumSet.of(SearchModelAction.ALL);
- private EnumSet<SearchModelAction> allOfSet = EnumSet.allOf(SearchModelAction.class);
- private EnumSet<SearchModelAction> emptySet = EnumSet.noneOf(SearchModelAction.class);
+ private EnumSet<SolrModelAction> querySet = EnumSet.of(SolrModelAction.QUERY);
+ private EnumSet<SolrModelAction> updateSet = EnumSet.of(SolrModelAction.UPDATE);
+ private EnumSet<SolrModelAction> allSet = EnumSet.of(SolrModelAction.ALL);
+ private EnumSet<SolrModelAction> allOfSet = EnumSet.allOf(SolrModelAction.class);
+ private EnumSet<SolrModelAction> emptySet = EnumSet.noneOf(SolrModelAction.class);
@Before
public void setUp() throws Exception {
@@ -103,31 +103,37 @@ public class TestSolrAuthzBinding {
@Test
public void testClassNotFound() throws Exception {
SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
setUsableAuthzConf(solrAuthzConf);
// verify it is usable
- new SolrAuthzBinding(solrAuthzConf);
+ {
+ SolrAuthzBinding binding = null;
+ try {
+ binding = new SolrAuthzBinding(solrAuthzConf);
+ } finally {
+ if (binding != null) {
+ binding.close();
+ }
+ }
+ }
// give a bogus provider
solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER.getVar(), "org.apache.sentry.provider.BogusProvider");
- try {
- new SolrAuthzBinding(solrAuthzConf);
+ try (SolrAuthzBinding b = new SolrAuthzBinding(solrAuthzConf)) {
Assert.fail("Expected ClassNotFoundException");
} catch (ClassNotFoundException e) {}
setUsableAuthzConf(solrAuthzConf);
// give a bogus provider backend
solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar(), "org.apache.sentry.provider.file.BogusProviderBackend");
- try {
- new SolrAuthzBinding(solrAuthzConf);
+ try (SolrAuthzBinding b = new SolrAuthzBinding(solrAuthzConf)) {
Assert.fail("Expected ClassNotFoundException");
} catch (ClassNotFoundException e) {}
setUsableAuthzConf(solrAuthzConf);
// give a bogus policy enine
solrAuthzConf.set(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar(), "org.apache.sentry.provider.solr.BogusPolicyEngine");
- try {
- new SolrAuthzBinding(solrAuthzConf);
+ try (SolrAuthzBinding b = new SolrAuthzBinding(solrAuthzConf)) {
Assert.fail("Expected ClassNotFoundException");
} catch (ClassNotFoundException e) {}
}
@@ -139,13 +145,12 @@ public class TestSolrAuthzBinding {
@Test
public void testResourceNotFound() throws Exception {
SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
setUsableAuthzConf(solrAuthzConf);
// bogus specification
solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), new File(baseDir, "test-authz-bogus-provider.ini").getPath());
- try {
- new SolrAuthzBinding(solrAuthzConf);
+ try (SolrAuthzBinding b = new SolrAuthzBinding(solrAuthzConf)) {
Assert.fail("Expected InvocationTargetException");
} catch (InvocationTargetException e) {
assertTrue(e.getTargetException() instanceof FileNotFoundException);
@@ -153,8 +158,7 @@ public class TestSolrAuthzBinding {
// missing specification
solrAuthzConf.unset(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar());
- try {
- new SolrAuthzBinding(solrAuthzConf);
+ try (SolrAuthzBinding b = new SolrAuthzBinding(solrAuthzConf)) {
Assert.fail("Expected InvocationTargetException");
} catch (InvocationTargetException e) {
assertTrue(e.getTargetException() instanceof IllegalArgumentException);
@@ -167,7 +171,14 @@ public class TestSolrAuthzBinding {
*/
@Test
public void testAuthProviderOnlySolrAuthzConfs() throws Exception {
- new SolrAuthzBinding(authzConf);
+ SolrAuthzBinding binding = null;
+ try {
+ binding = new SolrAuthzBinding(authzConf);
+ } finally {
+ if (binding != null) {
+ binding.close();
+ }
+ }
}
/**
@@ -176,48 +187,49 @@ public class TestSolrAuthzBinding {
@Test
public void testGroupMapping() throws Exception {
SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
setUsableAuthzConf(solrAuthzConf);
- SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
- // check non-existant users
- try {
- binding.getGroups(null);
- Assert.fail("Expected SentryGroupNotFoundException");
- } catch (SentryGroupNotFoundException e) {
- }
- try {
- binding.getGroups("nonExistantUser");
- Assert.fail("Expected SentryGroupNotFoundException");
- } catch (SentryGroupNotFoundException e) {
- }
+ try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
+ // check non-existant users
+ try {
+ binding.getGroups(null);
+ Assert.fail("Expected SentryGroupNotFoundException");
+ } catch (SentryGroupNotFoundException e) {
+ }
+ try {
+ binding.getGroups("nonExistantUser");
+ Assert.fail("Expected SentryGroupNotFoundException");
+ } catch (SentryGroupNotFoundException e) {
+ }
- // check group names don't map to user names
- try {
- binding.getGroups("corporal");
- Assert.fail("Expected SentryGroupNotFoundException");
- } catch (SentryGroupNotFoundException e) {
- }
- try {
- binding.getGroups("sergeant");
- Assert.fail("Expected SentryGroupNotFoundException");
- } catch (SentryGroupNotFoundException e) {
- }
- try {
- binding.getGroups("general");
- Assert.fail("Expected SentryGroupNotFoundException");
- } catch (SentryGroupNotFoundException e) {
- }
- try {
- binding.getGroups("othergeneralgroup");
- Assert.fail("Expected SentryGroupNotFoundException");
- } catch (SentryGroupNotFoundException e) {
- }
+ // check group names don't map to user names
+ try {
+ binding.getGroups("corporal");
+ Assert.fail("Expected SentryGroupNotFoundException");
+ } catch (SentryGroupNotFoundException e) {
+ }
+ try {
+ binding.getGroups("sergeant");
+ Assert.fail("Expected SentryGroupNotFoundException");
+ } catch (SentryGroupNotFoundException e) {
+ }
+ try {
+ binding.getGroups("general");
+ Assert.fail("Expected SentryGroupNotFoundException");
+ } catch (SentryGroupNotFoundException e) {
+ }
+ try {
+ binding.getGroups("othergeneralgroup");
+ Assert.fail("Expected SentryGroupNotFoundException");
+ } catch (SentryGroupNotFoundException e) {
+ }
- // check valid group names
- assertEquals(binding.getGroups("corporal1"), Sets.newHashSet("corporal"));
- assertEquals(binding.getGroups("sergeant1"), Sets.newHashSet("sergeant"));
- assertEquals(binding.getGroups("general1"), Sets.newHashSet("general", "othergeneralgroup"));
+ // check valid group names
+ assertEquals(binding.getGroups("corporal1"), Sets.newHashSet("corporal"));
+ assertEquals(binding.getGroups("sergeant1"), Sets.newHashSet("sergeant"));
+ assertEquals(binding.getGroups("general1"), Sets.newHashSet("general", "othergeneralgroup"));
+ }
}
/**
@@ -226,40 +238,49 @@ public class TestSolrAuthzBinding {
@Test
public void testGetRoles() throws Exception {
SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
setUsableAuthzConf(solrAuthzConf);
- SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
- Set<String> emptySet = Collections.emptySet();
-
- // check user with undefined group
- assertEquals(binding.getRoles("undefinedGroupUser"), emptySet);
- // check group with undefined role
- assertEquals(binding.getRoles("undefinedRoleUser"), emptySet);
+ try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
+ Set<String> emptySet = Collections.emptySet();
+
+ // check user with undefined group
+ assertEquals(binding.getRoles("undefinedGroupUser"), emptySet);
+ // check group with undefined role
+ assertEquals(binding.getRoles("undefinedRoleUser"), emptySet);
+
+ // check role names don't map in the other direction
+ try {
+ binding.getRoles("corporal_role");
+ Assert.fail("Expected SentryGroupNotFoundException");
+ } catch (SentryGroupNotFoundException e) {
+ }
+ try {
+ binding.getRoles("sergeant_role");
+ Assert.fail("Expected SentryGroupNotFoundException");
+ } catch (SentryGroupNotFoundException e) {
+ }
+ try {
+ binding.getRoles("general_role");
+ Assert.fail("Expected SentryGroupNotFoundException");
+ } catch (SentryGroupNotFoundException e) {
+ }
- // check role names don't map in the other direction
- try {
- binding.getRoles("corporal_role");
- Assert.fail("Expected SentryGroupNotFoundException");
- } catch (SentryGroupNotFoundException e) {
+ // check valid users
+ System.out.println("---" + binding.providerBackend.toString());
+
+ assertEquals(Sets.newHashSet("corporal"), binding.getGroups("corporal1"));
+ assertEquals(Sets.newHashSet("corporal_role"),
+ binding.providerBackend.getRoles(Sets.newHashSet("corporal"), ActiveRoleSet.ALL));
+ assertEquals(Sets.newHashSet("corporal_role"), binding.getRoles("corporal1"));
+ assertEquals(Sets.newHashSet("corporal_role", "sergeant_role"),
+ binding.getRoles("sergeant1"));
+ assertEquals(Sets.newHashSet("corporal_role", "sergeant_role", "general_role"),
+ binding.getRoles("general1"));
+
+ // check user whos groups have overlapping roles
+ assertEquals(Sets.newHashSet("corporal_role", "sergeant_role", "general_role"),
+ binding.getRoles("overlappingUser"));
}
- try {
- binding.getRoles("sergeant_role");
- Assert.fail("Expected SentryGroupNotFoundException");
- } catch (SentryGroupNotFoundException e) {
- }
- try {
- binding.getRoles("general_role");
- Assert.fail("Expected SentryGroupNotFoundException");
- } catch (SentryGroupNotFoundException e) {
- }
-
- // check valid users
- assertEquals(binding.getRoles("corporal1"), Sets.newHashSet("corporal_role"));
- assertEquals(binding.getRoles("sergeant1"), Sets.newHashSet("corporal_role", "sergeant_role"));
- assertEquals(binding.getRoles("general1"), Sets.newHashSet("corporal_role", "sergeant_role", "general_role"));
-
- // check user whos groups have overlapping roles
- assertEquals(binding.getRoles("overlappingUser"), Sets.newHashSet("corporal_role", "sergeant_role", "general_role"));
}
/**
@@ -267,19 +288,24 @@ public class TestSolrAuthzBinding {
*/
@Test
public void testSolrAuthzConfs() throws Exception {
- SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
- setUsableAuthzConf(solrAuthzConf);
- new SolrAuthzBinding(solrAuthzConf);
+ SolrAuthzConf solrAuthzConf =
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
+ setUsableAuthzConf(solrAuthzConf);
+
+ SolrAuthzBinding binding = null;
+ try {
+ binding = new SolrAuthzBinding(solrAuthzConf);
+ } finally {
+ if (binding != null) {
+ binding.close();
+ }
+ }
}
private void expectAuthException(SolrAuthzBinding binding, Subject subject,
- Collection collection, EnumSet<SearchModelAction> action) throws Exception {
- try {
- binding.authorizeCollection(subject, collection, action);
- Assert.fail("Expected SentrySolrAuthorizationException");
- } catch(SentrySolrAuthorizationException e) {
- }
+ Collection collection, Set<SolrModelAction> action) throws Exception {
+ assertEquals(AuthorizationResponse.FORBIDDEN,
+ binding.authorizeCollection(subject, collection, action));
}
/**
@@ -288,11 +314,10 @@ public class TestSolrAuthzBinding {
*/
@Test
public void testNoUser() throws Exception {
- SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
- setUsableAuthzConf(solrAuthzConf);
- SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
- try {
+ SolrAuthzConf solrAuthzConf =
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
+ setUsableAuthzConf(solrAuthzConf);
+ try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
binding.authorizeCollection(new Subject("bogus"), infoCollection, querySet);
Assert.fail("Expected SentryGroupNotFoundException");
} catch (SentryGroupNotFoundException e) {
@@ -304,11 +329,11 @@ public class TestSolrAuthzBinding {
*/
@Test
public void testNoCollection() throws Exception {
- SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
- setUsableAuthzConf(solrAuthzConf);
- SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
- expectAuthException(binding, corporal1, new Collection("bogus"), querySet);
+ SolrAuthzConf solrAuthzConf =
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
+ setUsableAuthzConf(solrAuthzConf);
+ SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
+ expectAuthException(binding, corporal1, new Collection("bogus"), querySet);
}
/**
@@ -317,10 +342,9 @@ public class TestSolrAuthzBinding {
@Test
public void testNoAction() throws Exception {
SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
setUsableAuthzConf(solrAuthzConf);
- SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
- try {
+ try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
binding.authorizeCollection(corporal1, infoCollection, emptySet);
Assert.fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
@@ -333,18 +357,19 @@ public class TestSolrAuthzBinding {
@Test
public void testAuthException() throws Exception {
SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
- setUsableAuthzConf(solrAuthzConf);
- SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
- expectAuthException(binding, corporal1, infoCollection, updateSet);
- expectAuthException(binding, corporal1, infoCollection, allSet);
- expectAuthException(binding, corporal1, generalInfoCollection, querySet);
- expectAuthException(binding, corporal1, generalInfoCollection, updateSet);
- expectAuthException(binding, corporal1, generalInfoCollection, allSet);
- expectAuthException(binding, sergeant1, infoCollection, allSet);
- expectAuthException(binding, sergeant1, generalInfoCollection, querySet);
- expectAuthException(binding, sergeant1, generalInfoCollection, updateSet);
- expectAuthException(binding, sergeant1, generalInfoCollection, allSet);
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
