Repository: incubator-sentry Updated Branches: refs/heads/master cedfc573c -> 66b7096cb
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/66b7096c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java index 199f7f5..4e40038 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java @@ -24,7 +24,6 @@ import java.util.LinkedHashSet; import java.util.Set; import org.apache.hadoop.conf.Configuration; -import org.apache.log4j.Logger; import org.apache.sentry.core.model.db.AccessConstants; import org.apache.sentry.provider.db.log.util.Constants; import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest; @@ -53,7 +52,6 @@ import com.google.common.collect.Sets; public class TestJsonLogEntityFactory { private static Configuration conf; - private Logger sentryLogger = Logger.getRootLogger(); private static String TEST_IP = "localhost/127.0.0.1"; private static String TEST_IMPERSONATOR = "impersonator"; @@ -79,18 +77,16 @@ public class TestJsonLogEntityFactory { request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); response.setStatus(Status.OK()); - AuditMetadataLogEntity amle = (AuditMetadataLogEntity) JsonLogEntityFactory + DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); - sentryLogger.debug(amle.toJsonFormatLog()); response.setStatus(Status.InvalidInput("", null)); - amle = (AuditMetadataLogEntity) JsonLogEntityFactory.getInstance() + amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); - sentryLogger.debug(amle.toJsonFormatLog()); } @Test @@ -100,18 +96,16 @@ public class TestJsonLogEntityFactory { request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); response.setStatus(Status.OK()); - AuditMetadataLogEntity amle = (AuditMetadataLogEntity) JsonLogEntityFactory + DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); - sentryLogger.debug(amle.toJsonFormatLog()); response.setStatus(Status.InvalidInput("", null)); - amle = (AuditMetadataLogEntity) JsonLogEntityFactory.getInstance() + amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE); - sentryLogger.debug(amle.toJsonFormatLog()); } @Test @@ -128,18 +122,17 @@ public class TestJsonLogEntityFactory { privileges.add(privilege); request.setPrivileges(privileges); response.setStatus(Status.OK()); - AuditMetadataLogEntity amle = new AuditMetadataLogEntity(); + DBAuditMetadataLogEntity amle = new DBAuditMetadataLogEntity(); Set<JsonLogEntity> amles = JsonLogEntityFactory .getInstance().createJsonLogEntitys(request, response, conf); assertEquals(amles.size(),1); for (JsonLogEntity amle1 : amles) { - amle = (AuditMetadataLogEntity) amle1; + amle = (DBAuditMetadataLogEntity) amle1; break; } assertCommon(amle, Constants.TRUE, Constants.OPERATION_GRANT_PRIVILEGE, "GRANT ALL ON DATABASE testDB TO ROLE testRole", TEST_DATABASE_NAME, null, null, Constants.OBJECT_TYPE_PRINCIPAL); - sentryLogger.debug(amle.toJsonFormatLog()); privilege = getPrivilege(AccessConstants.ALL, PrivilegeScope.TABLE.name(), null, TEST_TABLE_NAME, null, null); @@ -151,13 +144,12 @@ public class TestJsonLogEntityFactory { .createJsonLogEntitys(request, response, conf); assertEquals(amles.size(),1); for (JsonLogEntity amle1 : amles) { - amle = (AuditMetadataLogEntity) amle1; + amle = (DBAuditMetadataLogEntity) amle1; break; } assertCommon(amle, Constants.FALSE, Constants.OPERATION_GRANT_PRIVILEGE, "GRANT ALL ON TABLE testTable TO ROLE testRole", null, TEST_TABLE_NAME, null, Constants.OBJECT_TYPE_PRINCIPAL); - sentryLogger.debug(amle.toJsonFormatLog()); } @Test @@ -173,18 +165,17 @@ public class TestJsonLogEntityFactory { privileges.add(privilege); request.setPrivileges(privileges); response.setStatus(Status.OK()); - AuditMetadataLogEntity amle = new AuditMetadataLogEntity(); + DBAuditMetadataLogEntity amle = new DBAuditMetadataLogEntity(); Set<JsonLogEntity> amles = JsonLogEntityFactory .getInstance().createJsonLogEntitys(request, response, conf); assertEquals(amles.size(),1); for (JsonLogEntity amle1 : amles) { - amle = (AuditMetadataLogEntity) amle1; + amle = (DBAuditMetadataLogEntity) amle1; break; } assertCommon(amle, Constants.TRUE, Constants.OPERATION_REVOKE_PRIVILEGE, "REVOKE ALL ON DATABASE testDB FROM ROLE testRole", TEST_DATABASE_NAME, null, null, Constants.OBJECT_TYPE_PRINCIPAL); - sentryLogger.debug(amle.toJsonFormatLog()); privilege = getPrivilege(AccessConstants.ALL, PrivilegeScope.TABLE.name(), null, TEST_TABLE_NAME, null, null); @@ -196,13 +187,12 @@ public class TestJsonLogEntityFactory { .createJsonLogEntitys(request, response, conf); assertEquals(amles.size(),1); for (JsonLogEntity amle1 : amles) { - amle = (AuditMetadataLogEntity) amle1; + amle = (DBAuditMetadataLogEntity) amle1; break; } assertCommon(amle, Constants.FALSE, Constants.OPERATION_REVOKE_PRIVILEGE, "REVOKE ALL ON TABLE testTable FROM ROLE testRole", null, TEST_TABLE_NAME, null, Constants.OBJECT_TYPE_PRINCIPAL); - sentryLogger.debug(amle.toJsonFormatLog()); } @Test @@ -213,20 +203,18 @@ public class TestJsonLogEntityFactory { request.setRoleName(TEST_ROLE_NAME); request.setGroups(getGroups()); response.setStatus(Status.OK()); - AuditMetadataLogEntity amle = (AuditMetadataLogEntity) JsonLogEntityFactory + DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_ADD_ROLE, "GRANT ROLE testRole TO GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); - sentryLogger.debug(amle.toJsonFormatLog()); response.setStatus(Status.InvalidInput("", null)); - amle = (AuditMetadataLogEntity) JsonLogEntityFactory.getInstance() + amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_ADD_ROLE, "GRANT ROLE testRole TO GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); - sentryLogger.debug(amle.toJsonFormatLog()); } @Test @@ -237,23 +225,21 @@ public class TestJsonLogEntityFactory { request.setRoleName(TEST_ROLE_NAME); request.setGroups(getGroups()); response.setStatus(Status.OK()); - AuditMetadataLogEntity amle = (AuditMetadataLogEntity) JsonLogEntityFactory + DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory .getInstance().createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.TRUE, Constants.OPERATION_DELETE_ROLE, "REVOKE ROLE testRole FROM GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); - sentryLogger.debug(amle.toJsonFormatLog()); response.setStatus(Status.InvalidInput("", null)); - amle = (AuditMetadataLogEntity) JsonLogEntityFactory.getInstance() + amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon(amle, Constants.FALSE, Constants.OPERATION_DELETE_ROLE, "REVOKE ROLE testRole FROM GROUP testGroup", null, null, null, Constants.OBJECT_TYPE_ROLE); - sentryLogger.debug(amle.toJsonFormatLog()); } - private void assertCommon(AuditMetadataLogEntity amle, + private void assertCommon(DBAuditMetadataLogEntity amle, String allowedExcepted, String operationExcepted, String operationTextExcepted, String databaseNameExcepted, String tableNameExcepted, String resourcePathExcepted, @@ -272,37 +258,6 @@ public class TestJsonLogEntityFactory { assertEquals(objectTypeExcepted, amle.getObjectType()); } - // private TAlterSentryRoleGrantPrivilegeRequest getGrantPrivilegeRequest() { - // TAlterSentryRoleGrantPrivilegeRequest request = new - // TAlterSentryRoleGrantPrivilegeRequest(); - // request.setRoleName(TEST_ROLE_NAME); - // return request; - // } - // - // private TAlterSentryRoleGrantPrivilegeResponse getGrantPrivilegeResponse( - // TSentryResponseStatus status) { - // TAlterSentryRoleGrantPrivilegeResponse response = new - // TAlterSentryRoleGrantPrivilegeResponse(); - // response.setStatus(status); - // return response; - // } - - // private TAlterSentryRoleRevokePrivilegeRequest getRevokePrivilegeRequest() - // { - // TAlterSentryRoleRevokePrivilegeRequest request = new - // TAlterSentryRoleRevokePrivilegeRequest(); - // request.setRoleName(TEST_ROLE_NAME); - // return request; - // } - // - // private TAlterSentryRoleRevokePrivilegeResponse getRevokePrivilegeResponse( - // TSentryResponseStatus status) { - // TAlterSentryRoleRevokePrivilegeResponse response = new - // TAlterSentryRoleRevokePrivilegeResponse(); - // response.setStatus(status); - // return response; - // } - private TSentryPrivilege getPrivilege(String action, String privilegeScope, String dbName, String tableName, String serverName, String URI) { TSentryPrivilege privilege = new TSentryPrivilege(); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/66b7096c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java new file mode 100644 index 0000000..a5aff35 --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java @@ -0,0 +1,259 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sentry.provider.db.log.entity; + +import static junit.framework.Assert.assertEquals; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.apache.hadoop.conf.Configuration; +import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest; +import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse; +import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest; +import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsResponse; +import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; +import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeResponse; +import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; +import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeResponse; +import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; +import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest; +import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleResponse; +import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest; +import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleResponse; +import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege; +import org.apache.sentry.provider.db.log.util.Constants; +import org.apache.sentry.provider.db.service.thrift.ThriftUtil; +import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig; +import org.apache.sentry.service.thrift.Status; +import org.junit.BeforeClass; +import org.junit.Test; + +public class TestJsonLogEntityFactoryGM { + + private static Configuration conf; + private static String TEST_IP = "localhost/127.0.0.1"; + private static String TEST_IMPERSONATOR = "impersonator"; + private static String