Repository: incubator-sentry Updated Branches: refs/heads/SENTRY-999 fbb906099 -> 0c0065174
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java deleted file mode 100644 index 1e97b62..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderGeneralCases.java +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.sqoop; - -import java.io.File; -import java.io.IOException; -import java.util.Arrays; -import java.util.List; -import java.util.Set; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.Action; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.common.Authorizable; -import org.apache.sentry.core.common.Subject; -import org.apache.sentry.core.model.sqoop.Connector; -import org.apache.sentry.core.model.sqoop.Job; -import org.apache.sentry.core.model.sqoop.Link; -import org.apache.sentry.core.model.sqoop.Server; -import org.apache.sentry.core.model.sqoop.SqoopActionConstant; -import org.apache.sentry.core.model.sqoop.SqoopActionFactory.SqoopAction; -import org.apache.sentry.provider.common.ResourceAuthorizationProvider; -import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFiles; -import org.junit.After; -import org.junit.Test; - -import com.google.common.base.Objects; -import com.google.common.collect.HashMultimap; -import com.google.common.collect.Multimap; -import com.google.common.collect.Sets; -import com.google.common.io.Files; - -public class TestSqoopAuthorizationProviderGeneralCases { - private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap.create(); - - private static final Subject SUB_ADMIN = new Subject("admin1"); - private static final Subject SUB_DEVELOPER = new Subject("developer1"); - private static final Subject SUB_ANALYST = new Subject("analyst1"); - private static final Subject SUB_JOB_OPERATOR = new Subject("job_operator1"); - private static final Subject SUB_LINK_OPERATOR = new Subject("link_operator1"); - private static final Subject SUB_CONNECTOR_OPERATOR = new Subject("connector_operator1"); - - - - private static final Server server1 = new Server("server1"); - private static final Connector jdbc_connector = new Connector("generic-jdbc-connector"); - private static final Connector hdfs_connector = new Connector("hdfs-connector"); - private static final Connector kafka_connector = new Connector("kafka-connector"); - private static final Connector kite_connector = new Connector("kite-connector"); - private static final Link link1 = new Link("link1"); - private static final Link link2 = new Link("link2"); - private static final Job job1 = new Job("job1"); - private static final Job job2 = new Job("job2"); - - private static final SqoopAction ALL = new SqoopAction(SqoopActionConstant.ALL); - private static final SqoopAction READ = new SqoopAction(SqoopActionConstant.READ); - private static final SqoopAction WRITE = new SqoopAction(SqoopActionConstant.WRITE); - - private static final String ADMIN = "admin"; - private static final String DEVELOPER = "developer"; - private static final String ANALYST = "analyst"; - private static final String JOB_OPERATOR = "job1_2_operator"; - private static final String LINK_OPERATOR ="link1_2_operator"; - private static final String CONNECTOR_OPERATOR = "connectors_operator"; - - static { - USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList(ADMIN)); - USER_TO_GROUP_MAP.putAll(SUB_DEVELOPER.getName(), Arrays.asList(DEVELOPER)); - USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList(ANALYST)); - USER_TO_GROUP_MAP.putAll(SUB_JOB_OPERATOR.getName(),Arrays.asList(JOB_OPERATOR)); - USER_TO_GROUP_MAP.putAll(SUB_LINK_OPERATOR.getName(),Arrays.asList(LINK_OPERATOR)); - USER_TO_GROUP_MAP.putAll(SUB_CONNECTOR_OPERATOR.getName(),Arrays.asList(CONNECTOR_OPERATOR)); - } - - private final ResourceAuthorizationProvider authzProvider; - private File baseDir; - - public TestSqoopAuthorizationProviderGeneralCases() throws IOException { - baseDir = Files.createTempDir(); - PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini"); - authzProvider = new HadoopGroupResourceAuthorizationProvider( - SqoopPolicyTestUtil.createPolicyEngineForTest(server1.getName(), - new File(baseDir, "test-authz-provider.ini").getPath()), - new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP)); - } - - @After - public void teardown() { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - private void doTestResourceAuthorizationProvider(Subject subject, List<? extends Authorizable> authorizableHierarchy, - Set<? extends Action> actions, boolean expected) throws Exception { - Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters"); - helper.add("Subject", subject).add("authzHierarchy", authorizableHierarchy).add("action", actions); - Assert.assertEquals(helper.toString(), expected, - authzProvider.hasAccess(subject, authorizableHierarchy, actions, ActiveRoleSet.ALL)); - } - - @Test - public void testAdmin() throws Exception { - Set<? extends Action> allActions = Sets.newHashSet(ALL, READ, WRITE); - doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1), allActions, true); - doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,hdfs_connector), allActions, true); - doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,jdbc_connector), allActions, true); - doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,kafka_connector), allActions, true); - doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,kite_connector), allActions, true); - doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,link1), allActions, true); - doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,link2), allActions, true); - doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,job1), allActions, true); - doTestResourceAuthorizationProvider(SUB_ADMIN, Arrays.asList(server1,job2), allActions, true); - } - - @Test - public void testDeveloper() throws Exception { - Set<SqoopAction> allActions = Sets.newHashSet(ALL, READ, WRITE); - for (SqoopAction action : allActions) { - //developer only has the read action on all connectors - for (Connector connector : Sets.newHashSet(jdbc_connector, hdfs_connector, kafka_connector, kite_connector)) - doTestResourceAuthorizationProvider(SUB_DEVELOPER, Arrays.asList(server1, connector), Sets.newHashSet(action), READ.equals(action)); - } - - for (Link link : Sets.newHashSet(link1, link2)) { - //developer has the all action on all links - doTestResourceAuthorizationProvider(SUB_DEVELOPER, Arrays.asList(server1, link), allActions, true); - } - - for (Job job : Sets.newHashSet(job1,job2)) { - //developer has the all action on all jobs - doTestResourceAuthorizationProvider(SUB_DEVELOPER, Arrays.asList(server1, job), allActions, true); - } - } - - @Test - public void testAnalyst() throws Exception { - Set<SqoopAction> allActions = Sets.newHashSet(ALL, READ, WRITE); - for (SqoopAction action : allActions) { - //analyst has not the any action on all connectors - for (Connector connector : Sets.newHashSet(jdbc_connector, hdfs_connector, kafka_connector, kite_connector)) - doTestResourceAuthorizationProvider(SUB_ANALYST, Arrays.asList(server1, connector), Sets.newHashSet(action), false); - } - - for (Link link : Sets.newHashSet(link1, link2)) { - //analyst has the all action on all links - doTestResourceAuthorizationProvider(SUB_ANALYST, Arrays.asList(server1, link), allActions, true); - } - - for (Job job : Sets.newHashSet(job1,job2)) { - //analyst has the all action on all jobs - doTestResourceAuthorizationProvider(SUB_ANALYST, Arrays.asList(server1, job), allActions, true); - } - } - - @Test - public void testJobOperator() throws Exception { - Set<SqoopAction> allActions = Sets.newHashSet(ALL, READ, WRITE); - for (SqoopAction action : allActions) { - for (Job job : Sets.newHashSet(job1,job2)) { - //Job operator has the read action on all jobs - doTestResourceAuthorizationProvider(SUB_JOB_OPERATOR, Arrays.asList(server1, job), Sets.newHashSet(action), READ.equals(action)); - } - for (Link link : Sets.newHashSet(link1, link2)) { - doTestResourceAuthorizationProvider(SUB_JOB_OPERATOR, Arrays.asList(server1, link), Sets.newHashSet(action), false); - } - for (Connector connector : Sets.newHashSet(jdbc_connector, hdfs_connector, kafka_connector, kite_connector)) { - doTestResourceAuthorizationProvider(SUB_JOB_OPERATOR, Arrays.asList(server1, connector), Sets.newHashSet(action), false); - } - } - } - - @Test - public void testLinkOperator() throws Exception { - Set<SqoopAction> allActions = Sets.newHashSet(ALL, READ, WRITE); - for (SqoopAction action : allActions) { - for (Link link : Sets.newHashSet(link1, link2)) { - //Link operator has the read action on all links - doTestResourceAuthorizationProvider(SUB_LINK_OPERATOR, Arrays.asList(server1, link), Sets.newHashSet(action), READ.equals(action)); - } - for (Job job : Sets.newHashSet(job1,job2)) { - doTestResourceAuthorizationProvider(SUB_LINK_OPERATOR, Arrays.asList(server1, job), Sets.newHashSet(action), false); - } - for (Connector connector : Sets.newHashSet(jdbc_connector, hdfs_connector, kafka_connector, kite_connector)) { - doTestResourceAuthorizationProvider(SUB_LINK_OPERATOR, Arrays.asList(server1, connector), Sets.newHashSet(action), false); - } - } - } - - @Test - public void testConnectorOperator() throws Exception { - Set<SqoopAction> allActions = Sets.newHashSet(ALL, READ, WRITE); - for (SqoopAction action : allActions) { - for (Connector connector : Sets.newHashSet(jdbc_connector, hdfs_connector, kafka_connector, kite_connector)) { - doTestResourceAuthorizationProvider(SUB_CONNECTOR_OPERATOR, Arrays.asList(server1, connector), Sets.newHashSet(action), READ.equals(action)); - } - for (Job job : Sets.newHashSet(job1,job2)) { - doTestResourceAuthorizationProvider(SUB_CONNECTOR_OPERATOR, Arrays.asList(server1, job), Sets.newHashSet(action), false); - } - for (Link link : Sets.newHashSet(link1, link2)) { - doTestResourceAuthorizationProvider(SUB_CONNECTOR_OPERATOR, Arrays.asList(server1, link), Sets.newHashSet(action), false); - } - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java deleted file mode 100644 index 99eaf18..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopAuthorizationProviderSpecialCases.java +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.sqoop; - -import java.io.File; -import java.io.IOException; -import java.util.List; -import java.util.Set; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.Action; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.common.Authorizable; -import org.apache.sentry.core.common.Subject; -import org.apache.sentry.core.model.sqoop.Connector; -import org.apache.sentry.core.model.sqoop.Server; -import org.apache.sentry.core.model.sqoop.SqoopActionConstant; -import org.apache.sentry.core.model.sqoop.SqoopActionFactory.SqoopAction; -import org.apache.sentry.policy.common.PolicyEngine; -import org.apache.sentry.provider.common.AuthorizationProvider; -import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.file.PolicyFile; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; - -import com.google.common.collect.ImmutableList; -import com.google.common.collect.Sets; -import com.google.common.io.Files; - -public class TestSqoopAuthorizationProviderSpecialCases { - private AuthorizationProvider authzProvider; - private PolicyFile policyFile; - private File baseDir; - private File iniFile; - private String initResource; - @Before - public void setup() throws IOException { - baseDir = Files.createTempDir(); - iniFile = new File(baseDir, "policy.ini"); - initResource = "file://" + iniFile.getPath(); - policyFile = new PolicyFile(); - } - - @After - public void teardown() throws IOException { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - @Test - public void testDuplicateEntries() throws Exception { - Subject user1 = new Subject("user1"); - Server server1 = new Server("server1"); - Connector connector1 = new Connector("c1"); - Set<? extends Action> actions = Sets.newHashSet(new SqoopAction(SqoopActionConstant.READ)); - policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1") - .addRolesToGroup("group1", true, "role1", "role1") - .addPermissionsToRole("role1", true, "server=server1->connector=c1->action=read", - "server=server1->connector=c1->action=read"); - policyFile.write(iniFile); - PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest(server1.getName(), initResource); - authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy); - List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, connector1); - Assert.assertTrue(authorizableHierarchy.toString(), - authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL)); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopModelAuthorizables.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopModelAuthorizables.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopModelAuthorizables.java deleted file mode 100644 index c393d0e..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopModelAuthorizables.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.sqoop; -import static junit.framework.Assert.assertEquals; -import static junit.framework.Assert.assertNull; - -import org.apache.sentry.core.model.sqoop.Server; -import org.apache.sentry.core.model.sqoop.SqoopModelAuthorizables; -import org.junit.Test; - -public class TestSqoopModelAuthorizables { - - @Test - public void testServer() throws Exception { - Server server1 = (Server) SqoopModelAuthorizables.from("SERVER=server1"); - assertEquals("server1", server1.getName()); - } - - @Test(expected=IllegalArgumentException.class) - public void testNoKV() throws Exception { - System.out.println(SqoopModelAuthorizables.from("nonsense")); - } - - @Test(expected=IllegalArgumentException.class) - public void testEmptyKey() throws Exception { - System.out.println(SqoopModelAuthorizables.from("=server1")); - } - - @Test(expected=IllegalArgumentException.class) - public void testEmptyValue() throws Exception { - System.out.println(SqoopModelAuthorizables.from("SERVER=")); - } - - @Test - public void testNotAuthorizable() throws Exception { - assertNull(SqoopModelAuthorizables.from("k=v")); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java deleted file mode 100644 index 9611ad8..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineDFS.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.sqoop; - -import java.io.File; -import java.io.IOException; - -import junit.framework.Assert; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.FileSystem; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.hdfs.MiniDFSCluster; -import org.apache.sentry.provider.file.PolicyFiles; -import org.junit.AfterClass; -import org.junit.BeforeClass; - -public class TestSqoopPolicyEngineDFS extends AbstractTestSqoopPolicyEngine { - private static MiniDFSCluster dfsCluster; - private static FileSystem fileSystem; - private static Path root; - private static Path etc; - - @BeforeClass - public static void setupLocalClazz() throws IOException { - File baseDir = getBaseDir(); - Assert.assertNotNull(baseDir); - File dfsDir = new File(baseDir, "dfs"); - Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs()); - Configuration conf = new Configuration(); - conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath()); - dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build(); - fileSystem = dfsCluster.getFileSystem(); - root = new Path(fileSystem.getUri().toString()); - etc = new Path(root, "/etc"); - fileSystem.mkdirs(etc); - } - - @AfterClass - public static void teardownLocalClazz() { - if(dfsCluster != null) { - dfsCluster.shutdown(); - } - } - - @Override - protected void afterSetup() throws IOException { - fileSystem.delete(etc, true); - fileSystem.mkdirs(etc); - PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini"); - setPolicy(SqoopPolicyTestUtil.createPolicyEngineForTest(sqoopServerName, new Path(etc, - "test-authz-provider.ini").toString())); - } - - @Override - protected void beforeTeardown() throws IOException { - fileSystem.delete(etc, true); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java deleted file mode 100644 index a4a874b..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyEngineLocalFS.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.sentry.policy.sqoop; - -import java.io.File; -import java.io.IOException; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.provider.file.PolicyFiles; - -public class TestSqoopPolicyEngineLocalFS extends AbstractTestSqoopPolicyEngine { - @Override - protected void afterSetup() throws IOException { - File baseDir = getBaseDir(); - Assert.assertNotNull(baseDir); - Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs()); - PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini"); - setPolicy(SqoopPolicyTestUtil.createPolicyEngineForTest(sqoopServerName, - new File(baseDir, "test-authz-provider.ini").getPath())); - } - @Override - protected void beforeTeardown() throws IOException { - File baseDir = getBaseDir(); - Assert.assertNotNull(baseDir); - FileUtils.deleteQuietly(baseDir); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java b/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java deleted file mode 100644 index 646a3c8..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/java/org/apache/sentry/policy/sqoop/TestSqoopPolicyNegative.java +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sentry.policy.sqoop; - -import java.io.File; -import java.io.IOException; - -import junit.framework.Assert; - -import org.apache.commons.io.FileUtils; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.policy.common.PolicyEngine; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Charsets; -import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Sets; -import com.google.common.io.Files; - -public class TestSqoopPolicyNegative { - @SuppressWarnings("unused") - private static final Logger LOGGER = LoggerFactory - .getLogger(TestSqoopPolicyNegative.class); - - private File baseDir; - private File globalPolicyFile; - - @Before - public void setup() { - baseDir = Files.createTempDir(); - globalPolicyFile = new File(baseDir, "global.ini"); - } - - @After - public void teardown() { - if(baseDir != null) { - FileUtils.deleteQuietly(baseDir); - } - } - - private