You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by co...@apache.org on 2016/06/24 06:00:37 UTC
[08/44] sentry git commit: SENTRY-1287: Create sentry-service-server
module(Colin Ma, reviewed by Dapeng Sun)
http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
new file mode 100644
index 0000000..74e9dd8
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
@@ -0,0 +1,416 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.log.util;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
+import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
+import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
+import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.google.common.collect.Sets;
+
+public class TestCommandUtil extends Assert {
+
+ @Test
+ public void testCreateCmdForCreateOrDropRole() {
+ String roleName = "testRole";
+
+ String createRoleCmdResult = CommandUtil.createCmdForCreateOrDropRole(
+ roleName, true);
+ String dropRoleCmdResult = CommandUtil.createCmdForCreateOrDropRole(
+ roleName, false);
+ String createRoleCmdExcepted = "CREATE ROLE testRole";
+ String dropRoleCmdExcepted = "DROP ROLE testRole";
+
+ Assert.assertEquals(createRoleCmdExcepted, createRoleCmdResult);
+ Assert.assertEquals(dropRoleCmdResult, dropRoleCmdExcepted);
+ }
+
+ @Test
+ public void testCreateCmdForRoleAddOrDeleteGroup1() {
+
+ String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole",
+ getGroupStr(1));
+ String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1";
+ String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole",
+ getGroupStr(1));
+ String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1";
+
+ Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult);
+ Assert.assertEquals(createRoleDeleteGroupCmdExcepted,
+ createRoleDeleteGroupCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForRoleAddOrDeleteGroup2() {
+ String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole",
+ getGroupStr(3));
+ String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1, testGroup2, testGroup3";
+ String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole",
+ getGroupStr(3));
+ String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1, testGroup2, testGroup3";
+
+ Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult);
+ Assert.assertEquals(createRoleDeleteGroupCmdExcepted,
+ createRoleDeleteGroupCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForRoleAddOrDeleteUser1() {
+ String createRoleAddGroupCmdResult =
+ CommandUtil.createCmdForRoleAddUser("testRole", getUserStr(1));
+ String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO USER testUser1";
+ String createRoleDeleteGroupCmdResult =
+ CommandUtil.createCmdForRoleDeleteUser("testRole", getUserStr(1));
+ String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM USER testUser1";
+
+ Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult);
+ Assert.assertEquals(createRoleDeleteGroupCmdExcepted, createRoleDeleteGroupCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForRoleAddOrDeleteUser2() {
+ String createRoleAddGroupCmdResult =
+ CommandUtil.createCmdForRoleAddUser("testRole", getUserStr(3));
+ String createRoleAddGroupCmdExcepted =
+ "GRANT ROLE testRole TO USER testUser1, testUser2, testUser3";
+ String createRoleDeleteGroupCmdResult =
+ CommandUtil.createCmdForRoleDeleteUser("testRole", getUserStr(3));
+ String createRoleDeleteGroupCmdExcepted =
+ "REVOKE ROLE testRole FROM USER testUser1, testUser2, testUser3";
+
+ Assert.assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult);
+ Assert.assertEquals(createRoleDeleteGroupCmdExcepted, createRoleDeleteGroupCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForGrantOrRevokePrivilege1() {
+ TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+ TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+ TSentryPrivilege privilege = getPrivilege(AccessConstants.ALL,
+ PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest",
+ "hdfs://namenode:port/path/to/dir");
+ Set<TSentryPrivilege> privileges = Sets.newHashSet();
+ privileges.add(privilege);
+ grantRequest.setPrivileges(privileges);
+ revokeRequest.setPrivileges(privileges);
+
+ String createGrantPrivilegeCmdResult = CommandUtil
+ .createCmdForGrantPrivilege(grantRequest);
+ String createGrantPrivilegeCmdExcepted = "GRANT ALL ON DATABASE dbTest TO ROLE testRole";
+ String createRevokePrivilegeCmdResult = CommandUtil
