Repository: sentry Updated Branches: refs/heads/master f3f238ab9 -> fb7bb7bc6
http://git-wip-us.apache.org/repos/asf/sentry/blob/fb7bb7bc/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java index 07a5069..6b732ea 100644 --- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java @@ -60,8 +60,8 @@ import org.apache.sentry.hdfs.service.thrift.TPathEntry; import org.apache.sentry.hdfs.service.thrift.TPathsDump; import org.apache.sentry.hdfs.service.thrift.TPathsUpdate; import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntity; -import org.apache.sentry.hdfs.service.thrift.TPrivilegeEntityType; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipal; +import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipalType; import org.apache.sentry.hdfs.service.thrift.TRoleChanges; import org.apache.sentry.provider.db.service.model.MSentryPermChange; import org.apache.sentry.provider.db.service.model.MSentryPathChange; @@ -77,7 +77,7 @@ import org.apache.sentry.provider.db.service.model.MSentryUser; import org.apache.sentry.provider.file.PolicyFile; import org.apache.sentry.api.common.SentryServiceUtil; import org.apache.sentry.service.common.ServiceConstants; -import org.apache.sentry.service.common.ServiceConstants.SentryEntityType; +import org.apache.sentry.service.common.ServiceConstants.SentryPrincipalType; import org.apache.sentry.service.common.ServiceConstants.ServerConfig; import org.junit.After; import org.junit.AfterClass; @@ -248,8 +248,8 @@ public class TestSentryStore extends org.junit.Assert { user = sentryStore.getMSentryUserByName(users.iterator().next(), false); assertNull(user); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); } @Test @@ -265,8 +265,8 @@ public class TestSentryStore extends org.junit.Assert { tSentryPrivilege1.setURI(uri1); TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege("URI", "server1", "ALL"); tSentryPrivilege2.setURI(uri2); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, tSentryPrivilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, tSentryPrivilege2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, tSentryPrivilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, tSentryPrivilege2, null); TSentryAuthorizable tSentryAuthorizable1 = new TSentryAuthorizable(); tSentryAuthorizable1.setUri(uri1); @@ -277,13 +277,13 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable2.setServer("server1"); Set<TSentryPrivilege> privileges = - sentryStore.getTSentryPrivileges(SentryEntityType.ROLE, new HashSet<String>(Arrays.asList(roleName1, roleName2)), tSentryAuthorizable1); + sentryStore.getTSentryPrivileges(SentryPrincipalType.ROLE, new HashSet<String>(Arrays.asList(roleName1, roleName2)), tSentryAuthorizable1); assertTrue(privileges.size() == 1); //Test with other URI Authorizable privileges = - sentryStore.getTSentryPrivileges(SentryEntityType.ROLE, new HashSet<String>(Arrays.asList(roleName1, roleName2)), tSentryAuthorizable2); + sentryStore.getTSentryPrivileges(SentryPrincipalType.ROLE, new HashSet<String>(Arrays.asList(roleName1, roleName2)), tSentryAuthorizable2); assertTrue(privileges.size() == 1); Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>(); @@ -343,14 +343,14 @@ public class TestSentryStore extends org.junit.Assert { tSentryPrivilege.setURI(uri); //Test grant on empty URI try { - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); fail("Expected SentryInvalidInputException"); } catch(SentryInvalidInputException e) { // expected } //Test revoke on empty URI try { - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); fail("Expected SentryInvalidInputException"); } catch(SentryInvalidInputException e) { // expected @@ -376,7 +376,7 @@ public class TestSentryStore extends org.junit.Assert { createRole(roleName); TSentryPrivilege sentryPrivilege = new TSentryPrivilege("Database", "server1", "all"); sentryPrivilege.setDbName("db1"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, sentryPrivilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, sentryPrivilege, null); } /** @@ -615,12 +615,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); // after having ALL and revoking SELECT, we should have INSERT role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -666,7 +666,7 @@ public class TestSentryStore extends org.junit.Assert { priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + i); priv.setDbName(dBase); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); } // Make sure we really have the expected number of privs in the database @@ -713,11 +713,11 @@ public class TestSentryStore extends org.junit.Assert { priv.setTableName(table + i); priv.setDbName(dBase); priv.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); priv.setAction(AccessConstants.SELECT); priv.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); // after having ALL and revoking SELECT, we should have INSERT MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); @@ -767,11 +767,11 @@ public class TestSentryStore extends org.junit.Assert { priv.setTableName(table + i); priv.setDbName(dBase); priv.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); priv.setAction(AccessConstants.SELECT); priv.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); assertFalse(sentryStore.findOrphanedPrivileges()); @@ -779,25 +779,25 @@ public class TestSentryStore extends org.junit.Assert { //Remove the INSERT privilege as well. //There should not be any more privileges in the sentry store priv.