@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; String roleName2 = "admin_r2"; client.dropRoleIfExists(requestorUserName, roleName1, SOLR); client.createRole(requestorUserName, roleName1, SOLR); client.dropRoleIfExists(requestorUserName, roleName2, SOLR); client.createRole(requestorUserName, roleName2, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1, SOLR, "service1"); assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1); client.grantPrivilege(requestorUserName, roleName2, SOLR, queryPrivilege); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2, SOLR, "service1"); assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1); }}); }
@Override public void runTestAsSubject() throws Exception { Set<TSentryRole> tRoles = client.listAllRoles(SentryServiceIntegrationBase.ADMIN_USER, COMPONENT); for (TSentryRole tRole : tRoles) { client.dropRole(SentryServiceIntegrationBase.ADMIN_USER, tRole.getRoleName(), COMPONENT); } if (client != null) { client.close(); } } });
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(requestorUserGroupNames)); Set<TSentryRole> roles = client.listUserRoles(requestorUserName,SOLR); assertEquals("Incorrect number of roles", 1, roles.size()); for (TSentryRole role:roles) { assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); } client.dropRole(requestorUserName, roleName, SOLR); }}); }
/** * Build cache replica with latest values * * @return cache replica with latest values */ private Table<String, String, Set<String>> loadFromRemote() throws Exception { Table<String, String, Set<String>> tempCache = HashBasedTable.create(); String requestor; requestor = UserGroupInformation.getLoginUser().getShortUserName(); try(SentryGenericServiceClient client = getClient()) { Set<TSentryRole> tSentryRoles = client.listAllRoles(requestor, componentType); for (TSentryRole tSentryRole : tSentryRoles) { final String roleName = tSentryRole.getRoleName(); final Set<TSentryPrivilege> tSentryPrivileges = client.listAllPrivilegesByRoleName(requestor, roleName, componentType, serviceName); for (String group : tSentryRole.getGroups()) { Set<String> currentPrivileges = tempCache.get(group, roleName); if (currentPrivileges == null) { currentPrivileges = new HashSet<>(); tempCache.put(group, roleName, currentPrivileges); } for (TSentryPrivilege tSentryPrivilege : tSentryPrivileges) { currentPrivileges.add(tSentryPrivilegeConverter.toString(tSentryPrivilege)); } } } return tempCache; } }
client.createRole(adminUser, testRole, SOLR); client.grantRoleToGroups(adminUser, testRole, SOLR, testGroup); client.grantPrivilege(adminUser, testRole, SOLR, queryPrivilege); client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege); assertEquals(2, client.listAllPrivilegesByRoleName(testUser, testRole, SOLR, "service1").size()); assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole, SOLR, "service1", Arrays.asList(new Collection("c1"))).size()); assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole, SOLR, "service1", Arrays.asList(new Collection("c2"))).size()); assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size()); assertEquals(1, client.listPrivilegesByRoleName(testUser, testRole, SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet, testGroup, Arrays.asList(new Collection("c1"))).size()); assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet, testGroup, Arrays.asList(new Collection("c2"))).size()); assertEquals(1, client.listPrivilegesForProvider(SOLR, "service1", roleSet, testGroup, Arrays.asList(new Collection("c1"), new Field("f1"))).size());
client.createRole(requestorUserName, roleName, COMPONENT); Map<String, String> fieldValueMap = new HashMap<String, String>(); fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_CREATE_ROLE); client.createRole(requestorUserName, roleName, COMPONENT); fail("Exception should have been thrown"); } catch (Exception e) { client.grantRoleToGroups(requestorUserName, roleName, COMPONENT, Sets.newHashSet(testGroupName)); fieldValueMap.clear(); client.grantRoleToGroups(requestorUserName, "invalidRole", COMPONENT, Sets.newHashSet(testGroupName)); fail("Exception should have been thrown"); new TAuthorizable("resourceType1", "resourceName1"), new TAuthorizable("resourceType2", "resourceName2")), action); client.grantPrivilege(requestorUserName, roleName, COMPONENT, privilege); fieldValueMap.clear(); fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); client.grantPrivilege(requestorUserName, roleName, COMPONENT, invalidPrivilege); fail("Exception should have been thrown"); } catch (Exception e) { client.revokePrivilege(requestorUserName, roleName, COMPONENT, privilege); fieldValueMap.clear(); fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE);
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r1"; String groupName = "group1"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); setLocalGroupMapping(requestorUserName, Sets.newHashSet(groupName)); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(groupName)); Set<TSentryRole> groupRoles = client.listRolesByGroupName(requestorUserName, groupName,SOLR); assertTrue(groupRoles.size() == 1); for (TSentryRole role:groupRoles) { assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); assertTrue(role.getGroups().size() == 1); for (String group :role.getGroups()) { assertEquals(groupName, group); } } client.dropRole(requestorUserName, roleName, SOLR); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size()); assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); client.renamePrivilege(requestorUserName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1")), Arrays.asList(new Collection("c2"), new Field("f2"))); assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size()); assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); TSentryPrivilege dropPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c2"), new Field("f2"))), SolrConstants.QUERY); client.dropPrivilege(requestorUserName, SOLR, dropPrivilege); assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1").size()); }}); }