+ .createCmdForRevokePrivilege(revokeRequest);
+ String createRevokePrivilegeCmdExcepted = "REVOKE ALL ON DATABASE dbTest FROM ROLE testRole";
+
+ Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+ Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+ createRevokePrivilegeCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForGrantOrRevokePrivilege2() {
+ TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+ TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+ TSentryPrivilege privilege = getPrivilege(AccessConstants.INSERT,
+ PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest",
+ "hdfs://namenode:port/path/to/dir");
+ Set<TSentryPrivilege> privileges = Sets.newHashSet();
+ privileges.add(privilege);
+ grantRequest.setPrivileges(privileges);
+ revokeRequest.setPrivileges(privileges);
+
+ String createGrantPrivilegeCmdResult = CommandUtil
+ .createCmdForGrantPrivilege(grantRequest);
+ String createGrantPrivilegeCmdExcepted = "GRANT INSERT ON DATABASE dbTest TO ROLE testRole";
+ String createRevokePrivilegeCmdResult = CommandUtil
+ .createCmdForRevokePrivilege(revokeRequest);
+ String createRevokePrivilegeCmdExcepted = "REVOKE INSERT ON DATABASE dbTest FROM ROLE testRole";
+
+ Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+ Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+ createRevokePrivilegeCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForGrantOrRevokePrivilege3() {
+ TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+ TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+ TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT,
+ PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest",
+ "hdfs://namenode:port/path/to/dir");
+ Set<TSentryPrivilege> privileges = Sets.newHashSet();
+ privileges.add(privilege);
+ grantRequest.setPrivileges(privileges);
+ revokeRequest.setPrivileges(privileges);
+
+ String createGrantPrivilegeCmdResult = CommandUtil
+ .createCmdForGrantPrivilege(grantRequest);
+ String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON DATABASE dbTest TO ROLE testRole";
+ String createRevokePrivilegeCmdResult = CommandUtil
+ .createCmdForRevokePrivilege(revokeRequest);
+ String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON DATABASE dbTest FROM ROLE testRole";
+
+ Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+ Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+ createRevokePrivilegeCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForGrantOrRevokePrivilege4() {
+ TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+ TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+ TSentryPrivilege privilege = getPrivilege(null,
+ PrivilegeScope.DATABASE.name(), "dbTest", "tableTest", "serverTest",
+ "hdfs://namenode:port/path/to/dir");
+ Set<TSentryPrivilege> privileges = Sets.newHashSet();
+ privileges.add(privilege);
+ grantRequest.setPrivileges(privileges);
+ revokeRequest.setPrivileges(privileges);
+
+ String createGrantPrivilegeCmdResult = CommandUtil
+ .createCmdForGrantPrivilege(grantRequest);
+ String createGrantPrivilegeCmdExcepted = "GRANT null ON DATABASE dbTest TO ROLE testRole";
+ String createRevokePrivilegeCmdResult = CommandUtil
+ .createCmdForRevokePrivilege(revokeRequest);
+ String createRevokePrivilegeCmdExcepted = "REVOKE null ON DATABASE dbTest FROM ROLE testRole";
+
+ Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+ Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+ createRevokePrivilegeCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForGrantOrRevokePrivilege5() {
+ TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+ TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+ TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT,
+ PrivilegeScope.TABLE.name(), "dbTest", "tableTest", "serverTest",
+ "hdfs://namenode:port/path/to/dir");
+ Set<TSentryPrivilege> privileges = Sets.newHashSet();
+ privileges.add(privilege);
+ grantRequest.setPrivileges(privileges);
+ revokeRequest.setPrivileges(privileges);
+
+ String createGrantPrivilegeCmdResult = CommandUtil
+ .createCmdForGrantPrivilege(grantRequest);
+ String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON TABLE tableTest TO ROLE testRole";
+ String createRevokePrivilegeCmdResult = CommandUtil
+ .createCmdForRevokePrivilege(revokeRequest);
+ String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON TABLE tableTest FROM ROLE testRole";
+
+ Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+ Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+ createRevokePrivilegeCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForGrantOrRevokePrivilege6() {
+ TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+ TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+ TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT,
+ PrivilegeScope.SERVER.name(), "dbTest", "tableTest", "serverTest",
+ "hdfs://namenode:port/path/to/dir");
+ Set<TSentryPrivilege> privileges = Sets.newHashSet();
+ privileges.add(privilege);
+ grantRequest.setPrivileges(privileges);
+ revokeRequest.setPrivileges(privileges);
+
+ String createGrantPrivilegeCmdResult = CommandUtil
+ .createCmdForGrantPrivilege(grantRequest);
+ String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON SERVER serverTest TO ROLE testRole";
+ String createRevokePrivilegeCmdResult = CommandUtil
+ .createCmdForRevokePrivilege(revokeRequest);
+ String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON SERVER serverTest FROM ROLE testRole";
+
+ Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+ Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+ createRevokePrivilegeCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForGrantOrRevokePrivilege7() {
+ TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+ TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+ TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT,
+ PrivilegeScope.URI.name(), "dbTest", "tableTest", "serverTest",
+ "hdfs://namenode:port/path/to/dir");
+ Set<TSentryPrivilege> privileges = Sets.newHashSet();
+ privileges.add(privilege);
+ grantRequest.setPrivileges(privileges);
+ revokeRequest.setPrivileges(privileges);
+
+ String createGrantPrivilegeCmdResult = CommandUtil
+ .createCmdForGrantPrivilege(grantRequest);
+ String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON URI hdfs://namenode:port/path/to/dir TO ROLE testRole";
+ String createRevokePrivilegeCmdResult = CommandUtil
+ .createCmdForRevokePrivilege(revokeRequest);
+ String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON URI hdfs://namenode:port/path/to/dir FROM ROLE testRole";
+
+ Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+ Assert.assertEquals(createRevokePrivilegeCmdExcepted,
+ createRevokePrivilegeCmdResult);
+ }
+
+ @Test
+ public void testCreateCmdForGrantOrRevokePrivilege8() {
+ TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantPrivilegeRequest();
+ TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokePrivilegeRequest();
+
+ TSentryPrivilege privilege = getPrivilege(AccessConstants.SELECT, PrivilegeScope.SERVER.name(),
+ "dbTest", "tableTest", "serverTest", "hdfs://namenode:port/path/to/dir");
+ privilege.setGrantOption(TSentryGrantOption.TRUE);
+ Set<TSentryPrivilege> privileges = Sets.newHashSet();
+ privileges.add(privilege);
+ grantRequest.setPrivileges(privileges);
+ revokeRequest.setPrivileges(privileges);
+
+ String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantPrivilege(grantRequest);
+ String createGrantPrivilegeCmdExcepted = "GRANT SELECT ON SERVER serverTest TO ROLE testRole WITH GRANT OPTION";
+ String createRevokePrivilegeCmdResult = CommandUtil.createCmdForRevokePrivilege(revokeRequest);
+ String createRevokePrivilegeCmdExcepted = "REVOKE SELECT ON SERVER serverTest FROM ROLE testRole WITH GRANT OPTION";
+
+ Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+ Assert.assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult);
+ }
+
+ // generate the command without grant option
+ @Test
+ public void testCreateCmdForGrantOrRevokeGMPrivilege1() {
+ org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest();
+ org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest();
+ org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege();
+ grantRequest.setPrivilege(privilege);
+ revokeRequest.setPrivilege(privilege);
+
+ String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest);
+ String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole";
+ String createRevokePrivilegeCmdResult = CommandUtil
+ .createCmdForRevokeGMPrivilege(revokeRequest);
+ String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole";
+
+ Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+ Assert.assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult);
+ }
+
+ // generate the command with grant option
+ @Test
+ public void testCreateCmdForGrantOrRevokeGMPrivilege2() {
