http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java deleted file mode 100644 index 2da4699..0000000 --- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.db; - -import java.io.File; -import java.io.IOException; -import java.util.Arrays; -import java.util.EnumSet; -import java.util.List; -import java.util.Set; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.Action; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.common.Authorizable; -import org.apache.sentry.core.common.Subject; -import org.apache.sentry.core.model.db.AccessConstants; -import org.apache.sentry.core.model.db.DBModelAction; -import org.apache.sentry.core.model.db.Database; -import org.apache.sentry.core.model.db.Server; -import org.apache.sentry.core.model.db.Table; -import org.apache.sentry.provider.common.MockGroupMappingServiceProvider; -import org.apache.sentry.provider.common.ResourceAuthorizationProvider; -import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFiles; -import org.junit.After; -import org.junit.Test; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Objects; -import com.google.common.collect.HashMultimap; -import com.google.common.collect.Multimap; -import com.google.common.io.Files; - - -public class TestResourceAuthorizationProviderGeneralCases { - - private static final Logger LOGGER = LoggerFactory - .getLogger(TestResourceAuthorizationProviderGeneralCases.class); - - private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap - .create(); - - private static final Subject SUB_ADMIN = new Subject("admin1"); - private static final Subject SUB_MANAGER = new Subject("manager1"); - private static final Subject SUB_ANALYST = new Subject("analyst1"); - private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1"); - - private static final Server SVR_SERVER1 = new Server("server1"); - private static final Server SVR_ALL = new Server(AccessConstants.ALL); - - private static final Database DB_CUSTOMERS = new Database("customers"); - private static final Database DB_ANALYST = new Database("analyst1"); - private static final Database DB_JR_ANALYST = new Database("jranalyst1"); - - private static final Table TBL_PURCHASES = new Table("purchases"); - - private static final Set<? extends Action> ALL = EnumSet.of(DBModelAction.ALL); - private static final Set<? extends Action> SELECT = EnumSet.of(DBModelAction.SELECT); - private static final Set<? extends Action> INSERT = EnumSet.of(DBModelAction.INSERT); - - static { - USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin")); - USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager")); - USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst")); - USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(), - Arrays.asList("jranalyst")); - } - - private final ResourceAuthorizationProvider authzProvider; - private File baseDir; - - public TestResourceAuthorizationProviderGeneralCases() throws IOException { - baseDir = Files.createTempDir(); - PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini", "test-authz-provider-other-group.ini"); - authzProvider = new HadoopGroupResourceAuthorizationProvider( - DBPolicyTestUtil.createPolicyEngineForTest("server1", - new File(baseDir, "test-authz-provider.ini").getPath()), - new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP)); - - } - - @After - public void teardown() { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - private void doTestAuthorizables( - Subject subject, Set<? extends Action> privileges, boolean expected, - Authorizable... authorizables) throws Exception { - List<Authorizable> authzHierarchy = Arrays.asList(authorizables); - Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters"); - helper.add("authorizables", authzHierarchy).add("Privileges", privileges); - LOGGER.info("Running with " + helper.toString()); - Assert.assertEquals(helper.toString(), expected, - authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL)); - LOGGER.info("Passed " + helper.toString()); - } - - private void doTestResourceAuthorizationProvider(Subject subject, - Server server, Database database, Table table, - Set<? extends Action> privileges, boolean expected) throws Exception { - List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] { - server, database, table - }); - Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters"); - helper.add("Subject", subject).add("Server", server).add("DB", database) - .add("Table", table).add("Privileges", privileges).add("authzHierarchy", authzHierarchy); - LOGGER.info("Running with " + helper.toString()); - Assert.assertEquals(helper.toString(), expected, - authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL)); - LOGGER.info("Passed " + helper.toString()); - } - - @Test - public void testAdmin() throws Exception { - doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, true); - doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true); - doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, true); - doTestAuthorizables(SUB_ADMIN, SELECT, true, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES); - - } - @Test - public void testManager() throws Exception { - doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false); - doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true); - doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false); - doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true); - } - @Test - public void testAnalyst() throws Exception { - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false); - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true); - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false); - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true); - - // analyst sandbox - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, ALL, true); - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, SELECT, true); - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, INSERT, true); - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_ANALYST, TBL_PURCHASES, SELECT, true); - - // jr analyst sandbox - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, ALL, false); - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true); - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, INSERT, false); - doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true); - } - @Test - public void testJuniorAnalyst() throws Exception { - doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false); - doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, false); - doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false); - doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, false); - // jr analyst sandbox - doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, ALL, true); - doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true); - doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, INSERT, true); - doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_ALL, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true); - } -}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java deleted file mode 100644 index b166499..0000000 --- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java +++ /dev/null @@ -1,123 +0,0 @@ - /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.db; - -import java.io.File; -import java.io.IOException; -import java.util.EnumSet; -import java.util.List; -import java.util.Set; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.Action; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.common.Authorizable; -import org.apache.sentry.core.common.Subject; -import org.apache.sentry.core.model.db.AccessURI; -import org.apache.sentry.core.model.db.DBModelAction; -import org.apache.sentry.core.model.db.Server; -import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.AuthorizationProvider; -import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFile; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; - -import com.google.common.collect.ImmutableList; -import com.google.common.io.Files; - -public class TestResourceAuthorizationProviderSpecialCases { - private AuthorizationProvider authzProvider; - private PolicyFile policyFile; - private File baseDir; - private File iniFile; - private String initResource; - @Before - public void setup() throws IOException { - baseDir = Files.createTempDir(); - iniFile = new File(baseDir, "policy.ini"); - initResource = "file://" + iniFile.getPath(); - policyFile = new PolicyFile(); - } - - @After - public void teardown() throws IOException { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - @Test - public void testDuplicateEntries() throws Exception { - Subject user1 = new Subject("user1"); - Server server1 = new Server("server1"); - AccessURI uri = new AccessURI("file:///path/to/"); - Set<? extends Action> actions = EnumSet.of(DBModelAction.ALL, DBModelAction.SELECT, DBModelAction.INSERT); - policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1") - .addRolesToGroup("group1", true, "role1", "role1") - .addPermissionsToRole("role1", true, "server=" + server1.getName() + "->uri=" + uri.getName(), - "server=" + server1.getName() + "->uri=" + uri.getName()); - policyFile.write(iniFile); - PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest(server1.getName(), initResource); - authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy); - List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri); - Assert.assertTrue(authorizableHierarchy.toString(), - authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL)); - } - @Test - public void testNonAbolutePath() throws Exception { - Subject user1 = new Subject("user1"); - Server server1 = new Server("server1"); - AccessURI uri = new AccessURI("file:///path/to/"); - Set<? extends Action> actions = EnumSet.of(DBModelAction.ALL, DBModelAction.SELECT, DBModelAction.INSERT); - policyFile.addGroupsToUser(user1.getName(), "group1") - .addRolesToGroup("group1", "role1") - .addPermissionsToRole("role1", "server=" + server1.getName() + "->uri=" + uri.getName()); - policyFile.write(iniFile); - PolicyEngine policy = DBPolicyTestUtil.createPolicyEngineForTest(server1.getName(), initResource); - authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy); - // positive test - List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri); - Assert.assertTrue(authorizableHierarchy.toString(), - authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL)); - // negative tests - // TODO we should support the case of /path/to/./ but let's to that later - uri = new AccessURI("file:///path/to/./"); - authorizableHierarchy = ImmutableList.of(server1, uri); - Assert.assertFalse(authorizableHierarchy.toString(), - authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL)); - uri = new AccessURI("file:///path/to/../"); - authorizableHierarchy = ImmutableList.of(server1, uri); - Assert.assertFalse(authorizableHierarchy.toString(), - authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL)); - uri = new AccessURI("file:///path/to/../../"); - authorizableHierarchy = ImmutableList.of(server1, uri); - Assert.assertFalse(authorizableHierarchy.toString(), - authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL)); - uri = new AccessURI("file:///path/to/dir/../../"); - authorizableHierarchy = ImmutableList.of(server1, uri); - Assert.assertFalse(authorizableHierarchy.toString(), - authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL)); - } - @Test(expected=IllegalArgumentException.class) - public void testInvalidPath() throws Exception { - new AccessURI(":invaliduri"); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java deleted file mode 100644 index 901e5bf..0000000 --- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.db; - -import java.io.File; -import java.io.IOException; -import java.util.Set; - -import junit.framework.Assert; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.FileSystem; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.hdfs.MiniDFSCluster; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.file.PolicyFile; -import org.apache.sentry.provider.file.PolicyFiles; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Sets; -import