You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2017/11/16 09:57:02 UTC
[25/32] sentry git commit: SENTRY-1475: Integrate Sentry with Solr 7
authorization framework. (Hrishikesh Gadre,
reviewed by Kalyan Kumar Kalvagadda)
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java
new file mode 100644
index 0000000..8de54f6
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.junit.Assert;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.hdfs.MiniDFSCluster;
+import org.apache.sentry.core.common.utils.PolicyFiles;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+public class TestSolrPolicyEngineDFS extends AbstractTestSolrPolicyEngine {
+
+ private static MiniDFSCluster dfsCluster;
+ private static FileSystem fileSystem;
+ private static Path root;
+ private static Path etc;
+
+ @BeforeClass
+ public static void setupLocalClazz() throws IOException {
+ File baseDir = getBaseDir();
+ Assert.assertNotNull(baseDir);
+ File dfsDir = new File(baseDir, "dfs");
+ Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs());
+ Configuration conf = new Configuration();
+ conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
+ dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
+ fileSystem = dfsCluster.getFileSystem();
+ root = new Path(fileSystem.getUri().toString());
+ etc = new Path(root, "/etc");
+ fileSystem.mkdirs(etc);
+ }
+
+ @AfterClass
+ public static void teardownLocalClazz() {
+ if(dfsCluster != null) {
+ dfsCluster.shutdown();
+ }
+ }
+
+ @Override
+ protected void afterSetup() throws IOException {
+ fileSystem.delete(etc, true);
+ fileSystem.mkdirs(etc);
+ PolicyFiles.copyToDir(fileSystem, etc, "solr-policy-test-authz-provider.ini");
+ setPolicy(SolrPolicyTestUtil.createPolicyEngineForTest(new Path(etc,
+ "solr-policy-test-authz-provider.ini").toString()));
+ }
+
+ @Override
+ protected void beforeTeardown() throws IOException {
+ fileSystem.delete(etc, true);
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java
new file mode 100644
index 0000000..d138053
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.junit.Assert;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.utils.PolicyFiles;
+
+public class TestSolrPolicyEngineLocalFS extends AbstractTestSolrPolicyEngine {
+
+ @Override
+ protected void afterSetup() throws IOException {
+ File baseDir = getBaseDir();
+ Assert.assertNotNull(baseDir);
+ Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
+ PolicyFiles.copyToDir(baseDir, "solr-policy-test-authz-provider.ini");
+ setPolicy(SolrPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "solr-policy-test-authz-provider.ini").getPath()));
+ }
+ @Override
+ protected void beforeTeardown() throws IOException {
+ File baseDir = getBaseDir();
+ Assert.assertNotNull(baseDir);
+ FileUtils.deleteQuietly(baseDir);
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java
new file mode 100644
index 0000000..ec72136
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Collections;
+
+import org.junit.Assert;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.policy.common.PolicyEngine;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Charsets;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Sets;
+import com.google.common.io.Files;
+
+public class TestSolrPolicyNegative {
+
+ @SuppressWarnings("unused")
+ private static final Logger LOGGER = LoggerFactory
+ .getLogger(TestSolrPolicyNegative.class);
+
+ private File baseDir;
+ private File globalPolicyFile;
+ private File otherPolicyFile;
+
+ @Before
+ public void setup() {
+ baseDir = Files.createTempDir();
+ globalPolicyFile = new File(baseDir, "global.ini");
+ otherPolicyFile = new File(baseDir, "other.ini");
+ }
+
+ @After
+ public void teardown() {
+ if(baseDir != null) {
+ FileUtils.deleteQuietly(baseDir);
+ }
+ }
+
+ private void append(String from, File to) throws IOException {
+ Files.append(from + "\n", to, Charsets.UTF_8);
+ }
+
+ @Test
+ public void testPerDbFileException() throws Exception {
+ append("[databases]", globalPolicyFile);
+ append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile);
+ append("[groups]", otherPolicyFile);
+ append("other_group = some_role", otherPolicyFile);
+ append("[roles]", otherPolicyFile);
+ append("some_role = collection=c1", otherPolicyFile);
+ PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
+ Assert.assertEquals(Collections.emptySet(),
+ policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL));
+ }
+
+ @Test
+ public void testCollectionRequiredInRole() throws Exception {
+ append("[groups]", globalPolicyFile);
+ append("group = some_role", globalPolicyFile);
+ append("[roles]", globalPolicyFile);
+ append("some_role = action=query", globalPolicyFile);
+ PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
+ ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
+ Assert.assertTrue(permissions.toString(), permissions.isEmpty());
+ }
+
+ @Test
+ public void testGroupIncorrect() throws Exception {
+ append("[groups]", globalPolicyFile);
+ append("group = malicious_role", globalPolicyFile);
+ append("[roles]", globalPolicyFile);
+ append("malicious_role = collection=*", globalPolicyFile);
+ PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
+ ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL);
+ Assert.assertTrue(permissions.toString(), permissions.isEmpty());
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java
deleted file mode 100644
index de6d6e0..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.privilege.solr;
-
