Repository: sentry Updated Branches: refs/heads/master ea7a33b77 -> 7a4320968
SENTRY-2460: Export sentry permission information to HDFS location. (Kalyan Kumar Kalvagadda reviewed by Sergio Pena) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/7a432096 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/7a432096 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/7a432096 Branch: refs/heads/master Commit: 7a43209685506b8b8a869bab00086d367a524ebf Parents: ea7a33b Author: Kalyan Kumar Kalvagadda <[email protected]> Authored: Fri Dec 7 09:18:39 2018 -0600 Committer: Kalyan Kumar Kalvagadda <[email protected]> Committed: Fri Dec 7 09:18:39 2018 -0600 ---------------------------------------------------------------------- .../hive/SentryIniPolicyFileFormatter.java | 46 +++++-- .../binding/hive/SentryPolicyFileFormatter.java | 2 +- .../binding/hive/authz/SentryConfigTool.java | 2 +- .../hive/TestSentryIniPolicyFileFormatter.java | 124 ++++++++++++++++--- .../sentry/service/common/ServiceConstants.java | 5 + .../thrift/TestSentryServiceImportExport.java | 5 + .../persistent/TestSentryStoreImportExport.java | 3 + .../tests/e2e/hive/TestPolicyImportExport.java | 61 +++++++++ 8 files changed, 217 insertions(+), 31 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/7a432096/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryIniPolicyFileFormatter.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryIniPolicyFileFormatter.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryIniPolicyFileFormatter.java index b8ec8a1..8c3895c 100644 --- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryIniPolicyFileFormatter.java +++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryIniPolicyFileFormatter.java @@ -18,28 +18,31 @@ package org.apache.sentry.binding.hive; -import java.io.File; +import java.io.BufferedWriter; +import java.io.OutputStream; +import java.io.OutputStreamWriter; import java.util.List; import java.util.Map; import java.util.Set; +import com.google.common.base.Strings; import com.google.common.collect.Sets; import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; import org.apache.sentry.core.common.exception.SentryConfigurationException; import org.apache.sentry.core.common.utils.SentryConstants; import org.apache.sentry.core.common.utils.PolicyFileConstants; import org.apache.sentry.core.common.utils.PolicyFiles; +import org.apache.sentry.service.common.ServiceConstants; import org.apache.shiro.config.Ini; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.base.Charsets; import com.google.common.base.Joiner; import com.google.common.collect.Lists; import com.google.common.collect.Maps; -import com.google.common.io.Files; /** * SentryIniPolicyFileFormatter is to parse file and write data to file for sentry mapping data with @@ -58,8 +61,8 @@ public class SentryIniPolicyFileFormatter implements SentryPolicyFileFormatter { /** * Write the sentry mapping data to ini file. * - * @param resourcePath - * The path of the output file + * @param resourcePath The path of the output file + * @param conf sentry configuration * @param sentryMappingData * The map for sentry mapping data, eg: * for the following mapping data: @@ -82,11 +85,19 @@ public class SentryIniPolicyFileFormatter implements SentryPolicyFileFormatter { * } */ @Override - public void write(String resourcePath, Map<String, Map<String, Set<String>>> sentryMappingData) + public void write(String resourcePath, Configuration conf, Map<String, Map<String, Set<String>>> sentryMappingData) throws Exception { - File destFile = new File(resourcePath); - if (destFile.exists() && !destFile.delete()) { - throw new IllegalStateException("Unable to delete " + destFile); + Path path = new Path(resourcePath); + if (Strings.isNullOrEmpty(path.toUri().getScheme())) { + // Path provided did not have any URI scheme. Update the scheme based on configuration. + String defaultFs = conf.get(ServiceConstants.ClientConfig.SENTRY_EXPORT_IMPORT_DEFAULT_FS, + ServiceConstants.ClientConfig.SENTRY_EXPORT_IMPORT_DEFAULT_FS_DEFAULT); + path = new Path(defaultFs + resourcePath); + } + + FileSystem fileSystem = path.getFileSystem(conf); + if (fileSystem.exists(path)) { + fileSystem.delete(path,true); } String contents = Joiner .on(NL) @@ -98,8 +109,19 @@ public class SentryIniPolicyFileFormatter implements SentryPolicyFileFormatter { generateSection(PolicyFileConstants.ROLES, sentryMappingData.get(PolicyFileConstants.ROLES)), ""); - LOGGER.info("Writing policy file to " + destFile + ":\n" + contents); - Files.write(contents, destFile, Charsets.UTF_8); + LOGGER.info("Writing policy information to file located at" + path); + OutputStream os = fileSystem.create(path); + BufferedWriter br = new BufferedWriter( new OutputStreamWriter( os, "UTF-8" ) ); + try { + br.write(contents); + } + catch (Exception exception) { + LOGGER.error("Failed to export policy information to file, located at " + path); + } + finally { + br.close(); + fileSystem.close(); + } } /** @@ -156,7 +178,7 @@ public class SentryIniPolicyFileFormatter implements SentryPolicyFileFormatter { // generate the ini section according to the mapping data. private String generateSection(String name, Map<String, Set<String>> mappingData) { - if (mappingData.isEmpty()) { + if (mappingData == null || mappingData.isEmpty()) { return ""; } List<String> lines = Lists.newArrayList(); http://git-wip-us.apache.org/repos/asf/sentry/blob/7a432096/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatter.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatter.java b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatter.java index 4f465b3..441e0cc 100644 --- a/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatter.java +++ b/sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/SentryPolicyFileFormatter.java @@ -29,7 +29,7 @@ import org.apache.hadoop.conf.Configuration; public interface SentryPolicyFileFormatter { // write the sentry mapping data to file - void write(String resourcePath, Map<String, Map<String, Set<String>>> sentryMappingData) + void write(String resourcePath, Configuration conf, Map<String, Map<String, Set<String>>> sentryMappingData) throws Exception; // parse the sentry mapping data from file http://git-wip-us.apache.org/repos/asf/sentry/blob/7a432096/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java index 5f1e3e9..3a0c0f0 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryConfigTool.java @@ -309,7 +309,7 @@ public class SentryConfigTool { SentryPolicyFileFormatter sentryPolicyFileFormatter = SentryPolicyFileFormatFactory .createFileFormatter(authzConf); // write the sentry mapping data to exportPolicyFilePath with the data in map structure - sentryPolicyFileFormatter.write(exportPolicyFilePath, policyFileMappingData); + sentryPolicyFileFormatter.write(exportPolicyFilePath, authzConf, policyFileMappingData); } } http://git-wip-us.apache.org/repos/asf/sentry/blob/7a432096/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryIniPolicyFileFormatter.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryIniPolicyFileFormatter.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryIniPolicyFileFormatter.java index 7baeee1..76f5b09 100644 --- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryIniPolicyFileFormatter.java +++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryIniPolicyFileFormatter.java @@ -21,13 +21,20 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import java.io.File; +import java.io.IOException; import java.util.Map; import java.util.Set; +import org.apache.commons.io.FileUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FileSystem; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.hdfs.MiniDFSCluster; import org.apache.sentry.binding.hive.conf.HiveAuthzConf; import org.apache.sentry.core.common.utils.SentryConstants; import org.apache.sentry.core.common.utils.PolicyFileConstants; -import org.junit.Test; + +import org.junit.*; import com.google.common.collect.Maps; import com.google.common.collect.Sets; @@ -36,7 +43,13 @@ import com.google.common.io.Resources; public class TestSentryIniPolicyFileFormatter { - private static final String RESOURCE_PATH = "testImportExportPolicy.ini"; + private static final String RESOURCE_FILE = "testImportExportPolicy.ini"; + private static File baseDir; + private static MiniDFSCluster dfsCluster; + private static FileSystem fileSystem; + private static Path root; + private static Path etc; + // define the privileges public static String PRIVILIEGE1 = "server=server1"; public static String PRIVILIEGE2 = "server=server1->action=select->grantoption=false"; @@ -47,13 +60,39 @@ public class TestSentryIniPolicyFileFormatter { public static String PRIVILIEGE7 = "server=server1->db=db1->table=tbl4->column=col1->action=all->grantoption=true"; public