TEST_ROLE_NAME = "testRole"; + private static String TEST_USER_NAME = "requestUser"; + private static String TEST_GROUP = "testGroup"; + private static String TEST_ACTION = "action"; + private static String TEST_COMPONENT = "component"; + private static Map<String, String> TEST_PRIVILEGES_MAP = new HashMap<String, String>(); + + @BeforeClass + public static void init() { + conf = new Configuration(); + conf.set(ServerConfig.SENTRY_SERVICE_NAME, ServerConfig.SENTRY_SERVICE_NAME_DEFAULT); + ThriftUtil.setIpAddress(TEST_IP); + ThriftUtil.setImpersonator(TEST_IMPERSONATOR); + TEST_PRIVILEGES_MAP.put("resourceType1", "resourceName1"); + TEST_PRIVILEGES_MAP.put("resourceType2", "resourceName2"); + TEST_PRIVILEGES_MAP.put("resourceType3", "resourceName3"); + } + + @Test + public void testCreateRole() { + TCreateSentryRoleRequest request = new TCreateSentryRoleRequest(); + TCreateSentryRoleResponse response = new TCreateSentryRoleResponse(); + request.setRequestorUserName(TEST_USER_NAME); + request.setRoleName(TEST_ROLE_NAME); + response.setStatus(Status.OK()); + GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() + .createJsonLogEntity(request, response, conf); + assertCommon(amle, Constants.TRUE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", + Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); + + response.setStatus(Status.InvalidInput("", null)); + amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( + request, response, conf); + assertCommon(amle, Constants.FALSE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole", + Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); + } + + @Test + public void testDropRole() { + TDropSentryRoleRequest request = new TDropSentryRoleRequest(); + TDropSentryRoleResponse response = new TDropSentryRoleResponse(); + request.setRequestorUserName(TEST_USER_NAME); + request.setRoleName(TEST_ROLE_NAME); + response.setStatus(Status.OK()); + GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory + .getInstance().createJsonLogEntity(request, response, conf); + assertCommon(amle, Constants.TRUE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", + Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); + + response.setStatus(Status.InvalidInput("", null)); + amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( + request, response, conf); + assertCommon(amle, Constants.FALSE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole", + Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>()); + } + + @Test + public void testGrantRole() { + TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest(); + request.setRequestorUserName(TEST_USER_NAME); + request.setRoleName(TEST_ROLE_NAME); + + TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse(); + + TSentryPrivilege privilege = getPrivilege(); + request.setPrivilege(privilege); + response.setStatus(Status.OK()); + GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() + .createJsonLogEntity( + request, response, conf); + assertCommon( + amle, + Constants.TRUE, + Constants.OPERATION_GRANT_PRIVILEGE, + "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 TO ROLE testRole", + Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); + + response.setStatus(Status.InvalidInput("", null)); + amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( + request, response, conf); + assertCommon( + amle, + Constants.FALSE, + Constants.OPERATION_GRANT_PRIVILEGE, + "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 TO ROLE testRole", + Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); + } + + @Test + public void testRevokeRole() { + TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); + TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse(); + request.setRequestorUserName(TEST_USER_NAME); + request.setRoleName(TEST_ROLE_NAME); + + TSentryPrivilege privilege = getPrivilege(); + request.setPrivilege(privilege); + response.setStatus(Status.OK()); + GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() + .createJsonLogEntity(request, response, conf); + assertCommon( + amle, + Constants.TRUE, + Constants.OPERATION_REVOKE_PRIVILEGE, + "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 FROM ROLE testRole", + Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); + + response.setStatus(Status.InvalidInput("", null)); + amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( + request, response, conf); + + assertCommon( + amle, + Constants.FALSE, + Constants.OPERATION_REVOKE_PRIVILEGE, + "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 FROM ROLE testRole", + Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); + } + + @Test + public void testAddRole() { + TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest(); + TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse(); + request.setRequestorUserName(TEST_USER_NAME); + request.setRoleName(TEST_ROLE_NAME); + request.setGroups(getGroups()); + response.setStatus(Status.OK()); + GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() + .createJsonLogEntity(request, response, conf); + assertCommon(amle, Constants.TRUE, Constants.OPERATION_ADD_ROLE, + "GRANT