Repository: incubator-sentry Updated Branches: refs/heads/SENTRY-999 65eda0145 -> 2aa3e99ae
SENTRY-1004: Create CommonPrivilege for external component(Colin Ma, Reviewed by Dapeng Sun, Anne Yu) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/2aa3e99a Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/2aa3e99a Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/2aa3e99a Branch: refs/heads/SENTRY-999 Commit: 2aa3e99aeadbc6e0c2d651532935bc4883bacc23 Parents: 65eda01 Author: Colin Ma <[email protected]> Authored: Thu Feb 18 10:04:30 2016 +0800 Committer: Colin Ma <[email protected]> Committed: Thu Feb 18 10:04:30 2016 +0800 ---------------------------------------------------------------------- .../sentry/core/common/BitFieldAction.java | 2 +- .../sentry/core/common/ImplyMethodType.java | 23 +++ .../org/apache/sentry/core/common/Model.java | 29 ++++ .../org/apache/sentry/core/common/Resource.java | 26 ++++ sentry-policy/sentry-policy-common/pom.xml | 5 + .../sentry/policy/common/CommonPrivilege.java | 139 +++++++++++++++++++ .../sentry/policy/common/PolicyConstants.java | 1 + .../sentry/policy/common/ModelForTest.java | 87 ++++++++++++ .../policy/common/TestCommonPrivilege.java | 131 +++++++++++++++++ .../sentry/policy/common/TestKeyValue.java | 28 ++-- 10 files changed, 455 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java index ce0e4fb..0f5b23b 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldAction.java @@ -20,7 +20,7 @@ package org.apache.sentry.core.common; * example, There exists three actions, UPDATE, QUERY and ALL. * The a bit set for UPDATE is 0x0001, QUERY is 0x0002, ALL is 0x0001|0x0002=0x0003 */ -public abstract class BitFieldAction implements Action { +public class BitFieldAction implements Action { private String name; private int code; http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java new file mode 100644 index 0000000..16a7a46 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java @@ -0,0 +1,23 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common; + +public enum ImplyMethodType { + STRING, + URL, + ACTION, +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Model.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Model.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Model.java new file mode 100644 index 0000000..a63cd63 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Model.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common; + +import java.util.Map; + +// The interface is used for define the authorization model for different component +public interface Model { + // The authorizableTypeName is the key of map, and the ImplyMethodType is the value. + Map<String, ImplyMethodType> getImplyMethodMap(); + + BitFieldActionFactory getBitFieldActionFactory(); + + // TODO: add interface to validate the hierarchy for the resources +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Resource.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Resource.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Resource.java new file mode 100644 index 0000000..3ce52e8 --- /dev/null +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Resource.java @@ -0,0 +1,26 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.core.common; + +// The interface is responsible for define the resource for every component. +public interface Resource { + // Get the ResourceImplyMethodType which indicate how to compare the resource value. + // eg, For Hive component, it will output STRING for "db", "table", "column" and URL for "url" + // in CommonPrivilege, the method imply() will compare the resource value according to the ResourceImplyMethodType. + // Using String.equals() for STRING and PathUtils.impliesURI() for URL + ImplyMethodType getResourceImplyMethod(); +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/pom.xml ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/pom.xml b/sentry-policy/sentry-policy-common/pom.xml index fbec06f..c925441 100644 --- a/sentry-policy/sentry-policy-common/pom.xml +++ b/sentry-policy/sentry-policy-common/pom.xml @@ -45,6 +45,11 @@ limitations under the License. <artifactId>junit</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.apache.sentry</groupId> + <artifactId>sentry-core-model-db</artifactId> + <scope>test</scope> + </dependency> </dependencies> </project> http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java new file mode 100644 index 0000000..af3a7dd --- /dev/null +++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java @@ -0,0 +1,139 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.policy.common; + +import com.google.common.base.Strings; +import com.google.common.collect.ImmutableList; +import com.google.common.collect.Lists; +import org.apache.sentry.core.common.BitFieldAction; +import org.apache.sentry.core.common.BitFieldActionFactory; +import org.apache.sentry.core.common.ImplyMethodType; +import org.apache.sentry.core.common.Model; +import org.apache.sentry.core.common.utils.PathUtils; +import java.util.List; + +// The class is used to compare the privilege +public class CommonPrivilege implements Privilege { + + private ImmutableList<KeyValue> parts; + + public CommonPrivilege(String privilegeStr) { + privilegeStr = Strings.nullToEmpty(privilegeStr).trim(); + if (privilegeStr.isEmpty()) { + throw new IllegalArgumentException("Privilege string cannot be null or empty."); + } + List<KeyValue> parts = Lists.newArrayList(); + for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.trimResults().split( + privilegeStr)) { + if (authorizable.isEmpty()) { + throw new IllegalArgumentException("Privilege '" + privilegeStr + "' has an empty section"); + } + parts.add(new KeyValue(authorizable)); + } + if (parts.isEmpty()) { + throw new AssertionError("Should never occur: " + privilegeStr); + } + this.parts = ImmutableList.copyOf(parts); + } + + public boolean implies(Privilege privilege, Model model) { + // By default only supports comparisons with other IndexerWildcardPermissions + if (!(privilege instanceof CommonPrivilege)) { + return false; + } + + List<KeyValue> otherParts = ((CommonPrivilege) privilege).getParts(); + if(parts.equals(otherParts)) { + return true; + } + + int index = 0; + for (KeyValue otherPart : otherParts) { + // If this privilege has less parts than the other privilege, everything + // after the number of parts contained + // in this privilege is automatically implied, so return true + if (parts.size() - 1 < index) { + return true; + } else { + KeyValue part = parts.get(index); + String policyKey = part.getKey(); + // are the keys even equal + if(!policyKey.equalsIgnoreCase(otherPart.getKey())) { + return false; + } + + // do the imply for action + if (PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyKey)) { + if (!impliesAction(part.getValue(), otherPart.getValue(), model.getBitFieldActionFactory())) { + return false; + } + } else { + if (!impliesValue(model.getImplyMethodMap().get(policyKey), part.getValue(), otherPart.getValue())) { + return false; + } + } + + index++; + } + } + + // If this privilege has more parts than the other parts, only imply it if + // all of the other parts are wildcards + for (; index < parts.size(); index++) { + KeyValue part = parts.get(index); + if (!PolicyConstants.PRIVILEGE_WILDCARD_VALUE.equals(part.getValue())) { + return false; + } + } + + return true; + } + + private boolean impliesValue(ImplyMethodType implyMethodType, String policyValue, String requestValue) { + // compare as the url + if (ImplyMethodType.URL == implyMethodType) { + return PathUtils.impliesURI(policyValue, requestValue); + } + // default: compare as the string + return policyValue.equals(requestValue); + } + + private boolean impliesAction(String policyValue, String requestValue, + BitFieldActionFactory bitFieldActionFactory) { + BitFieldAction currentAction = bitFieldActionFactory.getActionByName(policyValue); + BitFieldAction requestAction = bitFieldActionFactory.getActionByName(requestValue); + // the action in privilege is not supported + if (currentAction == null || requestAction == null) { + return false; + } + return currentAction.implies(requestAction); + } + + + @Override + public String toString() { + return PolicyConstants.AUTHORIZABLE_JOINER.join(parts); + } + + public boolean implies(Privilege p) { + return false; + } + + public List<KeyValue> getParts() { + return parts; + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java index 0bad8c1..8e4d465 100644 --- a/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java +++ b/sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java @@ -35,4 +35,5 @@ public class PolicyConstants { // TODO change to privilege public static final String PRIVILEGE_NAME = "action"; public static final String PRIVILEGE_PREFIX = (PRIVILEGE_NAME + KV_SEPARATOR).toLowerCase(); + public static final String PRIVILEGE_WILDCARD_VALUE = "*"; } http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java new file mode 100644 index 0000000..a213987 --- /dev/null +++ b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java @@ -0,0 +1,87 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.policy.common; + +import org.apache.sentry.core.common.*; +import org.apache.sentry.core.model.db.DBModelAuthorizable; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +public class ModelForTest implements Model { + + private Map<String, ImplyMethodType> implyMethodMap; + private BitFieldActionFactory bitFieldActionFactory; + + public ModelForTest() { + implyMethodMap = new HashMap<String, ImplyMethodType>(); + bitFieldActionFactory = new ActionFactoryForTest(); + + implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Server.name().toLowerCase(), ImplyMethodType.STRING); + implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Db.name().toLowerCase(), ImplyMethodType.STRING); + implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Table.name().toLowerCase(), ImplyMethodType.STRING); + implyMethodMap.put(DBModelAuthorizable.AuthorizableType.Column.name().toLowerCase(), ImplyMethodType.STRING); + implyMethodMap.put(DBModelAuthorizable.AuthorizableType.URI.name().toLowerCase(), ImplyMethodType.URL); + } + + public Map<String, ImplyMethodType> getImplyMethodMap() { + return implyMethodMap; + } + + public BitFieldActionFactory getBitFieldActionFactory() { + return bitFieldActionFactory; + } + + public static class ActionFactoryForTest extends BitFieldActionFactory { + enum ActionType { + SELECT("select", 1), + INSERT("insert", 2), + ALL("all", SELECT.getCode() | INSERT.getCode()), + ALL_STAR("*", SELECT.getCode() | INSERT.getCode()); + + private String name; + private int code; + + ActionType(String name, int code) { + this.name = name; + this.code = code; + } + + public int getCode() { + return code; + } + + public String getName() { + return name; + } + } + + public List<? extends BitFieldAction> getActionsByCode(int actionCode) { + return null; + } + + public BitFieldAction getActionByName(String name) { + for (ActionType action : ActionType.values()) { + if (action.name.equalsIgnoreCase(name)) { + return new BitFieldAction(action.getName(), action.getCode()); + } + } + return null; + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java new file mode 100644 index 0000000..d74c88f --- /dev/null +++ b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java @@ -0,0 +1,131 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sentry.policy.common; + +import org.apache.sentry.core.common.Model; +import org.junit.Before; +import org.junit.Test; +import java.util.List; + +import static junit.framework.Assert.assertEquals; +import static junit.framework.Assert.assertTrue; +import static junit.framework.Assert.assertFalse; + +public class TestCommonPrivilege { + + private Model testModel; + + @Before + public void prepareData() { + testModel = new ModelForTest(); + } + + @Test + public void testCreateCommonPrivilege() throws Exception { + String privilegeHiveStr = "server=server1->db=db1->table=table1->column=column1->action=select"; + String privilegeSolrStr = "server=server1->collection=col1->action=update"; + String privilegeSqoopStr = "server=server1->link=link1->action=read"; + + CommonPrivilege privilegeHive = new CommonPrivilege(privilegeHiveStr); + CommonPrivilege privilegeSolr = new CommonPrivilege(privilegeSolrStr); + CommonPrivilege privilegeSqoop = new CommonPrivilege(privilegeSqoopStr); + + List<KeyValue> keyValues = privilegeHive.getParts(); + assertEquals(5, keyValues.size()); + // test the value and the order + assertEquals("server", keyValues.get(0).getKey()); + assertEquals("server1", keyValues.get(0).getValue()); + assertEquals("db", keyValues.get(1).getKey()); + assertEquals("db1", keyValues.get(1).getValue()); + assertEquals("table", keyValues.get(2).getKey()); + assertEquals("table1", keyValues.get(2).getValue()); + assertEquals("column", keyValues.get(3).getKey()); + assertEquals("column1", keyValues.get(3).getValue()); + assertEquals("action", keyValues.get(4).getKey()); + assertEquals("select", keyValues.get(4).getValue()); + + keyValues = privilegeSolr.getParts(); + assertEquals(3, keyValues.size()); + assertEquals("server", keyValues.get(0).getKey()); + assertEquals("server1", keyValues.get(0).getValue()); + assertEquals("collection", keyValues.get(1).getKey()); + assertEquals("col1", keyValues.get(1).getValue()); + assertEquals("action", keyValues.get(2).getKey()); + assertEquals("update", keyValues.get(2).getValue()); + + keyValues = privilegeSqoop.getParts(); + assertEquals(3, keyValues.size()); + assertEquals("server", keyValues.get(0).getKey()); + assertEquals("server1", keyValues.get(0).getValue()); + assertEquals("link", keyValues.get(1).getKey()); + assertEquals("link1", keyValues.get(1).getValue()); + assertEquals("action", keyValues.get(2).getKey()); + assertEquals("read", keyValues.get(2).getValue()); + } + + @Test + public void testImplyCommonPrivilegeWithoutAction() throws Exception { + + CommonPrivilege requestPrivilege = new CommonPrivilege("server=server1->db=db1->table=table1"); + CommonPrivilege privilegForTest1 = new CommonPrivilege("server=server1->db=db1->table=table1"); + CommonPrivilege privilegForTest2 = new CommonPrivilege("server=server1->db=db1"); + CommonPrivilege privilegForTest3 = new CommonPrivilege("server=server1->db=db1->table=table2"); + CommonPrivilege privilegForTest4 = new CommonPrivilege("server=server1->db=db1->table=table1->column=col1"); + CommonPrivilege privilegForTest5 = new CommonPrivilege("server=server1->db=db1->table=table1->column=*"); + + assertTrue(privilegForTest1.implies(requestPrivilege, testModel)); + assertTrue(privilegForTest2.implies(requestPrivilege, testModel)); + assertFalse(privilegForTest3.implies(requestPrivilege, testModel)); + assertFalse(privilegForTest4.implies(requestPrivilege, testModel)); + assertTrue(privilegForTest5.implies(requestPrivilege, testModel)); + } + + @Test + public void testImplyCommonPrivilegeWithUrl() throws Exception { + + CommonPrivilege requestPrivilege = new CommonPrivilege("server=server1->uri=hdfs:///url/for/request"); + CommonPrivilege privilegForTest1 = new CommonPrivilege("server=server1->uri=hdfs:///url"); + CommonPrivilege privilegForTest2 = new CommonPrivilege("server=server1->uri=hdfs:///url/for/request"); + CommonPrivilege privilegForTest3 = new CommonPrivilege("server=server1->uri=hdfs:///url/unvalid/for/request"); + + assertTrue(privilegForTest1.implies(requestPrivilege, testModel)); + assertTrue(privilegForTest2.implies(requestPrivilege, testModel)); + assertFalse(privilegForTest3.implies(requestPrivilege, testModel)); + } + + @Test + public void testImplyCommonPrivilegeForAction() throws Exception { + CommonPrivilege privilegForSelect = new CommonPrivilege("server=server1->db=db1->table=table1->action=select"); + CommonPrivilege privilegForInsert = new CommonPrivilege("server=server1->db=db1->table=table1->action=insert"); + CommonPrivilege privilegForAll = new CommonPrivilege("server=server1->db=db1->table=table1->action=all"); + + // the privilege should imply itself + assertTrue(privilegForSelect.implies(privilegForSelect, testModel)); + assertTrue(privilegForInsert.implies(privilegForInsert, testModel)); + assertTrue(privilegForAll.implies(privilegForAll, testModel)); + + // do the imply with the different action based on operate & + assertFalse(privilegForInsert.implies(privilegForSelect, testModel)); + assertTrue(privilegForAll.implies(privilegForSelect, testModel)); + + assertFalse(privilegForSelect.implies(privilegForInsert, testModel)); + assertTrue(privilegForAll.implies(privilegForInsert, testModel)); + + assertFalse(privilegForSelect.implies(privilegForAll, testModel)); + assertFalse(privilegForInsert.implies(privilegForAll, testModel)); + } +} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/2aa3e99a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java index 2dfc7c5..7686ea1 100644 --- a/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java +++ b/sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java @@ -16,10 +16,8 @@ */ package org.apache.sentry.policy.common; -import static junit.framework.Assert.assertEquals; -import static junit.framework.Assert.assertFalse; import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER; - +import junit.framework.Assert; import org.junit.Test; public class TestKeyValue { @@ -27,8 +25,8 @@ public class TestKeyValue { @Test public void testWithSeparators() throws Exception { KeyValue kv = new KeyValue("URI=/u/h/w/t/partition=value/"); - assertEquals("URI", kv.getKey()); - assertEquals("/u/h/w/t/partition=value/", kv.getValue()); + Assert.assertEquals("URI", kv.getKey()); + Assert.assertEquals("/u/h/w/t/partition=value/", kv.getValue()); } @Test(expected = IllegalArgumentException.class) @@ -58,19 +56,19 @@ public class TestKeyValue { } private void doTest(KeyValue kv1, KeyValue kv2, KeyValue kv3) { - assertEquals(kv1, kv2); - assertFalse(kv1.equals(kv3)); + Assert.assertEquals(kv1, kv2); + Assert.assertFalse(kv1.equals(kv3)); - assertEquals(kv1.toString(), kv2.toString()); - assertFalse(kv1.toString().equals(kv3.toString())); + Assert.assertEquals(kv1.toString(), kv2.toString()); + Assert.assertFalse(kv1.toString().equals(kv3.toString())); - assertEquals(kv1.hashCode(), kv2.hashCode()); - assertFalse(kv1.hashCode() == kv3.hashCode()); + Assert.assertEquals(kv1.hashCode(), kv2.hashCode()); + Assert.assertFalse(kv1.hashCode() == kv3.hashCode()); - assertEquals(kv1.getKey(), kv2.getKey()); - assertFalse(kv1.getKey().equals(kv3.getKey())); + Assert.assertEquals(kv1.getKey(), kv2.getKey()); + Assert.assertFalse(kv1.getKey().equals(kv3.getKey())); - assertEquals(kv1.getValue(), kv2.getValue()); - assertFalse(kv1.getValue().equals(kv3.getValue())); + Assert.assertEquals(kv1.getValue(), kv2.getValue()); + Assert.assertFalse(kv1.getValue().equals(kv3.getValue())); } }