+ setUsableAuthzConf(solrAuthzConf);
+ try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
+ expectAuthException(binding, corporal1, infoCollection, updateSet);
+ expectAuthException(binding, corporal1, infoCollection, allSet);
+ expectAuthException(binding, corporal1, generalInfoCollection, querySet);
+ expectAuthException(binding, corporal1, generalInfoCollection, updateSet);
+ expectAuthException(binding, corporal1, generalInfoCollection, allSet);
+ expectAuthException(binding, sergeant1, infoCollection, allSet);
+ expectAuthException(binding, sergeant1, generalInfoCollection, querySet);
+ expectAuthException(binding, sergeant1, generalInfoCollection, updateSet);
+ expectAuthException(binding, sergeant1, generalInfoCollection, allSet);
+ }
}
/**
@@ -352,21 +377,22 @@ public class TestSolrAuthzBinding {
*/
@Test
public void testAuthAllowed() throws Exception {
- SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
- setUsableAuthzConf(solrAuthzConf);
- SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
- binding.authorizeCollection(corporal1, infoCollection, querySet);
- binding.authorizeCollection(sergeant1, infoCollection, querySet);
- binding.authorizeCollection(sergeant1, infoCollection, updateSet);
- binding.authorizeCollection(general1, infoCollection, querySet);
- binding.authorizeCollection(general1, infoCollection, updateSet);
- binding.authorizeCollection(general1, infoCollection, allSet);
- binding.authorizeCollection(general1, infoCollection, allOfSet);
- binding.authorizeCollection(general1, generalInfoCollection, querySet);
- binding.authorizeCollection(general1, generalInfoCollection, updateSet);
- binding.authorizeCollection(general1, generalInfoCollection, allSet);
- binding.authorizeCollection(general1, generalInfoCollection, allOfSet);
+ SolrAuthzConf solrAuthzConf =
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
+ setUsableAuthzConf(solrAuthzConf);
+ try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
+ binding.authorizeCollection(corporal1, infoCollection, querySet);
+ binding.authorizeCollection(sergeant1, infoCollection, querySet);
+ binding.authorizeCollection(sergeant1, infoCollection, updateSet);
+ binding.authorizeCollection(general1, infoCollection, querySet);
+ binding.authorizeCollection(general1, infoCollection, updateSet);
+ binding.authorizeCollection(general1, infoCollection, allSet);
+ binding.authorizeCollection(general1, infoCollection, allOfSet);
+ binding.authorizeCollection(general1, generalInfoCollection, querySet);
+ binding.authorizeCollection(general1, generalInfoCollection, updateSet);
+ binding.authorizeCollection(general1, generalInfoCollection, allSet);
+ binding.authorizeCollection(general1, generalInfoCollection, allOfSet);
+ }
}
/**
@@ -376,13 +402,14 @@ public class TestSolrAuthzBinding {
@Test
public void testResourceWithSchemeNotSet() throws Exception {
SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
setUsableAuthzConf(solrAuthzConf);
MiniDFSCluster dfsCluster = HdfsTestUtil.setupClass(new File(Files.createTempDir(),
- TestSolrAuthzBinding.class.getName() + "_"
- + System.currentTimeMillis()).getAbsolutePath());
+ TestSolrAuthzBinding.class.getName() + "_"
+ + System.currentTimeMillis()).getAbsolutePath());
String resourceOnHDFS = "/hdfs" + File.separator + UUID.randomUUID() + File.separator + "test-authz-provider.ini";
+ SolrAuthzBinding binding = null;
try {
// Copy resource to HDFSS
dfsCluster.getFileSystem().copyFromLocalFile(false,
@@ -391,26 +418,31 @@ public class TestSolrAuthzBinding {
solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), resourceOnHDFS);
// set HDFS as the defaultFS so the resource will be found
solrAuthzConf.set("fs.defaultFS", dfsCluster.getFileSystem().getConf().get("fs.defaultFS"));
- new SolrAuthzBinding(solrAuthzConf);
+ binding = new SolrAuthzBinding(solrAuthzConf);
} finally {
+ if (binding != null) {
+ binding.close();
+ }
if (dfsCluster != null) {
HdfsTestUtil.teardownClass(dfsCluster);
}
}
}
+ @SuppressWarnings("deprecation")
@Test
public void testCustomGroupMapping() throws Exception {
SolrAuthzConf solrAuthzConf =
- new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+ new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
setUsableAuthzConf(solrAuthzConf);
solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER.getVar(), "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider");
solrAuthzConf.set("hadoop.security.group.mapping",
- FoobarGroupMappingServiceProvider.class.getName());
- SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
- final String user = "userTestSolrAuthzBinding";
- assertEquals(1, binding.getGroups(user).size());
- assertTrue(binding.getGroups(user).contains("foobar"));
+ FoobarGroupMappingServiceProvider.class.getName());
+ try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
+ final String user = "userTestSolrAuthzBinding";
+ assertEquals(1, binding.getGroups(user).size());
+ assertTrue(binding.getGroups(user).contains("foobar"));
+ }
}
/**
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java
deleted file mode 100644
index 3df6ecf..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Set;
-import java.util.TreeSet;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public abstract class AbstractTestSearchPolicyEngine {
- private static final String ANALYST_PURCHASES_UPDATE = "collection=purchases->action=update";
- private static final String ANALYST_ANALYST1_ALL = "collection=analyst1";
- private static final String ANALYST_JRANALYST1_ACTION_ALL = "collection=jranalyst1->action=*";
- private static final String ANALYST_TMPCOLLECTION_UPDATE = "collection=tmpcollection->action=update";
- private static final String ANALYST_TMPCOLLECTION_QUERY = "collection=tmpcollection->action=query";
- private static final String JRANALYST_JRANALYST1_ALL = "collection=jranalyst1";
- private static final String JRANALYST_PURCHASES_PARTIAL_QUERY = "collection=purchases_partial->action=query";
- private static final String ADMIN_COLLECTION_ALL = "collection=*";
-
- private PolicyEngine policy;
- private static File baseDir;
-
- @BeforeClass
- public static void setupClazz() throws IOException {
- baseDir = Files.createTempDir();
- }
-
- @AfterClass
- public static void teardownClazz() throws IOException {
- if(baseDir != null) {
- FileUtils.deleteQuietly(baseDir);
- }
- }
-
- protected void setPolicy(PolicyEngine policy) {
- this.policy = policy;
- }
- protected static File getBaseDir() {
- return baseDir;
- }
- @Before
- public void setup() throws IOException {
- afterSetup();
- }
- @After
- public void teardown() throws IOException {