-import org.apache.sentry.core.common.Model;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.policy.common.CommonPrivilege;
-import org.apache.sentry.policy.common.Privilege;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.util.List;
-
-import static junit.framework.Assert.assertFalse;
-import static junit.framework.Assert.assertTrue;
-
-public class TestCommonPrivilegeForSearch {
-
- private Model searchPrivilegeModel;
-
- private static final String ALL = SearchConstants.ALL;
-
- @Before
- public void prepareData() {
- searchPrivilegeModel = SearchPrivilegeModel.getInstance();
- }
-
- @Test
- public void testSimpleNoAction() throws Exception {
- CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
- CommonPrivilege collection2 = create(new KeyValue("collection", "coll2"));
- CommonPrivilege collection1Case = create(new KeyValue("colleCtIon", "coLl1"));
-
- assertTrue(collection1.implies(collection1, searchPrivilegeModel));
- assertTrue(collection2.implies(collection2, searchPrivilegeModel));
- assertTrue(collection1.implies(collection1Case, searchPrivilegeModel));
- assertTrue(collection1Case.implies(collection1, searchPrivilegeModel));
-
- assertFalse(collection1.implies(collection2, searchPrivilegeModel));
- assertFalse(collection1Case.implies(collection2, searchPrivilegeModel));
- assertFalse(collection2.implies(collection1, searchPrivilegeModel));
- assertFalse(collection2.implies(collection1Case, searchPrivilegeModel));
- }
-
- @Test
- public void testSimpleAction() throws Exception {
- CommonPrivilege query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- CommonPrivilege update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- CommonPrivilege queryCase =
- create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy"));
-
- assertTrue(query.implies(query, searchPrivilegeModel));
- assertTrue(update.implies(update, searchPrivilegeModel));
- assertTrue(query.implies(queryCase, searchPrivilegeModel));
- assertTrue(queryCase.implies(query, searchPrivilegeModel));
-
- assertFalse(query.implies(update, searchPrivilegeModel));
- assertFalse(queryCase.implies(update, searchPrivilegeModel));
- assertFalse(update.implies(query, searchPrivilegeModel));
- assertFalse(update.implies(queryCase, searchPrivilegeModel));
- }
-
- @Test
- public void testRoleShorterThanRequest() throws Exception {
- CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
- CommonPrivilege query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- CommonPrivilege update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- CommonPrivilege all =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
-
- assertTrue(collection1.implies(query, searchPrivilegeModel));
- assertTrue(collection1.implies(update, searchPrivilegeModel));
- assertTrue(collection1.implies(all, searchPrivilegeModel));
-
- assertFalse(query.implies(collection1, searchPrivilegeModel));
- assertFalse(update.implies(collection1, searchPrivilegeModel));
- assertTrue(all.implies(collection1, searchPrivilegeModel));
- }
-
- @Test
- public void testCollectionAll() throws Exception {
- CommonPrivilege collectionAll = create(new KeyValue("collection", ALL));
- CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
- assertTrue(collectionAll.implies(collection1, searchPrivilegeModel));
- assertTrue(collection1.implies(collectionAll, searchPrivilegeModel));
-
- CommonPrivilege allUpdate =
- create(new KeyValue("collection", ALL), new KeyValue("action", "update"));
- CommonPrivilege allQuery =
- create(new KeyValue("collection", ALL), new KeyValue("action", "query"));
- CommonPrivilege coll1Update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- CommonPrivilege coll1Query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- assertTrue(allUpdate.implies(coll1Update, searchPrivilegeModel));
- assertTrue(allQuery.implies(coll1Query, searchPrivilegeModel));
- assertTrue(coll1Update.implies(allUpdate, searchPrivilegeModel));
- assertTrue(coll1Query.implies(allQuery, searchPrivilegeModel));
- assertFalse(allUpdate.implies(coll1Query, searchPrivilegeModel));
- assertFalse(coll1Update.implies(coll1Query, searchPrivilegeModel));
- assertFalse(allQuery.implies(coll1Update, searchPrivilegeModel));
- assertFalse(coll1Query.implies(allUpdate, searchPrivilegeModel));
- assertFalse(allUpdate.implies(allQuery, searchPrivilegeModel));
- assertFalse(allQuery.implies(allUpdate, searchPrivilegeModel));
- assertFalse(coll1Update.implies(coll1Query, searchPrivilegeModel));
- assertFalse(coll1Query.implies(coll1Update, searchPrivilegeModel));
-
- // test different length paths
- assertTrue(collectionAll.implies(allUpdate, searchPrivilegeModel));
- assertTrue(collectionAll.implies(allQuery, searchPrivilegeModel));
- assertTrue(collectionAll.implies(coll1Update, searchPrivilegeModel));
- assertTrue(collectionAll.implies(coll1Query, searchPrivilegeModel));
- assertFalse(allUpdate.implies(collectionAll, searchPrivilegeModel));
- assertFalse(allQuery.implies(collectionAll, searchPrivilegeModel));
- assertFalse(coll1Update.implies(collectionAll, searchPrivilegeModel));
- assertFalse(coll1Query.implies(collectionAll, searchPrivilegeModel));
- }
-
- @Test
- public void testActionAll() throws Exception {
- CommonPrivilege coll1All =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
- CommonPrivilege coll1Update =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
- CommonPrivilege coll1Query =
- create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
- assertTrue(coll1All.implies(coll1All, searchPrivilegeModel));
