Repository: sentry Updated Branches: refs/heads/master 6734686ac -> 8e0505703
http://git-wip-us.apache.org/repos/asf/sentry/blob/8e050570/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java index 1568dc1..f2f38a3 100644 --- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java @@ -51,7 +51,6 @@ import org.apache.sentry.core.common.exception.SentryInvalidInputException; import org.apache.sentry.core.common.utils.SentryConstants; import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.core.common.exception.SentryAlreadyExistsException; -import org.apache.sentry.core.common.exception.SentryGrantDeniedException; import org.apache.sentry.core.common.exception.SentryNoSuchObjectException; import org.apache.sentry.hdfs.PathsUpdate; import org.apache.sentry.hdfs.PermissionsUpdate; @@ -249,8 +248,8 @@ public class TestSentryStore extends org.junit.Assert { user = sentryStore.getMSentryUserByName(users.iterator().next(), false); assertNull(user); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); } @Test @@ -266,8 +265,8 @@ public class TestSentryStore extends org.junit.Assert { tSentryPrivilege1.setURI(uri1); TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege("URI", "server1", "ALL"); tSentryPrivilege2.setURI(uri2); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, tSentryPrivilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, tSentryPrivilege2, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, tSentryPrivilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, tSentryPrivilege2, null); TSentryAuthorizable tSentryAuthorizable1 = new TSentryAuthorizable(); tSentryAuthorizable1.setUri(uri1); @@ -337,21 +336,20 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testURIGrantRevokeOnEmptyPath() throws Exception { String roleName = "test-empty-uri-role"; - String grantor = "g1"; String uri = ""; createRole(roleName); TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("URI", "server1", "ALL"); tSentryPrivilege.setURI(uri); //Test grant on empty URI try { - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); fail("Expected SentryInvalidInputException"); } catch(SentryInvalidInputException e) { // expected } //Test revoke on empty URI try { - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); fail("Expected SentryInvalidInputException"); } catch(SentryInvalidInputException e) { // expected @@ -373,11 +371,10 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testCaseSensitiveScope() throws Exception { String roleName = "role1"; - String grantor = "g1"; createRole(roleName); TSentryPrivilege sentryPrivilege = new TSentryPrivilege("Database", "server1", "all"); sentryPrivilege.setDbName("db1"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, sentryPrivilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, sentryPrivilege, null); } /** @@ -604,7 +601,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testGrantRevokePrivilege() throws Exception { String roleName = "test-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -616,12 +612,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); // after having ALL and revoking SELECT, we should have INSERT role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -651,7 +647,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testPrivilegeCleanup() throws Exception { final String roleName = "test-priv-cleanup"; - final String grantor = "g1"; final String server = "server"; final String dBase = "db"; final String table = "table-"; @@ -667,7 +662,7 @@ public class TestSentryStore extends org.junit.Assert { priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + i); priv.setDbName(dBase); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, priv, null); } // Make sure we really have the expected number of privs in the database @@ -696,7 +691,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testPrivilegeCleanup2() throws Exception { final String roleName = "test-priv-cleanup"; - final String grantor = "g1"; final String server = "server"; final String dBase = "db"; final String table = "table-"; @@ -714,11 +708,11 @@ public class TestSentryStore extends org.junit.Assert { priv.setTableName(table + i); priv.setDbName(dBase); priv.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, priv, null); priv.setAction(AccessConstants.SELECT); priv.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); // after having ALL and revoking SELECT, we should have INSERT MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); @@ -750,7 +744,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testPrivilegeCleanup3() throws Exception { final String roleName = "test-priv-cleanup"; - final String grantor = "g1"; final String server = "server"; final String dBase = "db"; final String table = "table-"; @@ -768,11 +761,11 @@ public class TestSentryStore extends org.junit.Assert { priv.setTableName(table + i); priv.setDbName(dBase); priv.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, priv, null); priv.setAction(AccessConstants.SELECT); priv.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); assertFalse(sentryStore.findOrphanedPrivileges()); @@ -780,25 +773,25 @@ public class TestSentryStore extends org.junit.Assert { //Remove the INSERT privilege as well. //There should not be any more privileges in the sentry store priv.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); priv.setAction(AccessConstants.CREATE); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); priv.setAction(AccessConstants.DROP); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); priv.setAction(AccessConstants.ALTER); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); @@ -825,7 +818,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testPrivilegeCleanup4 () throws Exception { final String roleName = "test-priv-cleanup"; - final String grantor = "g1"; final String server = "server"; final String dBase = "db"; final String table = "table-"; @@ -841,7 +833,7 @@ public class TestSentryStore extends org.junit.Assert { priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + i); priv.setDbName(dBase); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, priv, null); } // Make sure we really have the expected number of privs in the database @@ -855,7 +847,7 @@ public class TestSentryStore extends org.junit.Assert { priv.setCreateTime(System.currentTimeMillis()); priv.setTableName(table + '0'); priv.setDbName(dBase); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); //There should be SELECT privilege in the sentry store priv = new TSentryPrivilege(); @@ -873,7 +865,7 @@ public class TestSentryStore extends org.junit.Assert { // should have NUM_PRIVS - 1 ALL privileges, and 4 privileges (SELECT, CREATE, DROP, ALTER) assertEquals("Privilege Count", NUM_PRIVS, role.getPrivileges().size()); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, priv, null); role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", NUM_PRIVS - 1, role.getPrivileges().size()); @@ -891,7 +883,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testPrivilegeCleanup5() throws Exception { final String roleName = "test-priv-cleanup"; - final String grantor = "g1"; final String server = "server"; final String dBase = "db"; final String table = "table-"; @@ -909,10 +900,10 @@ public class TestSentryStore extends org.junit.Assert { priv.setTableName(table + i); priv.setDbName(dBase); priv.