+ org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest();
+ org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest();
+ org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege();
+ privilege
+ .setGrantOption(org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption.TRUE);
+ grantRequest.setPrivilege(privilege);
+ revokeRequest.setPrivilege(privilege);
+
+ String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest);
+ String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole WITH GRANT OPTION";
+ String createRevokePrivilegeCmdResult = CommandUtil
+ .createCmdForRevokeGMPrivilege(revokeRequest);
+ String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole WITH GRANT OPTION";
+
+ Assert.assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+ Assert.assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult);
+ }
+
+ private String getGroupStr(int num) {
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < num; i++) {
+ if (i > 0) {
+ sb.append(", ");
+ }
+ sb.append("testGroup" + (i + 1));
+ }
+ return sb.toString();
+ }
+
+ private String getUserStr(int num) {
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < num; i++) {
+ if (i > 0) {
+ sb.append(", ");
+ }
+ sb.append("testUser" + (i + 1));
+ }
+ return sb.toString();
+ }
+
+ private TAlterSentryRoleGrantPrivilegeRequest getGrantPrivilegeRequest() {
+ TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest();
+ request.setRoleName("testRole");
+ return request;
+ }
+
+ private TAlterSentryRoleRevokePrivilegeRequest getRevokePrivilegeRequest() {
+ TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
+ request.setRoleName("testRole");
+ return request;
+ }
+
+ private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest getGrantGMPrivilegeRequest() {
+ org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest();
+ request.setRoleName("testRole");
+ return request;
+ }
+
+ private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest getRevokeGMPrivilegeRequest() {
+ org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest();
+ request.setRoleName("testRole");
+ return request;
+ }
+
+ private TSentryPrivilege getPrivilege(String action, String privilegeScope,
+ String dbName, String tableName, String serverName, String URI) {
+ TSentryPrivilege privilege = new TSentryPrivilege();
+ privilege.setAction(action);
+ privilege.setPrivilegeScope(privilegeScope);
+ privilege.setDbName(dbName);
+ privilege.setTableName(tableName);
+ privilege.setServerName(serverName);
+ privilege.setURI(URI);
+ return privilege;
+ }
+
+ private org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege getGMPrivilege() {
+ org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = new org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege();
+ privilege.setAction("ACTION");
+ privilege.setComponent("COMPONENT");
+ List<TAuthorizable> authorizables = new ArrayList<TAuthorizable>();
+ authorizables.add(new TAuthorizable("resourceType1", "resourceName1"));
+ authorizables.add(new TAuthorizable("resourceType2", "resourceName2"));
+ privilege.setAuthorizables(authorizables);
+ return privilege;
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
new file mode 100644
index 0000000..c31233b
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
@@ -0,0 +1,245 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.persistent;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
+import org.junit.Test;
+
+public class TestSentryPrivilege {
+ @Test
+ public void testImpliesPrivilegePositive() throws Exception {
+ // 1.test server+database+table+action
+ MSentryPrivilege my = new MSentryPrivilege();
+ MSentryPrivilege your = new MSentryPrivilege();
+ my.setServerName("server1");
+ my.setDbName("db1");
+ my.setTableName("tb1");
+ my.setAction(AccessConstants.SELECT);
+ your.setServerName("server1");
+ your.setDbName("db1");
+ your.setTableName("tb1");
+ your.setAction(AccessConstants.SELECT);
+ assertTrue(my.implies(your));
+
+ my.setAction(AccessConstants.ALL);
+ assertTrue(my.implies(your));
+
+ my.setTableName("");
+ assertTrue(my.implies(your));
+
+ my.setDbName("");
+ assertTrue(my.implies(your));
+
+ my.setAction(AccessConstants.ACTION_ALL);
+ assertTrue(my.implies(your));
+
+ my.setTableName("");
+ assertTrue(my.implies(your));
+
+ my.setDbName("");
+ assertTrue(my.implies(your));
+
+ // 2.test server+URI+action using all combinations of * and ALL for action
+ String[][] actionMap = new String[][] {