- assertTrue(coll1All.implies(coll1Update, searchPrivilegeModel));
- assertTrue(coll1All.implies(coll1Query, searchPrivilegeModel));
- assertFalse(coll1Update.implies(coll1All, searchPrivilegeModel));
- assertFalse(coll1Query.implies(coll1All, searchPrivilegeModel));
-
- // test different lengths
- CommonPrivilege coll1 =
- create(new KeyValue("collection", "coll1"));
- assertTrue(coll1All.implies(coll1, searchPrivilegeModel));
- assertTrue(coll1.implies(coll1All, searchPrivilegeModel));
- }
-
- @Test
- public void testUnexpected() throws Exception {
- Privilege p = new Privilege() {
- @Override
- public boolean implies(Privilege p, Model m) {
- return false;
- }
-
- @Override
- public List<KeyValue> getAuthorizable() {
- return null;
- }
- };
- Privilege collection1 = create(new KeyValue("collection", "coll1"));
- assertFalse(collection1.implies(null, searchPrivilegeModel));
- assertFalse(collection1.implies(p, searchPrivilegeModel));
- assertFalse(collection1.equals(null));
- assertFalse(collection1.equals(p));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testNullString() throws Exception {
- System.out.println(create((String)null));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyString() throws Exception {
- System.out.println(create(""));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyKey() throws Exception {
- System.out.println(create(SentryConstants.KV_JOINER.join("collection", "")));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyValue() throws Exception {
- System.out.println(create(SentryConstants.KV_JOINER.join("", "coll1")));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testEmptyPart() throws Exception {
- System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
- join(SentryConstants.KV_JOINER.join("collection1", "coll1"), "")));
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testOnlySeperators() throws Exception {
- System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
- join(SentryConstants.KV_SEPARATOR, SentryConstants.KV_SEPARATOR,
- SentryConstants.KV_SEPARATOR)));
- }
-
- static CommonPrivilege create(KeyValue... keyValues) {
- return create(SentryConstants.AUTHORIZABLE_JOINER.join(keyValues));
- }
-
- static CommonPrivilege create(String s) {
- return new CommonPrivilege(s);
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java
new file mode 100644
index 0000000..6782089
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java
@@ -0,0 +1,293 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.privilege.solr;
+
+import org.apache.sentry.core.common.Model;
+import org.apache.sentry.core.common.utils.KeyValue;
+import org.apache.sentry.core.common.utils.SentryConstants;
+import org.apache.sentry.core.model.solr.SolrConstants;
+import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
+import org.apache.sentry.policy.common.CommonPrivilege;
+import org.apache.sentry.policy.common.Privilege;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.List;
+
+import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertTrue;
+
+/**
+ * This class implements a set of unit tests designed to verify {@linkplain SolrPrivilegeModel}
+ */
+public class TestCommonPrivilegeForSolr {
+
+ private Model solrPrivilegeModel;
+
+ private static final String ALL = SolrConstants.ALL;
+
+ @Before
+ public void prepareData() {
+ solrPrivilegeModel = SolrPrivilegeModel.getInstance();
+ }
+
+ @Test
+ public void testSimpleNoAction() throws Exception {
+ CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
+ CommonPrivilege collection2 = create(new KeyValue("collection", "coll2"));
+ CommonPrivilege collection1Case = create(new KeyValue("colleCtIon", "coLl1"));
+
+ assertTrue(collection1.implies(collection1, solrPrivilegeModel));
+ assertTrue(collection2.implies(collection2, solrPrivilegeModel));
+ assertTrue(collection1.implies(collection1Case, solrPrivilegeModel));
+ assertTrue(collection1Case.implies(collection1, solrPrivilegeModel));
+
+ assertFalse(collection1.implies(collection2, solrPrivilegeModel));
+ assertFalse(collection1Case.implies(collection2, solrPrivilegeModel));
+ assertFalse(collection2.implies(collection1, solrPrivilegeModel));
+ assertFalse(collection2.implies(collection1Case, solrPrivilegeModel));
+ }
+
+ @Test
+ public void testAdminNoAction() throws Exception {
+ CommonPrivilege globalAdmin = create(new KeyValue("admin", SolrConstants.ALL));
+ CommonPrivilege coreAdmin = create(new KeyValue("admin", "core"));
+ CommonPrivilege collectionAdmin = create(new KeyValue("admin", "collection"));
+ CommonPrivilege securityAdmin = create(new KeyValue("admin", "security"));
+
+ assertTrue(coreAdmin.implies(coreAdmin, solrPrivilegeModel));
+ assertFalse(coreAdmin.implies(collectionAdmin, solrPrivilegeModel));
+ assertFalse(coreAdmin.implies(securityAdmin, solrPrivilegeModel));
+ // TODO - Check if this is a bug ?
+ // assertFalse(coreAdmin.implies(globalAdmin, solrPrivilegeModel));
+
+ assertTrue(collectionAdmin.implies(collectionAdmin, solrPrivilegeModel));
+ assertFalse(collectionAdmin.implies(coreAdmin, solrPrivilegeModel));
+ assertFalse(collectionAdmin.implies(securityAdmin, solrPrivilegeModel));
+ // TODO - Check if this is a bug ?
+ // assertFalse(collectionAdmin.implies(globalAdmin, solrPrivilegeModel));
+
+ assertTrue(securityAdmin.implies(securityAdmin, solrPrivilegeModel));
+ assertFalse(securityAdmin.implies(collectionAdmin, solrPrivilegeModel));
+ assertFalse(securityAdmin.implies(coreAdmin, solrPrivilegeModel));
+ // TODO - Check if this is a bug ?