com.google.common.io.Files; - -public class TestSimpleDBPolicyEngineDFS extends AbstractTestSimplePolicyEngine { - - private static MiniDFSCluster dfsCluster; - private static FileSystem fileSystem; - private static Path root; - private static Path etc; - - @BeforeClass - public static void setupLocalClazz() throws IOException { - File baseDir = getBaseDir(); - Assert.assertNotNull(baseDir); - File dfsDir = new File(baseDir, "dfs"); - Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs()); - Configuration conf = new Configuration(); - conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath()); - dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build(); - fileSystem = dfsCluster.getFileSystem(); - root = new Path(fileSystem.getUri().toString()); - etc = new Path(root, "/etc"); - fileSystem.mkdirs(etc); - } - @AfterClass - public static void teardownLocalClazz() { - if(dfsCluster != null) { - dfsCluster.shutdown(); - } - } - - @Override - protected void afterSetup() throws IOException { - fileSystem.delete(etc, true); - fileSystem.mkdirs(etc); - PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini", "test-authz-provider-other-group.ini"); - setPolicy(DBPolicyTestUtil.createPolicyEngineForTest("server1", - new Path(etc, "test-authz-provider.ini").toString())); - } - @Override - protected void beforeTeardown() throws IOException { - fileSystem.delete(etc, true); - } - - @Test - public void testMultiFSPolicy() throws Exception { - File globalPolicyFile = new File(Files.createTempDir(), "global-policy.ini"); - File dbPolicyFile = new File(Files.createTempDir(), "db11-policy.ini"); - - // Create global policy file - PolicyFile dbPolicy = new PolicyFile() - .addPermissionsToRole("db11_role", "server=server1->db=db11") - .addRolesToGroup("group1", "db11_role"); - - dbPolicy.write(dbPolicyFile); - Path dbPolicyPath = new Path(etc, "db11-policy.ini"); - - // create per-db policy file - PolicyFile globalPolicy = new PolicyFile() - .addPermissionsToRole("admin_role", "server=server1") - .addRolesToGroup("admin_group", "admin_role") - .addGroupsToUser("db", "admin_group"); - globalPolicy.addDatabase("db11", dbPolicyPath.toUri().toString()); - globalPolicy.write(globalPolicyFile); - - - PolicyFiles.copyFilesToDir(fileSystem, etc, globalPolicyFile); - PolicyFiles.copyFilesToDir(fileSystem, etc, dbPolicyFile); - PolicyEngine multiFSEngine = - DBPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); - - Set<String> dbGroups = Sets.newHashSet(); - dbGroups.add("group1"); - ImmutableSet<String> dbPerms = - multiFSEngine.getAllPrivileges(dbGroups, ActiveRoleSet.ALL); - Assert.assertEquals("No DB permissions found", 1, dbPerms.size()); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java deleted file mode 100644 index 435e4d8..0000000 --- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.db; - -import java.io.File; -import java.io.IOException; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.provider.file.PolicyFiles; - -public class TestSimpleDBPolicyEngineLocalFS extends AbstractTestSimplePolicyEngine { - - @Override - protected void afterSetup() throws IOException { - File baseDir = getBaseDir(); - Assert.assertNotNull(baseDir); - Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs()); - PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini", "test-authz-provider-other-group.ini"); - setPolicy(DBPolicyTestUtil.createPolicyEngineForTest("server1", - new File(baseDir, "test-authz-provider.ini").getPath())); - } - @Override - protected void beforeTeardown() throws IOException { - File baseDir = getBaseDir(); - Assert.assertNotNull(baseDir); - FileUtils.deleteQuietly(baseDir); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider-other-group.ini ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider-other-group.ini b/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider-other-group.ini deleted file mode 100644 index cd3695c..0000000 --- a/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider-other-group.ini +++ /dev/null @@ -1,22 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -[groups] -other_group = analyst_role - -[roles] -analyst_role = server=server1->db=other_group_db->table=purchases->action=select \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider.ini ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider.ini b/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider.ini deleted file mode 100644 index 2d00699..0000000 --- a/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider.ini +++ /dev/null @@ -1,32 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -[databases] -other_group_db = test-authz-provider-other-group.ini - -[groups] -manager = analyst_role, junior_analyst_role -analyst = analyst_role -jranalyst = junior_analyst_role -admin = admin - -[roles] -analyst_role = server=server1->db=customers->table=purchases->action=select, \ - server=server1->db=analyst1, \ - server=server1->db=jranalyst1->table=*->action=select -junior_analyst_role = server=server1->db=jranalyst1, server=server1->db=customers->table=purchases_partial->action=select -admin = server=server1 http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java deleted file mode 100644 index d1c415b..0000000 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.search; - -import java.io.File; -import java.io.IOException; -import java.util.Set; -import java.util.TreeSet; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.policy.common.PolicyEngine; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.Sets; -import com.google.common.io.Files; - -public abstract class AbstractTestSearchPolicyEngine { - private static final String ANALYST_PURCHASES_UPDATE = "collection=purchases->action=update"; - private static final String ANALYST_ANALYST1_ALL = "collection=analyst1"; - private static final String ANALYST_JRANALYST1_ACTION_ALL = "collection=jranalyst1->action=*"; - private static final String ANALYST_TMPCOLLECTION_UPDATE = "collection=tmpcollection->action=update"; - private static final String