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); priv.setAction(AccessConstants.CREATE); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); priv.setAction(AccessConstants.DROP); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); priv.setAction(AccessConstants.ALTER); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); @@ -840,7 +840,7 @@ public class TestSentryStore extends org.junit.Assert { priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + i); priv.setDbName(dBase); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); } // Make sure we really have the expected number of privs in the database @@ -854,7 +854,7 @@ public class TestSentryStore extends org.junit.Assert { priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + '0'); priv.setDbName(dBase); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); //There should be SELECT privilege in the sentry store priv = new TSentryPrivilege(); @@ -872,7 +872,7 @@ public class TestSentryStore extends org.junit.Assert { // should have NUM_PRIVS - 1 ALL privileges, and 4 privileges (SELECT, CREATE, DROP, ALTER) assertEquals("Privilege Count", NUM_PRIVS, role.getPrivileges().size()); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", NUM_PRIVS - 1, role.getPrivileges().size()); @@ -908,10 +908,10 @@ public class TestSentryStore extends org.junit.Assert { priv.setTableName(table + i); priv.setDbName(dBase); priv.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); priv.setAction(AccessConstants.ALTER); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); @@ -974,7 +974,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.SELECT); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); // After revoking table scope, we will have 0 privileges role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1004,16 +1004,16 @@ public class TestSentryStore extends org.junit.Assert { privilege.setCreateTime(System.currentTimeMillis()); // Grant ALL on c1 and c2 - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); privilege.setColumnName(column2); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); // Revoke SELECT on c2 privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); // At this point c1 has ALL privileges and c2 should have (INSERT, CREATE, DROP, ALTER) // after revoking SELECT @@ -1044,7 +1044,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.INSERT); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -1052,7 +1052,7 @@ public class TestSentryStore extends org.junit.Assert { // Revoke ALL from the table should now remove all the column privileges. privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 0, privileges.size()); @@ -1081,15 +1081,15 @@ public class TestSentryStore extends org.junit.Assert { privilegeTable2.setTableName(table2); // Grant ALL on table1 and table2 - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilegeTable1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilegeTable2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeTable1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeTable2, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); // Revoke SELECT on table2 privilegeTable2.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilegeTable2, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeTable2, null); // after having ALL and revoking SELECT, we should have (INSERT) at table2 role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1113,7 +1113,7 @@ public class TestSentryStore extends org.junit.Assert { privilegeTable2.setAction(AccessConstants.INSERT); privilegeTable2.setPrivilegeScope("DATABASE"); privilegeTable2.unsetTableName(); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilegeTable2, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeTable2, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1161,15 +1161,15 @@ public class TestSentryStore extends org.junit.Assert { privilegeCol2.setColumnName(column2); // Grant ALL on column1 and column2 - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilegeCol1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilegeCol2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeCol1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeCol2, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); // Revoke SELECT on column2 privilegeCol2.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilegeCol2, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeCol2, null); // after having ALL and revoking SELECT, we should have (INSERT) role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1194,7 +1194,7 @@ public class TestSentryStore extends org.junit.Assert { privilegeCol2.setPrivilegeScope("DATABASE"); privilegeCol2.unsetTableName(); privilegeCol2.unsetColumnName(); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilegeCol2, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeCol2, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1234,12 +1234,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(grantOption); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); assertEquals(Boolean.valueOf(privilege.getGrantOption().toString()), Iterables.get(privileges, 0).getGrantOption()); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(0, privileges.size()); @@ -1255,14 +1255,14 @@ public class TestSentryStore extends org.junit.Assert { privilege.setGrantOption(TSentryGrantOption.TRUE); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(grantOption); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); privilege.