- beforeTeardown();
- }
- protected void afterSetup() throws IOException {
-
- }
-
- protected void beforeTeardown() throws IOException {
-
- }
-
- @Test
- public void testManager() throws Exception {
- Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
- ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
- ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
- ANALYST_TMPCOLLECTION_QUERY, JRANALYST_JRANALYST1_ALL,
- JRANALYST_PURCHASES_PARTIAL_QUERY));
- Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPrivileges(set("manager"), ActiveRoleSet.ALL))
- .toString());
- }
-
- @Test
- public void testAnalyst() throws Exception {
- Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
- ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
- ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
- ANALYST_TMPCOLLECTION_QUERY));
- Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL))
- .toString());
- }
-
- @Test
- public void testJuniorAnalyst() throws Exception {
- Set<String> expected = Sets.newTreeSet(Sets
- .newHashSet(JRANALYST_JRANALYST1_ALL,
- JRANALYST_PURCHASES_PARTIAL_QUERY));
- Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
- .toString());
- }
-
- @Test
- public void testAdmin() throws Exception {
- Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ADMIN_COLLECTION_ALL));
- Assert.assertEquals(expected.toString(),
- new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL))
- .toString());
- }
-
- private static Set<String> set(String... values) {
- return Sets.newHashSet(values);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java
new file mode 100644
index 0000000..d4f6ec2
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Set;
+import java.util.TreeSet;
+
+import org.junit.Assert;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.policy.common.PolicyEngine;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.google.common.collect.Sets;
+import com.google.common.io.Files;
+
+public abstract class AbstractTestSolrPolicyEngine {
+ private static final String ANALYST_PURCHASES_UPDATE = "collection=purchases->action=update";
+ private static final String ANALYST_ANALYST1_ALL = "collection=analyst1";
+ private static final String ANALYST_JRANALYST1_ACTION_ALL = "collection=jranalyst1->action=*";
+ private static final String ANALYST_TMPCOLLECTION_UPDATE = "collection=tmpcollection->action=update";
+ private static final String ANALYST_TMPCOLLECTION_QUERY = "collection=tmpcollection->action=query";
+ private static final String JRANALYST_JRANALYST1_ALL = "collection=jranalyst1";
+ private static final String JRANALYST_PURCHASES_PARTIAL_QUERY = "collection=purchases_partial->action=query";
+ private static final String ADMIN_COLLECTION_ALL = "collection=*";
+
+ private PolicyEngine policy;
+ private static File baseDir;
+
+ @BeforeClass
+ public static void setupClazz() throws IOException {
+ baseDir = Files.createTempDir();
+ }
+
+ @AfterClass
+ public static void teardownClazz() throws IOException {
+ if(baseDir != null) {
+ FileUtils.deleteQuietly(baseDir);
+ }
+ }
+
+ protected void setPolicy(PolicyEngine policy) {
+ this.policy = policy;
+ }
+ protected static File getBaseDir() {
+ return baseDir;
+ }
+ @Before
+ public void setup() throws IOException {
+ afterSetup();
+ }
+ @After
+ public void teardown() throws IOException {
+ beforeTeardown();
+ }
+ protected void afterSetup() throws IOException {
+
+ }
+
+ protected void beforeTeardown() throws IOException {
+
+ }
+
+ @Test
+ public void testManager() throws Exception {
+ Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
+ ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
+ ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
+ ANALYST_TMPCOLLECTION_QUERY, JRANALYST_JRANALYST1_ALL,
+ JRANALYST_PURCHASES_PARTIAL_QUERY));
+ Assert.assertEquals(expected.toString(),
+ new TreeSet<String>(policy.getPrivileges(set("manager"), ActiveRoleSet.ALL))
+ .toString());
+ }
+
+ @Test
+ public void testAnalyst() throws Exception {
+ Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
+ ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
+ ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
+ ANALYST_TMPCOLLECTION_QUERY));
+ Assert.assertEquals(expected.toString(),
+ new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL))
+ .toString());
+ }
+
+ @Test
+ public void testJuniorAnalyst() throws Exception {
+ Set<String> expected = Sets.newTreeSet(Sets
+ .newHashSet(JRANALYST_JRANALYST1_ALL,
+ JRANALYST_PURCHASES_PARTIAL_QUERY));
+ Assert.assertEquals(expected.toString(),
+ new TreeSet<String>(policy.getPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
+ .toString());
+ }
+
+ @Test
+ public void testAdmin() throws Exception {
+ Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ADMIN_COLLECTION_ALL));
+ Assert.assertEquals(expected.toString(),
+ new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL))
+ .toString());
+ }
+
+ private static Set<String> set(String... values) {
+ return Sets.newHashSet(values);
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java
deleted file mode 100644
index e198b5c..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.policy.engine.common.CommonPolicyEngine;
-import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.ProviderBackendContext;
-import org.apache.sentry.provider.file.SimpleFileProviderBackend;
-
-import java.io.IOException;
-
-public class SearchPolicyTestUtil {
-
- public static PolicyEngine createPolicyEngineForTest(String resource) throws IOException {
-
- ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource);
-
- // create backendContext
- ProviderBackendContext context = new ProviderBackendContext();
- context.setAllowPerDatabase(false);
- context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators());
- // initialize the backend with the context
- providerBackend.initialize(context);
-
-
- return new CommonPolicyEngine(providerBackend);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java
new file mode 100644
index 0000000..c219a97
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
+import org.apache.sentry.policy.common.PolicyEngine;
+import org.apache.sentry.policy.engine.common.CommonPolicyEngine;
+import org.apache.sentry.provider.common.ProviderBackend;
+import org.apache.sentry.provider.common.ProviderBackendContext;
+import org.apache.sentry.provider.file.SimpleFileProviderBackend;
+
+import java.io.IOException;
+
+public class SolrPolicyTestUtil {
+
+ public static PolicyEngine createPolicyEngineForTest(String resource) throws IOException {
+
+ ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource);