+ // assertFalse(securityAdmin.implies(globalAdmin, solrPrivilegeModel));
+
+ assertTrue(globalAdmin.implies(globalAdmin, solrPrivilegeModel));
+ assertTrue(globalAdmin.implies(collectionAdmin, solrPrivilegeModel));
+ assertTrue(globalAdmin.implies(coreAdmin, solrPrivilegeModel));
+ assertTrue(globalAdmin.implies(securityAdmin, solrPrivilegeModel));
+ }
+
+ @Test
+ public void testSimpleAction() throws Exception {
+ CommonPrivilege query =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+ CommonPrivilege update =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+ CommonPrivilege queryCase =
+ create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy"));
+
+ assertTrue(query.implies(query, solrPrivilegeModel));
+ assertTrue(update.implies(update, solrPrivilegeModel));
+ assertTrue(query.implies(queryCase, solrPrivilegeModel));
+ assertTrue(queryCase.implies(query, solrPrivilegeModel));
+
+ assertFalse(query.implies(update, solrPrivilegeModel));
+ assertFalse(queryCase.implies(update, solrPrivilegeModel));
+ assertFalse(update.implies(query, solrPrivilegeModel));
+ assertFalse(update.implies(queryCase, solrPrivilegeModel));
+ }
+
+ @Test
+ public void testAdminAction() throws Exception {
+ CommonPrivilege query =
+ create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("action", "query"));
+ CommonPrivilege update =
+ create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("action", "update"));
+ CommonPrivilege queryCase =
+ create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("AcTiOn", "QuERy"));
+
+ assertTrue(query.implies(query, solrPrivilegeModel));
+ assertTrue(update.implies(update, solrPrivilegeModel));
+ assertTrue(query.implies(queryCase, solrPrivilegeModel));
+ assertTrue(queryCase.implies(query, solrPrivilegeModel));
+
+ assertFalse(query.implies(update, solrPrivilegeModel));
+ assertFalse(queryCase.implies(update, solrPrivilegeModel));
+ assertFalse(update.implies(query, solrPrivilegeModel));
+ assertFalse(update.implies(queryCase, solrPrivilegeModel));
+ }
+
+ @Test
+ public void testRoleShorterThanRequest() throws Exception {
+ CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
+ CommonPrivilege query =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+ CommonPrivilege update =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+ CommonPrivilege all =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
+
+ assertTrue(collection1.implies(query, solrPrivilegeModel));
+ assertTrue(collection1.implies(update, solrPrivilegeModel));
+ assertTrue(collection1.implies(all, solrPrivilegeModel));
+
+ assertFalse(query.implies(collection1, solrPrivilegeModel));
+ assertFalse(update.implies(collection1, solrPrivilegeModel));
+ assertTrue(all.implies(collection1, solrPrivilegeModel));
+ }
+
+ @Test
+ public void testAdminRoleShorterThanRequest() throws Exception {
+ CommonPrivilege globalAdmin = create(new KeyValue("admin", "*"));
+ CommonPrivilege query =
+ create(new KeyValue("admin", "core"), new KeyValue("action", "query"));
+ CommonPrivilege update =
+ create(new KeyValue("admin", "core"), new KeyValue("action", "update"));
+ CommonPrivilege all = create(new KeyValue("admin", "*"), new KeyValue("action", ALL));
+
+ assertTrue(globalAdmin.implies(query, solrPrivilegeModel));
+ assertTrue(globalAdmin.implies(update, solrPrivilegeModel));
+ assertTrue(globalAdmin.implies(all, solrPrivilegeModel));
+
+ assertFalse(query.implies(globalAdmin, solrPrivilegeModel));
+ assertFalse(update.implies(globalAdmin, solrPrivilegeModel));
+ assertTrue(all.implies(globalAdmin, solrPrivilegeModel));
+ }
+
+ @Test
+ public void testCollectionAll() throws Exception {
+ CommonPrivilege collectionAll = create(new KeyValue("collection", ALL));
+ CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
+ assertTrue(collectionAll.implies(collection1, solrPrivilegeModel));
+ assertTrue(collection1.implies(collectionAll, solrPrivilegeModel));
+
+ CommonPrivilege allUpdate =
+ create(new KeyValue("collection", ALL), new KeyValue("action", "update"));
+ CommonPrivilege allQuery =
+ create(new KeyValue("collection", ALL), new KeyValue("action", "query"));
+ CommonPrivilege coll1Update =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+ CommonPrivilege coll1Query =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+ assertTrue(allUpdate.implies(coll1Update, solrPrivilegeModel));
+ assertTrue(allQuery.implies(coll1Query, solrPrivilegeModel));
+ assertTrue(coll1Update.implies(allUpdate, solrPrivilegeModel));
+ assertTrue(coll1Query.implies(allQuery, solrPrivilegeModel));
+ assertFalse(allUpdate.implies(coll1Query, solrPrivilegeModel));
+ assertFalse(coll1Update.implies(coll1Query, solrPrivilegeModel));
+ assertFalse(allQuery.implies(coll1Update, solrPrivilegeModel));
+ assertFalse(coll1Query.implies(allUpdate, solrPrivilegeModel));
+ assertFalse(allUpdate.implies(allQuery, solrPrivilegeModel));
+ assertFalse(allQuery.implies(allUpdate, solrPrivilegeModel));
+ assertFalse(coll1Update.implies(coll1Query, solrPrivilegeModel));
+ assertFalse(coll1Query.implies(coll1Update, solrPrivilegeModel));
+
+ // test different length paths
+ assertTrue(collectionAll.implies(allUpdate, solrPrivilegeModel));
+ assertTrue(collectionAll.implies(allQuery, solrPrivilegeModel));
+ assertTrue(collectionAll.implies(coll1Update, solrPrivilegeModel));
+ assertTrue(collectionAll.implies(coll1Query, solrPrivilegeModel));
+ assertFalse(allUpdate.implies(collectionAll, solrPrivilegeModel));
+ assertFalse(allQuery.implies(collectionAll, solrPrivilegeModel));
+ assertFalse(coll1Update.implies(collectionAll, solrPrivilegeModel));
+ assertFalse(coll1Query.implies(collectionAll, solrPrivilegeModel));
+ }
+
+ @Test
+ public void testActionAll() throws Exception {
+ CommonPrivilege coll1All =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
+ CommonPrivilege coll1Update =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+ CommonPrivilege coll1Query =
+ create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+ assertTrue(coll1All.implies(coll1All, solrPrivilegeModel));
+ assertTrue(coll1All.implies(coll1Update, solrPrivilegeModel));
+ assertTrue(coll1All.implies(coll1Query, solrPrivilegeModel));
+ assertFalse(coll1Update.implies(coll1All, solrPrivilegeModel));
