You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by xi...@apache.org on 2015/02/04 03:37:09 UTC
incubator-sentry git commit: SENTRY-633: Refactor
SentryServiceIntegrationBase to reduce test time (Reviewed by Colina Ma)
Repository: incubator-sentry
Updated Branches:
refs/heads/master f41803561 -> 5b6a7aeae
SENTRY-633: Refactor SentryServiceIntegrationBase to reduce test time (Reviewed by Colina Ma)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/5b6a7aea
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/5b6a7aea
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/5b6a7aea
Branch: refs/heads/master
Commit: 5b6a7aeae1fcf031356e3b20f4273f3181741685
Parents: f418035
Author: Huang Xiaomeng <xi...@intel.com>
Authored: Wed Feb 4 10:14:50 2015 +0800
Committer: Huang Xiaomeng <xi...@intel.com>
Committed: Wed Feb 4 10:14:50 2015 +0800
----------------------------------------------------------------------
.../TestSentryGenericServiceIntegration.java | 27 +++--
.../service/thrift/SentryMiniKdcTestcase.java | 20 ++--
.../thrift/TestConnectionWithTicketTimeout.java | 12 +-
.../TestSentryServerForHaWithoutKerberos.java | 14 ++-
.../thrift/TestSentryServerWithoutKerberos.java | 11 +-
.../thrift/TestSentryServiceFailureCase.java | 20 +++-
.../TestSentryServiceForHAWithKerberos.java | 24 +++-
.../thrift/TestSentryServiceIntegration.java | 13 +--
.../thrift/TestSentryServiceWithKerberos.java | 26 +++--
.../thrift/TestSentryWebServerWithKerberos.java | 19 ++-
.../TestSentryWebServerWithoutSecurity.java | 19 ++-
.../thrift/SentryServiceIntegrationBase.java | 116 +++++++++++--------
12 files changed, 209 insertions(+), 112 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java
index dfd9f10..ae354d9 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericServiceIntegration.java
@@ -23,13 +23,10 @@ import static org.junit.Assert.fail;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
-import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.login.LoginContext;
import org.apache.sentry.SentryUserException;
import org.apache.sentry.core.common.ActiveRoleSet;
@@ -37,10 +34,8 @@ import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.model.search.Collection;
import org.apache.sentry.core.model.search.Field;
import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.service.thrift.KerberosConfiguration;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.junit.After;
import org.junit.Test;
import com.google.common.collect.Lists;
@@ -58,14 +53,6 @@ public class TestSentryGenericServiceIntegration extends SentryServiceIntegratio
// The client should already be logged in when running in solr
// therefore we must manually login in the integration tests
if (kerberos) {
- conf.set(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "false");
- clientSubject = new Subject(false, Sets.newHashSet(
- new KerberosPrincipal(CLIENT_KERBEROS_NAME)), new HashSet<Object>(),
- new HashSet<Object>());
- clientLoginContext = new LoginContext("", clientSubject, null,
- KerberosConfiguration.createClientConfig(CLIENT_KERBEROS_NAME, clientKeytab));
- clientLoginContext.login();
- clientSubject = clientLoginContext.getSubject();
this.client = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SentryGenericServiceClient>() {
@Override
public SentryGenericServiceClient run() throws Exception {
@@ -77,6 +64,18 @@ public class TestSentryGenericServiceIntegration extends SentryServiceIntegratio
}
}
+ @After
+ public void after() throws SentryUserException {
+ Set<TSentryRole> tRoles = client.listAllRoles(ADMIN_USER, SOLR);
+ for (TSentryRole tRole : tRoles) {
+ client.dropRole(ADMIN_USER, tRole.getRoleName(), SOLR);
+ }
+ if(client != null) {
+ client.close();
+ }
+ policyFilePath.delete();
+ }
+
@Test
public void testCreateDropShowRole() throws Exception {
runTestAsSubject(new TestOperation(){
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/SentryMiniKdcTestcase.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/SentryMiniKdcTestcase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/SentryMiniKdcTestcase.java
index 79acb58..1114194 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/SentryMiniKdcTestcase.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/SentryMiniKdcTestcase.java
@@ -22,44 +22,42 @@ import java.io.File;
import java.util.Properties;
import org.apache.hadoop.minikdc.MiniKdc;
-import org.junit.After;
public class SentryMiniKdcTestcase {
- private File workDir;
- private Properties conf;
- private MiniKdc kdc;
+ private static File workDir;
+ private static Properties conf;
+ private static MiniKdc kdc;