+
+ // create backendContext
+ ProviderBackendContext context = new ProviderBackendContext();
+ context.setAllowPerDatabase(false);
+ context.setValidators(SolrPrivilegeModel.getInstance().getPrivilegeValidators());
+ // initialize the backend with the context
+ providerBackend.initialize(context);
+
+
+ return new CommonPolicyEngine(providerBackend);
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java
deleted file mode 100644
index 76211dd..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import org.junit.Assert;
-
-import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
-import org.apache.sentry.core.model.search.validator.CollectionRequiredInPrivilege;
-import org.apache.shiro.config.ConfigurationException;
-import org.junit.Test;
-
-public class TestCollectionRequiredInRole {
-
- @Test
- public void testEmptyRole() throws Exception {
- CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
-
- // check no db
- try {
- collRequiredInRole.validate(new PrivilegeValidatorContext("index=index1"));
- Assert.fail("Expected ConfigurationException");
- } catch (ConfigurationException e) {
- // expected
- }
-
- // check with db
- try {
- collRequiredInRole.validate(new PrivilegeValidatorContext("db1","index=index2"));
- Assert.fail("Expected ConfigurationException");
- } catch (ConfigurationException e) {
- // expected
- }
- }
-
- @Test
- public void testCollectionWithoutAction() throws Exception {
- CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
- collRequiredInRole.validate(new PrivilegeValidatorContext("collection=nodb"));
- collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db"));
- }
-
- @Test
- public void testCollectionWithAction() throws Exception {
- CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
- collRequiredInRole.validate(new PrivilegeValidatorContext(null,"collection=nodb->action=query"));
- collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db->action=update"));
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
deleted file mode 100644
index b4aa684..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.EnumSet;
-import java.util.List;
-import java.util.Set;
-
-import com.google.common.collect.Sets;
-import junit.framework.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAction;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.provider.common.GroupMappingService;
-import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
-import org.apache.sentry.core.common.utils.PolicyFiles;
-import org.junit.After;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Objects;
-import com.google.common.collect.HashMultimap;
-import com.google.common.collect.Multimap;
-import com.google.common.io.Files;
-
-
-public class TestSearchAuthorizationProviderGeneralCases {
-
- private static final Logger LOGGER = LoggerFactory
- .getLogger(TestSearchAuthorizationProviderGeneralCases.class);
-
- private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap
- .create();
-
- private static final Subject SUB_ADMIN = new Subject("admin1");
- private static final Subject SUB_MANAGER = new Subject("manager1");
- private static final Subject SUB_ANALYST = new Subject("analyst1");
- private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1");
-
- private static final Collection COLL_PURCHASES = new Collection("purchases");
- private static final Collection COLL_ANALYST1 = new Collection("analyst1");
- private static final Collection COLL_JRANALYST1 = new Collection("jranalyst1");
- private static final Collection COLL_TMP = new Collection("tmpcollection");
- private static final Collection COLL_PURCHASES_PARTIAL = new Collection("purchases_partial");
-
- private static final SearchModelAction QUERY = SearchModelAction.QUERY;
- private static final SearchModelAction UPDATE = SearchModelAction.UPDATE;
-
- static {
- USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin"));
- USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager"));
- USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst"));
- USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(),
- Arrays.asList("jranalyst"));
- }
-
- private final ResourceAuthorizationProvider authzProvider;
- private File baseDir;
-
- public TestSearchAuthorizationProviderGeneralCases() throws IOException {
- baseDir = Files.createTempDir();
- PolicyFiles.copyToDir(baseDir, "solr-policy-test-authz-provider.ini");
- authzProvider = new HadoopGroupResourceAuthorizationProvider(
- SearchPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "solr-policy-test-authz-provider.ini").getPath()),
- new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP), SearchPrivilegeModel.getInstance());
-
- }
-
- @After
- public void teardown() {
- if(baseDir != null) {
- FileUtils.deleteQuietly(baseDir);
- }
- }
-
- private void doTestAuthProviderOnCollection(Subject subject,
- Collection collection, Set<? extends Action> expectedPass) throws Exception {
- Set<SearchModelAction> allActions = EnumSet.of(SearchModelAction.ALL, SearchModelAction.QUERY, SearchModelAction.UPDATE);
- for(SearchModelAction action : allActions) {
- doTestResourceAuthorizationProvider(subject, collection,
- EnumSet.of(action), expectedPass.contains(action));
- }
- }
-
- private void doTestResourceAuthorizationProvider(Subject subject,
- Collection collection,
- Set<? extends Action> privileges, boolean expected) throws Exception {
- List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] {
- collection
- });
- Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
- helper.add("Subject", subject).add("Collection", collection)
- .add("Privileges", privileges).add("authzHierarchy", authzHierarchy);
- LOGGER.info("Running with " + helper.toString());
- Assert.assertEquals(helper.toString(), expected,
- authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
- LOGGER.info("Passed " + helper.toString());
- }
-
- @Test
- public void testAdmin() throws Exception {
- Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES, allActions);
- doTestAuthProviderOnCollection(SUB_ADMIN, COLL_ANALYST1, allActions);
- doTestAuthProviderOnCollection(SUB_ADMIN, COLL_JRANALYST1, allActions);
- doTestAuthProviderOnCollection(SUB_ADMIN, COLL_TMP, allActions);
- doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES_PARTIAL, allActions);
- }
-
- @Test
- public void testManager() throws Exception {
- Set<SearchModelAction> updateOnly = EnumSet.of(SearchModelAction.UPDATE);
- doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES, updateOnly);
-
- Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_MANAGER, COLL_ANALYST1, allActions);
