Repository: incubator-sentry Updated Branches: refs/heads/master a442fa679 -> 597a3cdd3
SENTRY-1038: More strict checking of SOLR actions in shell (Gregory Chanan, reviewed By Lenni Kuff, Colin Ma) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/597a3cdd Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/597a3cdd Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/597a3cdd Branch: refs/heads/master Commit: 597a3cdd319be84f2417c96d24db01553f264551 Parents: a442fa6 Author: Gregory Chanan <[email protected]> Authored: Mon Feb 1 11:53:38 2016 -0800 Committer: Gregory Chanan <[email protected]> Committed: Tue Feb 2 13:13:58 2016 -0800 ---------------------------------------------------------------------- .../provider/db/generic/tools/SentryShellSolr.java | 3 ++- .../generic/tools/SolrTSentryPrivilegeConvertor.java | 4 ++++ .../db/generic/tools/TestSentryShellSolr.java | 14 ++++++++++++-- 3 files changed, 18 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/597a3cdd/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java index 15f4a26..8e70ab7 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java @@ -96,7 +96,8 @@ public class SentryShellSolr extends SentryShellCommon { } catch (Exception e) { LOGGER.error(e.getMessage(), e); System.out.println("The operation failed." + - e.getMessage() == null ? "" : "Message: " + e.getMessage()); + e.getMessage() == null ? "" : " Message: " + e.getMessage()); + System.exit(1); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/597a3cdd/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java index b636b4c..e2b01a4 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.java @@ -69,6 +69,10 @@ public class SolrTSentryPrivilegeConvertor implements TSentryPrivilegeConvertor throw new IllegalArgumentException("Unknown key: " + key); } } + + if (tSentryPrivilege.getAction() == null) { + throw new IllegalArgumentException("Privilege is invalid: action required but not specified."); + } tSentryPrivilege.setComponent(component); tSentryPrivilege.setServiceName(service); tSentryPrivilege.setAuthorizables(authorizables); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/597a3cdd/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java index 6405bc9..ae56e99 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java @@ -401,6 +401,16 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE); + // test: action is required in privilege + args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-p", "collection=collection1" }; + sentryShell = new SentryShellSolr(); + try { + getShellResultWithOSRedirect(sentryShell, args, false); + fail("Expected IllegalArgumentException"); + } catch (IllegalArgumentException e) { + assert("Privilege is invalid: action required but not specified.".equals(e.getMessage())); + } + // test: -r is required when revoke privilege from role args = new String[] { "-rpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); @@ -446,9 +456,9 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { } private void validateMissingParameterMsg(SentryShellSolr sentryShell, String[] args, - String exceptedErrorMsg) throws Exception { + String expectedErrorMsg) throws Exception { Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false); - assertTrue(errorMsgs.contains(exceptedErrorMsg)); + assertTrue("Expected error message: " + expectedErrorMsg, errorMsgs.contains(expectedErrorMsg)); } private void validateMissingParameterMsgsContains(SentryShellSolr sentryShell, String[] args,