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); // after having ALL and revoking SELECT, we should have (INSERT) role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1318,16 +1318,16 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setCreateTime(System.currentTimeMillis()); privilege1.setGrantOption(TSentryGrantOption.FALSE); // user0_0 has the privilege without grant option - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, "roleG0", privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, "roleU0", privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleG0", privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleU0", privilege1, null); try { - sentryStore.alterSentryGrantPrivilege("user0_0", SentryEntityType.ROLE, "roleG1", privilege1, null); + sentryStore.alterSentryGrantPrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege1, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception } try { - sentryStore.alterSentryRevokePrivilege("user0_0", SentryEntityType.ROLE, "roleG1", privilege1, null); + sentryStore.alterSentryRevokePrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege1, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception @@ -1342,70 +1342,70 @@ public class TestSentryStore extends org.junit.Assert { privilege2.setCreateTime(System.currentTimeMillis()); privilege2.setGrantOption(TSentryGrantOption.TRUE); // user0_0, user0_1 can grant the same privilege to other roles - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, "roleG0", privilege2, null); - sentryStore.alterSentryGrantPrivilege("user0_0", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleG0", privilege2, null); + sentryStore.alterSentryGrantPrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user0_0", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryRevokePrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validateEmptyPrivilegeByRoleName("roleG1"); - sentryStore.alterSentryGrantPrivilege("user0_1", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryGrantPrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user0_1", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryRevokePrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validateEmptyPrivilegeByRoleName("roleG1"); // clear privilege for roleG0 - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, "roleG0", privilege2, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, "roleG0", privilege2, null); // 4. g1 grant all on database db1 to roleU0 with grant option - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, "roleU0", privilege2, null); - sentryStore.alterSentryGrantPrivilege("user0_0", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleU0", privilege2, null); + sentryStore.alterSentryGrantPrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user0_0", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryRevokePrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validateEmptyPrivilegeByRoleName("roleG1"); try { - sentryStore.alterSentryGrantPrivilege("user0_1", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryGrantPrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception } try { - sentryStore.alterSentryRevokePrivilege("user0_1", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryRevokePrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception } // clear privilege for roleG0 - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, "roleU0", privilege2, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, "roleU0", privilege2, null); // 5. g1 grant all on database db1 to roleU2, roleG0 with grant option - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, "roleU2", privilege2, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, "roleG0", privilege2, null); - sentryStore.alterSentryGrantPrivilege("user0_0", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleU2", privilege2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleG0", privilege2, null); + sentryStore.alterSentryGrantPrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user0_0", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryRevokePrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validateEmptyPrivilegeByRoleName("roleG1"); - sentryStore.alterSentryGrantPrivilege("user0_1", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryGrantPrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user0_1", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryRevokePrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validateEmptyPrivilegeByRoleName("roleG1"); - sentryStore.alterSentryGrantPrivilege("user1_0", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryGrantPrivilege("user1_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user1_0", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryRevokePrivilege("user1_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); validateEmptyPrivilegeByRoleName("roleG1"); try { - sentryStore.alterSentryGrantPrivilege("user1_1", SentryEntityType.ROLE, "roleG1", privilege2, null); + sentryStore.alterSentryGrantPrivilege("user1_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception } try { - sentryStore.alterSentryRevokePrivilege("user1_1", SentryEntityType.ROLE,"roleG1", privilege2, null); + sentryStore.alterSentryRevokePrivilege("user1_1", SentryPrincipalType.ROLE,"roleG1", privilege2, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception } // clear privilege for roleG0 - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE,"roleG0", privilege2, null); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, "roleU2", privilege2, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE,"roleG0", privilege2, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, "roleU2", privilege2, null); } private void validatePrivilegeByRoleName(String roleName, TSentryPrivilege exceptedTPrivelege) @@ -1460,7 +1460,7 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setAction(AccessConstants.ALL); privilege1.setCreateTime(System.currentTimeMillis()); privilege1.