- public void startMiniKdc(Properties confOverlay) throws Exception {
+ public static void startMiniKdc(Properties confOverlay) throws Exception {
createTestDir();
createMiniKdcConf(confOverlay);
kdc = new MiniKdc(conf, workDir);
kdc.start();
}
- private void createMiniKdcConf(Properties confOverlay) {
+ private static void createMiniKdcConf(Properties confOverlay) {
conf = MiniKdc.createConf();
for ( Object property : confOverlay.keySet()) {
conf.put(property, confOverlay.get(property));
}
}
- private void createTestDir() {
+ private static void createTestDir() {
workDir = new File(System.getProperty("test.dir", "target"));
}
- @After
- public void stopMiniKdc() {
+ public static void stopMiniKdc() {
if (kdc != null) {
kdc.stop();
}
}
- public MiniKdc getKdc() {
+ public static MiniKdc getKdc() {
return kdc;
}
- public File getWorkDir() {
+ public static File getWorkDir() {
return workDir;
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java
index af063cf..e204099 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java
@@ -19,6 +19,7 @@
package org.apache.sentry.provider.db.service.thrift;
import org.apache.hadoop.minikdc.MiniKdc;
+import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
@@ -26,9 +27,16 @@ import org.junit.Test;
public class TestConnectionWithTicketTimeout extends
org.apache.sentry.service.thrift.SentryServiceIntegrationBase {
+ @BeforeClass
+ public static void setup() throws Exception {
+ kerberos = true;
+ beforeSetup();
+ setupConf();
+ startSentryService();
+ afterSetup();
+ }
- @Override
- public void beforeSetup() throws Exception {
+ public static void beforeSetup() throws Exception {
kdcConfOverlay.setProperty(MiniKdc.MAX_TICKET_LIFETIME, "300001");
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java
index 28233ee..e02e0ba 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java
@@ -18,7 +18,6 @@
package org.apache.sentry.provider.db.service.thrift;
import static junit.framework.Assert.assertEquals;
-import static org.junit.Assert.assertEquals;
import java.util.HashSet;
import java.util.Set;
@@ -31,6 +30,7 @@ import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.core.model.db.Table;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.BeforeClass;
import org.junit.Test;
import com.google.common.collect.Lists;
@@ -38,10 +38,14 @@ import com.google.common.collect.Sets;
public class TestSentryServerForHaWithoutKerberos extends SentryServiceIntegrationBase {
- @Override
- public void beforeSetup() throws Exception {
- this.haEnabled = true;
- this.kerberos = false;
+ @BeforeClass
+ public static void setup() throws Exception {
+ kerberos = false;
+ haEnabled = true;
+ beforeSetup();
+ setupConf();
+ startSentryService();
+ afterSetup();
}
@Test
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
index cfa3f19..5afc5b6 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
@@ -32,6 +32,7 @@ import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.core.model.db.Table;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.BeforeClass;
import org.junit.Test;
import com.google.common.collect.Lists;
@@ -39,9 +40,13 @@ import com.google.common.collect.Sets;
public class TestSentryServerWithoutKerberos extends SentryServiceIntegrationBase {
- @Override
- public void beforeSetup() throws Exception {
- this.kerberos = false;
+ @BeforeClass
+ public static void setup() throws Exception {
+ kerberos = false;
+ beforeSetup();
+ setupConf();
+ startSentryService();
+ afterSetup();
}
@Test
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java
index b97db4b..2fd34bd 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java
@@ -20,10 +20,13 @@ package org.apache.sentry.provider.db.service.thrift;
import java.security.PrivilegedActionException;
+import org.apache.sentry.SentryUserException;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
+import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -33,9 +36,10 @@ import com.google.common.base.Strings;
public class TestSentryServiceFailureCase extends SentryServiceIntegrationBase {
private static final Logger LOGGER = LoggerFactory.getLogger(TestSentryServiceFailureCase.class);
private static final String PEER_CALLBACK_FAILURE = "Peer indicated failure: Problem with callback handler";
- @Before @Override
- public void setup() throws Exception {
- this.kerberos = true;
+
+ @BeforeClass
+ public static void setup() throws Exception {
+ kerberos = true;
beforeSetup();
setupConf();
conf.set(ServerConfig.ALLOW_CONNECT, "");
@@ -43,6 +47,16 @@ public class TestSentryServiceFailureCase extends SentryServiceIntegrationBase {
afterSetup();
}
+ @Override
+ @Before
+ public void before() throws Exception {