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, priv, null); priv.setAction(AccessConstants.ALTER); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, priv, null); + sentryStore.alterSentryRevokePrivilege( SentryPrincipalType.ROLE, roleName, priv, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); assertEquals("Privilege Count", 0, role.getPrivileges().size()); @@ -925,7 +916,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testDropIndividualPrivilegesWhenGrantAllIsGranted() throws Exception { - final String GRANTOR = "g1"; final String ROLE_NAME = "r1"; final String SERVER_NAME = "server1"; final String DB_NAME = "db1"; @@ -962,7 +952,7 @@ public class TestSentryStore extends org.junit.Assert { // Grant individual privileges to a role createRole(ROLE_NAME); - sentryStore.alterSentryRoleGrantPrivileges(GRANTOR, ROLE_NAME, grantPrivileges); + sentryStore.alterSentryRoleGrantPrivileges(ROLE_NAME, grantPrivileges); // Check those individual privileges are granted Set<TSentryPrivilege> rolePrivileges = sentryStore.getAllTSentryPrivilegesByRoleName(ROLE_NAME); @@ -973,7 +963,7 @@ public class TestSentryStore extends org.junit.Assert { } // Grant the ALL privilege (this should remove all individual privileges, and grant only ALL) - sentryStore.alterSentryRoleGrantPrivileges(GRANTOR, ROLE_NAME, Sets.newHashSet(allPrivilege)); + sentryStore.alterSentryRoleGrantPrivileges(ROLE_NAME, Sets.newHashSet(allPrivilege)); // Check the ALL and OWNER privileges are the only privileges rolePrivileges = sentryStore.getAllTSentryPrivilegesByRoleName(ROLE_NAME); @@ -982,13 +972,13 @@ public class TestSentryStore extends org.junit.Assert { assertTrue("Privilege OWNER was dropped.", rolePrivileges.contains(ownerPrivilege)); // Check the ALL WITH GRANT privilege just replaces the ALL and keeps the OWNER privilege - sentryStore.alterSentryRoleGrantPrivileges(GRANTOR, ROLE_NAME, Sets.newHashSet(allWithGrant)); + sentryStore.alterSentryRoleGrantPrivileges(ROLE_NAME, Sets.newHashSet(allWithGrant)); rolePrivileges = sentryStore.getAllTSentryPrivilegesByRoleName(ROLE_NAME); assertTrue("Privilege ALL WITH GRANT was not granted.", rolePrivileges.contains(allWithGrant)); assertTrue("Privilege OWNER was dropped.", rolePrivileges.contains(ownerPrivilege)); // Check the ALL privilege just replaces the ALL WITH GRANT and keeps the OWNER privilege - sentryStore.alterSentryRoleGrantPrivileges(GRANTOR, ROLE_NAME, Sets.newHashSet(allPrivilege)); + sentryStore.alterSentryRoleGrantPrivileges(ROLE_NAME, Sets.newHashSet(allPrivilege)); rolePrivileges = sentryStore.getAllTSentryPrivilegesByRoleName(ROLE_NAME); assertTrue("Privilege ALL was not granted.", rolePrivileges.contains(allPrivilege)); assertTrue("Privilege OWNER was dropped.", rolePrivileges.contains(ownerPrivilege)); @@ -1003,7 +993,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testGrantRevokeMultiPrivileges() throws Exception { String roleName = "test-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -1021,7 +1010,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setCreateTime(System.currentTimeMillis()); tPrivileges.add(privilege); } - sentryStore.alterSentryRoleGrantPrivileges(grantor, roleName, tPrivileges); + sentryStore.alterSentryRoleGrantPrivileges(roleName, tPrivileges); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 4, privileges.size()); @@ -1038,7 +1027,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setCreateTime(System.currentTimeMillis()); tPrivileges.add(privilege); } - sentryStore.alterSentryRoleRevokePrivileges(grantor, roleName, tPrivileges); + sentryStore.alterSentryRoleRevokePrivileges(roleName, tPrivileges); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); @@ -1050,7 +1039,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.SELECT); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); // After revoking table scope, we will have 0 privileges role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1063,7 +1052,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testGrantRevokePrivilegeWithColumn() throws Exception { String roleName = "test-col-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -1080,16 +1068,16 @@ public class TestSentryStore extends org.junit.Assert { privilege.setCreateTime(System.currentTimeMillis()); // Grant ALL on c1 and c2 - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); privilege.setColumnName(column2); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); // Revoke SELECT on c2 privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); // At this point c1 has ALL privileges and c2 should have (INSERT, CREATE, DROP, ALTER) // after revoking SELECT @@ -1120,7 +1108,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.INSERT); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -1128,7 +1116,7 @@ public class TestSentryStore extends org.junit.Assert { // Revoke ALL from the table should now remove all the column privileges. privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 0, privileges.size()); @@ -1140,7 +1128,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testGrantRevokeTablePrivilegeDowngradeByDb() throws Exception { String roleName = "test-table-db-downgrade-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table1 = "tbl1"; @@ -1157,15 +1144,15 @@ public class TestSentryStore extends org.junit.Assert { privilegeTable2.setTableName(table2); // Grant ALL on table1 and table2 - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeTable1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeTable2, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilegeTable1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilegeTable2, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); // Revoke SELECT on table2 privilegeTable2.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeTable2, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilegeTable2, null); // after having ALL and revoking SELECT, we should have (INSERT) at table2 role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1189,7 +1176,7 @@ public class TestSentryStore extends org.junit.Assert { privilegeTable2.setAction(AccessConstants.INSERT); privilegeTable2.setPrivilegeScope("DATABASE"); privilegeTable2.unsetTableName(); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeTable2, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilegeTable2, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1218,7 +1205,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testGrantRevokeColumnPrivilegeDowngradeByDb() throws Exception { String roleName = "test-column-db-downgrade-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -1237,15 +1223,15 @@ public class TestSentryStore extends org.junit.Assert { privilegeCol2.setColumnName(column2); // Grant ALL on column1 and column2 - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeCol1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeCol2, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilegeCol1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilegeCol2, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 2, privileges.size()); // Revoke SELECT on column2 privilegeCol2.