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege1, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -1475,7 +1475,7 @@ public class TestSentryStore extends org.junit.Assert { privilege2.setAction(AccessConstants.SELECT); privilege2.setCreateTime(System.currentTimeMillis()); privilege2.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege2, null); // 4. user0 grant all on table tb1 to role2, no grant option roleName = roles[2]; @@ -1488,7 +1488,7 @@ public class TestSentryStore extends org.junit.Assert { privilege3.setAction(AccessConstants.ALL); privilege3.setCreateTime(System.currentTimeMillis()); privilege3.setGrantOption(TSentryGrantOption.FALSE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege3, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege3, null); // 5. user1 has role1, no insert privilege, // grant insert to role3, will throw no grant exception @@ -1502,7 +1502,7 @@ public class TestSentryStore extends org.junit.Assert { privilege4.setCreateTime(System.currentTimeMillis()); privilege4.setGrantOption(TSentryGrantOption.FALSE); try { - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege4, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege4, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception @@ -1521,7 +1521,7 @@ public class TestSentryStore extends org.junit.Assert { privilege5.setCreateTime(System.currentTimeMillis()); privilege5.setGrantOption(TSentryGrantOption.FALSE); try { - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege5, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege5, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception @@ -1562,7 +1562,7 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setAction(AccessConstants.SELECT); privilege1.setCreateTime(System.currentTimeMillis()); privilege1.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege1, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -1578,7 +1578,7 @@ public class TestSentryStore extends org.junit.Assert { privilege2.setAction(AccessConstants.ALL); privilege2.setCreateTime(System.currentTimeMillis()); privilege2.setGrantOption(TSentryGrantOption.FALSE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege2, null); // 4. g1 grant select on table tb1 to role2, no grant option roleName = roles[2]; @@ -1591,14 +1591,14 @@ public class TestSentryStore extends org.junit.Assert { privilege3.setAction(AccessConstants.SELECT); privilege3.setCreateTime(System.currentTimeMillis()); privilege3.setGrantOption(TSentryGrantOption.FALSE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege3, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege3, null); // 5. user1 has role1, no grant option, // revoke from role2 will throw no grant exception roleName = roles[2]; grantor = users[1]; try { - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege3, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege3, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception @@ -1609,7 +1609,7 @@ public class TestSentryStore extends org.junit.Assert { roleName = roles[1]; grantor = users[0]; try { - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege2, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege2, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception @@ -1619,7 +1619,7 @@ public class TestSentryStore extends org.junit.Assert { // revoke select from role2 roleName = roles[2]; grantor = users[0]; - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege3, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege3, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(0, privileges.size()); @@ -1657,19 +1657,19 @@ public class TestSentryStore extends org.junit.Assert { privilege.setAction(AccessConstants.SELECT); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); // 3. g1 grant select on table tb1 to role0, no grant option roleName = roles[0]; grantor = "g1"; privilege.setGrantOption(TSentryGrantOption.FALSE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); // 4. g1 revoke all privilege from role0 roleName = roles[0]; grantor = "g1"; privilege.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 0, privileges.size()); @@ -1708,7 +1708,7 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setAction(AccessConstants.SELECT); privilege1.setCreateTime(System.currentTimeMillis()); privilege1.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege1, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -1726,13 +1726,13 @@ public class TestSentryStore extends org.junit.Assert { privilege2.setAction(AccessConstants.SELECT); privilege2.setCreateTime(System.currentTimeMillis()); privilege2.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege2, null); // 4. user1 revoke table level privilege from user0, will throw grant denied exception roleName = roles[0]; grantor = users[1]; try { - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege1, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege1, null); fail("Expected SentryGrantDeniedException exception"); } catch (SentryGrantDeniedException e) { // excepted exception @@ -1741,7 +1741,7 @@ public class TestSentryStore extends org.junit.Assert { // 5. user0 revoke column level privilege from user1 roleName = roles[1]; grantor = users[0]; - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege2, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege2, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(0, privileges.size()); @@ -1762,12 +1762,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); privilege.setServerName("Server1"); privilege.setDbName("DB1"); privilege.setTableName("TBL1"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -1790,13 +1790,13 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege1, null); TSentryPrivilege privilege2 = new TSentryPrivilege(); privilege2.setPrivilegeScope("SERVER"); privilege2.setServerName("server1"); privilege2.