Repository: incubator-sentry Updated Branches: refs/heads/master fcb561e28 -> 9afc663d0
SENTRY-166 - Sentry does not accept URIs with an equals sign (=) in path. Fails with llegalArgumentException: Invalid key value (Jarcec via Brock) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/9afc663d Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/9afc663d Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/9afc663d Branch: refs/heads/master Commit: 9afc663d0d2e746180b3bf26315d32d64e7c7c1c Parents: fcb561e Author: Brock Noland <[email protected]> Authored: Sun Jun 8 15:58:09 2014 -0700 Committer: Brock Noland <[email protected]> Committed: Sun Jun 8 15:58:09 2014 -0700 ---------------------------------------------------------------------- .../thrift/TestSentryServiceIntegration.java | 29 ++++++++++++++++++++ .../apache/sentry/provider/file/KeyValue.java | 3 +- .../sentry/provider/file/TestKeyValue.java | 11 ++++++-- .../e2e/dbprovider/TestDatabaseProvider.java | 28 +++++++++++++++++++ 4 files changed, 67 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/9afc663d/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java index efc5671..788c1fb 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java @@ -259,4 +259,33 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase { client.dropRole(requestorUserName, roleName); } + // See SENTRY-166 + @Test + public void testUriWithEquals() throws Exception { + String requestorUserName = ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); + String roleName = "admin_testdb"; + String server = "server1"; + String uri = "file://u/w/h/t/partition=value/"; + setLocalGroupMapping(requestorUserName, requestorUserGroupNames); + writePolicyFile(); + + // Creating associated role + client.dropRoleIfExists(requestorUserName, roleName); + client.createRole(requestorUserName, roleName); + Set<TSentryRole> roles = client.listRoles(requestorUserName); + assertEquals("Incorrect number of roles", 1, roles.size()); + + client.grantURIPrivilege(requestorUserName, roleName, server, uri); + Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName); + assertTrue(privileges.size() == 1); + + // Revoking the same privilege + client.revokeURIPrivilege(requestorUserName, roleName, server, uri); + privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName); + assertTrue(privileges.size() == 0); + + // Clean up + client.dropRole(requestorUserName, roleName); + } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/9afc663d/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/KeyValue.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/KeyValue.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/KeyValue.java index 622736a..8015561 100644 --- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/KeyValue.java +++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/KeyValue.java @@ -27,8 +27,9 @@ import com.google.common.collect.Lists; public class KeyValue { private final String key; private final String value; + public KeyValue(String keyValue) { - List<String> kvList = Lists.newArrayList(KV_SPLITTER.trimResults().split(keyValue)); + List<String> kvList = Lists.newArrayList(KV_SPLITTER.trimResults().limit(2).split(keyValue)); if(kvList.size() != 2) { throw new IllegalArgumentException("Invalid key value: " + keyValue + " " + kvList); } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/9afc663d/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java index 1d8c9ae..4353a03 100644 --- a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java +++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java @@ -25,18 +25,23 @@ import org.junit.Test; public class TestKeyValue { - @Test(expected=IllegalArgumentException.class) - public void testKeyValueValue() throws Exception { - new KeyValue(KV_JOINER.join("a", "b", "c")); + @Test + public void testWithSeparators() throws Exception { + KeyValue kv = new KeyValue("URI=/u/h/w/t/partition=value/"); + assertEquals("URI", kv.getKey()); + assertEquals("/u/h/w/t/partition=value/", kv.getValue()); } + @Test(expected=IllegalArgumentException.class) public void testEmptyKey() throws Exception { new KeyValue(KV_JOINER.join("", "b")); } + @Test(expected=IllegalArgumentException.class) public void testEmptyValue() throws Exception { new KeyValue(KV_JOINER.join("a", "")); } + @Test public void testOneParameterConstructor() throws Exception { KeyValue kv1 = new KeyValue(KV_JOINER.join("k1", "v1")); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/9afc663d/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java index dd45a31..44f41be 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java @@ -714,4 +714,32 @@ public class TestDatabaseProvider extends AbstractTestWithDbProvider { statement.close(); connection.close(); } + + // See SENTRY-166 + @Test + public void testUriWithEquals() throws Exception { + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("CREATE ROLE role1"); + statement.execute("GRANT ALL ON URI 'file:///tmp/partition=value/file.txt' TO ROLE role1"); + + ResultSet resultSet = statement.executeQuery("SHOW GRANT ROLE role1"); + assertResultSize(resultSet, 1); + while ( resultSet.next()) { + assertThat(resultSet.getString(1), equalToIgnoringCase("file:///tmp/partition=value/file.txt")); + assertThat(resultSet.getString(2), equalToIgnoringCase(""));//table + assertThat(resultSet.getString(3), equalToIgnoringCase(""));//partition + assertThat(resultSet.getString(4), equalToIgnoringCase(""));//column + assertThat(resultSet.getString(5), equalToIgnoringCase("role1"));//principalName + assertThat(resultSet.getString(6), equalToIgnoringCase("role"));//principalType + assertThat(resultSet.getString(7), equalToIgnoringCase("*")); + assertThat(resultSet.getBoolean(8), is(new Boolean("False")));//grantOption + //Create time is not tested + //assertThat(resultSet.getLong(9), is(new Long(0))); + assertThat(resultSet.getString(10), equalToIgnoringCase(ADMIN1));//grantor + } + statement.close(); + connection.close(); + } + }