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeCol2, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilegeCol2, null); // after having ALL and revoking SELECT, we should have (INSERT) role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1270,7 +1256,7 @@ public class TestSentryStore extends org.junit.Assert { privilegeCol2.setPrivilegeScope("DATABASE"); privilegeCol2.unsetTableName(); privilegeCol2.unsetColumnName(); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilegeCol2, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilegeCol2, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1295,7 +1281,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testGrantRevokePrivilegeWithGrantOption() throws Exception { String roleName = "test-grantOption-table"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -1310,12 +1295,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(grantOption); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); assertEquals(Boolean.valueOf(privilege.getGrantOption().toString()), Iterables.get(privileges, 0).getGrantOption()); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(0, privileges.size()); @@ -1331,14 +1316,14 @@ public class TestSentryStore extends org.junit.Assert { privilege.setGrantOption(TSentryGrantOption.TRUE); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(grantOption); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); privilege.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); // after having ALL and revoking SELECT, we should have (INSERT) role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -1351,357 +1336,6 @@ public class TestSentryStore extends org.junit.Assert { } @Test - public void testGrantCheckWithGroupAndUser() throws Exception { - // 1. set local group mapping and group-role, user-role mapping - // user0_0->group0 - // user0_1->group0 - // user1_0->group1 - // user1_1->group1 - // group0->roleG0 - // group1->roleG1 - // user0_0->roleU00 - // user0_1->roleU01 - // user1_0->roleU10 - // user1_1->roleU11 - String grantor = "g1"; - String[][] users = { { "user0_0", "user0_1" }, { "user1_0", "user1_1" } }; - String[] groups = { "group0", "group1" }; - String[] rolesForGroup = { "roleG0", "roleG1" }; - String[] rolesForUser = { "roleU0", "roleU1", "roleU2", "roleU3" }; - for (int i = 0; i < groups.length; i++) { - for (int j = 0; j < users[i].length; j++) { - addGroupsToUser(users[i][j], groups[i]); - sentryStore.createSentryRole(rolesForUser[i * 2 + j]); - sentryStore.alterSentryRoleAddUsers(rolesForUser[i * 2 + j], Sets.newHashSet(users[i][j])); - } - sentryStore.createSentryRole(rolesForGroup[i]); - Set<TSentryGroup> tGroups = Sets.newHashSet(); - TSentryGroup tGroup = new TSentryGroup(groups[i]); - tGroups.add(tGroup); - sentryStore.alterSentryRoleAddGroups(grantor, rolesForGroup[i], tGroups); - } - writePolicyFile(); - - // 2. g1 grant all on database db1 to roleG0, roleU0 without grant option - String server = "server1"; - String db = "db1"; - grantor = "g1"; - TSentryPrivilege privilege1 = new TSentryPrivilege(); - privilege1.setPrivilegeScope("DATABASE"); - privilege1.setServerName(server); - privilege1.setDbName(db); - privilege1.setAction(AccessConstants.ALL); - privilege1.setCreateTime(System.currentTimeMillis()); - privilege1.setGrantOption(TSentryGrantOption.FALSE); - // user0_0 has the privilege without grant option - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleG0", privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleU0", privilege1, null); - try { - sentryStore.alterSentryGrantPrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege1, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - try { - sentryStore.alterSentryRevokePrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege1, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - - // 3. g1 grant all on database db1 to roleG0 with grant option - TSentryPrivilege privilege2 = new TSentryPrivilege(); - privilege2.setPrivilegeScope("DATABASE"); - privilege2.setServerName(server); - privilege2.setDbName(db); - privilege2.setAction(AccessConstants.ALL); - privilege2.setCreateTime(System.currentTimeMillis()); - privilege2.setGrantOption(TSentryGrantOption.TRUE); - // user0_0, user0_1 can grant the same privilege to other roles - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleG0", privilege2, null); - sentryStore.alterSentryGrantPrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validateEmptyPrivilegeByRoleName("roleG1"); - sentryStore.alterSentryGrantPrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validateEmptyPrivilegeByRoleName("roleG1"); - // clear privilege for roleG0 - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, "roleG0", privilege2, null); - - // 4. g1 grant all on database db1 to roleU0 with grant option - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleU0", privilege2, null); - sentryStore.alterSentryGrantPrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validateEmptyPrivilegeByRoleName("roleG1"); - try { - sentryStore.alterSentryGrantPrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - try { - sentryStore.alterSentryRevokePrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - // clear privilege for roleG0 - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, "roleU0", privilege2, null); - - // 5. g1 grant all on database db1 to roleU2, roleG0 with grant option - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleU2", privilege2, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, "roleG0", privilege2, null); - sentryStore.alterSentryGrantPrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user0_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validateEmptyPrivilegeByRoleName("roleG1"); - sentryStore.alterSentryGrantPrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user0_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validateEmptyPrivilegeByRoleName("roleG1"); - - sentryStore.alterSentryGrantPrivilege("user1_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validatePrivilegeByRoleName("roleG1", privilege2); - sentryStore.alterSentryRevokePrivilege("user1_0", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - validateEmptyPrivilegeByRoleName("roleG1"); - try { - sentryStore.alterSentryGrantPrivilege("user1_1", SentryPrincipalType.ROLE, "roleG1", privilege2, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - try { - sentryStore.alterSentryRevokePrivilege("user1_1", SentryPrincipalType.ROLE,"roleG1", privilege2, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - // clear privilege for roleG0 - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE,"roleG0", privilege2, null); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, "roleU2", privilege2, null); - } - - private void validatePrivilegeByRoleName(String roleName, TSentryPrivilege exceptedTPrivelege) - throws Exception { - MSentryRole role = sentryStore.getMSentryRoleByName(roleName); - Set<MSentryPrivilege> privileges = role.getPrivileges(); - assertEquals(privileges.toString(), 1, privileges.size()); - MSentryPrivilege mPrivilege = Iterables.get(privileges, 0); - assertEquals(exceptedTPrivelege.getServerName(), mPrivilege.getServerName()); - assertEquals(exceptedTPrivelege.getDbName(), mPrivilege.getDbName()); - assertEquals(AccessConstants.ALL, mPrivilege.getAction()); - } - - private void validateEmptyPrivilegeByRoleName(String roleName) throws Exception { - MSentryRole role = sentryStore.getMSentryRoleByName(roleName); - Set<MSentryPrivilege> privileges = role.getPrivileges(); - assertEquals(privileges.toString(), 0, privileges.size()); - } - - @Test - public void testGrantCheckWithGrantOption() throws Exception { - // 1. set local group mapping - // user0->group0->role0 - // user1->group1->role1 - // user2->group2->role2 - // user3->group3->role3 - // user4->group4->role4 - String grantor = "g1"; - String[] users = {"user0","user1","user2","user3","user4"}; - String[] groups = { "group0", "group1", "group2", "group3", "group4" }; - String[] roles = {"role0","role1","role2","role3","role4"}; - for (int i = 0; i < users.length; i++) { - addGroupsToUser(users[i], groups[i]); - sentryStore.createSentryRole(roles[i]); - Set<TSentryGroup> tGroups = Sets.newHashSet(); - TSentryGroup tGroup = new TSentryGroup(groups[i]); - tGroups.add(tGroup); - sentryStore.alterSentryRoleAddGroups(grantor, roles[i], tGroups); - } - writePolicyFile(); - - // 2. g1 grant all on database db1 to role0 with grant option - String server = "server1"; - String db = "db1"; - String table = "tbl1"; - String roleName = roles[0]; - grantor = "g1"; - TSentryPrivilege privilege1 = new TSentryPrivilege(); - privilege1.setPrivilegeScope("DATABASE"); - privilege1.setServerName(server); - privilege1.setDbName(db); - privilege1.setAction(AccessConstants.ALL); - privilege1.setCreateTime(System.currentTimeMillis()); - privilege1.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege1, null); - MSentryRole role = sentryStore.getMSentryRoleByName(roleName); - Set<MSentryPrivilege> privileges = role.getPrivileges(); - assertEquals(privileges.toString(), 1, privileges.size()); - - // 3. user0 grant select on database db1 to role1, with grant option - roleName = roles[1]; - grantor = users[0]; - TSentryPrivilege privilege2 = new TSentryPrivilege(); - privilege2.setPrivilegeScope("DATABASE"); - privilege2.setServerName(server); - privilege2.setDbName(db); - privilege2.setAction(AccessConstants.SELECT); - privilege2.setCreateTime(System.currentTimeMillis()); - privilege2.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege2, null); - - // 4. user0 grant all on table tb1 to role2, no grant option - roleName = roles[2]; - grantor = users[0]; - TSentryPrivilege privilege3 = new TSentryPrivilege(); - privilege3.setPrivilegeScope("TABLE"); - privilege3.setServerName(server); - privilege3.setDbName(db); - privilege3.setTableName(table); - privilege3.setAction(AccessConstants.ALL); - privilege3.setCreateTime(System.currentTimeMillis()); - privilege3.setGrantOption(TSentryGrantOption.FALSE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege3, null); - - // 5. user1 has role1, no insert privilege, - // grant insert to role3, will throw no grant exception - roleName = roles[3]; - grantor = users[1]; - TSentryPrivilege privilege4 = new TSentryPrivilege(); - privilege4.setPrivilegeScope("DATABASE"); - privilege4.setServerName(server); - privilege4.setDbName(db); - privilege4.setAction(AccessConstants.INSERT); - privilege4.setCreateTime(System.currentTimeMillis()); - privilege4.setGrantOption(TSentryGrantOption.FALSE); - try { - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege4, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - - // 6. user2 has role2, no grant option, - // grant insert to role4, will throw no grant exception - roleName = roles[4]; - grantor = users[2]; - TSentryPrivilege privilege5 = new TSentryPrivilege(); - privilege5.setPrivilegeScope("TABLE"); - privilege5.setServerName(server); - privilege5.setDbName(db); - privilege5.setTableName(table); - privilege5.setAction(AccessConstants.INSERT); - privilege5.setCreateTime(System.currentTimeMillis()); - privilege5.setGrantOption(TSentryGrantOption.FALSE); - try { - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege5, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - } - - @Test - public void testRevokeCheckWithGrantOption() throws Exception { - // 1. set local group mapping - // user0->group0->role0 - // user1->group1->role1 - // user2->group2->role2 - String grantor = "g1"; - String[] users = {"user0","user1","user2"}; - String[] roles = {"role0","role1","role2"}; - String[] groups = {"group0","group1","group2"}; - for (int i = 0; i < users.length; i++) { - addGroupsToUser(users[i], groups[i]); - sentryStore.createSentryRole(roles[i]); - Set<TSentryGroup> tGroups = Sets.newHashSet(); - TSentryGroup tGroup = new TSentryGroup(groups[i]); - tGroups.add(tGroup); - sentryStore.alterSentryRoleAddGroups(grantor, roles[i], tGroups); - sentryStore.alterSentryRoleAddUsers(roles[i], Sets.newHashSet(users[i])); - } - writePolicyFile(); - - // 2. g1 grant select on database db1 to role0, with grant option - String server = "server1"; - String db = "db1"; - String table = "tbl1"; - String roleName = roles[0]; - grantor = "g1"; - TSentryPrivilege privilege1 = new TSentryPrivilege(); - privilege1.setPrivilegeScope("DATABASE"); - privilege1.setServerName(server); - privilege1.setDbName(db); - privilege1.setAction(AccessConstants.SELECT); - privilege1.setCreateTime(System.currentTimeMillis()); - privilege1.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege1, null); - MSentryRole role = sentryStore.getMSentryRoleByName(roleName); - Set<MSentryPrivilege> privileges = role.getPrivileges(); - assertEquals(privileges.toString(), 1, privileges.size()); - - // 3. g1 grant all on table tb1 to role1, no grant option - roleName = roles[1]; - grantor = "g1"; - TSentryPrivilege privilege2 = new TSentryPrivilege(); - privilege2.setPrivilegeScope("TABLE"); - privilege2.setServerName(server); - privilege2.setDbName(db); - privilege2.setTableName(table); - privilege2.setAction(AccessConstants.ALL); - privilege2.setCreateTime(System.currentTimeMillis()); - privilege2.setGrantOption(TSentryGrantOption.FALSE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege2, null); - - // 4. g1 grant select on table tb1 to role2, no grant option - roleName = roles[2]; - grantor = "g1"; - TSentryPrivilege privilege3 = new TSentryPrivilege(); - privilege3.setPrivilegeScope("TABLE"); - privilege3.setServerName(server); - privilege3.setDbName(db); - privilege3.setTableName(table); - privilege3.setAction(AccessConstants.SELECT); - privilege3.setCreateTime(System.currentTimeMillis()); - privilege3.setGrantOption(TSentryGrantOption.FALSE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege3, null); - - // 5. user1 has role1, no grant option, - // revoke from role2 will throw no grant exception - roleName = roles[2]; - grantor = users[1]; - try { - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege3, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - - // 6. user0 has role0, only have select, - // revoke all from role1 will throw no grant exception - roleName = roles[1]; - grantor = users[0]; - try { - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege2, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - - // 7. user0 has role0, has select and grant option, - // revoke select from role2 - roleName = roles[2]; - grantor = users[0]; - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege3, null); - role = sentryStore.getMSentryRoleByName(roleName); - privileges = role.getPrivileges(); - assertEquals(0, privileges.size()); - } - - @Test public void testRevokeAllGrantOption() throws Exception { // 1. set local group mapping // user0->group0->role0 @@ -1724,7 +1358,6 @@ public class TestSentryStore extends org.junit.Assert { String db = "db1"; String table = "tbl1"; String roleName = roles[0]; - grantor = "g1"; TSentryPrivilege privilege = new TSentryPrivilege(); privilege.setPrivilegeScope("TABLE"); privilege.setServerName(server); @@ -1733,100 +1366,25 @@ public class TestSentryStore extends org.junit.Assert { privilege.setAction(AccessConstants.SELECT); privilege.setCreateTime(System.currentTimeMillis()); privilege.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); // 3. g1 grant select on table tb1 to role0, no grant option roleName = roles[0]; - grantor = "g1"; privilege.setGrantOption(TSentryGrantOption.FALSE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); // 4. g1 revoke all privilege from role0 roleName = roles[0]; - grantor = "g1"; privilege.setGrantOption(TSentryGrantOption.UNSET); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 0, privileges.size()); } @Test - public void testGrantCheckWithColumn() throws Exception { - // 1. set local group mapping - // user0->group0->role0 - // user1->group1->role1 - String grantor = "g1"; - String[] users = {"user0","user1"}; - String[] roles = {"role0","role1"}; - String[] groups = {"group0","group1"}; - for (int i = 0; i < users.length; i++) { - addGroupsToUser(users[i], groups[i]); - sentryStore.createSentryRole(roles[i]); - Set<TSentryGroup> tGroups = Sets.newHashSet(); - TSentryGroup tGroup = new TSentryGroup(groups[i]); - tGroups.add(tGroup); - sentryStore.alterSentryRoleAddGroups(grantor, roles[i], tGroups); - } - writePolicyFile(); - - // 2. g1 grant select on table tb1 to role0, with grant option - String server = "server1"; - String db = "db1"; - String table = "tbl1"; - String roleName = roles[0]; - grantor = "g1"; - TSentryPrivilege privilege1 = new TSentryPrivilege(); - privilege1.setPrivilegeScope("TABLE"); - privilege1.setServerName(server); - privilege1.setDbName(db); - privilege1.setTableName(table); - privilege1.setAction(AccessConstants.SELECT); - privilege1.setCreateTime(System.currentTimeMillis()); - privilege1.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege1, null); - MSentryRole role = sentryStore.getMSentryRoleByName(roleName); - Set<MSentryPrivilege> privileges = role.getPrivileges(); - assertEquals(privileges.toString(), 1, privileges.size()); - - // 3. user0 grant select on column tb1.c1 to role1, with grant option - roleName = roles[1]; - grantor = users[0]; - String column = "c1"; - TSentryPrivilege privilege2 = new TSentryPrivilege(); - privilege2.setPrivilegeScope("COLUMN"); - privilege2.setServerName(server); - privilege2.setDbName(db); - privilege2.setTableName(table); - privilege2.setColumnName(column); - privilege2.setAction(AccessConstants.SELECT); - privilege2.setCreateTime(System.currentTimeMillis()); - privilege2.setGrantOption(TSentryGrantOption.TRUE); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege2, null); - - // 4. user1 revoke table level privilege from user0, will throw grant denied exception - roleName = roles[0]; - grantor = users[1]; - try { - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege1, null); - fail("Expected SentryGrantDeniedException exception"); - } catch (SentryGrantDeniedException e) { - // excepted exception - } - - // 5. user0 revoke column level privilege from user1 - roleName = roles[1]; - grantor = users[0]; - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege2, null); - role = sentryStore.getMSentryRoleByName(roleName); - privileges = role.getPrivileges(); - assertEquals(0, privileges.size()); - } - - @Test public void testGrantDuplicatePrivilege() throws Exception { String roleName = "test-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -1838,12 +1396,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); privilege.setServerName("Server1"); privilege.setDbName("DB1"); privilege.setTableName("TBL1"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -1866,13 +1424,13 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege1, null); TSentryPrivilege privilege2 = new TSentryPrivilege(); privilege2.setPrivilegeScope("SERVER"); privilege2.setServerName("server1"); privilege2.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege2, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege2, null); Set<TSentryGroup> groups = Sets.newHashSet(); Set<String> users = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); @@ -2024,7 +1582,6 @@ public class TestSentryStore extends org.junit.Assert { public void testDropDbObject() throws Exception { String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2", roleName3 = "list-privs-r3"; String userName1 = "user-1", userName2 = "user-2"; - String grantor = "g1"; sentryStore.createSentryRole(roleName1); sentryStore.createSentryRole(roleName2); sentryStore.createSentryRole(roleName3); @@ -2064,17 +1621,17 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege3_2 = new TSentryPrivilege(privilege_tbl2); privilege3_2.setAction("INSERT"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege2_1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege_server, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege2_3, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege2_1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege_server, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege2_3, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName3, privilege3_1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName3, privilege3_2, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName3, privilege3_1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName3, privilege3_2, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName2, privilege2_3, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName2, privilege2_3, null); sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1)); @@ -2117,7 +1674,6 @@ public class TestSentryStore extends org.junit.Assert { public void testUpdateOwnerPrivilege() throws Exception { String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2", roleName3 = "list-privs-r3"; String userName1 = "user1", userName2 = "user2"; - String grantor = "g1"; List<SentryOwnerInfo> ownerInfoList = null; sentryStore.createSentryRole(roleName1); sentryStore.createSentryRole(roleName2); @@ -2139,7 +1695,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setDb("db1"); tSentryAuthorizable.setTable("tbl1"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) .size()); @@ -2169,7 +1725,7 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl2.setTableName("tbl2"); // Change owner from a one user to another user - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER,userName1, privilege_tbl2, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER,userName1, privilege_tbl2, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName1) .size()); @@ -2192,7 +1748,7 @@ public class TestSentryStore extends org.junit.Assert { //Add all privilege to roleName1 and make sure that owner privilege is not effected. TSentryPrivilege privilege_tbl2_all = new TSentryPrivilege(privilege_tbl2); privilege_tbl2_all.