+ }
+
+ @Override
+ @After
+ public void after() throws SentryUserException {
+ }
+
@Test
public void testClientServerConnectionFailure() throws Exception {
try {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java
index 6b5cbf0..cfe09b5 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java
@@ -18,7 +18,11 @@
package org.apache.sentry.provider.db.service.thrift;
+import org.apache.sentry.SentryUserException;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
import org.junit.Test;
/**
@@ -26,15 +30,25 @@ import org.junit.Test;
*/
public class TestSentryServiceForHAWithKerberos extends SentryServiceIntegrationBase {
+ @BeforeClass
+ public static void setup() throws Exception {
+ kerberos = true;
+ haEnabled = true;
+ SERVER_KERBEROS_NAME = "sentry/_HOST@" + REALM;
+ beforeSetup();
+ setupConf();
+ startSentryService();
+ afterSetup();
+ }
+
@Override
- public void beforeSetup() throws Exception {
- this.haEnabled = true;
- this.kerberos = true;
+ @Before
+ public void before() throws Exception {
}
@Override
- public String getServerKerberosName() {
- return "sentry/_HOST@" + REALM;
+ @After
+ public void after() throws SentryUserException {
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index d4dfa23..02c7535 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -29,7 +29,6 @@ import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
-import org.apache.sentry.SentryUserException;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.model.db.AccessConstants;
@@ -781,6 +780,11 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
runTestAsSubject(new TestOperation(){
@Override
public void runTestAsSubject() throws Exception {
+ String requestorUserName = ADMIN_USER;
+ Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+ setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+ writePolicyFile();
+
String val;
// Basic success case
@@ -814,13 +818,6 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
// Attempt to get the location of the keytab also fails
checkBannedConfigVal("sentry.service.server.keytab", null);
- // null parameter name fails
- try {
- val = client.getConfigValue(null, null);
- fail("null parameter succeeded");
- } catch (SentryUserException e) {
- // expected
- }
}});
}
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java
index ea666f1..7b1eab1 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceWithKerberos.java
@@ -17,24 +17,32 @@
*/
package org.apache.sentry.provider.db.service.thrift;
-import java.util.Properties;
-
-import org.apache.hadoop.minikdc.MiniKdc;
+import org.apache.sentry.SentryUserException;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.junit.Ignore;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
/**
* Test various kerberos related stuff on the SentryService side
*/
public class TestSentryServiceWithKerberos extends SentryServiceIntegrationBase {
- private static final Logger LOGGER = LoggerFactory.getLogger(TestSentryServiceFailureCase.class);
+ @BeforeClass
+ public static void setup() throws Exception {
+ SERVER_KERBEROS_NAME = "sentry/_HOST@" + REALM;
+ SentryServiceIntegrationBase.setup();
+ }
+
+ @Override
+ @Before
+ public void before() throws Exception {
+ }
- public String getServerKerberosName() {
- return "sentry/_HOST@" + REALM;
+ @Override
+ @After
+ public void after() throws SentryUserException {
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java
index 7997d6c..ffbb585 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java
@@ -33,9 +33,13 @@ import org.apache.commons.io.IOUtils;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
+import org.apache.sentry.SentryUserException;
import org.apache.sentry.service.thrift.KerberosConfiguration;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.After;
import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -46,10 +50,21 @@ public class TestSentryWebServerWithKerberos extends SentryServiceIntegrationBas
private static Logger LOG = LoggerFactory.getLogger(TestSentryWebServerWithKerberos.class);
- @Override
- public void beforeSetup() throws Exception {
+ @BeforeClass
+ public static void setup() throws Exception {
webServerEnabled = true;
webSecurity = true;
+ SentryServiceIntegrationBase.setup();
+ }
+
+ @Override
+ @Before
+ public void before() throws Exception {
+ }
+
+ @Override
+ @After
+ public void after() throws SentryUserException {
}
@Test
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java
index 0bcef1a..27e518b 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java
@@ -21,16 +21,31 @@ import java.net.HttpURLConnection;
import java.net.URL;
import org.apache.commons.io.IOUtils;