ROLE testRole TO GROUP testGroup", Constants.OBJECT_TYPE_ROLE, + new HashMap<String, String>()); + + response.setStatus(Status.InvalidInput("", null)); + amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( + request, response, conf); + assertCommon(amle, Constants.FALSE, Constants.OPERATION_ADD_ROLE, + "GRANT ROLE testRole TO GROUP testGroup", Constants.OBJECT_TYPE_ROLE, + new HashMap<String, String>()); + } + + @Test + public void testDeleteRole() { + TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest(); + TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse(); + request.setRequestorUserName(TEST_USER_NAME); + request.setRoleName(TEST_ROLE_NAME); + request.setGroups(getGroups()); + response.setStatus(Status.OK()); + GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory + .getInstance().createJsonLogEntity(request, response, conf); + assertCommon(amle, Constants.TRUE, Constants.OPERATION_DELETE_ROLE, + "REVOKE ROLE testRole FROM GROUP testGroup", Constants.OBJECT_TYPE_ROLE, + new HashMap<String, String>()); + + response.setStatus(Status.InvalidInput("", null)); + amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( + request, response, conf); + assertCommon(amle, Constants.FALSE, Constants.OPERATION_DELETE_ROLE, + "REVOKE ROLE testRole FROM GROUP testGroup", Constants.OBJECT_TYPE_ROLE, + new HashMap<String, String>()); + } + + private void assertCommon(GMAuditMetadataLogEntity amle, String allowedExcepted, + String operationExcepted, String operationTextExcepted, String objectTypeExcepted, + Map<String, String> privilegesExcepted) { + assertEquals(ServerConfig.SENTRY_SERVICE_NAME_DEFAULT, amle.getServiceName()); + assertEquals(TEST_IP, amle.getIpAddress()); + assertEquals(TEST_USER_NAME, amle.getUserName()); + assertEquals(TEST_IMPERSONATOR, amle.getImpersonator()); + assertEquals(allowedExcepted, amle.getAllowed()); + assertEquals(operationExcepted, amle.getOperation()); + assertEquals(operationTextExcepted, amle.getOperationText()); + assertEquals(objectTypeExcepted, amle.getObjectType()); + assertPrivilegesMap(privilegesExcepted, amle.getPrivilegesMap()); + } + + private void assertPrivilegesMap(Map<String, String> privilegesExcepted, + Map<String, String> privilegesActual) { + assertEquals(privilegesExcepted.size(), privilegesActual.size()); + for (Map.Entry<String, String> privilege : privilegesExcepted.entrySet()) { + assertEquals(privilege.getValue(), privilegesActual.get(privilege.getKey())); + } + } + + private TSentryPrivilege getPrivilege() { + TSentryPrivilege privilege = new TSentryPrivilege(); + privilege.setAction(TEST_ACTION); + privilege.setComponent(TEST_COMPONENT); + List<TAuthorizable> authorizables = new ArrayList<TAuthorizable>(); + authorizables.add(new TAuthorizable("resourceType1", "resourceName1")); + authorizables.add(new TAuthorizable("resourceType2", "resourceName2")); + authorizables.add(new TAuthorizable("resourceType3", "resourceName3")); + privilege.setAuthorizables(authorizables); + return privilege; + } + + private Set<String> getGroups() { + Set<String> groups = new HashSet<String>(); + groups.add(TEST_GROUP); + return groups; + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/66b7096c/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java index 0a2b0b2..02a79ff 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java @@ -18,18 +18,17 @@ package org.apache.sentry.provider.db.log.util; -import java.util.LinkedHashSet; +import java.util.ArrayList; +import java.util.List; import java.util.Set; import junit.framework.TestCase; import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest; -import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest; +import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable; import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest; import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest; import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption; -import org.apache.sentry.provider.db.service.thrift.TSentryGroup; import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege; import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope; import org.junit.Test; @@ -56,18 +55,11 @@ public class TestCommandUtil extends TestCase { @Test public void testCreateCmdForRoleAddOrDeleteGroup1() { - TAlterSentryRoleAddGroupsRequest requestAdd = getRoleAddGroupsRequest(); - TAlterSentryRoleDeleteGroupsRequest requestDelete = getRoleDeleteGroupsRequest(); - - Set<TSentryGroup> groups = getGroups(1); - requestAdd.setGroups(groups); - requestDelete.setGroups(groups); - - String createRoleAddGroupCmdResult = CommandUtil - .createCmdForRoleAddGroup(requestAdd); + String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole", + getGroupStr(1)); String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1"; - String createRoleDeleteGroupCmdResult = CommandUtil - .createCmdForRoleDeleteGroup(requestDelete); + String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole", + getGroupStr(1)); String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1"; assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult); @@ -77,19 +69,11 @@ public class TestCommandUtil extends TestCase { @Test public void testCreateCmdForRoleAddOrDeleteGroup2() { - - TAlterSentryRoleAddGroupsRequest requestAdd = getRoleAddGroupsRequest(); - TAlterSentryRoleDeleteGroupsRequest requestDelete = getRoleDeleteGroupsRequest(); - - Set<TSentryGroup> groups = getGroups(3); - requestAdd.setGroups(groups); - requestDelete.setGroups(groups); - - String createRoleAddGroupCmdResult = CommandUtil - .createCmdForRoleAddGroup(requestAdd); + String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole", + getGroupStr(3)); String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1, testGroup2, testGroup3"; - String createRoleDeleteGroupCmdResult = CommandUtil - .createCmdForRoleDeleteGroup(requestDelete); + String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole", + getGroupStr(3)); String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1, testGroup2, testGroup3"; assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult); @@ -294,26 +278,55 @@ public class TestCommandUtil extends TestCase { assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); } - private TAlterSentryRoleAddGroupsRequest getRoleAddGroupsRequest() { - TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest(); - request.setRoleName("testRole"); - return request; + // generate the command without grant option + @Test + public void testCreateCmdForGrantOrRevokeGMPrivilege1() { + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); + org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege(); + grantRequest.setPrivilege(privilege); + revokeRequest.setPrivilege(privilege); + + String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokeGMPrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole"; + + assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); } - private TAlterSentryRoleDeleteGroupsRequest getRoleDeleteGroupsRequest() { - TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest(); - request.setRoleName("testRole"); - return request; + // generate the command with grant option + @Test + public void testCreateCmdForGrantOrRevokeGMPrivilege2() { + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest grantRequest = getGrantGMPrivilegeRequest(); + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest revokeRequest = getRevokeGMPrivilegeRequest(); + org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege(); + privilege + .setGrantOption(org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption.TRUE); + grantRequest.setPrivilege(privilege); + revokeRequest.setPrivilege(privilege); + + String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest); + String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE testRole WITH GRANT OPTION"; + String createRevokePrivilegeCmdResult = CommandUtil + .createCmdForRevokeGMPrivilege(revokeRequest); + String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE testRole WITH GRANT OPTION"; + + assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult); + assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult); } - private Set<TSentryGroup> getGroups(int num) { - Set<TSentryGroup> groups = new LinkedHashSet<TSentryGroup>(); + private String getGroupStr(int num) { + StringBuilder sb = new StringBuilder(); for (int i = 0; i < num; i++) { - TSentryGroup group = new TSentryGroup(); - group.setGroupName("testGroup" + (i + 1)); - groups.add(group); + if (i > 0) { + sb.append(", "); + } + sb.append("testGroup" + (i + 1)); } - return groups; + return sb.toString(); } private TAlterSentryRoleGrantPrivilegeRequest getGrantPrivilegeRequest() { @@ -328,6 +341,18 @@ public class TestCommandUtil extends TestCase { return request; } + private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest getGrantGMPrivilegeRequest() { + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest(); + request.setRoleName("testRole"); + return request; + } + + private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest getRevokeGMPrivilegeRequest() { + org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest(); + request.setRoleName("testRole"); + return request; + } + private TSentryPrivilege getPrivilege(String action, String privilegeScope, String dbName, String tableName, String serverName, String URI) { TSentryPrivilege privilege = new TSentryPrivilege(); @@ -339,4 +364,15 @@ public class TestCommandUtil extends TestCase { privilege.setURI(URI); return privilege; } + + private org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege getGMPrivilege() { + org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = new org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege(); + privilege.setAction("ACTION"); + privilege.setComponent("COMPONENT"); + List<TAuthorizable> authorizables = new ArrayList<TAuthorizable>(); + authorizables.add(new TAuthorizable("resourceType1", "resourceName1")); + authorizables.add(new TAuthorizable("resourceType2", "resourceName2")); + privilege.setAuthorizables(authorizables); + return privilege; + } }