+ assertFalse(coll1Query.implies(coll1All, solrPrivilegeModel));
+
+ // test different lengths
+ CommonPrivilege coll1 =
+ create(new KeyValue("collection", "coll1"));
+ assertTrue(coll1All.implies(coll1, solrPrivilegeModel));
+ assertTrue(coll1.implies(coll1All, solrPrivilegeModel));
+ }
+
+ @Test
+ public void testUnexpected() throws Exception {
+ Privilege p = new Privilege() {
+ @Override
+ public boolean implies(Privilege p, Model m) {
+ return false;
+ }
+
+ @Override
+ public List<KeyValue> getAuthorizable() {
+ return null;
+ }
+ };
+ Privilege collection1 = create(new KeyValue("collection", "coll1"));
+ assertFalse(collection1.implies(null, solrPrivilegeModel));
+ assertFalse(collection1.implies(p, solrPrivilegeModel));
+ assertFalse(collection1.equals(null));
+ assertFalse(collection1.equals(p));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testNullString() throws Exception {
+ System.out.println(create((String)null));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyString() throws Exception {
+ System.out.println(create(""));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyKey() throws Exception {
+ System.out.println(create(SentryConstants.KV_JOINER.join("collection", "")));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyValue() throws Exception {
+ System.out.println(create(SentryConstants.KV_JOINER.join("", "coll1")));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testEmptyPart() throws Exception {
+ System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
+ join(SentryConstants.KV_JOINER.join("collection1", "coll1"), "")));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testOnlySeperators() throws Exception {
+ System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
+ join(SentryConstants.KV_SEPARATOR, SentryConstants.KV_SEPARATOR,
+ SentryConstants.KV_SEPARATOR)));
+ }
+
+ static CommonPrivilege create(KeyValue... keyValues) {
+ return create(SentryConstants.AUTHORIZABLE_JOINER.join(keyValues));
+ }
+
+ static CommonPrivilege create(String s) {
+ return new CommonPrivilege(s);
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini b/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini
index 56317db..88b6f14 100644
--- a/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini
+++ b/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini
@@ -22,9 +22,7 @@ general = corporal_role, sergeant_role, general_role
undefinedRoleGroup = undefinedRole
[roles]
-#test that specification of a bogus action doesn't affect further specifications
-corporal_role = collection=info->action=FOOBAR, \
- collection=info->action=query
+corporal_role = collection=info->action=query
sergeant_role = collection=info->action=update
general_role = collection=*->action=*
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-core/pom.xml b/sentry-core/pom.xml
index 6b91767..b6256b7 100644
--- a/sentry-core/pom.xml
+++ b/sentry-core/pom.xml
@@ -32,7 +32,7 @@ limitations under the License.
<module>sentry-core-common</module>
<module>sentry-core-model-db</module>
<module>sentry-core-model-indexer</module>
- <module>sentry-core-model-search</module>
+ <module>sentry-core-model-solr</module>
<module>sentry-core-model-sqoop</module>
<module>sentry-core-model-kafka</module>
</modules>
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/pom.xml b/sentry-core/sentry-core-model-search/pom.xml
deleted file mode 100644
index 5917a63..0000000
--- a/sentry-core/sentry-core-model-search/pom.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-core</artifactId>
- <version>2.0.0-SNAPSHOT</version>
- </parent>
-
- <artifactId>sentry-core-model-search</artifactId>
- <name>Sentry Core Model Search</name>
-
- <dependencies>
- <dependency>
- <groupId>org.apache.sentry</groupId>
- <artifactId>sentry-core-common</artifactId>
- </dependency>
-
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
-</project>
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java
deleted file mode 100644
index 26ea287..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-public class Collection implements SearchModelAuthorizable {
-
- /**
- * Represents all tables
- */
- public static final Collection ALL = new Collection(SearchConstants.ALL);
-
- private final String name;
-
- public Collection(String name) {
- this.name = name;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public String toString() {
- return "Collection [name=" + name + "]";
- }
-
- @Override
- public AuthorizableType getAuthzType() {
- return AuthorizableType.Collection;
- }
-
- @Override
- public String getTypeName() {
- return getAuthzType().name();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java
deleted file mode 100644
index 2dd9065..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-/**
- * Represents the field authorizable in the solr model
- */
-public class Field implements SearchModelAuthorizable{
-
- private final String name;
- /**
- * Represents all fields
- */
- public static final Field ALL = new Field(SearchConstants.ALL);
-
- public Field(String name) {
- this.name = name;
- }
-
- @Override
- public AuthorizableType getAuthzType() {
- return AuthorizableType.Field;
- }
-
- @Override
- public String toString() {
- return "Field [name=" + name + "]";
- }
-
- @Override
- public String getTypeName() {
- return getAuthzType().name();
- }
-
- @Override
- public String getName() {
- return name;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java
deleted file mode 100644
index 3f10726..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-import java.util.List;
-
-import org.apache.sentry.core.common.BitFieldAction;
-import org.apache.sentry.core.common.BitFieldActionFactory;
-
-import com.google.common.collect.Lists;
-
-public class SearchActionFactory extends BitFieldActionFactory {
- public enum SearchAction {
- UPDATE(SearchConstants.UPDATE, 0x0001),
- QUERY(SearchConstants.QUERY, 0x0002),
- ALL(SearchConstants.ALL, 0x0001|0x0002);
-
- private String name;
- private int code;
- private SearchAction(String name, int code) {
- this.name = name;
- this.code = code;
- }
- public String getName() {
- return name;
- }
- public int getCode() {
- return code;
- }
- }
-
- public static class SearchBitFieldAction extends BitFieldAction {