+import org.apache.sentry.SentryUserException;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.After;
import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
import org.junit.Test;
public class TestSentryWebServerWithoutSecurity extends SentryServiceIntegrationBase {
- @Override
- public void beforeSetup() throws Exception {
+ @BeforeClass
+ public static void setup() throws Exception {
webServerEnabled = true;
webSecurity = false;
+ SentryServiceIntegrationBase.setup();
+ }
+
+ @Override
+ @Before
+ public void before() throws Exception {
+ }
+
+ @Override
+ @After
+ public void after() throws SentryUserException {
}
@Test
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5b6a7aea/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
index ca64ce1..a8da078 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
@@ -33,15 +33,19 @@ import org.apache.curator.test.TestingServer;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.net.NetUtils;
+import org.apache.sentry.SentryUserException;
import org.apache.sentry.provider.db.service.thrift.SentryMiniKdcTestcase;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.provider.db.service.thrift.TSentryRole;
import org.apache.sentry.provider.file.PolicyFile;
import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
import org.apache.zookeeper.server.ZooKeeperSaslServer;
import org.junit.After;
+import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
+import org.junit.BeforeClass;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -61,7 +65,7 @@ public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase
protected static final String SERVER_HOST = NetUtils.createSocketAddr("localhost:80").getAddress().getCanonicalHostName();
protected static final String REALM = "EXAMPLE.COM";
protected static final String SERVER_PRINCIPAL = "sentry/" + SERVER_HOST;
- protected static final String SERVER_KERBEROS_NAME = "sentry/" + SERVER_HOST + "@" + REALM;
+ protected static String SERVER_KERBEROS_NAME = "sentry/" + SERVER_HOST + "@" + REALM;
protected static final String HTTP_PRINCIPAL = "HTTP/" + SERVER_HOST;
protected static final String CLIENT_PRINCIPAL = "hive/" + SERVER_HOST;
protected static final String CLIENT_KERBEROS_SHORT_NAME = "hive";
@@ -70,47 +74,46 @@ public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase
protected static final String ADMIN_USER = "admin_user";
protected static final String ADMIN_GROUP = "admin_group";
- protected SentryService server;
+ protected static SentryService server;
protected SentryPolicyServiceClient client;
- protected MiniKdc kdc;
- protected File kdcWorkDir;
- protected File dbDir;
- protected File serverKeytab;
- protected File httpKeytab;
- protected File clientKeytab;
- protected Subject clientSubject;
- protected LoginContext clientLoginContext;
- protected boolean kerberos;
- protected final Configuration conf = new Configuration(false);
+ protected static MiniKdc kdc;
+ protected static File kdcWorkDir;
+ protected static File dbDir;
+ protected static File serverKeytab;
+ protected static File httpKeytab;
+ protected static File clientKeytab;
+ protected static Subject clientSubject;
+ protected static LoginContext clientLoginContext;
+ protected static boolean kerberos;
+ protected final static Configuration conf = new Configuration(false);
protected PolicyFile policyFile;
protected File policyFilePath;
- protected Properties kdcConfOverlay = new Properties();
+ protected static Properties kdcConfOverlay = new Properties();
- protected boolean haEnabled = false;
+ protected static boolean haEnabled = false;
protected static final String ZK_SERVER_PRINCIPAL = "zookeeper/" + SERVER_HOST;
- protected TestingServer zkServer;
+ protected static TestingServer zkServer;
- private File ZKKeytabFile;
+ private static File ZKKeytabFile;
- protected boolean webServerEnabled = false;
- protected int webServerPort = ServerConfig.SENTRY_WEB_PORT_DEFAULT;
- protected boolean webSecurity = false;
+ protected static boolean webServerEnabled = false;
+ protected static int webServerPort = ServerConfig.SENTRY_WEB_PORT_DEFAULT;
+ protected static boolean webSecurity = false;
- @Before
- public void setup() throws Exception {
- this.kerberos = true;
+ @BeforeClass
+ public static void setup() throws Exception {
+ kerberos = true;
beforeSetup();
setupConf();
startSentryService();
- connectToSentryService();
afterSetup();
}
- private void setupKdc() throws Exception {
+ private static void setupKdc() throws Exception {
startMiniKdc(kdcConfOverlay);
}
- public void startSentryService() throws Exception {
+ public static void startSentryService() throws Exception {