void append(String from, File to) throws IOException { - Files.append(from + "\n", to, Charsets.UTF_8); - } - - @Test - public void testauthorizedSqoopInPolicyFile() throws Exception { - append("[groups]", globalPolicyFile); - append("other_group = other_role", globalPolicyFile); - append("[roles]", globalPolicyFile); - append("other_role = server=server1->connector=c1->action=read, server=server1->link=l1->action=read", globalPolicyFile); - PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); - //malicious_group has no privilege - ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("malicious_group"), ActiveRoleSet.ALL); - Assert.assertTrue(permissions.toString(), permissions.isEmpty()); - //other_group has two privileges - permissions = policy.getAllPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL); - Assert.assertTrue(permissions.toString(), permissions.size() == 2); - } - - @Test - public void testNoServerNameConfig() throws Exception { - append("[groups]", globalPolicyFile); - append("other_group = malicious_role", globalPolicyFile); - append("[roles]", globalPolicyFile); - append("malicious_role = connector=c1->action=read,link=l1->action=read", globalPolicyFile); - PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); - ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL); - Assert.assertTrue(permissions.toString(), permissions.isEmpty()); - } - - @Test - public void testServerAllName() throws Exception { - append("[groups]", globalPolicyFile); - append("group = malicious_role", globalPolicyFile); - append("[roles]", globalPolicyFile); - append("malicious_role = server=*", globalPolicyFile); - PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); - ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); - Assert.assertTrue(permissions.toString(), permissions.isEmpty()); - } - - @Test - public void testServerIncorrect() throws Exception { - append("[groups]", globalPolicyFile); - append("group = malicious_role", globalPolicyFile); - append("[roles]", globalPolicyFile); - append("malicious_role = server=server2", globalPolicyFile); - PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); - ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); - Assert.assertTrue(permissions.toString(), permissions.isEmpty()); - } - - @Test - public void testAll() throws Exception { - append("[groups]", globalPolicyFile); - append("group = malicious_role", globalPolicyFile); - append("[roles]", globalPolicyFile); - append("malicious_role = *", globalPolicyFile); - PolicyEngine policy = SqoopPolicyTestUtil.createPolicyEngineForTest("server1", globalPolicyFile.getPath()); - ImmutableSet<String> permissions = policy.getAllPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL); - Assert.assertTrue(permissions.toString(), permissions.isEmpty()); - } -} http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/0c006517/sentry-policy/sentry-policy-sqoop/src/test/resources/test-authz-provider.ini ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-sqoop/src/test/resources/test-authz-provider.ini b/sentry-policy/sentry-policy-sqoop/src/test/resources/test-authz-provider.ini deleted file mode 100644 index a4ab5d1..0000000 --- a/sentry-policy/sentry-policy-sqoop/src/test/resources/test-authz-provider.ini +++ /dev/null @@ -1,40 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -[groups] -developer = jdbc_connector_role, hdfs_connector_role,kafka_connector_role,kite_connector_role,\ - jobs_analyst_role,links_analyst_role -analyst = jobs_analyst_role,links_analyst_role -connectors_operator = jdbc_connector_role, hdfs_connector_role,kafka_connector_role,kite_connector_role -jobs_analyst = jobs_analyst_role -job1_2_operator = job1_role,job2_role -links_analyst = links_analyst_role -link1_2_operator = link1_role,link2_role -admin = admin_role - -[roles] -admin_role = server=server1->action=* -jdbc_connector_role = server=server1->connector=generic-jdbc-connector->action=read -hdfs_connector_role = server=server1->connector=hdfs-connector->action=read -kafka_connector_role = server=server1->connector=kafka-connector->action=read -kite_connector_role = server=server1->connector=kite-connector->action=read -jobs_analyst_role = server=server1->job=all->action=* -job1_role = server=server1->job=job1->action=read -job2_role = server=server1->job=job2->action=read -links_analyst_role = server=server1->link=all->action=* -link1_role = server=server1->link=link1->action=read -link2_role = server=server1->link=link2->action=read \ No newline at end of file