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege2, null); Set<TSentryGroup> groups = Sets.newHashSet(); Set<String> users = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); @@ -1988,17 +1988,17 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege3_2 = new TSentryPrivilege(privilege_tbl2); privilege3_2.setAction("INSERT"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege2_1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege_server, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege2_3, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege2_1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege_server, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege2_3, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName3, privilege3_1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName3, privilege3_2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName3, privilege3_1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName3, privilege3_2, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName2, privilege2_3, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName2, privilege2_3, null); sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1)); @@ -2063,7 +2063,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setDb("db1"); tSentryAuthorizable.setTable("tbl1"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) .size()); @@ -2072,15 +2072,15 @@ public class TestSentryStore extends org.junit.Assert { ownerInfoList = sentryStore.listOwnersByAuthorizable(tSentryAuthorizable); assertEquals(1, ownerInfoList.size()); - assertEquals(SentryEntityType.ROLE, ownerInfoList.get(0).getOwnerType()); + assertEquals(SentryPrincipalType.ROLE, ownerInfoList.get(0).getOwnerType()); assertEquals(roleName1, ownerInfoList.get(0).getOwnerName()); // Change owner from a one role to another role - sentryStore.updateOwnerPrivilege(tSentryAuthorizable, roleName2, SentryEntityType.ROLE, null); + sentryStore.updateOwnerPrivilege(tSentryAuthorizable, roleName2, SentryPrincipalType.ROLE, null); ownerInfoList = sentryStore.listOwnersByAuthorizable(tSentryAuthorizable); assertEquals(1, ownerInfoList.size()); - assertEquals(SentryEntityType.ROLE, ownerInfoList.get(0).getOwnerType()); + assertEquals(SentryPrincipalType.ROLE, ownerInfoList.get(0).getOwnerType()); assertEquals(roleName2, ownerInfoList.get(0).getOwnerName()); assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) @@ -2093,22 +2093,22 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl2.setTableName("tbl2"); // Change owner from a one user to another user - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER,userName1, privilege_tbl2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER,userName1, privilege_tbl2, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName1) .size()); - sentryStore.updateOwnerPrivilege(tSentryAuthorizable, userName2, SentryEntityType.USER, null); + sentryStore.updateOwnerPrivilege(tSentryAuthorizable, userName2, SentryPrincipalType.USER, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName2) .size()); ownerInfoList = sentryStore.listOwnersByAuthorizable(tSentryAuthorizable); assertEquals(1, ownerInfoList.size()); - assertEquals(SentryEntityType.USER, ownerInfoList.get(0).getOwnerType()); + assertEquals(SentryPrincipalType.USER, ownerInfoList.get(0).getOwnerType()); assertEquals(userName2, ownerInfoList.get(0).getOwnerName()); // Change owner from a user to role - sentryStore.updateOwnerPrivilege(tSentryAuthorizable, roleName1, SentryEntityType.ROLE, null); + sentryStore.updateOwnerPrivilege(tSentryAuthorizable, roleName1, SentryPrincipalType.ROLE, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) .size()); @@ -2116,7 +2116,7 @@ public class TestSentryStore extends org.junit.Assert { //Add all privilege to roleName1 and make sure that owner privilege is not effected. TSentryPrivilege privilege_tbl2_all = new TSentryPrivilege(privilege_tbl2); privilege_tbl2_all.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl2_all, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl2_all, null); // Verify that there are two privileges. assertEquals(2, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) .size()); @@ -2126,12 +2126,12 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege_tbl3_all = new TSentryPrivilege(privilege_tbl2); privilege_tbl3_all.setAction(AccessConstants.ALL); privilege_tbl3_all.setTableName("tbl3"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName3, privilege_tbl3_all, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName3, privilege_tbl3_all, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName3) .size()); TSentryPrivilege privilege_tbl3_owner = new TSentryPrivilege(privilege_tbl3_all); privilege_tbl3_owner.setAction(AccessConstants.OWNER); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName3, privilege_tbl3_owner, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName3, privilege_tbl3_owner, null); assertEquals(2, sentryStore.getAllTSentryPrivilegesByRoleName(roleName3) .size()); @@ -2159,9 +2159,9 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setDb("db1"); tSentryAuthorizable.setTable("tbl1"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); - sentryStore.updateOwnerPrivilege(tSentryAuthorizable, userName1, SentryEntityType.USER, null); + sentryStore.updateOwnerPrivilege(tSentryAuthorizable, userName1, SentryPrincipalType.USER, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName1) .size()); } @@ -2189,7 +2189,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setDb("db1"); tSentryAuthorizable.setTable("tbl1"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); sentryStore.revokeOwnerPrivileges(tSentryAuthorizable, null); assertEquals(0, sentryStore.getAllTSentryPrivilegesByUserName(userName1) @@ -2219,12 +2219,12 @@ public class TestSentryStore extends org.junit.Assert { // Change owner from a one user to another user - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName1, privilege_tbl1, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName1) .size()); - sentryStore.updateOwnerPrivilege(tSentryAuthorizable, userName2, SentryEntityType.USER, null); + sentryStore.updateOwnerPrivilege(tSentryAuthorizable, userName2, SentryPrincipalType.USER, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName2) .size()); @@ -2275,10 +2275,10 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1); privilege_tbl1_drop.setAction(AccessConstants.DROP); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_alter, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_drop, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_select, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_alter, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_drop, null); assertEquals(4, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1).size()); @@ -2319,9 +2319,9 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1_c3.setColumnName("c3"); privilege_tbl1_c3.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_c1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_c2, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege_tbl1_c3, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege_tbl1_c3, null); Set<TSentryPrivilege> privilegeSet = sentryStore.getAllTSentryPrivilegesByRoleName(roleName1); assertEquals(2, privilegeSet.size()); @@ -2357,8 +2357,8 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1); privilege_tbl1_all.setAction("*"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_all, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_all, null); sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1)); assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) @@ -2412,12 +2412,12 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1); privilege_tbl1_all.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName3, privilege_tbl1_all, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName2, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName3, privilege_tbl1_all, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege_tbl1_select, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName3, privilege_tbl1_all, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName1, privilege_tbl1_insert, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName2, privilege_tbl1_select, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName3, privilege_tbl1_all, null); TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1); TSentryAuthorizable newTable = toTSentryAuthorizable(privilege_tbl1); @@ -2483,10 +2483,10 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1); privilege_tbl1_drop.setAction(AccessConstants.DROP); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_alter, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_drop, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_select, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_alter, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_drop, null); TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1); TSentryAuthorizable newTable = toTSentryAuthorizable(privilege_tbl1); @@ -2528,14 +2528,14 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(Long.valueOf(0), sentryStore.getPrivilegeCountGauge().getValue()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, role1, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, role1, privilege, null); assertEquals(Long.valueOf(1), sentryStore.getPrivilegeCountGauge().getValue()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, role2, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, role2, privilege, null); assertEquals(Long.valueOf(1), sentryStore.getPrivilegeCountGauge().getValue()); privilege.setTableName("tb2"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, role2, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, role2, privilege, null); assertEquals(Long.valueOf(2), sentryStore.getPrivilegeCountGauge().getValue()); } @@ -2620,9 +2620,9 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1_c3.setColumnName("c3"); privilege_tbl1_c3.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_c1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1_c2, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege_tbl1_c3, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege_tbl1_c3, null); Set<TSentryPrivilege> privilegeSet = sentryStore.getAllTSentryPrivilegesByRoleName(roleName1); assertEquals(2, privilegeSet.size()); @@ -2653,7 +2653,7 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL"); tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(table); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setDb(dbName); @@ -2661,7 +2661,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setServer("server1"); Set<TSentryPrivilege> privileges = - sentryStore.getTSentryPrivileges(SentryEntityType.ROLE, new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable); + sentryStore.getTSentryPrivileges(SentryPrincipalType.ROLE, new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable); assertTrue(privileges.size() == 1); @@ -2693,7 +2693,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(table); tSentryPrivilege.setColumnName(column); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setDb(dbName); @@ -2702,7 +2702,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setServer("server1"); Set<TSentryPrivilege> privileges = - sentryStore.getTSentryPrivileges(SentryEntityType.ROLE, new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable); + sentryStore.getTSentryPrivileges(SentryPrincipalType.ROLE, new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable); assertTrue(privileges.size() == 1); @@ -2761,8 +2761,8 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege1, null); TSentryPrivilege privilege2 = new TSentryPrivilege(); privilege2.setPrivilegeScope("SERVER"); @@ -2770,7 +2770,7 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setDbName("db2"); privilege1.setAction("ALL"); privilege2.