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl2_all, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl2_all, null); // Verify that there are two privileges. assertEquals(2, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) .size()); @@ -2202,12 +1758,12 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege_tbl3_all = new TSentryPrivilege(privilege_tbl2); privilege_tbl3_all.setAction(AccessConstants.ALL); privilege_tbl3_all.setTableName("tbl3"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName3, privilege_tbl3_all, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName3, privilege_tbl3_all, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByRoleName(roleName3) .size()); TSentryPrivilege privilege_tbl3_owner = new TSentryPrivilege(privilege_tbl3_all); privilege_tbl3_owner.setAction(AccessConstants.OWNER); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName3, privilege_tbl3_owner, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName3, privilege_tbl3_owner, null); assertEquals(2, sentryStore.getAllTSentryPrivilegesByRoleName(roleName3) .size()); @@ -2217,7 +1773,6 @@ public class TestSentryStore extends org.junit.Assert { public void testListSentryOwnerPrivilegesByAuthorizable() throws Exception { String roleName1 = "list-privs-r1"; String userName1 = "user1"; - String grantor = "g1"; sentryStore.createSentryRole(roleName1); sentryStore.createSentryUser(userName1); @@ -2235,7 +1790,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setDb("db1"); tSentryAuthorizable.setTable("tbl1"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); sentryStore.updateOwnerPrivilege(tSentryAuthorizable, userName1, SentryPrincipalType.USER, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName1) @@ -2247,7 +1802,6 @@ public class TestSentryStore extends org.junit.Assert { String roleName1 = "list-privs-r1"; String userName1 = "user1"; - String grantor = "g1"; sentryStore.createSentryRole(roleName1); sentryStore.createSentryUser(userName1); @@ -2265,7 +1819,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryAuthorizable.setDb("db1"); tSentryAuthorizable.setTable("tbl1"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); sentryStore.revokeOwnerPrivileges(tSentryAuthorizable, null); assertEquals(0, sentryStore.getAllTSentryPrivilegesByUserName(userName1) @@ -2275,7 +1829,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testDropUserOnUpdateOwnerPrivilege() throws Exception { String userName1 = "user1", userName2 = "user2"; - String grantor = "g1"; sentryStore.createSentryUser(userName1); sentryStore.createSentryUser(userName2); @@ -2295,7 +1848,7 @@ public class TestSentryStore extends org.junit.Assert { // Change owner from a one user to another user - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName1, privilege_tbl1, null); assertEquals(1, sentryStore.getAllTSentryPrivilegesByUserName(userName1) .size()); @@ -2325,7 +1878,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testDropTableWithMultiAction() throws Exception { String roleName1 = "role1"; - String grantor = "g1"; sentryStore.createSentryRole(roleName1); TSentryPrivilege privilege_tbl1 = new TSentryPrivilege(); @@ -2351,10 +1903,10 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1); privilege_tbl1_drop.setAction(AccessConstants.DROP); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_alter, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_drop, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_select, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_alter, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_drop, null); assertEquals(4, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1).size()); @@ -2366,7 +1918,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testDropTableWithColumn() throws Exception { String roleName1 = "role1", roleName2 = "role2"; - String grantor = "g1"; String table1 = "tbl1"; sentryStore.createSentryRole(roleName1); @@ -2395,9 +1946,9 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1_c3.setColumnName("c3"); privilege_tbl1_c3.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c2, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege_tbl1_c3, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c2, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege_tbl1_c3, null); Set<TSentryPrivilege> privilegeSet = sentryStore.getAllTSentryPrivilegesByRoleName(roleName1); assertEquals(2, privilegeSet.size()); @@ -2416,7 +1967,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testDropOverlappedPrivileges() throws Exception { String roleName1 = "list-privs-r1"; - String grantor = "g1"; sentryStore.createSentryRole(roleName1); TSentryPrivilege privilege_tbl1 = new TSentryPrivilege(); @@ -2433,8 +1983,8 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1); privilege_tbl1_all.setAction("*"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_all, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_all, null); sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1)); assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1) @@ -2460,7 +2010,6 @@ public class TestSentryStore extends org.junit.Assert { public void testRenameTable() throws Exception { String roleName1 = "role1", roleName2 = "role2", roleName3 = "role3"; String userName1 = "user-1", userName2 = "user-2", userName3 = "user-3"; - String grantor = "g1"; String table1 = "tbl1", table2 = "tbl2"; sentryStore.createSentryRole(roleName1); @@ -2488,12 +2037,12 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1); privilege_tbl1_all.