- public SearchBitFieldAction(SearchAction action) {
- super(action.getName(), action.getCode());
- }
- }
-
- private final static SearchAction[] AllActions = SearchAction.values();
- /**
- * One bit set action array, includes UPDATE and QUERY
- */
- private final static SearchAction[] OneBitActions = new SearchAction[]{SearchAction.UPDATE, SearchAction.QUERY};
-
- @Override
- public List<? extends BitFieldAction> getActionsByCode(int actionCode) {
- List<SearchBitFieldAction> actions = Lists.newArrayList();
- for (SearchAction action : OneBitActions) {
- if ((action.code & actionCode) == action.code) {
- actions.add(new SearchBitFieldAction(action));
- }
- }
- return actions;
- }
-
- @Override
- public BitFieldAction getActionByName(String name) {
- SearchBitFieldAction val = null;
- for (SearchAction action : AllActions) {
- if (action.name.equalsIgnoreCase(name)) {
- return new SearchBitFieldAction(action);
- }
- }
- return val;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java
deleted file mode 100644
index a2b17fc..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-public final class SearchConstants {
-
- public static final String ALL = "*";
- public static final String QUERY = "query";
- public static final String UPDATE = "update";
- /**
- * The property of sentry.search.service is used to distinguish itself from multiple search services. For example, there are two
- * search services: service1 and service2 implemented authorization via sentry, and it must set the value of
- * sentry.search.service=service1 or service2 to communicate with sentry service for authorization
- */
- public static final String SENTRY_SEARCH_SERVICE_KEY = "sentry.search.service";
- public static final String SENTRY_SEARCH_SERVICE_DEFAULT = "service1";
-
- private SearchConstants() {
- // Make constructor private to avoid instantiation
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java
deleted file mode 100644
index 48ac267..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-import org.apache.sentry.core.common.Action;
-
-/**
- * Represents actions in the Search model.
- */
-public enum SearchModelAction implements Action {
-
- UPDATE(SearchConstants.UPDATE),
- QUERY(SearchConstants.QUERY),
- ALL(SearchConstants.ALL);
-
- private final String value;
- private SearchModelAction(String value) {
- this.value = value;
- }
-
- @Override
- public String getValue() {
- return value;
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java
deleted file mode 100644
index 5a55963..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-import org.apache.sentry.core.common.Authorizable;
-
-public interface SearchModelAuthorizable extends Authorizable {
-
- public enum AuthorizableType {
- Collection,
- Field
- };
-
- AuthorizableType getAuthzType();
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java
deleted file mode 100644
index 2b190e5..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-import org.apache.sentry.core.model.search.SearchModelAuthorizable.AuthorizableType;
-import org.apache.sentry.core.common.utils.KeyValue;
-
-public class SearchModelAuthorizables {
-
- private SearchModelAuthorizables() {
- // Make constructor private to avoid instantiation
- }
-
- public static SearchModelAuthorizable from(KeyValue keyValue) {
- String prefix = keyValue.getKey().toLowerCase();
- String name = keyValue.getValue().toLowerCase();
- for(AuthorizableType type : AuthorizableType.values()) {
- if(prefix.equalsIgnoreCase(type.name())) {
- return from(type, name);
- }
- }
- return null;
- }
- public static SearchModelAuthorizable from(String s) {
- return from(new KeyValue(s));
- }
-
- private static SearchModelAuthorizable from(AuthorizableType type, String name) {
- switch (type) {
- case Collection:
- return new Collection(name);
- default:
- return null;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
deleted file mode 100644
index 9429a25..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-import com.google.common.collect.ImmutableList;
-import org.apache.sentry.core.common.BitFieldActionFactory;
-import org.apache.sentry.core.common.ImplyMethodType;
-import org.apache.sentry.core.common.Model;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
-import org.apache.sentry.core.model.search.validator.CollectionRequiredInPrivilege;
-
-import java.util.HashMap;
-import java.util.Map;
-
-public class SearchPrivilegeModel implements Model {
-
- private Map<String, ImplyMethodType> implyMethodMap;
- private BitFieldActionFactory bitFieldActionFactory;
- private static SearchPrivilegeModel searchPrivilegeModel = new SearchPrivilegeModel();
-
- private SearchPrivilegeModel() {
- implyMethodMap = new HashMap<String, ImplyMethodType>();
- bitFieldActionFactory = new SearchActionFactory();
-
- implyMethodMap.put(SearchModelAuthorizable.AuthorizableType.Collection.name().toLowerCase(), ImplyMethodType.STRING);
- implyMethodMap.put(SearchModelAuthorizable.AuthorizableType.Field.name().toLowerCase(), ImplyMethodType.STRING);
- }
-
- @Override
- public Map<String, ImplyMethodType> getImplyMethodMap() {
- return implyMethodMap;
- }
-
- @Override
- public BitFieldActionFactory getBitFieldActionFactory() {
- return bitFieldActionFactory;
- }
-
- public static SearchPrivilegeModel getInstance() {
- return searchPrivilegeModel;
- }
-
- public ImmutableList<PrivilegeValidator> getPrivilegeValidators() {
- return ImmutableList.<PrivilegeValidator>of(new CollectionRequiredInPrivilege());
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java
deleted file mode 100644
index c06131c..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search.validator;
-
-import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.core.common.utils.SentryConstants.PRIVILEGE_PREFIX;
-
-import java.util.List;
-
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
-import org.apache.sentry.core.model.search.SearchModelAuthorizables;
-import org.apache.shiro.config.ConfigurationException;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.Lists;
-
-public abstract class AbstractSearchPrivilegeValidator implements PrivilegeValidator {
-
- @VisibleForTesting
- public static Iterable<SearchModelAuthorizable> parsePrivilege(String string) {
- List<SearchModelAuthorizable> result = Lists.newArrayList();
