Repository: incubator-sentry Updated Branches: refs/heads/master 65eda0145 -> 5a352bf72
SENTRY-1055: Sentry service solr constants refer to clusters rather than services (Gregory Chanan, reviewed by Hao Hao) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/5a352bf7 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/5a352bf7 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/5a352bf7 Branch: refs/heads/master Commit: 5a352bf724f769d491ad79fab4ef21294930e091 Parents: 65eda01 Author: Gregory Chanan <[email protected]> Authored: Tue Feb 16 17:38:45 2016 -0800 Committer: Gregory Chanan <[email protected]> Committed: Tue Feb 16 17:38:45 2016 -0800 ---------------------------------------------------------------------- .../binding/solr/authz/SolrAuthzBinding.java | 10 ++++----- .../core/model/search/SearchConstants.java | 10 ++++----- .../AbstractSolrSentryTestWithDbProvider.java | 4 ++-- .../db/integration/TestSolrAdminOperations.java | 22 ++++++++++---------- .../db/integration/TestSolrQueryOperations.java | 2 +- 5 files changed, 24 insertions(+), 24 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5a352bf7/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java index 88148c4..a6d6c8b 100644 --- a/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java +++ b/sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java @@ -17,8 +17,8 @@ package org.apache.sentry.binding.solr.authz; import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION; -import static org.apache.sentry.core.model.search.SearchConstants.SENTRY_SEARCH_CLUSTER_DEFAULT; -import static org.apache.sentry.core.model.search.SearchConstants.SENTRY_SEARCH_CLUSTER_KEY; +import static org.apache.sentry.core.model.search.SearchConstants.SENTRY_SEARCH_SERVICE_DEFAULT; +import static org.apache.sentry.core.model.search.SearchConstants.SENTRY_SEARCH_SERVICE_KEY; import static org.apache.sentry.core.model.search.SearchModelAuthorizable.AuthorizableType.Collection; import java.io.File; @@ -97,7 +97,7 @@ public class SolrAuthzBinding { authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar()); String policyEngineName = authzConf.get(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar()); - String serviceName = authzConf.get(SENTRY_SEARCH_CLUSTER_KEY, SENTRY_SEARCH_CLUSTER_DEFAULT); + String serviceName = authzConf.get(SENTRY_SEARCH_SERVICE_KEY, SENTRY_SEARCH_SERVICE_DEFAULT); LOG.debug("Using authorization provider " + authProviderName + " with resource " + resourceName + ", policy engine " @@ -279,8 +279,8 @@ public class SolrAuthzBinding { client = getClient(); TSentryPrivilege tPrivilege = new TSentryPrivilege(); tPrivilege.setComponent(AuthorizationComponent.Search); - tPrivilege.setServiceName(authzConf.get(SENTRY_SEARCH_CLUSTER_KEY, - SENTRY_SEARCH_CLUSTER_DEFAULT)); + tPrivilege.setServiceName(authzConf.get(SENTRY_SEARCH_SERVICE_KEY, + SENTRY_SEARCH_SERVICE_DEFAULT)); tPrivilege.setAction(Action.ALL); tPrivilege.setGrantOption(TSentryGrantOption.UNSET); List<TAuthorizable> authorizables = Lists.newArrayList(new TAuthorizable(Collection.name(), http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5a352bf7/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java index 36f5b21..9f76bda 100644 --- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java +++ b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java @@ -22,10 +22,10 @@ public class SearchConstants { public static final String QUERY = "query"; public static final String UPDATE = "update"; /** - * The property of sentry.search.cluster was used to distinguish itself from multiple search clusters. For example, there are two - * search clusters: cluster1 and cluster2 implemented authorization via sentry, and it must set the value of - * sentry.search.cluster=cluster1 or cluster2 to communicate with sentry service for authorization + * The property of sentry.search.service is used to distinguish itself from multiple search services. For example, there are two + * search services: service1 and service2 implemented authorization via sentry, and it must set the value of + * sentry.search.service=service1 or service2 to communicate with sentry service for authorization */ - public static final String SENTRY_SEARCH_CLUSTER_KEY = "sentry.search.cluster"; - public static final String SENTRY_SEARCH_CLUSTER_DEFAULT = "cluster1"; + public static final String SENTRY_SEARCH_SERVICE_KEY = "sentry.search.service"; + public static final String SENTRY_SEARCH_SERVICE_DEFAULT = "service1"; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5a352bf7/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java index 29a5981..b1a68aa 100644 --- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java +++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java @@ -78,7 +78,7 @@ public class AbstractSolrSentryTestWithDbProvider extends AbstractSolrSentryTest protected static final String ADMIN_ROLE = "admin_role"; protected static final String ADMIN_COLLECTION_NAME = "admin"; protected static final String COMPONENT_SOLR = "solr"; - protected static final String CLUSTER_NAME = SearchConstants.SENTRY_SEARCH_CLUSTER_DEFAULT; + protected static final String SERVICE_NAME = SearchConstants.SENTRY_SEARCH_SERVICE_DEFAULT; protected static final Configuration conf = new Configuration(false); @@ -307,7 +307,7 @@ public class AbstractSolrSentryTestWithDbProvider extends AbstractSolrSentryTest private static TSentryPrivilege toTSentryPrivilege(String collection, String action) { TSentryPrivilege tPrivilege = new TSentryPrivilege(); tPrivilege.setComponent(COMPONENT_SOLR); - tPrivilege.setServiceName(CLUSTER_NAME); + tPrivilege.setServiceName(SERVICE_NAME); tPrivilege.setAction(action); tPrivilege.setGrantOption(TSentryGrantOption.FALSE); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5a352bf7/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java index 69b9066..69b8357 100644 --- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java +++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java @@ -163,11 +163,11 @@ public class TestSolrAdminOperations extends AbstractSolrSentryTestWithDbProvide grantCollectionPrivilege(ADMIN_COLLECTION_NAME, ADMIN_USER, "role0", SearchConstants.ALL); assertTrue("user0 has one privilege on collection admin", - client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, CLUSTER_NAME, + client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, SERVICE_NAME, Arrays.asList(new Collection(ADMIN_COLLECTION_NAME))).size() == 1); assertTrue("user0 has one privilege on collection collection1", - client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, CLUSTER_NAME, + client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, SERVICE_NAME, Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 1); /** @@ -175,10 +175,10 @@ public class TestSolrAdminOperations extends AbstractSolrSentryTestWithDbProvide * grant QUERY privilege on collection collection1 to role1 */ - client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, CLUSTER_NAME, null); + client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, SERVICE_NAME, null); grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role1", SearchConstants.ALL); assertTrue("user1 has one privilege record", - client.listPrivilegesByRoleName("user1", "role1", COMPONENT_SOLR, CLUSTER_NAME, + client.listPrivilegesByRoleName("user1", "role1", COMPONENT_SOLR, SERVICE_NAME, Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 1); /** @@ -192,16 +192,16 @@ public class TestSolrAdminOperations extends AbstractSolrSentryTestWithDbProvide //check the user0 assertTrue("user0 has one privilege on collection admin", - client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, CLUSTER_NAME, + client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, SERVICE_NAME, Arrays.asList(new Collection(ADMIN_COLLECTION_NAME))).size() == 1); assertTrue("user0 has no privilege on collection collection1", - client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, CLUSTER_NAME, + client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, SERVICE_NAME, Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 0); //check the user1 assertTrue("user1 has no privilege on collection collection1", - client.listPrivilegesByRoleName("user1", "role1", COMPONENT_SOLR, CLUSTER_NAME, + client.listPrivilegesByRoleName("user1", "role1", COMPONENT_SOLR, SERVICE_NAME, Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 0); /** @@ -211,7 +211,7 @@ public class TestSolrAdminOperations extends AbstractSolrSentryTestWithDbProvide grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role2", SearchConstants.UPDATE); assertTrue("user2 has one privilege on collection collection1", - client.listPrivilegesByRoleName("user2", "role2", COMPONENT_SOLR, CLUSTER_NAME, + client.listPrivilegesByRoleName("user2", "role2", COMPONENT_SOLR, SERVICE_NAME, Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 1); /** @@ -220,7 +220,7 @@ public class TestSolrAdminOperations extends AbstractSolrSentryTestWithDbProvide */ grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role3", SearchConstants.QUERY); assertTrue("user1 has one privilege record", - client.listPrivilegesByRoleName("user3", "role3", COMPONENT_SOLR, CLUSTER_NAME, + client.listPrivilegesByRoleName("user3", "role3", COMPONENT_SOLR, SERVICE_NAME, Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 1); /** @@ -234,12 +234,12 @@ public class TestSolrAdminOperations extends AbstractSolrSentryTestWithDbProvide //check the user2 assertTrue("user2 has no privilege on collection collection1", - client.listPrivilegesByRoleName("user2", "role2", COMPONENT_SOLR, CLUSTER_NAME, + client.listPrivilegesByRoleName("user2", "role2", COMPONENT_SOLR, SERVICE_NAME, Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 0); //check the user3 assertTrue("user3 has no privilege on collection collection1", - client.listPrivilegesByRoleName("user3", "role3", COMPONENT_SOLR, CLUSTER_NAME, + client.listPrivilegesByRoleName("user3", "role3", COMPONENT_SOLR, SERVICE_NAME, Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 0); } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5a352bf7/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java index 663350d..c8f7e5f 100644 --- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java +++ b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java @@ -86,7 +86,7 @@ public class TestSolrQueryOperations extends AbstractSolrSentryTestWithDbProvide grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role2", SearchConstants.QUERY); verifyQueryPass(grantor, TEST_COLLECTION_NAME1, ALL_DOCS); - client.renamePrivilege(ADMIN_USER, COMPONENT_SOLR, CLUSTER_NAME, + client.renamePrivilege(ADMIN_USER, COMPONENT_SOLR, SERVICE_NAME, Lists.newArrayList(new Collection(TEST_COLLECTION_NAME1)), Lists.newArrayList(new Collection("new_" + TEST_COLLECTION_NAME1))); verifyQueryFail(grantor, TEST_COLLECTION_NAME1, ALL_DOCS);