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege2, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege2, null); // Grant roles to the groups Set<TSentryGroup> groups = Sets.newHashSet(); @@ -2788,18 +2788,18 @@ public class TestSentryStore extends org.junit.Assert { privilege3.setTableName("tbl1"); privilege3.setAction("OWNER"); privilege3.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege3, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName2, privilege3, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege3, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege3, null); PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage(); - Map<String, Map<TPrivilegeEntity, String>> privs = permImage.getPrivilegeImage(); + Map<String, Map<TPrivilegePrincipal, String>> privs = permImage.getPrivilegeImage(); Map<String, List<String>> roles = permImage.getRoleImage(); assertEquals(2, privs.get("db1.tbl1").size()); assertEquals(2, roles.size()); assertEquals(2, privs.get("db3.tbl1").size()); - assertEquals("ALL", privs.get("db3.tbl1").get(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName1))); - assertEquals("ALL", privs.get("db3.tbl1").get(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName2))); + assertEquals("ALL", privs.get("db3.tbl1").get(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName1))); + assertEquals("ALL", privs.get("db3.tbl1").get(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName2))); } @@ -3441,7 +3441,7 @@ public class TestSentryStore extends org.junit.Assert { // Generate the permission add update authzObj "db1.tbl1" PermissionsUpdate addUpdate = new PermissionsUpdate(0, false); addUpdate.addPrivilegeUpdate(authzObj).putToAddPrivileges( - new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName), privilege.getAction().toUpperCase()); + new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName), privilege.getAction().toUpperCase()); // Grant the privilege to role test-privilege and verify it has been persisted. Map<TSentryPrivilege, Updateable.Update> addPrivilegesUpdateMap = Maps.newHashMap(); @@ -3460,7 +3460,7 @@ public class TestSentryStore extends org.junit.Assert { // Generate the permission delete update authzObj "db1.tbl1" PermissionsUpdate delUpdate = new PermissionsUpdate(0, false); delUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges( - new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName), + new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName), privilege.getAction().toUpperCase()); // Revoke the same privilege and verify it has been removed. @@ -3542,7 +3542,7 @@ public class TestSentryStore extends org.junit.Assert { // Generate the permission del update for dropping role "test-drop-role" PermissionsUpdate delUpdate = new PermissionsUpdate(0, false); delUpdate.addPrivilegeUpdate(PermissionsUpdate.ALL_AUTHZ_OBJ).putToDelPrivileges( - new TPrivilegeEntity(TPrivilegeEntityType.ROLE, roleName), + new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName), PermissionsUpdate.ALL_AUTHZ_OBJ); delUpdate.addRoleUpdate(roleName).addToDelGroups(PermissionsUpdate.ALL_GROUPS); @@ -3572,11 +3572,11 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1.setCreateTime(System.currentTimeMillis()); privilege_tbl1.setAction("SELECT"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); // Generate the permission drop update for dropping privilege for "db1.tbl1" PermissionsUpdate dropUpdate = new PermissionsUpdate(0, false); - dropUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.ROLE, + dropUpdate.addPrivilegeUpdate(authzObj).putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, PermissionsUpdate.ALL_ROLES), PermissionsUpdate.ALL_ROLES); @@ -3607,15 +3607,15 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1.setCreateTime(System.currentTimeMillis()); privilege_tbl1.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); // Generate the permission rename update for renaming privilege for "db1.tbl1" String oldAuthz = "db1.tbl1"; String newAuthz = "db1.tbl2"; PermissionsUpdate renameUpdate = new PermissionsUpdate(0, false); TPrivilegeChanges privUpdate = renameUpdate.addPrivilegeUpdate(PermissionsUpdate.RENAME_PRIVS); - privUpdate.putToAddPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ, newAuthz), newAuthz); - privUpdate.putToDelPrivileges(new TPrivilegeEntity(TPrivilegeEntityType.AUTHZ_OBJ, oldAuthz), oldAuthz); + privUpdate.putToAddPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, newAuthz), newAuthz); + privUpdate.putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.AUTHZ_OBJ, oldAuthz), oldAuthz); // Rename the privilege and verify. TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1); @@ -3668,7 +3668,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setCreateTime(System.currentTimeMillis()); PermissionsUpdate update = new PermissionsUpdate(i + 1, false); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, role, privilege, update); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, role, privilege, update); } assertEquals(numPermChanges, sentryStore.getMSentryPermChanges().size()); @@ -4132,12 +4132,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); MSentryUser