- doTestAuthProviderOnCollection(SUB_MANAGER, COLL_JRANALYST1, allActions);
-
- Set<SearchModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
- doTestAuthProviderOnCollection(SUB_MANAGER, COLL_TMP, queryUpdateOnly);
-
- Set<SearchModelAction> queryOnly = EnumSet.of(SearchModelAction.QUERY);
- doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES_PARTIAL, queryOnly);
- }
-
- @Test
- public void testAnalyst() throws Exception {
- Set<SearchModelAction> updateOnly = EnumSet.of(SearchModelAction.UPDATE);
- doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES, updateOnly);
-
- Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_ANALYST, COLL_ANALYST1, allActions);
- doTestAuthProviderOnCollection(SUB_ANALYST, COLL_JRANALYST1, allActions);
-
- Set<SearchModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
- doTestAuthProviderOnCollection(SUB_ANALYST, COLL_TMP, queryUpdateOnly);
-
- Set<SearchModelAction> noActions = EnumSet.noneOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES_PARTIAL, noActions);
- }
-
- @Test
- public void testJuniorAnalyst() throws Exception {
- Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_JRANALYST1, allActions);
-
- Set<SearchModelAction> queryOnly = EnumSet.of(SearchModelAction.QUERY);
- doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES_PARTIAL, queryOnly);
-
- Set<SearchModelAction> noActions = EnumSet.noneOf(SearchModelAction.class);
- doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES, noActions);
- doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_ANALYST1, noActions);
- doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_TMP, noActions);
- }
-
- public class MockGroupMappingServiceProvider implements GroupMappingService {
- private final Multimap<String, String> userToGroupMap;
-
- public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) {
- this.userToGroupMap = userToGroupMap;
- }
-
- @Override
- public Set<String> getGroups(String user) {
- return Sets.newHashSet(userToGroupMap.get(user));
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java
deleted file mode 100644
index 371f361..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java
+++ /dev/null
@@ -1,84 +0,0 @@
- /*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.EnumSet;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAction;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.provider.common.AuthorizationProvider;
-import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.io.Files;
-
-public class TestSearchAuthorizationProviderSpecialCases {
- private AuthorizationProvider authzProvider;
- private PolicyFile policyFile;
- private File baseDir;
- private File iniFile;
- private String initResource;
- @Before
- public void setup() throws IOException {
- baseDir = Files.createTempDir();
- iniFile = new File(baseDir, "policy.ini");
- initResource = "file://" + iniFile.getPath();
- policyFile = new PolicyFile();
- }
-
- @After
- public void teardown() throws IOException {
- if(baseDir != null) {
- FileUtils.deleteQuietly(baseDir);
- }
- }
-
- @Test
- public void testDuplicateEntries() throws Exception {
- Subject user1 = new Subject("user1");
- Collection collection1 = new Collection("collection1");
- Set<? extends Action> actions = EnumSet.allOf(SearchModelAction.class);
- policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
- .addRolesToGroup("group1", true, "role1", "role1")
- .addPermissionsToRole("role1", true, "collection=" + collection1.getName(),
- "collection=" + collection1.getName());
- policyFile.write(iniFile);
- PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(initResource);
- authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy, SearchPrivilegeModel.getInstance());
- List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(collection1);
- Assert.assertTrue(authorizableHierarchy.toString(),
- authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java
deleted file mode 100644
index e7da13a..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.solr;
-import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.assertNull;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizables;
-import org.junit.Test;
-
-public class TestSearchModelAuthorizables {
-
- @Test
- public void testCollection() throws Exception {
- Collection coll = (Collection) SearchModelAuthorizables.from("CoLleCtiOn=collection1");
- assertEquals("collection1", coll.getName());
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testNoKV() throws Exception {
- System.out.println(SearchModelAuthorizables.from("nonsense"));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyKey() throws Exception {
- System.out.println(SearchModelAuthorizables.from("=v"));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyValue() throws Exception {
- System.out.println(SearchModelAuthorizables.from("k="));
- }
-
- @Test
- public void testNotAuthorizable() throws Exception {
- assertNull(SearchModelAuthorizables.from("k=v"));
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java
deleted file mode 100644
index 59283ea..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hdfs.MiniDFSCluster;
-import org.apache.sentry.core.common.utils.PolicyFiles;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-
-public class TestSearchPolicyEngineDFS extends AbstractTestSearchPolicyEngine {
-
- private static MiniDFSCluster dfsCluster;
- private static FileSystem fileSystem;
- private static Path root;
- private static Path etc;
-
- @BeforeClass
- public static void setupLocalClazz() throws IOException {
- File baseDir = getBaseDir();
- Assert.assertNotNull(baseDir);
- File dfsDir = new File(baseDir, "dfs");
- Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs());
- Configuration conf = new Configuration();
- conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
- dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
- fileSystem = dfsCluster.getFileSystem();
- root = new Path(fileSystem.getUri().toString());
- etc = new Path(root, "/etc");
- fileSystem.mkdirs(etc);
- }
-
- @AfterClass
- public static void teardownLocalClazz() {
- if(dfsCluster != null) {
- dfsCluster.shutdown();
- }
- }
-
- @Override
- protected void afterSetup() throws IOException {
- fileSystem.delete(etc, true);
- fileSystem.mkdirs(etc);
- PolicyFiles.copyToDir(fileSystem, etc, "solr-policy-test-authz-provider.ini");
- setPolicy(SearchPolicyTestUtil.createPolicyEngineForTest(new Path(etc,
- "solr-policy-test-authz-provider.ini").toString()));
- }
-
- @Override
- protected void beforeTeardown() throws IOException {
- fileSystem.delete(etc, true);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java