server.start();
final long start = System.currentTimeMillis();
while(!server.isRunning()) {
@@ -121,7 +124,7 @@ public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase
}
}
- public void setupConf() throws Exception {
+ public static void setupConf() throws Exception {
if (kerberos) {
setupKdc();
kdc = getKdc();
@@ -133,6 +136,15 @@ public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase
conf.set(ServerConfig.PRINCIPAL, getServerKerberosName());
conf.set(ServerConfig.KEY_TAB, serverKeytab.getPath());
conf.set(ServerConfig.ALLOW_CONNECT, CLIENT_KERBEROS_SHORT_NAME);
+
+ conf.set(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "false");
+ clientSubject = new Subject(false, Sets.newHashSet(
+ new KerberosPrincipal(CLIENT_KERBEROS_NAME)), new HashSet<Object>(),
+ new HashSet<Object>());
+ clientLoginContext = new LoginContext("", clientSubject, null,
+ KerberosConfiguration.createClientConfig(CLIENT_KERBEROS_NAME, clientKeytab));
+ clientLoginContext.login();
+ clientSubject = clientLoginContext.getSubject();
} else {
LOGGER.info("Stopped KDC");
conf.set(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_NONE);
@@ -176,24 +188,33 @@ public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase
conf.set(ClientConfig.SERVER_RPC_PORT, String.valueOf(server.getAddress().getPort()));
conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING,
ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING);
+ }
+
+ @Before
+ public void before() throws Exception {
policyFilePath = new File(dbDir, "local_policy_file.ini");
conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE,
policyFilePath.getPath());
policyFile = new PolicyFile();
+ connectToSentryService();
+ }
+
+ @After
+ public void after() throws SentryUserException {
+ if (client != null) {
+ Set<TSentryRole> tRoles = client.listRoles(ADMIN_USER);
+ if (tRoles != null) {
+ for (TSentryRole tRole : tRoles) {
+ client.dropRole(ADMIN_USER, tRole.getRoleName());
+ }
+ }
+ client.close();
+ }
+ policyFilePath.delete();
}
public void connectToSentryService() throws Exception {
- // The client should already be logged in when running in hive/impala/solr
- // therefore we must manually login in the integration tests
if (kerberos) {
- conf.set(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "false");
- clientSubject = new Subject(false, Sets.newHashSet(
- new KerberosPrincipal(CLIENT_KERBEROS_NAME)), new HashSet<Object>(),
- new HashSet<Object>());
- clientLoginContext = new LoginContext("", clientSubject, null,
- KerberosConfiguration.createClientConfig(CLIENT_KERBEROS_NAME, clientKeytab));
- clientLoginContext.login();
- clientSubject = clientLoginContext.getSubject();
client = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SentryPolicyServiceClient>() {
@Override
public SentryPolicyServiceClient run() throws Exception {
@@ -205,12 +226,10 @@ public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase
}
}
- @After
- public void tearDown() throws Exception {
+ @AfterClass
+ public static void tearDown() throws Exception {
beforeTeardown();
- if(client != null) {
- client.close();
- }
+
if(clientLoginContext != null) {
try {
clientLoginContext.logout();
@@ -224,23 +243,24 @@ public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase
if (dbDir != null) {
FileUtils.deleteQuietly(dbDir);
}
+ stopMiniKdc();
afterTeardown();
}
- public String getServerKerberosName() {
+ public static String getServerKerberosName() {
return SERVER_KERBEROS_NAME;
}
- public void beforeSetup() throws Exception {
+ public static void beforeSetup() throws Exception {
}
- public void afterSetup() throws Exception {
+ public static void afterSetup() throws Exception {
}
- public void beforeTeardown() throws Exception {
+ public static void beforeTeardown() throws Exception {
}
- public void afterTeardown() throws Exception {
+ public static void afterTeardown() throws Exception {
}
protected static void assertOK(TSentryResponseStatus resp) {
@@ -269,7 +289,7 @@ public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase
policyFile.write(policyFilePath);
}
- protected TestingServer getZKServer() throws Exception {
+ protected static TestingServer getZKServer() throws Exception {
if (!kerberos) {
LOGGER.info("Creating a non-security ZooKeeper Server.");
return new TestingServer();
@@ -302,7 +322,7 @@ public abstract class SentryServiceIntegrationBase extends SentryMiniKdcTestcase
}
protected void runTestAsSubject(final TestOperation test) throws Exception {
- if (this.kerberos) {
+ if (kerberos) {
Subject.doAs(clientSubject, new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {