Repository: incubator-sentry Updated Branches: refs/heads/master 488f88061 -> 25f88cb88
SENTRY-1032: Rename shell command group/role shell commands and implement with solr shell (Gregory Chanan, reviewed by: Sravya Tirukkovalur) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/25f88cb8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/25f88cb8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/25f88cb8 Branch: refs/heads/master Commit: 25f88cb88329823b1474ab4189e477b26537a74a Parents: 488f880 Author: Gregory Chanan <[email protected]> Authored: Wed Jan 27 13:08:08 2016 -0800 Committer: Gregory Chanan <[email protected]> Committed: Wed Feb 3 12:48:16 2016 -0800 ---------------------------------------------------------------------- .../db/generic/tools/SentryShellSolr.java | 4 +- .../tools/command/AddRoleToGroupCmd.java | 46 +++++ .../tools/command/DeleteRoleFromGroupCmd.java | 46 +++++ .../db/generic/tools/command/ListRolesCmd.java | 2 +- .../provider/db/tools/SentryShellCommon.java | 10 +- .../command/hive/GrantRoleToGroupsCmd.java | 3 +- .../db/generic/tools/TestSentryShellSolr.java | 172 +++++++++++-------- .../provider/db/tools/TestSentryShellHive.java | 66 +++---- 8 files changed, 233 insertions(+), 116 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java index 8e70ab7..b0d97cd 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellSolr.java @@ -54,9 +54,9 @@ public class SentryShellSolr extends SentryShellCommon { } else if (isDropRole) { command = new DropRoleCmd(roleName, component); } else if (isAddRoleGroup) { - throw new UnsupportedOperationException("Add group to role not supported for Solr client"); + command = new AddRoleToGroupCmd(roleName, groupName, component); } else if (isDeleteRoleGroup) { - throw new UnsupportedOperationException("Delete group from role not supported for Solr client"); + command = new DeleteRoleFromGroupCmd(roleName, groupName, component); } else if (isGrantPrivilegeRole) { command = new GrantPrivilegeToRoleCmd(roleName, component, privilegeStr, new SolrTSentryPrivilegeConvertor(component, service)); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java new file mode 100644 index 0000000..a45d7e4 --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java @@ -0,0 +1,46 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.generic.tools.command; + +import com.google.common.collect.Sets; +import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; +import org.apache.sentry.provider.db.tools.SentryShellCommon; + +import java.util.Set; + +/** + * Command for adding groups to a role. + */ +public class AddRoleToGroupCmd implements Command { + + private String roleName; + private String groups; + private String component; + + public AddRoleToGroupCmd(String roleName, String groups, String component) { + this.roleName = roleName; + this.groups = groups; + this.component = component; + } + + @Override + public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { + Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR)); + client.addRoleToGroups(requestorName, roleName, component, groupSet); + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java new file mode 100644 index 0000000..95f39ea --- /dev/null +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java @@ -0,0 +1,46 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.provider.db.generic.tools.command; + +import com.google.common.collect.Sets; +import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient; +import org.apache.sentry.provider.db.tools.SentryShellCommon; + +import java.util.Set; + +/** + * Command for deleting groups from a role. + */ +public class DeleteRoleFromGroupCmd implements Command { + + private String roleName; + private String groups; + private String component; + + public DeleteRoleFromGroupCmd(String roleName, String groups, String component) { + this.groups = groups; + this.roleName = roleName; + this.component = component; + } + + @Override + public void execute(SentryGenericServiceClient client, String requestorName) throws Exception { + Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR)); + client.deleteRoleToGroups(requestorName, roleName, component, groupSet); + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java index bad47ef..6b68d06 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java @@ -42,7 +42,7 @@ public class ListRolesCmd implements Command { if (StringUtils.isEmpty(groupName)) { roles = client.listAllRoles(requestorName, component); } else { - throw new UnsupportedOperationException("List roles by group name not supported"); + roles = client.listRolesByGroupName(requestorName, groupName, component); } if (roles != null) { for (TSentryRole role : roles) { http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java index 3b2e233..6ddc1de 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellCommon.java @@ -62,6 +62,8 @@ abstract public class SentryShellCommon { public final static String OPTION_DESC_PRIVILEGE = "Privilege string"; public final static String PREFIX_MESSAGE_MISSING_OPTION = "Missing required option: "; + public final static String GROUP_SPLIT_CHAR = ","; + /** * parse arguments * @@ -69,8 +71,8 @@ abstract public class SentryShellCommon { * -conf,--sentry_conf <filepath> sentry config file path * -cr,--create_role -r <rolename> create role * -dr,--drop_role -r <rolename> drop role - * -arg,--add_role_group -r <rolename> -g <groupname> add group to role - * -drg,--delete_role_group -r <rolename> -g <groupname> delete group from role + * -arg,--add_role_group -r <rolename> -g <groupname> add role to group + * -drg,--delete_role_group -r <rolename> -g <groupname> delete role from group * -gpr,--grant_privilege_role -r <rolename> -p <privilege> grant privilege to role * -rpr,--revoke_privilege_role -r <rolename> -p <privilege> revoke privilege from role * -lr,--list_role -g <groupname> list roles for group @@ -89,10 +91,10 @@ abstract public class SentryShellCommon { Option drOpt = new Option("dr", "drop_role", false, "Drop role"); drOpt.setRequired(false); - Option argOpt = new Option("arg", "add_role_group", false, "Add group to role"); + Option argOpt = new Option("arg", "add_role_group", false, "Add role to group"); argOpt.setRequired(false); - Option drgOpt = new Option("drg", "delete_role_group", false, "Delete group from role"); + Option drgOpt = new Option("drg", "delete_role_group", false, "Delete role from group"); drgOpt.setRequired(false); Option gprOpt = new Option("gpr", "grant_privilege_role", false, "Grant privilege to role"); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java index 39d3591..07a3de4 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java @@ -19,6 +19,7 @@ package org.apache.sentry.provider.db.tools.command.hive; import com.google.common.collect.Sets; import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient; +import org.apache.sentry.provider.db.tools.SentryShellCommon; import java.util.Set; @@ -37,7 +38,7 @@ public class GrantRoleToGroupsCmd implements Command { @Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { - Set<String> groups = Sets.newHashSet(groupNamesStr.split(CommandUtil.SPLIT_CHAR)); + Set<String> groups = Sets.newHashSet(groupNamesStr.split(SentryShellCommon.GROUP_SPLIT_CHAR)); client.grantRoleToGroups(requestorName, roleName, groups); } } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java index ae56e99..f1a87a8 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java @@ -30,6 +30,7 @@ import java.io.File; import java.io.FileOutputStream; import java.io.PrintStream; import java.security.PrivilegedExceptionAction; +import java.util.HashSet; import java.util.Iterator; import java.util.Set; import javax.security.auth.Subject; @@ -98,21 +99,13 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() }; SentryShellSolr sentryShell = new SentryShellSolr(); Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 2, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName) - || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); // validate the result, list roles with --list_role args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 2, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName) - || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); // test: drop role with -dr args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() }; @@ -129,87 +122,78 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { }); } - // this is not supported, just check that all the permutations - // give a reasonable error @Test public void testAddDeleteRoleForGroup() throws Exception { runTestAsSubject(new TestOperation() { @Override public void runTestAsSubject() throws Exception { - // test: add role to multiple groups - String[] args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup2,testGroup3", + // Must lower case group names, see SENTRY-1035 + final boolean lowerCaseGroupNames = true; + String TEST_GROUP_1 = lowerCaseGroupNames ? "testgroup1" : "testGroup1"; + String TEST_GROUP_2 = lowerCaseGroupNames ? "testgroup2" : "testGroup2"; + String TEST_GROUP_3 = lowerCaseGroupNames ? "testgroup3" : "testGroup3"; + + // create the role for test + client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR); + client.createRole(requestorName, TEST_ROLE_NAME_2, SOLR); + // test: add role to group with -arg + String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf", + confPath.getAbsolutePath() }; + SentryShellSolr.main(args); + // test: add role to multiple groups + args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3, "-conf", confPath.getAbsolutePath() }; - SentryShellSolr sentryShell = new SentryShellSolr(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } - + SentryShellSolr.main(args); // test: add role to group with --add_role_group - args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", + args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellSolr(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } + SentryShellSolr.main(args); - args = new String[] { "-lr", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; - sentryShell = new SentryShellSolr(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } + // validate the result list roles with -lr and -g + args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath() }; + SentryShellSolr sentryShell = new SentryShellSolr(); + Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); // list roles with --list_role and -g - args = new String[] { "--list_role", "-g", "testGroup2", "-conf", + args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } + roleNames = getShellResultWithOSRedirect(sentryShell, args, true); + validateRoleNames(roleNames, TEST_ROLE_NAME_1); - // test: delete group from role with -drg - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf", + args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } + roleNames = getShellResultWithOSRedirect(sentryShell, args, true); + validateRoleNames(roleNames, TEST_ROLE_NAME_1); - args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup2,testGroup3", + // test: delete role from group with -drg + args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf", + confPath.getAbsolutePath() }; + SentryShellSolr.main(args); + // test: delete role to multiple groups + args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3, "-conf", confPath.getAbsolutePath() }; - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } - - // test: delete group from role with --delete_role_group - args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", + SentryShellSolr.main(args); + // test: delete role from group with --delete_role_group + args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath() }; - try { - getShellResultWithOSRedirect(sentryShell, args, false); - fail("Expected UnsupportedOperationException"); - } catch (UnsupportedOperationException e) { - // expected - } + SentryShellSolr.main(args); + + // validate the result + Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1, SOLR); + assertEquals("Incorrect number of roles", 0, roles.size()); + roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, SOLR); + assertEquals("Incorrect number of roles", 0, roles.size()); + roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, SOLR); + assertEquals("Incorrect number of roles", 0, roles.size()); + // clear the test data + client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR); + client.dropRole(requestorName, TEST_ROLE_NAME_2, SOLR); } }); } @@ -311,6 +295,28 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { // excepted exception } + // test: add non-exist role to group with -arg + args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", + confPath.getAbsolutePath() }; + sentryShell = new SentryShellSolr(); + try { + sentryShell.executeShell(args); + fail("Exception should be thrown for granting non-exist role to group"); + } catch (SentryUserException e) { + // excepted exception + } + + // test: drop group from non-exist role with -drg + args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", + confPath.getAbsolutePath() }; + sentryShell = new SentryShellSolr(); + try { + sentryShell.executeShell(args); + fail("Exception should be thrown for drop group from non-exist role"); + } catch (SentryUserException e) { + // excepted exception + } + // test: grant privilege to role with the error privilege format args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=*", "-conf", confPath.getAbsolutePath() }; @@ -365,25 +371,25 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -r is required when add group to role + // test: -r is required when add role to group args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -g is required when add group to role + // test: -g is required when add role to group args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME); - // test: -r is required when delete group from role + // test: -r is required when delete role from group args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -g is required when delete group from role + // test: -g is required when delete role from group args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellSolr(); validateMissingParameterMsg(sentryShell, args, @@ -428,10 +434,10 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { sentryShell = new SentryShellSolr(); validateMissingParameterMsgsContains(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[", - "-arg Add group to role", + "-arg Add role to group", "-cr Create role", "-rpr Revoke privilege from role", - "-drg Delete group from role", + "-drg Delete role from group", "-lr List role", "-lp List privilege", "-gpr Grant privilege to role", @@ -455,6 +461,22 @@ public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase { return resultSet; } + private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) { + if (expectedRoleNames != null && expectedRoleNames.length > 0) { + assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length, + expectedRoleNames.length, roleNames.size()); + Set<String> lowerCaseRoles = new HashSet<String>(); + for (String role : roleNames) { + lowerCaseRoles.add(role.toLowerCase()); + } + + for (String expectedRole : expectedRoleNames) { + assertTrue("Expected role: " + expectedRole, + lowerCaseRoles.contains(expectedRole.toLowerCase())); + } + } + } + private void validateMissingParameterMsg(SentryShellSolr sentryShell, String[] args, String expectedErrorMsg) throws Exception { Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25f88cb8/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java