deleted file mode 100644
index 0ff4502..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.utils.PolicyFiles;
-
-public class TestSearchPolicyEngineLocalFS extends AbstractTestSearchPolicyEngine {
-
- @Override
- protected void afterSetup() throws IOException {
- File baseDir = getBaseDir();
- Assert.assertNotNull(baseDir);
- Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
- PolicyFiles.copyToDir(baseDir, "solr-policy-test-authz-provider.ini");
- setPolicy(SearchPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "solr-policy-test-authz-provider.ini").getPath()));
- }
- @Override
- protected void beforeTeardown() throws IOException {
- File baseDir = getBaseDir();
- Assert.assertNotNull(baseDir);
- FileUtils.deleteQuietly(baseDir);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java
deleted file mode 100644
index 20fee76..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Collections;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Charsets;
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public class TestSearchPolicyNegative {
-
- @SuppressWarnings("unused")
- private static final Logger LOGGER = LoggerFactory
- .getLogger(TestSearchPolicyNegative.class);
-
- private File baseDir;
- private File globalPolicyFile;
- private File otherPolicyFile;
-
- @Before
- public void setup() {
- baseDir = Files.createTempDir();
- globalPolicyFile = new File(baseDir, "global.ini");
- otherPolicyFile = new File(baseDir, "other.ini");
- }
-
- @After
- public void teardown() {
- if(baseDir != null) {
- FileUtils.deleteQuietly(baseDir);
- }
- }
-
- private void append(String from, File to) throws IOException {
- Files.append(from + "\n", to, Charsets.UTF_8);
- }
-
- @Test
- public void testPerDbFileException() throws Exception {
- append("[databases]", globalPolicyFile);
- append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile);
- append("[groups]", otherPolicyFile);
- append("other_group = some_role", otherPolicyFile);
- append("[roles]", otherPolicyFile);
- append("some_role = collection=c1", otherPolicyFile);
- PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
- Assert.assertEquals(Collections.emptySet(),
- policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL));
- }
-
- @Test
- public void testCollectionRequiredInRole() throws Exception {
- append("[groups]", globalPolicyFile);
- append("group = some_role", globalPolicyFile);
- append("[roles]", globalPolicyFile);
- append("some_role = action=query", globalPolicyFile);
- PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
- ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
- Assert.assertTrue(permissions.toString(), permissions.isEmpty());
- }
-
- @Test
- public void testGroupIncorrect() throws Exception {
- append("[groups]", globalPolicyFile);
- append("group = malicious_role", globalPolicyFile);
- append("[roles]", globalPolicyFile);
- append("malicious_role = collection=*", globalPolicyFile);
- PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
- ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL);
- Assert.assertTrue(permissions.toString(), permissions.isEmpty());
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java
new file mode 100644
index 0000000..a8b0453
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java
@@ -0,0 +1,196 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Set;
+
+import com.google.common.collect.Sets;
+import junit.framework.Assert;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.model.solr.Collection;
+import org.apache.sentry.core.model.solr.SolrModelAction;
+import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
+import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
+import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
+import org.apache.sentry.core.common.utils.PolicyFiles;
+import org.junit.After;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Objects;
+import com.google.common.collect.HashMultimap;
+import com.google.common.collect.Multimap;
+import com.google.common.io.Files;
+
+
+public class TestSolrAuthorizationProviderGeneralCases {
+
+ private static final Logger LOGGER = LoggerFactory
+ .getLogger(TestSolrAuthorizationProviderGeneralCases.class);
+
+ private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap
+ .create();
+
+ private static final Subject SUB_ADMIN = new Subject("admin1");
+ private static final Subject SUB_MANAGER = new Subject("manager1");
+ private static final Subject SUB_ANALYST = new Subject("analyst1");
+ private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1");
+
+ private static final Collection COLL_PURCHASES = new Collection("purchases");
+ private static final Collection COLL_ANALYST1 = new Collection("analyst1");
+ private static final Collection COLL_JRANALYST1 = new Collection("jranalyst1");
+ private static final Collection COLL_TMP = new Collection("tmpcollection");
+ private static final Collection COLL_PURCHASES_PARTIAL = new Collection("purchases_partial");
+
+ private static final SolrModelAction QUERY = SolrModelAction.QUERY;
+ private static final SolrModelAction UPDATE = SolrModelAction.UPDATE;
+
+ static {
+ USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin"));
+ USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager"));
+ USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst"));
+ USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(),
+ Arrays.asList("jranalyst"));
+ }
+
+ private final ResourceAuthorizationProvider authzProvider;
+ private File baseDir;
+
+ public TestSolrAuthorizationProviderGeneralCases() throws IOException {
+ baseDir = Files.createTempDir();
+ PolicyFiles.copyToDir(baseDir, "solr-policy-test-authz-provider.ini");
+ authzProvider = new HadoopGroupResourceAuthorizationProvider(
+ SolrPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "solr-policy-test-authz-provider.ini").getPath()),
+ new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP), SolrPrivilegeModel.getInstance());
+
+ }
+
+ @After
+ public void teardown() {
+ if(baseDir != null) {
+ FileUtils.deleteQuietly(baseDir);
+ }
+ }
+
+ private void doTestAuthProviderOnCollection(Subject subject,
+ Collection collection, Set<? extends Action> expectedPass) throws Exception {
+ Set<SolrModelAction> allActions =
+ EnumSet.of(SolrModelAction.ALL, SolrModelAction.QUERY, SolrModelAction.UPDATE);
+ for (SolrModelAction action : allActions) {
+ doTestResourceAuthorizationProvider(subject, collection,
+ EnumSet.of(action), expectedPass.contains(action));
+ }
+ }
+
+ private void doTestResourceAuthorizationProvider(Subject subject,
+ Collection collection,