static String PRIVILIEGE8 = "server=server1->uri=hdfs://testserver:9999/path2->action=insert"; - private Map<String, Map<String, Set<String>>> policyFileMappingData1; - private Map<String, Map<String, Set<String>>> policyFileMappingData2; - private Map<String, Map<String, Set<String>>> policyFileMappingData3; - private Map<String, Map<String, Set<String>>> policyFileMappingData4; - private Map<String, Map<String, Set<String>>> policyFileMappingData5; + private static Map<String, Map<String, Set<String>>> policyFileMappingData1; + private static Map<String, Map<String, Set<String>>> policyFileMappingData2; + private static Map<String, Map<String, Set<String>>> policyFileMappingData3; + private static Map<String, Map<String, Set<String>>> policyFileMappingData4; + private static Map<String, Map<String, Set<String>>> policyFileMappingData5; + + @BeforeClass + public static void setup() throws IOException { + baseDir = Files.createTempDir(); + Assert.assertNotNull(baseDir); + File dfsDir = new File(baseDir, "dfs"); + assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs()); + Configuration conf = new Configuration(); + conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath()); + dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).build(); + fileSystem = dfsCluster.getFileSystem(); + root = new Path(fileSystem.getUri().toString()); + etc = new Path(root, "/etc"); + fileSystem.mkdirs(etc); + prepareTestData(); + } + + @AfterClass + public static void teardownLocalClazz() throws Exception{ + if(baseDir != null) { + FileUtils.deleteQuietly(baseDir); + } + if(dfsCluster != null) { + dfsCluster.shutdown(); + } + } - private void prepareTestData() { + private static void prepareTestData() { // test data for: // [users] // user1=role1,role2,role3 @@ -170,42 +209,93 @@ public class TestSentryIniPolicyFileFormatter { policyFileMappingData5.put(PolicyFileConstants.ROLES, rolePrivilegesMap); } + + @Before + public void setupBeforeTest() throws IOException { + fileSystem.delete(etc, true); + fileSystem.mkdirs(etc); + } + + /** + * Test to verify import and export into local file system. + * @throws Exception + */ @Test - public void testImportExport() throws Exception { - prepareTestData(); + public void testImportExportFromLocalFilesystem() throws Exception { + File baseDir = Files.createTempDir(); - String resourcePath = (new File(baseDir, RESOURCE_PATH)).getAbsolutePath(); + String resourcePath = (new File(baseDir, RESOURCE_FILE)).getAbsolutePath(); HiveAuthzConf authzConf = new HiveAuthzConf(Resources.getResource("sentry-site.xml")); SentryIniPolicyFileFormatter iniFormatter = new SentryIniPolicyFileFormatter(); // test data1 - iniFormatter.write(resourcePath, policyFileMappingData1); + iniFormatter.write(resourcePath, authzConf, policyFileMappingData1); Map<String, Map<String, Set<String>>> parsedMappingData = iniFormatter.parse(resourcePath, authzConf); validateSentryMappingData(parsedMappingData, policyFileMappingData1); // test data2 - iniFormatter.write(resourcePath, policyFileMappingData2); + iniFormatter.write(resourcePath, authzConf, policyFileMappingData2); parsedMappingData = iniFormatter.parse(resourcePath, authzConf); validateSentryMappingData(parsedMappingData, policyFileMappingData2); // test data3 - iniFormatter.write(resourcePath, policyFileMappingData3); + iniFormatter.write(resourcePath, authzConf, policyFileMappingData3); parsedMappingData = iniFormatter.parse(resourcePath, authzConf); validateSentryMappingData(parsedMappingData, policyFileMappingData3); // test data4 - iniFormatter.write(resourcePath, policyFileMappingData4); + iniFormatter.write(resourcePath, authzConf, policyFileMappingData4); parsedMappingData = iniFormatter.parse(resourcePath, authzConf); validateSentryMappingData(parsedMappingData, policyFileMappingData4); // test data5 - iniFormatter.write(resourcePath, policyFileMappingData5); + iniFormatter.write(resourcePath, authzConf, policyFileMappingData5); parsedMappingData = iniFormatter.parse(resourcePath, authzConf); assertTrue(parsedMappingData.get(PolicyFileConstants.USER_ROLES).isEmpty()); assertTrue(parsedMappingData.get(PolicyFileConstants.GROUPS).isEmpty()); assertTrue(parsedMappingData.get(PolicyFileConstants.ROLES).isEmpty()); - (new File(baseDir, RESOURCE_PATH)).delete(); + (new File(baseDir, RESOURCE_FILE)).delete(); + } + + /** + * Test to verify import and