ANALYST_TMPCOLLECTION_QUERY = "collection=tmpcollection->action=query"; - private static final String JRANALYST_JRANALYST1_ALL = "collection=jranalyst1"; - private static final String JRANALYST_PURCHASES_PARTIAL_QUERY = "collection=purchases_partial->action=query"; - private static final String ADMIN_COLLECTION_ALL = "collection=*"; - - private PolicyEngine policy; - private static File baseDir; - - @BeforeClass - public static void setupClazz() throws IOException { - baseDir = Files.createTempDir(); - } - - @AfterClass - public static void teardownClazz() throws IOException { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - protected void setPolicy(PolicyEngine policy) { - this.policy = policy; - } - protected static File getBaseDir() { - return baseDir; - } - @Before - public void setup() throws IOException { - afterSetup(); - } - @After - public void teardown() throws IOException { - beforeTeardown(); - } - protected void afterSetup() throws IOException { - - } - - protected void beforeTeardown() throws IOException { - - } - - @Test - public void testManager() throws Exception { - Set<String> expected = Sets.newTreeSet(Sets.newHashSet( - ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL, - ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE, - ANALYST_TMPCOLLECTION_QUERY, JRANALYST_JRANALYST1_ALL, - JRANALYST_PURCHASES_PARTIAL_QUERY)); - Assert.assertEquals(expected.toString(), - new TreeSet<String>(policy.getPrivileges(set("manager"), ActiveRoleSet.ALL)) - .toString()); - } - - @Test - public void testAnalyst() throws Exception { - Set<String> expected = Sets.newTreeSet(Sets.newHashSet( - ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL, - ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE, - ANALYST_TMPCOLLECTION_QUERY)); - Assert.assertEquals(expected.toString(), - new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL)) - .toString()); - } - - @Test - public void testJuniorAnalyst() throws Exception { - Set<String> expected = Sets.newTreeSet(Sets - .newHashSet(JRANALYST_JRANALYST1_ALL, - JRANALYST_PURCHASES_PARTIAL_QUERY)); - Assert.assertEquals(expected.toString(), - new TreeSet<String>(policy.getPrivileges(set("jranalyst"), ActiveRoleSet.ALL)) - .toString()); - } - - @Test - public void testAdmin() throws Exception { - Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ADMIN_COLLECTION_ALL)); - Assert.assertEquals(expected.toString(), - new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL)) - .toString()); - } - - private static Set<String> set(String... values) { - return Sets.newHashSet(values); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyTestUtil.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyTestUtil.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyTestUtil.java deleted file mode 100644 index 0f76050..0000000 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyTestUtil.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.search; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.core.model.search.SearchPrivilegeModel; -import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.ProviderBackend; -import org.apache.sentry.provider.common.ProviderBackendContext; -import org.apache.sentry.provider.file.SimpleFileProviderBackend; - -import java.io.IOException; - -public class SearchPolicyTestUtil { - - public static PolicyEngine createPolicyEngineForTest(String resource) throws IOException { - - ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource); - - // create backendContext - ProviderBackendContext context = new ProviderBackendContext(); - context.setAllowPerDatabase(false); - context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators()); - // initialize the backend with the context - providerBackend.initialize(context); - - - return new SimpleSearchPolicyEngine(providerBackend); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java deleted file mode 100644 index 5da46f7..0000000 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.search; - -import junit.framework.Assert; - -import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; -import org.apache.sentry.core.model.search.validator.CollectionRequiredInPrivilege; -import org.apache.shiro.config.ConfigurationException; -import org.junit.Test; - -public class TestCollectionRequiredInRole { - - @Test - public void testEmptyRole() throws Exception { - CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege(); - - // check no db - try { - collRequiredInRole.validate(new PrivilegeValidatorContext("index=index1")); - Assert.fail("Expected ConfigurationException"); - } catch (ConfigurationException e) { - ; - } - - // check with db - try { - collRequiredInRole.validate(new PrivilegeValidatorContext("db1","index=index2")); - Assert.fail("Expected ConfigurationException"); - } catch (ConfigurationException e) { - ; - } - } - - @Test - public void testCollectionWithoutAction() throws Exception { - CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege(); - collRequiredInRole.validate(new PrivilegeValidatorContext("collection=nodb")); - collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db")); - } - - @Test - public void testCollectionWithAction() throws Exception { - CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege(); - collRequiredInRole.validate(new PrivilegeValidatorContext(null,"collection=nodb->action=query")); - collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db->action=update")); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java deleted file mode 100644 index c9c8330..0000000 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.search; - -import java.io.File; -import java.io.IOException; -import java.util.Arrays; -import java.util.EnumSet; -import java.util.List; -import java.util.Set; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.Action; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.common.Authorizable; -import org.apache.sentry.core.common.Subject; -import org.apache.sentry.core.model.search.Collection; -import org.apache.sentry.core.model.search.SearchModelAction; -import