You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2014/04/22 18:18:40 UTC
git commit: SENTRY-177: Sentry Policy Service does not treat role names as case insensitive (Sravya Tirukkovalur via Prasad Mujumdar)

Repository: incubator-sentry
Updated Branches:
  refs/heads/master a337480eb -> 0e07e9bf9


SENTRY-177: Sentry Policy Service does not treat role names as case insensitive (Sravya Tirukkovalur via Prasad Mujumdar)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/0e07e9bf
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/0e07e9bf
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/0e07e9bf

Branch: refs/heads/master
Commit: 0e07e9bf90a6101d13135d94d82a3dfc55b63151
Parents: a337480
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Tue Apr 22 09:15:26 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Tue Apr 22 09:15:26 2014 -0700

----------------------------------------------------------------------
 .../db/service/persistent/SentryStore.java      | 55 ++++++++++----------
 .../db/service/persistent/TestSentryStore.java  | 46 ++++++++++++----
 2 files changed, 63 insertions(+), 38 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0e07e9bf/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index ac6c6f7..33c8d1a 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -18,23 +18,13 @@
 
 package org.apache.sentry.provider.db.service.persistent;
 
-import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER;
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.jdo.JDOHelper;
-import javax.jdo.PersistenceManager;
-import javax.jdo.PersistenceManagerFactory;
-import javax.jdo.Query;
-import javax.jdo.Transaction;
-
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Strings;
+import com.google.common.collect.HashMultimap;
+import com.google.common.collect.Lists;
+import com.google.common.collect.SetMultimap;
+import com.google.common.collect.Sets;
 import org.apache.commons.lang.StringUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.sentry.core.model.db.AccessConstants;
@@ -50,16 +40,24 @@ import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
 import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
 import org.apache.sentry.provider.db.service.thrift.TSentryRole;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
 import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
 
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.HashMultimap;
-import com.google.common.collect.Lists;
-import com.google.common.collect.SetMultimap;
-import com.google.common.collect.Sets;
+import javax.jdo.JDOHelper;
+import javax.jdo.PersistenceManager;
+import javax.jdo.PersistenceManagerFactory;
+import javax.jdo.Query;
+import javax.jdo.Transaction;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.UUID;
+
+import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER;
 
 /**
  * SentryStore is the data access object for Sentry data. Strings
@@ -238,6 +236,7 @@ public class SentryStore {
       TSentryPrivilege tPrivilege) throws SentryNoSuchObjectException, SentryInvalidInputException {
     boolean rollbackTransaction = true;
     PersistenceManager pm = null;
+    roleName = roleName.trim().toLowerCase();
     try {
       pm = openTransaction();
       Query query = pm.newQuery(MSentryRole.class);
@@ -424,6 +423,7 @@ public class SentryStore {
   throws SentryNoSuchObjectException {
     boolean rollbackTransaction = true;
     PersistenceManager pm = null;
+    roleName = roleName.trim().toLowerCase();
     try {
       pm = openTransaction();
       Query query = pm.newQuery(MSentryRole.class);
@@ -440,9 +440,10 @@ public class SentryStore {
         query.setUnique(true);
         List<MSentryGroup> groups = Lists.newArrayList();
         for (TSentryGroup tGroup : groupNames) {
-          MSentryGroup group = (MSentryGroup) query.execute(tGroup.getGroupName());
+          String groupName = tGroup.getGroupName().trim().toLowerCase();
+          MSentryGroup group = (MSentryGroup) query.execute(groupName);
           if (group == null) {
-            group = new MSentryGroup(tGroup.getGroupName(), System.currentTimeMillis(),
+            group = new MSentryGroup(groupName, System.currentTimeMillis(),
                 grantorPrincipal, Sets.newHashSet(role));
           }
           group.appendRole(role);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0e07e9bf/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 40b9460..7f3415e 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -18,14 +18,9 @@
 
 package org.apache.sentry.provider.db.service.persistent;
 
-import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.fail;
-
-import java.io.File;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Sets;
+import com.google.common.io.Files;
 import org.apache.commons.io.FileUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.sentry.core.model.db.AccessConstants;
@@ -41,9 +36,13 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
-import com.google.common.collect.Iterables;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
+import java.io.File;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.fail;
 
 public class TestSentryStore {
 
@@ -68,6 +67,31 @@ public class TestSentryStore {
       FileUtils.deleteQuietly(dataDir);
     }
   }
+  @Test
+  public void testCaseInsensitiveRoleAndGroups() throws Exception {
+    String roleName = "newRole";
+    String grantor = "g1";
+    Set<TSentryGroup> groups = Sets.newHashSet();
+    TSentryGroup group = new TSentryGroup();
+    group.setGroupName("test-groups-g1");
+    groups.add(group);
+
+    TSentryPrivilege privilege = new TSentryPrivilege();
+    privilege.setPrivilegeScope("TABLE");
+    privilege.setServerName("server1");
+    privilege.setDbName("default");
+    privilege.setTableName("table1");
+    privilege.setAction(AccessConstants.ALL);
+    privilege.setGrantorPrincipal(grantor);
+    privilege.setCreateTime(System.currentTimeMillis());
+    privilege.setPrivilegeName(SentryStore.constructPrivilegeName(privilege));
+
+    long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+    assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId());
+    assertEquals(seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups).getSequenceId());
+    assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege).getSequenceId());
+    assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege).getSequenceId());
+  }
 
   @Test
   public void testCreateDuplicateRole() throws Exception {