- System.err.println("privilege = " + string);
- for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
- // XXX this ugly hack is because action is not an authorizable
- if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
- SearchModelAuthorizable authorizable = SearchModelAuthorizables.from(section);
- if(authorizable == null) {
- String msg = "No authorizable found for " + section;
- throw new ConfigurationException(msg);
- }
- result.add(authorizable);
- }
- }
- return result;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java
deleted file mode 100644
index 93b3861..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search.validator;
-
-import org.apache.sentry.core.common.exception.SentryConfigurationException;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
-
-public class CollectionRequiredInPrivilege extends AbstractSearchPrivilegeValidator {
-
- @Override
- public void validate(PrivilegeValidatorContext context) throws SentryConfigurationException {
- String privilege = context.getPrivilege();
- Iterable<SearchModelAuthorizable> authorizables = parsePrivilege(privilege);
- boolean foundCollectionInAuthorizables = false;
-
- for(SearchModelAuthorizable authorizable : authorizables) {
- if(authorizable instanceof Collection) {
- foundCollectionInAuthorizables = true;
- break;
- }
- }
- if(!foundCollectionInAuthorizables) {
- String msg = "Missing collection object in " + privilege;
- throw new SentryConfigurationException(msg);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java b/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java
deleted file mode 100644
index 2311401..0000000
--- a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package org.apache.sentry.core.search;
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.junit.Assert;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.junit.Test;
-
-public class TestCollection {
-
- @Test
- public void testSimple() {
- String name = "simple";
- Collection simple = new Collection(name);
- Assert.assertEquals(simple.getName(), name);
- }
-
- @Test
- public void testCollectionAuthzType() {
- Collection collection1 = new Collection("collection1");
- Collection collection2 = new Collection("collection2");
- Assert.assertEquals(collection1.getAuthzType(), collection2.getAuthzType());
- Assert.assertEquals(collection1.getTypeName(), collection2.getTypeName());
- }
-
- // just test it doesn't throw NPE
- @Test
- public void testNullCollection() {
- Collection nullCollection = new Collection(null);
- nullCollection.getName();
- nullCollection.toString();
- nullCollection.getAuthzType();
- nullCollection.getTypeName();
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java b/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java
deleted file mode 100644
index 0056f40..0000000
--- a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.search;
-
-import org.apache.sentry.core.model.search.SearchActionFactory;
-import org.apache.sentry.core.model.search.SearchActionFactory.SearchAction;
-import org.apache.sentry.core.model.search.SearchActionFactory.SearchBitFieldAction;
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.junit.Test;
-
-import com.google.common.collect.Lists;
-
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertEquals;
-
-public class TestSearchBitFieldAction {
- SearchActionFactory actionFactory = new SearchActionFactory();
-
- @Test
- public void testImpliesAction() {
- SearchBitFieldAction updateAction = new SearchBitFieldAction(SearchAction.UPDATE);
- SearchBitFieldAction queryAction = new SearchBitFieldAction(SearchAction.QUERY);
- SearchBitFieldAction allAction = new SearchBitFieldAction(SearchAction.ALL);
-
- assertTrue(allAction.implies(queryAction));
- assertTrue(allAction.implies(updateAction));
- assertTrue(allAction.implies(allAction));
- assertTrue(updateAction.implies(updateAction));
- assertTrue(queryAction.implies(queryAction));
-
- assertFalse(queryAction.implies(updateAction));
- assertFalse(queryAction.implies(allAction));
- assertFalse(updateAction.implies(queryAction));
- assertFalse(updateAction.implies(allAction));
- }
-
- @Test
- public void testGetActionByName() throws Exception {
- SearchBitFieldAction updateAction = (SearchBitFieldAction)actionFactory.getActionByName(SearchConstants.UPDATE);
- SearchBitFieldAction queryAction = (SearchBitFieldAction)actionFactory.getActionByName(SearchConstants.QUERY);
- SearchBitFieldAction allAction = (SearchBitFieldAction)actionFactory.getActionByName(SearchConstants.ALL);
-
- assertTrue(updateAction.equals(new SearchBitFieldAction(SearchAction.UPDATE)));
- assertTrue(queryAction.equals(new SearchBitFieldAction(SearchAction.QUERY)));
- assertTrue(allAction.equals(new SearchBitFieldAction(SearchAction.ALL)));
- }
-
- @Test
- public void testGetActionsByCode() throws Exception {
- SearchBitFieldAction updateAction = new SearchBitFieldAction(SearchAction.UPDATE);
- SearchBitFieldAction queryAction = new SearchBitFieldAction(SearchAction.QUERY);
-
- assertEquals(Lists.newArrayList(updateAction, queryAction), actionFactory.getActionsByCode(SearchAction.ALL.getCode()));
- assertEquals(Lists.newArrayList(updateAction), actionFactory.getActionsByCode(SearchAction.UPDATE.getCode()));
- assertEquals(Lists.newArrayList(queryAction), actionFactory.getActionsByCode(SearchAction.QUERY.getCode()));
- }
-}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/pom.xml b/sentry-core/sentry-core-model-solr/pom.xml
new file mode 100644
index 0000000..58ae2a7
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/pom.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-core</artifactId>
+ <version>2.0.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>sentry-core-model-solr</artifactId>
+ <name>Sentry Core Model Solr</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.sentry</groupId>
+ <artifactId>sentry-core-common</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java
new file mode 100644
index 0000000..c054b7d
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+import java.util.Arrays;
+import java.util.Collection;
+
+/**
+ * This class represents Solr admin operations which includes,
+ * - Collection admin operations
+ * - Core admin operations
+ * - Security configuration management.