client.createRole(adminUser, testRole, SOLR); client.grantRoleToGroups(adminUser, testRole, SOLR, adminGroup); client.grantPrivilege(adminUser, testRole, SOLR, queryPrivilege); client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege); assertEquals(1, client.listPrivilegesbyAuthorizable(SOLR, "service1", adminUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), null, null).size()); Map<String, TSentryPrivilegeMap> privilegeMap = client.listPrivilegesbyAuthorizable(SOLR, "service1", adminUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), testGroup, null); TSentryPrivilegeMap actualMap = privilegeMap.get(new String("Collection=c1->Field=f1")); assertEquals(1, client.listPrivilegesbyAuthorizable(SOLR, "service1", adminUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), null, roleSet).size()); privilegeMap = client.listPrivilegesbyAuthorizable(SOLR, "service1", adminUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), null, roleSet); actualMap = privilegeMap.get(new String("Collection=c1->Field=f1")); assertEquals(1, actualMap.getPrivilegeMap().size()); privilegeMap = client.listPrivilegesbyAuthorizable(SOLR, "service1", testUser, Sets.newHashSet(new String("Collection=c1->Field=f1")), null, roleSet); actualMap = privilegeMap.get(new String("Collection=c1->Field=f1")); client.grantRoleToGroups(adminUser, testRole, SOLR, testGroup); privilegeMap = client.listPrivilegesbyAuthorizable(SOLR, "service1", testUser, Sets.newHashSet(new String("Collection=c1")), null, roleSet); actualMap = privilegeMap.get(new String("Collection=c1"));
String testRole = "test_role"; client.createRole(adminUser, grantRole, SOLR); client.createRole(adminUser, noGrantRole, SOLR); client.createRole(adminUser, testRole, SOLR); client.grantPrivilege(adminUser, grantRole, SOLR, grantPrivilege); client.grantPrivilege(adminUser, noGrantRole, SOLR, noGrantPrivilege); client.grantRoleToGroups(adminUser, grantRole, SOLR, grantOptionGroup); client.grantRoleToGroups(adminUser, noGrantRole, SOLR, noGrantOptionGroup); client.grantPrivilege(grantOptionUser,testRole,SOLR, testPrivilege); } catch (SentryUserException e) { fail("grantOptionUser failed grant privilege to user"); client.grantPrivilege(noGrantOptionUser, testRole, SOLR, testPrivilege); fail("noGrantOptionUser can't grant privilege to user"); } catch (SentryUserException e) { client.revokePrivilege(grantOptionUser, testRole, SOLR, testPrivilege); } catch(SentryUserException e) { fail("grantOptionUser failed revoke privilege to user"); client.revokePrivilege(noGrantOptionUser, testRole, SOLR, testPrivilege); fail("noGrantOptionUser can't revoke privilege to user"); } catch (SentryUserException e) {
@Override public void runTestAsSubject() throws Exception { String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, "solr"); client.createRole(requestorUserName, roleName, "solr"); stopSentryService(); SentryServiceIntegrationBase.server = SentryServiceFactory.create(SentryServiceIntegrationBase.conf); SentryServiceIntegrationBase.startSentryService(); client.dropRole(requestorUserName, roleName, "solr"); } });
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; String roleName2 = "admin_r2"; client.dropRoleIfExists(requestorUserName, roleName1, SOLR); client.createRole(requestorUserName, roleName1, SOLR); client.dropRoleIfExists(requestorUserName, roleName2, SOLR); client.createRole(requestorUserName, roleName2, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); client.grantPrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); client.revokePrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); client.revokePrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String testGroupName = "g1"; String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); setLocalGroupMapping(requestorUserName, Sets.newHashSet(testGroupName)); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(testGroupName)); Set<TSentryRole> roles = client.listUserRoles(requestorUserName,SOLR); assertEquals("Incorrect number of roles", 1, roles.size()); for (TSentryRole role:roles) { assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); assertTrue(role.getGroups().size() == 1); for (String group :role.getGroups()) { assertEquals(testGroupName, group); } } client.revokeRoleFromGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(testGroupName)); roles = client.listUserRoles(requestorUserName,SOLR); assertEquals("Incorrect number of roles", 0, roles.size()); client.dropRole(requestorUserName, roleName, SOLR); }}); }
@Override public void runTestAsSubject() throws Exception { Set<TSentryRole> tRoles = client.listAllRoles(ADMIN_USER, SOLR); for (TSentryRole tRole : tRoles) { client.dropRole(ADMIN_USER, tRole.getRoleName(), SOLR); } if(client != null) { client.close(); } } });
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r1"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName, SOLR, updatePrivilege); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); assertTrue(privileges.size() == 2); client.revokePrivilege(requestorUserName, roleName, SOLR, updatePrivilege); privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); assertTrue(privileges.size() == 1); }}); }