export into a hdfs file + * @throws Exception + */ + @Test + public void testImportExportFromHDFS() throws Exception { + Path resourcePath = new Path(etc, RESOURCE_FILE); + String resourcePathStr = resourcePath.toUri().toString(); + HiveAuthzConf authzConf = new HiveAuthzConf(Resources.getResource("sentry-site.xml")); + SentryIniPolicyFileFormatter iniFormatter = new SentryIniPolicyFileFormatter(); + + // test data1 + iniFormatter.write(resourcePathStr, authzConf, policyFileMappingData1); + Map<String, Map<String, Set<String>>> parsedMappingData = iniFormatter.parse(resourcePath.toUri().toString(), + authzConf); + validateSentryMappingData(parsedMappingData, policyFileMappingData1); + + // test data2 + iniFormatter.write(resourcePathStr, authzConf, policyFileMappingData2); + parsedMappingData = iniFormatter.parse(resourcePath.toUri().toString(), authzConf); + validateSentryMappingData(parsedMappingData, policyFileMappingData2); + + // test data3 + iniFormatter.write(resourcePathStr, authzConf, policyFileMappingData3); + parsedMappingData = iniFormatter.parse(resourcePath.toUri().toString(), authzConf); + validateSentryMappingData(parsedMappingData, policyFileMappingData3); + + // test data4 + iniFormatter.write(resourcePathStr, authzConf, policyFileMappingData4); + parsedMappingData = iniFormatter.parse(resourcePath.toUri().toString(), authzConf); + validateSentryMappingData(parsedMappingData, policyFileMappingData4); + + // test data5 + iniFormatter.write(resourcePathStr, authzConf, policyFileMappingData5); + parsedMappingData = iniFormatter.parse(resourcePath.toUri().toString(), authzConf); + assertTrue(parsedMappingData.get(PolicyFileConstants.USER_ROLES).isEmpty()); + assertTrue(parsedMappingData.get(PolicyFileConstants.GROUPS).isEmpty()); + assertTrue(parsedMappingData.get(PolicyFileConstants.ROLES).isEmpty()); } // verify the mapping data http://git-wip-us.apache.org/repos/asf/sentry/blob/7a432096/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java index 092060c..26a58f6 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java @@ -266,6 +266,11 @@ public class ServiceConstants { public static final int SENTRY_DB_VALUE_GENERATION_ALLOCATION_SIZE_DEFAULT = 100; } + public static class ClientConfig { + public static final String SENTRY_EXPORT_IMPORT_DEFAULT_FS = "sentry.export.import.default.fs"; + public static final String SENTRY_EXPORT_IMPORT_DEFAULT_FS_DEFAULT = "file:///"; + } + public static final String SENTRY_ZK_JAAS_NAME = "Sentry"; public static final String CURRENT_INCARNATION_ID_KEY = "current.incarnation.key"; http://git-wip-us.apache.org/repos/asf/sentry/blob/7a432096/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceImportExport.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceImportExport.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceImportExport.java index cf1fdab..69be166 100644 --- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceImportExport.java +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceImportExport.java @@ -35,6 +35,11 @@ import org.junit.Test; import com.google.common.collect.Maps; import com.google.common.collect.Sets; +/** + * Test makes sure that sentry client is gathering all the permission information from sentry server + * while export and makes sure that sentry client is retrieving the permission information from sentry server + * as requested. + */ public class TestSentryServiceImportExport extends SentryServiceIntegrationBase { // define the privileges http://git-wip-us.apache.org/repos/asf/sentry/blob/7a432096/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java index df9299c..44548dc 100644 --- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java @@ -51,6 +51,9 @@ import com.google.common.collect.Maps; import com.google.common.collect.Sets; import com.google.common.io.Files; +/** + * This test verifies that the sentry store APIs for export/import are working as expected. + */ public class TestSentryStoreImportExport { private static File dataDir; http://git-wip-us.apache.org/repos/asf/sentry/blob/7a432096/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java index b048989..d653aca 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPolicyImportExport.java @@ -26,11 +26,14 @@ import java.lang.reflect.UndeclaredThrowableException; import java.util.Map; import java.util.Set; +import org.apache.commons.io.FileUtils; +import