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName3, privilege_tbl1_all, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName2, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName3, privilege_tbl1_all, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege_tbl1_select, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName3, privilege_tbl1_all, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName1, privilege_tbl1_insert, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName2, privilege_tbl1_select, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName3, privilege_tbl1_all, null); TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1); TSentryAuthorizable newTable = toTSentryAuthorizable(privilege_tbl1); @@ -2532,7 +2081,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testRenameTableWithMultiAction() throws Exception { String roleName1 = "role1"; - String grantor = "g1"; String table1 = "tbl1", table2 = "tbl2"; sentryStore.createSentryRole(roleName1); @@ -2559,10 +2107,10 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1); privilege_tbl1_drop.setAction(AccessConstants.DROP); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_select, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_alter, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_drop, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_insert, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_select, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_alter, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_drop, null); TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1); TSentryAuthorizable newTable = toTSentryAuthorizable(privilege_tbl1); @@ -2600,18 +2148,16 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName("tb1"); privilege.setCreateTime(System.currentTimeMillis()); - String grantor = "g1"; - assertEquals(Long.valueOf(0), sentryStore.getPrivilegeCountGauge().getValue()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, role1, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, role1, privilege, null); assertEquals(Long.valueOf(1), sentryStore.getPrivilegeCountGauge().getValue()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, role2, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, role2, privilege, null); assertEquals(Long.valueOf(1), sentryStore.getPrivilegeCountGauge().getValue()); privilege.setTableName("tb2"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, role2, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, role2, privilege, null); assertEquals(Long.valueOf(2), sentryStore.getPrivilegeCountGauge().getValue()); } @@ -2667,7 +2213,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testRenameTableWithColumn() throws Exception { String roleName1 = "role1", roleName2 = "role2"; - String grantor = "g1"; String table1 = "tbl1", table2 = "tbl2"; sentryStore.createSentryRole(roleName1); @@ -2696,9 +2241,9 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1_c3.setColumnName("c3"); privilege_tbl1_c3.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c2, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege_tbl1_c3, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1_c2, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege_tbl1_c3, null); Set<TSentryPrivilege> privilegeSet = sentryStore.getAllTSentryPrivilegesByRoleName(roleName1); assertEquals(2, privilegeSet.size()); @@ -2729,7 +2274,7 @@ public class TestSentryStore extends org.junit.Assert { TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL"); tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(table); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setDb(dbName); @@ -2769,7 +2314,7 @@ public class TestSentryStore extends org.junit.Assert { tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(table); tSentryPrivilege.setColumnName(column); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, tSentryPrivilege, null); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setDb(dbName); @@ -2837,8 +2382,8 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege1, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege1, null); TSentryPrivilege privilege2 = new TSentryPrivilege(); privilege2.setPrivilegeScope("SERVER"); @@ -2846,7 +2391,7 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setDbName("db2"); privilege1.setAction("ALL"); privilege2.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege2, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege2, null); // Grant roles to the groups Set<TSentryGroup> groups = Sets.newHashSet(); @@ -2864,8 +2409,8 @@ public class TestSentryStore extends org.junit.Assert { privilege3.setTableName("tbl1"); privilege3.setAction("OWNER"); privilege3.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege3, null); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName2, privilege3, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege3, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName2, privilege3, null); PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage(); Map<String, Map<TPrivilegePrincipal, String>> privs = permImage.getPrivilegeImage(); @@ -3499,7 +3044,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testPrivilegesWithPermUpdate() throws Exception { String roleName = "test-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -3522,7 +3066,7 @@ public class TestSentryStore extends org.junit.Assert { // Grant the privilege to role test-privilege and verify it has been persisted. Map<TSentryPrivilege, Updateable.Update> addPrivilegesUpdateMap = Maps.newHashMap(); addPrivilegesUpdateMap.put(privilege, addUpdate); - sentryStore.alterSentryRoleGrantPrivileges(grantor, roleName, Sets.newHashSet(privilege), addPrivilegesUpdateMap); + sentryStore.alterSentryRoleGrantPrivileges(roleName, Sets.newHashSet(privilege), addPrivilegesUpdateMap); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -3542,7 +3086,7 @@ public class TestSentryStore extends org.junit.Assert { // Revoke the same privilege and verify it has been removed. Map<TSentryPrivilege, Updateable.Update> delPrivilegesUpdateMap = Maps.newHashMap(); delPrivilegesUpdateMap.put(privilege, delUpdate); - sentryStore.alterSentryRoleRevokePrivileges(grantor, roleName, + sentryStore.alterSentryRoleRevokePrivileges(roleName, Sets.newHashSet(privilege), delPrivilegesUpdateMap); role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -3635,7 +3179,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testDropObjWithPermUpdate() throws Exception { String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2"; - String grantor = "g1"; sentryStore.createSentryRole(roleName1); sentryStore.createSentryRole(roleName2); @@ -3648,7 +3191,7 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1.setCreateTime(System.currentTimeMillis()); privilege_tbl1.setAction("SELECT"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); // Generate the permission drop update for dropping privilege for "db1.tbl1" PermissionsUpdate dropUpdate = new PermissionsUpdate(0, false); @@ -3670,7 +3213,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testRenameObjWithPermUpdate() throws Exception { String roleName1 = "role1"; - String grantor = "g1"; String table1 = "tbl1", table2 = "tbl2"; sentryStore.createSentryRole(roleName1); @@ -3683,7 +3225,7 @@ public class TestSentryStore extends org.junit.Assert { privilege_tbl1.setCreateTime(System.currentTimeMillis()); privilege_tbl1.