You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2014/04/22 18:18:40 UTC
git commit: SENTRY-177: Sentry Policy Service does not treat role
names as case insensitive (Sravya Tirukkovalur via Prasad Mujumdar)
Repository: incubator-sentry
Updated Branches:
refs/heads/master a337480eb -> 0e07e9bf9
SENTRY-177: Sentry Policy Service does not treat role names as case insensitive (Sravya Tirukkovalur via Prasad Mujumdar)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/0e07e9bf
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/0e07e9bf
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/0e07e9bf
Branch: refs/heads/master
Commit: 0e07e9bf90a6101d13135d94d82a3dfc55b63151
Parents: a337480
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Tue Apr 22 09:15:26 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Tue Apr 22 09:15:26 2014 -0700
----------------------------------------------------------------------
.../db/service/persistent/SentryStore.java | 55 ++++++++++----------
.../db/service/persistent/TestSentryStore.java | 46 ++++++++++++----
2 files changed, 63 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0e07e9bf/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index ac6c6f7..33c8d1a 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -18,23 +18,13 @@
package org.apache.sentry.provider.db.service.persistent;
-import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER;
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.jdo.JDOHelper;
-import javax.jdo.PersistenceManager;
-import javax.jdo.PersistenceManagerFactory;
-import javax.jdo.Query;
-import javax.jdo.Transaction;
-
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Strings;
+import com.google.common.collect.HashMultimap;
+import com.google.common.collect.Lists;
+import com.google.common.collect.SetMultimap;
+import com.google.common.collect.Sets;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.core.model.db.AccessConstants;
@@ -50,16 +40,24 @@ import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.db.service.thrift.TSentryRole;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.HashMultimap;
-import com.google.common.collect.Lists;
-import com.google.common.collect.SetMultimap;
-import com.google.common.collect.Sets;
+import javax.jdo.JDOHelper;
+import javax.jdo.PersistenceManager;
+import javax.jdo.PersistenceManagerFactory;
+import javax.jdo.Query;
+import javax.jdo.Transaction;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.UUID;
+
+import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER;
/**
* SentryStore is the data access object for Sentry data. Strings
@@ -238,6 +236,7 @@ public class SentryStore {
TSentryPrivilege tPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
boolean rollbackTransaction = true;
PersistenceManager pm = null;
+ roleName = roleName.trim().toLowerCase();
try {
pm = openTransaction();
Query query = pm.newQuery(MSentryRole.class);
@@ -424,6 +423,7 @@ public class SentryStore {
throws SentryNoSuchObjectException {
boolean rollbackTransaction = true;
PersistenceManager pm = null;
+ roleName = roleName.trim().toLowerCase();
try {
pm = openTransaction();
Query query = pm.newQuery(MSentryRole.class);
@@ -440,9 +440,10 @@ public class SentryStore {
query.setUnique(true);
List<MSentryGroup> groups = Lists.newArrayList();
for (TSentryGroup tGroup : groupNames) {
- MSentryGroup group = (MSentryGroup) query.execute(tGroup.getGroupName());
+ String groupName = tGroup.getGroupName().trim().toLowerCase();
+ MSentryGroup group = (MSentryGroup) query.execute(groupName);
if (group == null) {
- group = new MSentryGroup(tGroup.getGroupName(), System.currentTimeMillis(),
+ group = new MSentryGroup(groupName, System.currentTimeMillis(),
grantorPrincipal, Sets.newHashSet(role));
}
group.appendRole(role);
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0e07e9bf/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 40b9460..7f3415e 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -18,14 +18,9 @@
package org.apache.sentry.provider.db.service.persistent;
-import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.fail;
-
-import java.io.File;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Sets;
+import com.google.common.io.Files;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.core.model.db.AccessConstants;
@@ -41,9 +36,13 @@ import org.junit.After;
import org.junit.Before;
import org.junit.Test;
-import com.google.common.collect.Iterables;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
+import java.io.File;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.fail;
public class TestSentryStore {
@@ -68,6 +67,31 @@ public class TestSentryStore {
FileUtils.deleteQuietly(dataDir);
}
}
+ @Test
+ public void testCaseInsensitiveRoleAndGroups() throws Exception {
+ String roleName = "newRole";
+ String grantor = "g1";
+ Set<TSentryGroup> groups = Sets.newHashSet();
+ TSentryGroup group = new TSentryGroup();
+ group.setGroupName("test-groups-g1");
+ groups.add(group);
+
+ TSentryPrivilege privilege = new TSentryPrivilege();
+ privilege.setPrivilegeScope("TABLE");
+ privilege.setServerName("server1");
+ privilege.setDbName("default");
+ privilege.setTableName("table1");
+ privilege.setAction(AccessConstants.ALL);
+ privilege.setGrantorPrincipal(grantor);
+ privilege.setCreateTime(System.currentTimeMillis());
+ privilege.setPrivilegeName(SentryStore.constructPrivilegeName(privilege));
+
+ long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+ assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId());
+ assertEquals(seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups).getSequenceId());
+ assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege).getSequenceId());
+ assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege).getSequenceId());
+ }
@Test
public void testCreateDuplicateRole() throws Exception {