index 7883929..6cb1925 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java @@ -26,6 +26,7 @@ import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileOutputStream; import java.io.PrintStream; +import java.util.HashSet; import java.util.Iterator; import java.util.Set; @@ -92,21 +93,13 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() }; SentryShellHive sentryShell = new SentryShellHive(); Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 2, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName) - || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); // validate the result, list roles with --list_role args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 2, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName) - || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); // test: drop role with -dr args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() }; @@ -131,7 +124,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { // create the role for test client.createRole(requestorName, TEST_ROLE_NAME_1); client.createRole(requestorName, TEST_ROLE_NAME_2); - // test: add group to role with -arg + // test: add role to group with -arg String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); @@ -150,32 +143,23 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { args = new String[] { "-lr", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; SentryShellHive sentryShell = new SentryShellHive(); Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 2, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName) - || TEST_ROLE_NAME_2.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2); + // list roles with --list_role and -g args = new String[] { "--list_role", "-g", "testGroup2", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 1, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1); args = new String[] { "--list_role", "-g", "testGroup3", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); roleNames = getShellResultWithOSRedirect(sentryShell, args, true); - assertEquals("Incorrect number of roles", 1, roleNames.size()); - for (String roleName : roleNames) { - assertTrue(TEST_ROLE_NAME_1.equalsIgnoreCase(roleName)); - } + validateRoleNames(roleNames, TEST_ROLE_NAME_1); - // test: delete group from role with -drg + // test: delete role from group with -drg args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); @@ -184,7 +168,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); - // test: delete group from role with --delete_role_group + // test: delete role from group with --delete_role_group args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; SentryShellHive.main(args); @@ -426,7 +410,7 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { // excepted exception } - // test: add group to non-exist role with -arg + // test: add non-exist role to group with -arg args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); @@ -502,25 +486,25 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -r is required when add group to role + // test: -r is required when add role to group args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -g is required when add group to role + // test: -g is required when add role to group args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME); - // test: -r is required when delete group from role + // test: -r is required when delete role from group args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); validateMissingParameterMsg(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME); - // test: -g is required when delete group from role + // test: -g is required when delete role from group args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() }; sentryShell = new SentryShellHive(); validateMissingParameterMsg(sentryShell, args, @@ -555,10 +539,10 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { sentryShell = new SentryShellHive(); validateMissingParameterMsgsContains(sentryShell, args, SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[", - "-arg Add group to role", + "-arg Add role to group", "-cr Create role", "-rpr Revoke privilege from role", - "-drg Delete group from role", + "-drg Delete role from group", "-lr List role", "-lp List privilege", "-gpr Grant privilege to role", @@ -582,6 +566,22 @@ public class TestSentryShellHive extends SentryServiceIntegrationBase { return resultSet; } + private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) { + if (expectedRoleNames != null && expectedRoleNames.length > 0) { + assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length, + expectedRoleNames.length, roleNames.size()); + Set<String> lowerCaseRoles = new HashSet<String>(); + for (String role : roleNames) { + lowerCaseRoles.add(role.toLowerCase()); + } + + for (String expectedRole : expectedRoleNames) { + assertTrue("Expected role: " + expectedRole, + lowerCaseRoles.contains(expectedRole.toLowerCase())); + } + } + } + private void validateMissingParameterMsg(SentryShellHive sentryShell, String[] args, String exceptedErrorMsg) throws Exception { Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