+ * - Reading Solr metrics
+ * - Solr auto-scaling operations
+ */
+public class AdminOperation extends SolrModelAuthorizable {
+ public static Collection<String> ENTITY_NAMES =
+ Arrays.asList(SolrConstants.ALL, "collections", "cores", "security", "metrics", "autoscaling");
+
+ public static AdminOperation ALL = new AdminOperation(SolrConstants.ALL);
+ public static AdminOperation COLLECTIONS = new AdminOperation("collections");
+ public static AdminOperation CORES = new AdminOperation("cores");
+ public static AdminOperation SECURITY = new AdminOperation("security");
+ public static AdminOperation METRICS = new AdminOperation("metrics");
+ public static AdminOperation AUTOSCALING = new AdminOperation("autoscaling");
+
+ public AdminOperation (String name) {
+ super (AuthorizableType.Admin, name);
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java
new file mode 100644
index 0000000..0232ec0
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+public class Collection extends SolrModelAuthorizable {
+
+ /**
+ * Represents all tables
+ */
+ public static final Collection ALL = new Collection(SolrConstants.ALL);
+
+ public Collection(String name) {
+ super (AuthorizableType.Collection, name);
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java
new file mode 100644
index 0000000..208211e
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+/**
+ * This class represents a Solr config-set.
+ */
+public class Config extends SolrModelAuthorizable {
+
+ public static final Config ALL = new Config(SolrConstants.ALL);
+
+ public Config(String name) {
+ super (AuthorizableType.Config, name);
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java
new file mode 100644
index 0000000..554fa08
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+/**
+ * Represents the field authorizable in the solr model
+ */
+public class Field extends SolrModelAuthorizable {
+
+ /**
+ * Represents all fields
+ */
+ public static final Field ALL = new Field(SolrConstants.ALL);
+
+ public Field(String name) {
+ super (AuthorizableType.Field, name);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java
new file mode 100644
index 0000000..b5ab6a1
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+/**
+ * This class represents Solr collection/core schema
+ */
+public class Schema extends SolrModelAuthorizable {
+
+ public static final Schema ALL = new Schema(SolrConstants.ALL);
+
+ public Schema(String name) {
+ super (AuthorizableType.Schema, name);
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java
new file mode 100644
index 0000000..567708a
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+import java.util.List;
+
+import org.apache.sentry.core.common.BitFieldAction;
+import org.apache.sentry.core.common.BitFieldActionFactory;
+
+import com.google.common.collect.Lists;
+
+public class SolrActionFactory extends BitFieldActionFactory {
+ public enum SolrAction {
+ UPDATE(SolrConstants.UPDATE, 0x0001),
+ QUERY(SolrConstants.QUERY, 0x0002),
+ ALL(SolrConstants.ALL, 0x0001|0x0002);
+
+ private String name;
+ private int code;
+ private SolrAction(String name, int code) {
+ this.name = name;
+ this.code = code;
+ }
+ public String getName() {
+ return name;
+ }
+ public int getCode() {
+ return code;
+ }
+ }
+
+ public static class SolrBitFieldAction extends BitFieldAction {
+ public SolrBitFieldAction(SolrAction action) {
+ super(action.getName(), action.getCode());
+ }
+ }
+
+ private final static SolrAction[] AllActions = SolrAction.values();
+ /**
+ * One bit set action array, includes UPDATE and QUERY
+ */
+ private final static SolrAction[] OneBitActions = new SolrAction[]{SolrAction.UPDATE, SolrAction.QUERY};
+
+ @Override
+ public List<? extends BitFieldAction> getActionsByCode(int actionCode) {
+ List<SolrBitFieldAction> actions = Lists.newArrayList();
+ for (SolrAction action : OneBitActions) {
+ if ((action.code & actionCode) == action.code) {
+ actions.add(new SolrBitFieldAction(action));
+ }
+ }
+ return actions;
+ }
+
+ @Override
+ public BitFieldAction getActionByName(String name) {
+ SolrBitFieldAction val = null;
+ for (SolrAction action : AllActions) {
+ if (action.name.equalsIgnoreCase(name)) {
+ return new SolrBitFieldAction(action);
+ }
+ }
+ return val;
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java
new file mode 100644
index 0000000..91dc41e
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+public final class SolrConstants {
+
+ public static final String ALL = "*";
+ public static final String QUERY = "query";
+ public static final String UPDATE = "update";
+ /**
+ * The property of sentry.solr.service is used to distinguish itself from multiple solr services. For example, there are two
+ * solr services: service1 and service2 implemented authorization via sentry, and it must set the value of
+ * sentry.solr.service=service1 or service2 to communicate with sentry service for authorization
+ */
+ public static final String SENTRY_SOLR_SERVICE_KEY = "sentry.solr.service";
+ public static final String SENTRY_SOLR_SERVICE_DEFAULT = "service1";
+
+ public static final String CORE_ADMIN = "core";
+ public static final String COLLECTION_ADMIN = "collection";
+ public static final String SECURITY_ADMIN = "security";
+
+ private SolrConstants() {
+ // Make constructor private to avoid instantiation
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java
new file mode 100644
index 0000000..333ea10
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+import org.apache.sentry.core.common.Action;
+
+/**
+ * Represents actions in the Solr model.
+ */
+public enum SolrModelAction implements Action {
+
+ UPDATE(SolrConstants.UPDATE),
+ QUERY(SolrConstants.QUERY),
+ ALL(SolrConstants.ALL);
+
+ private final String value;
+ private SolrModelAction(String value) {
+ this.value = value;
+ }
+
+ @Override
+ public String getValue() {
+ return value;
+ }
+}