org.apache.hadoop.fs.Path; import org.apache.sentry.binding.hive.SentryPolicyFileFormatFactory; import org.apache.sentry.binding.hive.SentryPolicyFileFormatter; import org.apache.sentry.binding.hive.authz.SentryConfigTool; import org.apache.sentry.core.common.utils.SentryConstants; import org.apache.sentry.core.common.utils.PolicyFileConstants; +import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; @@ -39,6 +42,9 @@ import com.google.common.collect.Maps; import com.google.common.collect.Sets; import com.google.common.io.Resources; +/** + * Performs e2e tests on export/import of sentry permissions. + */ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration { // resources/testPolicyImport.ini is used for the import test and all the following @@ -52,8 +58,13 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration public static String PRIVILIEGE6 = "server=server1->db=db1->table=tbl3->column=col1->action=*->grantoption=true"; public static String PRIVILIEGE7 = "server=server1->db=db1->table=tbl4->column=col1->action=all->grantoption=true"; public static String PRIVILIEGE8 = "server=server1->uri=hdfs://testserver:9999/path2->action=insert"; + private static final String IMPORT_FILE = "testImportPolicy.ini"; + private static final String EXPORT_FILE = "testExportPolicy.ini"; + private SentryConfigTool configTool; + private static Path root; + private static Path etc; @BeforeClass public static void setupTestStaticConfiguration() throws Exception{ @@ -62,6 +73,17 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration String requestorUserName = System.getProperty("user.name", ""); StaticUserGroup.getStaticMapping().put(requestorUserName, ADMINGROUP); AbstractTestWithStaticConfiguration.setupTestStaticConfiguration(); + root = new Path(fileSystem.getUri().toString()); + etc = new Path(root, "/etc"); + fileSystem.mkdirs(etc); + } + + @AfterClass + public static void teardown() throws Exception{ + if(baseDir != null) { + FileUtils.deleteQuietly(baseDir); + } + tearDownTestStaticConfiguration(); } @Before @@ -134,6 +156,7 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration return policyFileMappingData; } + @Test public void testImportExportPolicy() throws Exception { String importFileName = "testPolicyImport.ini"; @@ -161,6 +184,7 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration // test export with objectPath db=db1 configTool.setObjectPath("db=db1"); configTool.exportPolicy(); + policyFileMappingData = getExceptedDb1ExportData(); exportMappingData = sentryPolicyFileFormatter.parse( exportFile.getAbsolutePath(), configTool.getAuthzConf()); @@ -168,6 +192,43 @@ public class TestPolicyImportExport extends AbstractTestWithStaticConfiguration } @Test + public void testImportExportFromHDFS() throws Exception { + + Path importPath = new Path(etc, IMPORT_FILE); + Path exportPath = new Path(etc, EXPORT_FILE); + + Map<String, Map<String, Set<String>>> policyFileMappingData = + getExceptedAllExportData(); + + //Populate sentry permissions using sentryPolicyFileFormatter + SentryPolicyFileFormatter sentryPolicyFileFormatter = SentryPolicyFileFormatFactory + .createFileFormatter(configTool.getAuthzConf()); + sentryPolicyFileFormatter.write(importPath.toUri().toString(), configTool.getAuthzConf(), policyFileMappingData); + + // Import the permission information from sentry server to a HDFS file + configTool.setImportPolicyFilePath(importPath.toUri().toString()); + configTool.importPolicy(); + + // Export the permission information to a HDFS file + configTool.setExportPolicyFilePath(exportPath.toUri().toString()); + configTool.exportPolicy(); + + // Verify the exported data matches with the data that was imported. + Map<String, Map<String, Set<String>>> exportMappingData = sentryPolicyFileFormatter.parse( + exportPath.toUri().toString(), configTool.getAuthzConf()); + validateSentryMappingData(exportMappingData, policyFileMappingData); + + // test export with objectPath db=db1 + configTool.setObjectPath("db=db1"); + configTool.exportPolicy(); + + policyFileMappingData = getExceptedDb1ExportData(); + exportMappingData = sentryPolicyFileFormatter.parse( + exportPath.toUri().toString(), configTool.getAuthzConf()); + validateSentryMappingData(exportMappingData, policyFileMappingData); + } + + @Test public void testImportExportPolicyForError() throws Exception { prepareForImport("testPolicyImportError.ini"); try {