+ Set<? extends Action> privileges, boolean expected) throws Exception {
+ List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] {
+ collection
+ });
+ Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
+ helper.add("Subject", subject)
+ .add("Collection", collection)
+ .add("Privileges", privileges)
+ .add("authzHierarchy", authzHierarchy);
+ LOGGER.info("Running with " + helper.toString());
+ Assert.assertEquals(helper.toString(), expected,
+ authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
+ LOGGER.info("Passed " + helper.toString());
+ }
+
+ @Test
+ public void testAdmin() throws Exception {
+ Set<SolrModelAction> allActions = EnumSet.allOf(SolrModelAction.class);
+ doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES, allActions);
+ doTestAuthProviderOnCollection(SUB_ADMIN, COLL_ANALYST1, allActions);
+ doTestAuthProviderOnCollection(SUB_ADMIN, COLL_JRANALYST1, allActions);
+ doTestAuthProviderOnCollection(SUB_ADMIN, COLL_TMP, allActions);
+ doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES_PARTIAL, allActions);
+ }
+
+ @Test
+ public void testManager() throws Exception {
+ Set<SolrModelAction> updateOnly = EnumSet.of(SolrModelAction.UPDATE);
+ doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES, updateOnly);
+
+ Set<SolrModelAction> allActions = EnumSet.allOf(SolrModelAction.class);
+ doTestAuthProviderOnCollection(SUB_MANAGER, COLL_ANALYST1, allActions);
+ doTestAuthProviderOnCollection(SUB_MANAGER, COLL_JRANALYST1, allActions);
+
+ Set<SolrModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
+ doTestAuthProviderOnCollection(SUB_MANAGER, COLL_TMP, queryUpdateOnly);
+
+ Set<SolrModelAction> queryOnly = EnumSet.of(SolrModelAction.QUERY);
+ doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES_PARTIAL, queryOnly);
+ }
+
+ @Test
+ public void testAnalyst() throws Exception {
+ Set<SolrModelAction> updateOnly = EnumSet.of(SolrModelAction.UPDATE);
+ doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES, updateOnly);
+
+ Set<SolrModelAction> allActions = EnumSet.allOf(SolrModelAction.class);
+ doTestAuthProviderOnCollection(SUB_ANALYST, COLL_ANALYST1, allActions);
+ doTestAuthProviderOnCollection(SUB_ANALYST, COLL_JRANALYST1, allActions);
+
+ Set<SolrModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
+ doTestAuthProviderOnCollection(SUB_ANALYST, COLL_TMP, queryUpdateOnly);
+
+ Set<SolrModelAction> noActions = EnumSet.noneOf(SolrModelAction.class);
+ doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES_PARTIAL, noActions);
+ }
+
+ @Test
+ public void testJuniorAnalyst() throws Exception {
+ Set<SolrModelAction> allActions = EnumSet.allOf(SolrModelAction.class);
+ doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_JRANALYST1, allActions);
+
+ Set<SolrModelAction> queryOnly = EnumSet.of(SolrModelAction.QUERY);
+ doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES_PARTIAL, queryOnly);
+
+ Set<SolrModelAction> noActions = EnumSet.noneOf(SolrModelAction.class);
+ doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES, noActions);
+ doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_ANALYST1, noActions);
+ doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_TMP, noActions);
+ }
+
+ public class MockGroupMappingServiceProvider implements GroupMappingService {
+ private final Multimap<String, String> userToGroupMap;
+
+ public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) {
+ this.userToGroupMap = userToGroupMap;
+ }
+
+ @Override
+ public Set<String> getGroups(String user) {
+ return Sets.newHashSet(userToGroupMap.get(user));
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java
new file mode 100644
index 0000000..1329a68
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Set;
+
+import org.junit.Assert;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.policy.common.PolicyEngine;
+import org.apache.sentry.provider.common.AuthorizationProvider;
+import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.core.model.solr.Collection;
+import org.apache.sentry.core.model.solr.SolrModelAction;
+import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.io.Files;
+
+public class TestSolrAuthorizationProviderSpecialCases {
+ private AuthorizationProvider authzProvider;
+ private PolicyFile policyFile;
+ private File baseDir;
+ private File iniFile;
+ private String initResource;
+ @Before
+ public void setup() throws IOException {
+ baseDir = Files.createTempDir();
+ iniFile = new File(baseDir, "policy.ini");
+ initResource = "file://" + iniFile.getPath();
+ policyFile = new PolicyFile();
+ }
+
+ @After
+ public void teardown() throws IOException {
+ if(baseDir != null) {
+ FileUtils.deleteQuietly(baseDir);
+ }
+ }
+
+ @Test
+ public void testDuplicateEntries() throws Exception {
+ Subject user1 = new Subject("user1");
+ Collection collection1 = new Collection("collection1");
+ Set<? extends Action> actions = EnumSet.allOf(SolrModelAction.class);
+ policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
+ .addRolesToGroup("group1", true, "role1", "role1")
+ .addPermissionsToRole("role1", true, "collection=" + collection1.getName(),
+ "collection=" + collection1.getName());
+ policyFile.write(iniFile);
+ PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(initResource);
+ authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy, SolrPrivilegeModel.getInstance());
+ List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(collection1);
+ Assert.assertTrue(authorizableHierarchy.toString(),
+ authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java
new file mode 100644
index 0000000..425937e
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sentry.policy.solr;
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertNull;
+
+import org.apache.sentry.core.model.solr.Collection;
+import org.apache.sentry.core.model.solr.SolrModelAuthorizables;
+import org.junit.Test;
+
+public class TestSolrModelAuthorizables {
+
+ @Test
+ public void testCollection() throws Exception {
+ Collection coll = (Collection) SolrModelAuthorizables.from("CoLleCtiOn=collection1");
+ assertEquals("collection1", coll.getName());
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testNoKV() throws Exception {
+ System.out.println(SolrModelAuthorizables.from("nonsense"));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyKey() throws Exception {
+ System.out.println(SolrModelAuthorizables.from("=v"));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyValue() throws Exception {
+ System.out.println(SolrModelAuthorizables.from("k="));
+ }
+
+ @Test
+ public void testNotAuthorizable() throws Exception {
+ assertNull(SolrModelAuthorizables.from("k=v"));
+ }
+}