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName1, privilege_tbl1, null); // Generate the permission rename update for renaming privilege for "db1.tbl1" String oldAuthz = "db1.tbl1"; @@ -3722,7 +3264,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testPurgeDeltaChanges() throws Exception { String role = "purgeRole"; - String grantor = "g1"; String table = "purgeTable"; assertEquals(0, sentryStore.getMSentryPermChanges().size()); @@ -3744,7 +3285,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setCreateTime(System.currentTimeMillis()); PermissionsUpdate update = new PermissionsUpdate(i + 1, false); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, role, privilege, update); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, role, privilege, update); } assertEquals(numPermChanges, sentryStore.getMSentryPermChanges().size()); @@ -4196,7 +3737,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testGrantRevokePrivilegeForUser() throws Exception { String userName = "test-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -4208,12 +3748,12 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName, privilege, null); MSentryUser user = sentryStore.getMSentryUserByName(userName); Set<MSentryPrivilege> privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, privilege, null); // after having ALL and revoking SELECT, we should have (INSERT) user = sentryStore.getMSentryUserByName(userName); privileges = user.getPrivileges(); @@ -4230,7 +3770,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, privilege, null); user = sentryStore.getMSentryUserByName(userName, false); assertNull(user); } @@ -4243,7 +3783,6 @@ public class TestSentryStore extends org.junit.Assert { public void testGrantDuplicatePrivilegeHierchy() throws Exception { // grant database all privilege String roleName = "test-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -4254,7 +3793,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setDbName(db); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); @@ -4264,7 +3803,7 @@ public class TestSentryStore extends org.junit.Assert { privilege.setServerName(server.toUpperCase()); privilege.setDbName(db.toUpperCase()); privilege.setTableName(table.toUpperCase()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); // check if the table privilege is created role = sentryStore.getMSentryRoleByName(roleName); @@ -4287,13 +3826,13 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege1, null); TSentryPrivilege privilege2 = new TSentryPrivilege(); privilege2.setPrivilegeScope("SERVER"); privilege2.setServerName("server1"); privilege2.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName, privilege2, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName, privilege2, null); Set<TSentryGroup> groups = Sets.newHashSet(); TSentryGroup group = new TSentryGroup(); @@ -4319,7 +3858,6 @@ public class TestSentryStore extends org.junit.Assert { public void testListSentryPrivilegesForProviderForUser() throws Exception { String userName1 = "list-privs-user1"; String userName2 = "list-privs-user2"; - String grantor = "g1"; sentryStore.createSentryUser(userName1); sentryStore.createSentryUser(userName2); @@ -4330,10 +3868,10 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName1, privilege1, null); privilege1.setAction("ALL"); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName2, privilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName2, privilege1, null); assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider( @@ -4345,7 +3883,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testListSentryPrivilegesByAuthorizableForUser() throws Exception { String userName1 = "list-privs-user1"; - String grantor = "g1"; sentryStore.createSentryUser(userName1); TSentryPrivilege privilege1 = new TSentryPrivilege(); @@ -4355,7 +3892,7 @@ public class TestSentryStore extends org.junit.Assert { privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName1, privilege1, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName1, privilege1, null); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setServer("server1"); @@ -4372,7 +3909,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testGrantRevokePrivilegeMultipleTimesForRole() throws Exception { String roleName = "test-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -4384,14 +3920,14 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); MSentryRole role = sentryStore.getMSentryRoleByName(roleName); Set<MSentryPrivilege> privileges = role.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); // after having ALL and revoking SELECT, we should have (INSERT) role = sentryStore.getMSentryRoleByName(roleName); privileges = role.getPrivileges(); @@ -4399,7 +3935,7 @@ public class TestSentryStore extends org.junit.Assert { // second round privilege.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); List<MSentryPrivilege> totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -4408,7 +3944,7 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.ROLE, roleName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.ROLE, roleName, privilege, null); // after having ALL and revoking INSERT, we should have (SELECT) totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -4422,7 +3958,6 @@ public class TestSentryStore extends org.junit.Assert { @Test public void testGrantRevokePrivilegeMultipleTimesForUser() throws Exception { String userName = "test-privilege"; - String grantor = "g1"; String server = "server1"; String db = "db1"; String table = "tbl1"; @@ -4434,14 +3969,14 @@ public class TestSentryStore extends org.junit.Assert { privilege.setTableName(table); privilege.setAction(AccessConstants.ALL); privilege.setCreateTime(System.currentTimeMillis()); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName, privilege, null); MSentryUser user = sentryStore.getMSentryUserByName(userName); Set<MSentryPrivilege> privileges = user.getPrivileges(); assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, privilege, null); // after having ALL and revoking SELECT, we should have (INSERT) user = sentryStore.getMSentryUserByName(userName); privileges = user.getPrivileges(); @@ -4449,7 +3984,7 @@ public class TestSentryStore extends org.junit.Assert { // second round privilege.setAction(AccessConstants.ALL); - sentryStore.alterSentryGrantPrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryGrantPrivilege(SentryPrincipalType.USER, userName, privilege, null); List<MSentryPrivilege> totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -4458,7 +3993,7 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.INSERT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, privilege, null); // after having ALL and revoking INSERT, we should have (SELECT) totalPrivileges = sentryStore.getAllMSentryPrivileges(); assertEquals(totalPrivileges.toString(),1, totalPrivileges.size()); @@ -4468,7 +4003,7 @@ public class TestSentryStore extends org.junit.Assert { assertEquals(privileges.toString(), 1, privileges.size()); privilege.setAction(AccessConstants.SELECT); - sentryStore.alterSentryRevokePrivilege(grantor, SentryPrincipalType.USER, userName, privilege, null); + sentryStore.alterSentryRevokePrivilege(SentryPrincipalType.USER, userName, privilege, null); // after having ALL and revoking INSERT and SELECT, we should have NO privileges // user should be removed automatically user = sentryStore.getMSentryUserByName(userName, false); @@ -4484,8 +4019,6 @@ public class TestSentryStore extends org.junit.Assert { assertNotNull(allPrivileges); assertTrue(allPrivileges.isEmpty()); - final String GRANTOR = "g1"; - final String ROLE1 = "role1"; <TRUNCATED>