user = sentryStore.getMSentryUserByName(userName); Set<MSentryPrivilege> privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); // after having ALL and revoking SELECT, we should have (INSERT) user = sentryStore.getMSentryUserByName(userName); privileges = user.getPrivileges(); @@ -4154,7 +4154,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); user = sentryStore.getMSentryUserByName(userName, false); assertNull(user); } @@ -4178,7 +4178,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setDbName(db); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -4188,7 +4188,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setServerName(server.toUpperCase()); privilege.setDbName(db.toUpperCase()); privilege.setTableName(table.toUpperCase()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); // check if the table privilege is created role = sentryStore.getMSentryRoleByName(roleName); @@ -4211,10 +4211,10 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName1, privilege1, null); privilege1.setAction("ALL"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName2, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName2, privilege1, null); assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider( @@ -4236,7 +4236,7 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName1, privilege1, null); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setServer("server1"); @@ -4265,14 +4265,14 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); // after having ALL and revoking SELECT, we should have (INSERT) role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -4280,7 +4280,7 @@ public class TestSentryStore extends org.junit.Assert { // second round privilege.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); List<MSentryPrivilege> totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -4289,7 +4289,7 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); // after having ALL and revoking INSERT, we should have (SELECT) totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -4315,14 +4315,14 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); MSentryUser user = sentryStore.getMSentryUserByName(userName); Set<MSentryPrivilege> privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); // after having ALL and revoking SELECT, we should have (INSERT) user = sentryStore.getMSentryUserByName(userName); privileges = user.getPrivileges(); @@ -4330,7 +4330,7 @@ public class TestSentryStore extends org.junit.Assert { // second round privilege.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName, privilege, null); + sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); List<MSentryPrivilege> totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -4339,7 +4339,7 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); // after having ALL and revoking INSERT, we should have (SELECT) totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -4349,7 +4349,7 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryEntityType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); // after having ALL and revoking INSERT and SELECT, we should have NO privileges // user should be removed automatically user = sentryStore.getMSentryUserByName(userName, false); @@ -4374,8 +4374,8 @@ public class TestSentryStore extends org.junit.Assert { toTSentryPrivilege("SELECT", "TABLE", "server1", "db1", "table2"); createRole(ROLE1); - sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryEntityType.ROLE, ROLE1, ROLE1_PRIV1, null); - sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryEntityType.ROLE, ROLE1, ROLE1_PRIV2, null); + sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryPrincipalType.ROLE, ROLE1, ROLE1_PRIV1, null); + sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryPrincipalType.ROLE, ROLE1, ROLE1_PRIV2, null); final String ROLE2 = "role2"; final TSentryPrivilege ROLE2_PRIV1 = @@ -4384,8 +4384,8 @@ public class TestSentryStore extends org.junit.Assert { toTSentryPrivilege("ALL", "SERVER", "server1", "", ""); createRole(ROLE2); - sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryEntityType.ROLE, ROLE2, ROLE2_PRIV1, null); - sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryEntityType.ROLE, ROLE2, ROLE2_PRIV2, null); + sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryPrincipalType.ROLE, ROLE2, ROLE2_PRIV1, null); + sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryPrincipalType.ROLE, ROLE2, ROLE2_PRIV2, null); final String ROLE3 = "role3"; @@ -4422,8 +4422,8 @@ public class TestSentryStore extends org.junit.Assert { toTSentryPrivilege("SELECT", "TABLE", "server1", "db1", "table2"); createUser(USER1); - sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryEntityType.USER, USER1, USER1_PRIV1, null); - sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryEntityType.USER,USER1, USER1_PRIV2, null); + sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryPrincipalType.USER, USER1, USER1_PRIV1, null); + sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryPrincipalType.USER,USER1, USER1_PRIV2, null); final String USER2 = "user2"; final TSentryPrivilege USER2_PRIV1 = @@ -4432,8 +4432,8 @@ public class TestSentryStore extends org.junit.Assert { toTSentryPrivilege("ALL", "SERVER", "server1", "", ""); createUser(USER2); - sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryEntityType.USER,USER2, USER2_PRIV1, null); - sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryEntityType.USER,USER2, USER2_PRIV2, null); + sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryPrincipalType.USER,USER2, USER2_PRIV1, null); + sentryStore.alterSentryGrantPrivilege(GRANTOR, SentryPrincipalType.USER,USER2, USER2_PRIV2, null); final String USER3 = "user3";