+ { AccessConstants.ALL, AccessConstants.ALL },
+ { AccessConstants.ALL, AccessConstants.ACTION_ALL },
+ { AccessConstants.ACTION_ALL, AccessConstants.ALL },
+ { AccessConstants.ACTION_ALL, AccessConstants.ACTION_ALL } };
+
+ for (int actions = 0; actions < actionMap.length; actions++) {
+ my = new MSentryPrivilege();
+ your = new MSentryPrivilege();
+ my.setServerName("server1");
+ my.setAction(actionMap[actions][0]);
+ your.setServerName("server1");
+ your.setAction(actionMap[actions][1]);
+ my.setURI("hdfs://namenode:9000/path");
+ your.setURI("hdfs://namenode:9000/path");
+ assertTrue(my.implies(your));
+
+ my.setURI("hdfs://namenode:9000/path");
+ your.setURI("hdfs://namenode:9000/path/to/some/dir");
+ assertTrue(my.implies(your));
+
+ my.setURI("file:///path");
+ your.setURI("file:///path");
+ assertTrue(my.implies(your));
+
+ my.setURI("file:///path");
+ your.setURI("file:///path/to/some/dir");
+ assertTrue(my.implies(your));
+
+ // my is SERVER level privilege, your is URI level privilege
+ my.setURI("");
+ your.setURI("file:///path");
+ assertTrue(my.implies(your));
+ }
+ }
+
+ @Test
+ public void testImpliesPrivilegeNegative() throws Exception {
+ // 1.test server+database+table+action
+ MSentryPrivilege my = new MSentryPrivilege();
+ MSentryPrivilege your = new MSentryPrivilege();
+ // bad action
+ my.setServerName("server1");
+ my.setDbName("db1");
+ my.setTableName("tb1");
+ my.setAction(AccessConstants.SELECT);
+ your.setServerName("server1");
+ your.setDbName("db1");
+ your.setTableName("tb1");
+ your.setAction(AccessConstants.INSERT);
+ assertFalse(my.implies(your));
+
+ // bad action
+ your.setAction(AccessConstants.ALL);
+ assertFalse(my.implies(your));
+
+
+ // bad table
+ your.setTableName("tb2");
+ assertFalse(my.implies(your));
+
+ // bad database
+ your.setTableName("tb1");
+ your.setDbName("db2");
+ assertFalse(my.implies(your));
+
+ // bad server
+ your.setTableName("tb1");
+ your.setDbName("db1");
+ your.setServerName("server2");
+ assertFalse(my.implies(your));
+
+ // 2.test server+URI+action
+ my = new MSentryPrivilege();
+ your = new MSentryPrivilege();
+ my.setServerName("server1");
+ my.setAction(AccessConstants.ALL);
+ your.setServerName("server2");
+ your.setAction(AccessConstants.ALL);
+
+ // relative path
+ my.setURI("hdfs://namenode:9000/path");
+ your.setURI("hdfs://namenode:9000/path/to/../../other");
+ assertFalse(my.implies(your));
+ my.setURI("file:///path");
+ your.setURI("file:///path/to/../../other");
+ assertFalse(my.implies(your));
+
+ // bad uri
+ my.setURI("blah");
+ your.setURI("hdfs://namenode:9000/path/to/some/dir");
+ assertFalse(my.implies(your));
+ my.setURI("hdfs://namenode:9000/path/to/some/dir");
+ your.setURI("blah");
+ assertFalse(my.implies(your));
+
+ // bad scheme
+ my.setURI("hdfs://namenode:9000/path");
+ your.setURI("file:///path/to/some/dir");
+ assertFalse(my.implies(your));
+ my.setURI("hdfs://namenode:9000/path");
+ your.setURI("file://namenode:9000/path/to/some/dir");
+ assertFalse(my.implies(your));
+
+ // bad hostname
+ my.setURI("hdfs://namenode1:9000/path");
+ your.setURI("hdfs://namenode2:9000/path");
+ assertFalse(my.implies(your));
+
+ // bad port
+ my.setURI("hdfs://namenode:9000/path");
+ your.setURI("hdfs://namenode:9001/path");
+ assertFalse(my.implies(your));
+
+ // bad path
+ my.setURI("hdfs://namenode:9000/path1");
+ your.setURI("hdfs://namenode:9000/path2");
+ assertFalse(my.implies(your));
+ my.setURI("file:///path1");
+ your.setURI("file:///path2");
+ assertFalse(my.implies(your));
+
+ // bad server
+ your.setServerName("server2");
+ my.setURI("hdfs://namenode:9000/path1");
+ your.setURI("hdfs://namenode:9000/path1");
+ assertFalse(my.implies(your));
+
+ // bad implies
+ my.setServerName("server1");
+ my.setURI("hdfs://namenode:9000/path1");
+ your.setServerName("server1");
+ your.setURI("");
+ assertFalse(my.implies(your));
+ }
+
+ @Test
+ public void testImpliesPrivilegePositiveWithColumn() throws Exception {
+ // 1.test server+database+table+column+action
+ MSentryPrivilege my = new MSentryPrivilege();
+ MSentryPrivilege your = new MSentryPrivilege();
+ my.setServerName("server1");
+ my.setAction(AccessConstants.SELECT);
+ your.setServerName("server1");
+ your.setDbName("db1");
+ your.setTableName("tb1");
+ your.setColumnName("c1");
+ your.setAction(AccessConstants.SELECT);
+ assertTrue(my.implies(your));
+
+ my.setDbName("db1");