org.apache.sentry.provider.common.MockGroupMappingServiceProvider; -import org.apache.sentry.provider.common.ResourceAuthorizationProvider; -import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFiles; -import org.junit.After; -import org.junit.Test; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Objects; -import com.google.common.collect.HashMultimap; -import com.google.common.collect.Multimap; -import com.google.common.io.Files; - - -public class TestSearchAuthorizationProviderGeneralCases { - - private static final Logger LOGGER = LoggerFactory - .getLogger(TestSearchAuthorizationProviderGeneralCases.class); - - private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap - .create(); - - private static final Subject SUB_ADMIN = new Subject("admin1"); - private static final Subject SUB_MANAGER = new Subject("manager1"); - private static final Subject SUB_ANALYST = new Subject("analyst1"); - private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1"); - - private static final Collection COLL_PURCHASES = new Collection("purchases"); - private static final Collection COLL_ANALYST1 = new Collection("analyst1"); - private static final Collection COLL_JRANALYST1 = new Collection("jranalyst1"); - private static final Collection COLL_TMP = new Collection("tmpcollection"); - private static final Collection COLL_PURCHASES_PARTIAL = new Collection("purchases_partial"); - - private static final SearchModelAction QUERY = SearchModelAction.QUERY; - private static final SearchModelAction UPDATE = SearchModelAction.UPDATE; - - static { - USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin")); - USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager")); - USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst")); - USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(), - Arrays.asList("jranalyst")); - } - - private final ResourceAuthorizationProvider authzProvider; - private File baseDir; - - public TestSearchAuthorizationProviderGeneralCases() throws IOException { - baseDir = Files.createTempDir(); - PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini"); - authzProvider = new HadoopGroupResourceAuthorizationProvider( - SearchPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "test-authz-provider.ini").getPath()), - new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP)); - - } - - @After - public void teardown() { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - private void doTestAuthProviderOnCollection(Subject subject, - Collection collection, Set<? extends Action> expectedPass) throws Exception { - Set<SearchModelAction> allActions = EnumSet.of(SearchModelAction.ALL, SearchModelAction.QUERY, SearchModelAction.UPDATE); - for(SearchModelAction action : allActions) { - doTestResourceAuthorizationProvider(subject, collection, - EnumSet.of(action), expectedPass.contains(action)); - } - } - - private void doTestResourceAuthorizationProvider(Subject subject, - Collection collection, - Set<? extends Action> privileges, boolean expected) throws Exception { - List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] { - collection - }); - Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters"); - helper.add("Subject", subject).add("Collection", collection) - .add("Privileges", privileges).add("authzHierarchy", authzHierarchy); - LOGGER.info("Running with " + helper.toString()); - Assert.assertEquals(helper.toString(), expected, - authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL)); - LOGGER.info("Passed " + helper.toString()); - } - - @Test - public void testAdmin() throws Exception { - Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class); - doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES, allActions); - doTestAuthProviderOnCollection(SUB_ADMIN, COLL_ANALYST1, allActions); - doTestAuthProviderOnCollection(SUB_ADMIN, COLL_JRANALYST1, allActions); - doTestAuthProviderOnCollection(SUB_ADMIN, COLL_TMP, allActions); - doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES_PARTIAL, allActions); - } - - @Test - public void testManager() throws Exception { - Set<SearchModelAction> updateOnly = EnumSet.of(SearchModelAction.UPDATE); - doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES, updateOnly); - - Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class); - doTestAuthProviderOnCollection(SUB_MANAGER, COLL_ANALYST1, allActions); - doTestAuthProviderOnCollection(SUB_MANAGER, COLL_JRANALYST1, allActions); - - Set<SearchModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE); - doTestAuthProviderOnCollection(SUB_MANAGER, COLL_TMP, queryUpdateOnly); - - Set<SearchModelAction> queryOnly = EnumSet.of(SearchModelAction.QUERY); - doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES_PARTIAL, queryOnly); - } - - @Test - public void testAnalyst() throws Exception { - Set<SearchModelAction> updateOnly = EnumSet.of(SearchModelAction.UPDATE); - doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES, updateOnly); - - Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class); - doTestAuthProviderOnCollection(SUB_ANALYST, COLL_ANALYST1, allActions); - doTestAuthProviderOnCollection(SUB_ANALYST, COLL_JRANALYST1, allActions); - - Set<SearchModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE); - doTestAuthProviderOnCollection(SUB_ANALYST, COLL_TMP, queryUpdateOnly); - - Set<SearchModelAction> noActions = EnumSet.noneOf(SearchModelAction.class); - doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES_PARTIAL, noActions); - } - - @Test - public void testJuniorAnalyst() throws Exception { - Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class); - doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_JRANALYST1, allActions); - - Set<SearchModelAction> queryOnly = EnumSet.of(SearchModelAction.QUERY); - doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES_PARTIAL, queryOnly); - - Set<SearchModelAction> noActions = EnumSet.noneOf(SearchModelAction.class); - doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES, noActions); - doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_ANALYST1, noActions); - doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_TMP, noActions); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java deleted file mode 100644 index b3a68a7..0000000 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java +++ /dev/null @@ -1,83 +0,0 @@ - /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.search; - -import java.io.File; -import java.io.IOException; -import java.util.EnumSet; -import java.util.List; -import java.util.Set; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.Action; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.common.Authorizable; -import org.apache.sentry.core.common.Subject; -import org.apache.sentry.core.model.search.Collection; -import org.apache.sentry.core.model.search.SearchModelAction; -import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.AuthorizationProvider; -import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFile; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; - -import com.google.common.collect.ImmutableList; -import com.google.common.io.Files; - -public class TestSearchAuthorizationProviderSpecialCases { - private AuthorizationProvider authzProvider; - private PolicyFile policyFile; - private File baseDir; - private File iniFile; - private String initResource; - @Before - public void setup() throws IOException { - baseDir = Files.createTempDir(); - iniFile = new File(baseDir, "policy.ini"); - initResource = "file://" + iniFile.getPath(); - policyFile = new PolicyFile(); - } - - @After - public void teardown() throws IOException { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - @Test - public void testDuplicateEntries() throws Exception { - Subject user1 = new Subject("user1"); - Collection collection1 = new Collection("collection1"); - Set<? extends Action> actions = EnumSet.allOf(SearchModelAction.class); - policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1") - .addRolesToGroup("group1", true, "role1", "role1") - .addPermissionsToRole("role1", true, "collection=" + collection1.getName(), - "collection=" + collection1.getName()); - policyFile.write(iniFile); - PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(initResource); - authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy); - List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(collection1); - Assert.assertTrue(authorizableHierarchy.toString(), - authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL)); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java deleted file mode 100644 index 1eb9576..0000000 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.search; -import static junit.framework.Assert.assertEquals; -import static junit.framework.Assert.assertNull; - -import org.apache.sentry.core.model.search.Collection; -import org.apache.sentry.core.model.search.SearchModelAuthorizables; -import org.junit.Test; - -public class TestSearchModelAuthorizables { - - @Test - public void testCollection() throws Exception { - Collection coll = (Collection) SearchModelAuthorizables.from("CoLleCtiOn=collection1"); - assertEquals("collection1", coll.getName()); - } - - @Test(expected=IllegalArgumentException.class) - public void testNoKV() throws Exception { - System.out.println(SearchModelAuthorizables.from("nonsense")); - } - - @Test(expected=IllegalArgumentException.class) - public void testEmptyKey() throws Exception { - System.out.println(SearchModelAuthorizables.from("=v")); - } - - @Test(expected=IllegalArgumentException.class) - public void testEmptyValue() throws Exception { - System.out.println(SearchModelAuthorizables.from("k=")); - } - - @Test - public void testNotAuthorizable() throws Exception { - assertNull(SearchModelAuthorizables.from("k=v")); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java deleted file mode 100644 index 292685b..0000000 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.search; - -import java.io.File; -import java.io.IOException; - -import junit.framework.Assert; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.FileSystem; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.hdfs.MiniDFSCluster; -import org.apache.sentry.provider.file.PolicyFiles; -import org.junit.AfterClass; -import org.junit.BeforeClass; - -public class TestSearchPolicyEngineDFS extends AbstractTestSearchPolicyEngine { - - private static MiniDFSCluster dfsCluster; - private static FileSystem fileSystem; - private static Path root; - private static Path etc; - - @BeforeClass - public static void setupLocalClazz() throws IOException { - File baseDir = getBaseDir(); - Assert.assertNotNull(baseDir); - File dfsDir = new File(baseDir, "dfs"); - Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs()); - Configuration conf = new Configuration(); - conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath()); - dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build(); - fileSystem = dfsCluster.getFileSystem(); - root = new Path(fileSystem.getUri().toString()); - etc = new Path(root, "/etc"); - fileSystem.mkdirs(etc); - } - - @AfterClass - public static void teardownLocalClazz() { - if(dfsCluster != null) { - dfsCluster.shutdown(); - } - } - - @Override - protected void afterSetup() throws IOException { - fileSystem.delete(etc, true); - fileSystem.mkdirs(etc); - PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini"); - setPolicy(SearchPolicyTestUtil.createPolicyEngineForTest(new Path(etc, - "test-authz-provider.ini").toString())); - } - - @Override - protected void beforeTeardown() throws IOException { - fileSystem.delete(etc, true); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java deleted file mode 100644 index 9d34460..0000000 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.search; - -import java.io.File; -import java.io.IOException; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.provider.file.PolicyFiles; - -public class TestSearchPolicyEngineLocalFS extends AbstractTestSearchPolicyEngine { - - @Override - protected void afterSetup() throws IOException { - File baseDir = getBaseDir(); - Assert.assertNotNull(baseDir); - Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs()); - PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini"); - setPolicy(SearchPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "test-authz-provider.ini").getPath())); - } - @Override - protected void beforeTeardown() throws IOException { - File baseDir = getBaseDir(); - Assert.assertNotNull(baseDir); - FileUtils.deleteQuietly(baseDir); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java deleted file mode 100644 index 9155dad..0000000 --- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.search; - -import java.io.File; -import java.io.IOException; -import java.util.Collections; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.policy.common.PolicyEngine; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Charsets; -import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Sets; -import com.google.common.io.Files; - -public class TestSearchPolicyNegative { - - @SuppressWarnings("unused") - private static final Logger LOGGER = LoggerFactory - .getLogger(TestSearchPolicyNegative.class); - - private File baseDir; - private File globalPolicyFile; - private File otherPolicyFile; - - @Before - public void setup() { - baseDir = Files.createTempDir(); - globalPolicyFile = new File(baseDir, "global.ini"); - otherPolicyFile = new File(baseDir, "other.ini"); - } - - @After - public void teardown() { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - private void append(String from, File to) throws IOException { - Files.append(from + "\n", to, Charsets.UTF_8); - } - - @Test - public void testPerDbFileException() throws Exception { - append("[databases]", globalPolicyFile); - append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile); - append("[groups]", otherPolicyFile); - append("other_group = some_role", otherPolicyFile); - append("[roles]", otherPolicyFile); - append("some_role = collection=c1", otherPolicyFile); - PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); - Assert.assertEquals(Collections.emptySet(), - policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL)); - } - - @Test - public void testCollectionRequiredInRole() throws Exception { - append("[groups]", globalPolicyFile); - append("group = some_role", globalPolicyFile); - append("[roles]", globalPolicyFile); - append("some_role = action=query", globalPolicyFile); - PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); - ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); - Assert.assertTrue(permissions.toString(), permissions.isEmpty()); - } - - @Test - public void testGroupIncorrect() throws Exception { - append("[groups]", globalPolicyFile); - append("group = malicious_role", globalPolicyFile); - append("[roles]", globalPolicyFile); - append("malicious_role = collection=*", globalPolicyFile); - PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath()); - ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL); - Assert.assertTrue(permissions.toString(), permissions.isEmpty()); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini b/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini deleted file mode 100644 index 8af8162..0000000 --- a/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini +++ /dev/null @@ -1,31 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -[groups] -manager = analyst_role, junior_analyst_role -analyst = analyst_role -jranalyst = junior_analyst_role -admin = admin - -[roles] -analyst_role = collection=purchases->action=update, \ - collection=analyst1, \ - collection=jranalyst1->action=*, \ - collection=tmpcollection->action=update, \ - collection=tmpcollection->action=query -junior_analyst_role = collection=jranalyst1, collection=purchases_partial->action=query -admin = collection=* http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/AbstractTestSqoopPolicyEngine.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/AbstractTestSqoopPolicyEngine.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/AbstractTestSqoopPolicyEngine.java deleted file mode 100644 index 1389fca..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/AbstractTestSqoopPolicyEngine.java +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.sqoop; - -import java.io.File; -import java.io.IOException; -import java.util.Set; -import java.util.TreeSet; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.policy.common.PolicyEngine; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.Sets; -import com.google.common.io.Files; - -public abstract class AbstractTestSqoopPolicyEngine { - private static final String OPERATOR_JDBC_CONNECTORS_READ = "server=server1->connector=generic-jdbc-connector->action=read"; - private static final String OPERATOR_HDFS_CONNECTORS_READ = "server=server1->connector=hdfs-connector->action=read"; - private static final String OPERATOR_KAFKA_CONNECTORS_READ = "server=server1->connector=kafka-connector->action=read"; - private static final String OPERATOR_KITE_CONNECTORS_READ = "server=server1->connector=kite-connector->action=read"; - private static final String ANALYST_JOBS_ALL = "server=server1->job=all->action=*"; - private static final String OPERATOR_JOB1_READ = "server=server1->job=job1->action=read"; - private static final String OPERATOR_JOB2_READ = "server=server1->job=job2->action=read"; - private static final String ANALYST_LINKS_ALL = "server=server1->link=all->action=*"; - private static final String OPERATOR_LINK1_READ = "server=server1->link=link1->action=read"; - private static final String OPERATOR_LINK2_READ = "server=server1->link=link2->action=read"; - private static final String ADMIN = "server=server1->action=*"; - - private PolicyEngine policy; - private static File baseDir; - - protected String sqoopServerName = "server1"; - - @BeforeClass - public static void setupClazz() throws IOException { - baseDir = Files.createTempDir(); - } - - @AfterClass - public static void teardownClazz() throws IOException { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - protected void setPolicy(PolicyEngine policy) { - this.policy = policy; - } - protected static File getBaseDir() { - return baseDir; - } - @Before - public void setup() throws IOException { - afterSetup(); - } - @After - public void teardown() throws IOException { - beforeTeardown(); - } - protected void afterSetup() throws IOException { - - } - - protected void beforeTeardown() throws IOException { - - } - - @Test - public void testDeveloper() throws Exception { - Set<String> expected = Sets.newTreeSet(Sets.newHashSet( - OPERATOR_JDBC_CONNECTORS_READ, OPERATOR_HDFS_CONNECTORS_READ, - OPERATOR_KAFKA_CONNECTORS_READ, OPERATOR_KITE_CONNECTORS_READ, - ANALYST_JOBS_ALL, ANALYST_LINKS_ALL)); - Assert.assertEquals(expected.toString(), - Sets.newTreeSet(policy.getPrivileges(set("developer"), ActiveRoleSet.ALL)) - .toString()); - } - - @Test - public void testAnalyst() throws Exception { - Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ANALYST_JOBS_ALL, ANALYST_LINKS_ALL)); - Assert.assertEquals(expected.toString(), - new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL)) - .toString()); - } - - @Test - public void testConnectorOperator() throws Exception { - - } - - @Test - public void testJobOperator() throws Exception { - Set<String> expected = Sets.newTreeSet(Sets - .newHashSet(OPERATOR_JOB1_READ,OPERATOR_JOB2_READ)); - Assert.assertEquals(expected.toString(), - new TreeSet<String>(policy.getPrivileges(set("job1_2_operator"), ActiveRoleSet.ALL)) - .toString()); - } - - @Test - public void testLinkOperator() throws Exception { - Set<String> expected = Sets.newTreeSet(Sets - .newHashSet(OPERATOR_LINK1_READ, OPERATOR_LINK2_READ)); - Assert.assertEquals(expected.toString(), - new TreeSet<String>(policy.getPrivileges(set("link1_2_operator"), ActiveRoleSet.ALL)) - .toString()); - } - - @Test - public void testAdmin() throws Exception { - Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ADMIN)); - Assert.assertEquals(expected.toString(), - new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL)) - .toString()); - } - - private static Set<String> set(String... values) { - return Sets.newHashSet(values); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/MockGroupMappingServiceProvider.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/MockGroupMappingServiceProvider.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/MockGroupMappingServiceProvider.java deleted file mode 100644 index fd577d6..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/MockGroupMappingServiceProvider.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.sqoop; - -import java.util.Set; - -import org.apache.sentry.provider.common.GroupMappingService; - -import com.google.common.collect.Multimap; -import com.google.common.collect.Sets; - -public class MockGroupMappingServiceProvider implements GroupMappingService { - private final Multimap<String, String> userToGroupMap; - - public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) { - this.userToGroupMap = userToGroupMap; - } - @Override - public Set<String> getGroups(String user) { - return Sets.newHashSet(userToGroupMap.get(user)); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java deleted file mode 100644 index a76554e..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/SqoopPolicyTestUtil.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.sqoop; - -import org.apache.hadoop.conf.Configuration; -import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel; -import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.ProviderBackend; -import org.apache.sentry.provider.common.ProviderBackendContext; -import org.apache.sentry.provider.file.SimpleFileProviderBackend; - -import java.io.IOException; - -public class SqoopPolicyTestUtil { - - public static PolicyEngine createPolicyEngineForTest(String server, String resource) throws IOException { - - ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource); - - // create backendContext - ProviderBackendContext context = new ProviderBackendContext(); - context.setAllowPerDatabase(false); - context.setValidators(SqoopPrivilegeModel.getInstance().getPrivilegeValidators(server)); - // initialize the backend with the context - providerBackend.initialize(context); - - - return new SimpleSqoopPolicyEngine(providerBackend); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestServerNameRequiredMatch.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestServerNameRequiredMatch.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestServerNameRequiredMatch.java deleted file mode 100644 index 218a2da..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestServerNameRequiredMatch.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.sqoop; - -import junit.framework.Assert; - -import org.apache.sentry.core.common.validator.PrivilegeValidatorContext; -import org.apache.sentry.core.model.sqoop.validator.ServerNameRequiredMatch; -import org.apache.shiro.config.ConfigurationException; -import org.junit.Test; - -public class TestServerNameRequiredMatch { - @Test - public void testWithoutServerName() { - ServerNameRequiredMatch serverNameMatch = new ServerNameRequiredMatch("server1"); - try { - serverNameMatch.validate(new PrivilegeValidatorContext("connector=c1->action=read")); - Assert.fail("Expected ConfigurationException"); - } catch (ConfigurationException ex) { - } - } - @Test - public void testServerNameNotMatch() throws Exception { - ServerNameRequiredMatch serverNameMatch = new ServerNameRequiredMatch("server1"); - try { - serverNameMatch.validate(new PrivilegeValidatorContext("server=server2->connector=c1->action=read")); - Assert.fail("Expected ConfigurationException"); - } catch (ConfigurationException ex) { - } - } - @Test - public void testServerNameMatch() throws Exception { - ServerNameRequiredMatch serverNameMatch = new ServerNameRequiredMatch("server1"); - try { - serverNameMatch.validate(new PrivilegeValidatorContext("server=server1->connector=c1->action=read")); - } catch (ConfigurationException ex) { - Assert.fail("Not expected ConfigurationException"); - } - } - -}