+ assertTrue(my.implies(your));
+
+ my.setTableName("tb1");
+ assertTrue(my.implies(your));
+
+ my.setColumnName("c1");
+ assertTrue(my.implies(your));
+ }
+
+ @Test
+ public void testImpliesPrivilegeNegativeWithColumn() throws Exception {
+ // 1.test server+database+table+column+action
+ MSentryPrivilege my = new MSentryPrivilege();
+ MSentryPrivilege your = new MSentryPrivilege();
+ // bad column
+ my.setServerName("server1");
+ my.setDbName("db1");
+ my.setTableName("tb1");
+ my.setColumnName("c1");
+ my.setAction(AccessConstants.SELECT);
+ your.setServerName("server1");
+ your.setDbName("db1");
+ your.setTableName("tb1");
+ your.setColumnName("c2");
+ your.setAction(AccessConstants.SELECT);
+ assertFalse(my.implies(your));
+
+ // bad scope
+ your.setColumnName("");
+ assertFalse(my.implies(your));
+ }
+}
http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java
new file mode 100644
index 0000000..7cbcc11
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryServiceDiscovery.java
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.persistent;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.hadoop.conf.Configuration;
+
+import org.apache.curator.test.TestingServer;
+import org.apache.curator.x.discovery.ServiceInstance;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+
+public class TestSentryServiceDiscovery {
+
+ private HAContext haContext;
+ private TestingServer server;
+
+ @Before
+ public void setup() throws Exception {
+ server = new TestingServer();
+ // HA conf
+ Configuration conf = new Configuration(false);
+ conf.set(ServerConfig.SENTRY_HA_ENABLED, "true");
+ conf.set(ServerConfig.SENTRY_HA_ZOOKEEPER_NAMESPACE, "sentry-test");
+ conf.set(ServerConfig.SENTRY_HA_ZOOKEEPER_QUORUM, server.getConnectString());
+ haContext = HAContext.getHAContext(conf);
+ }
+
+ @After
+ public void teardown() {
+ HAContext.clearServerContext();
+ if (server != null) {
+ try {
+ server.stop();
+ } catch (IOException e) {
+ }
+ }
+ }
+
+ @Test
+ public void testRegisterOneService() throws Exception {
+ final String hostname = "localhost1";
+ final Integer port = 123;
+ ServiceRegister register = new ServiceRegister(haContext);
+ register.regService(hostname, port);
+ ServiceManager manager = new ServiceManager(haContext);
+ ServiceInstance<Void> instance = manager.getServiceInstance();
+ assertEquals("'hostname' doesn't match.", hostname, instance.getAddress());
+ assertEquals("'port' doesn't match.", port, instance.getPort());
+ }
+
+ @Test
+ public void testRegisterMultiService() throws Exception {
+
+ final String hostname1 = "localhost1";
+ final Integer port1 = 123;
+ final String hostname2 = "localhost2";
+ final Integer port2 = 456;
+ final String hostname3 = "localhost3";
+ final Integer port3 = 789;
+
+ Map<String, Integer> servicesMap = new HashMap<String, Integer>();
+ servicesMap.put(hostname1, port1);
+ servicesMap.put(hostname2, port2);
+ servicesMap.put(hostname3, port3);
+
+ ServiceRegister register1 = new ServiceRegister(haContext);
+ register1.regService(hostname1, port1);
+ ServiceRegister register2 = new ServiceRegister(haContext);
+ register2.regService(hostname2, port2);
+ ServiceRegister register3 = new ServiceRegister(haContext);
+ register3.regService(hostname3, port3);
+
+ ServiceManager manager = new ServiceManager(haContext);
+ ServiceInstance<Void> instance = manager.getServiceInstance();
+ assertEquals("'instance' doesn't match.", instance.getPort(), servicesMap.get(instance.getAddress()));
+ instance = manager.getServiceInstance();
+ assertEquals("'instance' doesn't match.", instance.getPort(), servicesMap.get(instance.getAddress()));
+ instance = manager.getServiceInstance();
+ assertEquals("'instance' doesn't match.", instance.getPort(), servicesMap.get(instance.getAddress()));
+ }
+
+ @Test
+ public void testReportError() throws Exception {
+ final String hostname1 = "localhost1";
+ final Integer port1 = 123;
+
+ ServiceRegister register1 = new ServiceRegister(haContext);
+ register1.regService(hostname1, port1);
+
+ ServiceManager manager = new ServiceManager(haContext);
+ ServiceInstance<Void> instance = manager.getServiceInstance();
+ manager.reportError(instance);
+ // report twice, manager will not return temporarily
+ instance = manager.getServiceInstance();
+ manager.reportError(instance);
+ instance = manager.getServiceInstance();
+ assertEquals("'instance' should be null.", null, instance);
+ }
+
+}