@Before public void configure() throws Exception { /** * add the solr user to admin groups */ policyFile = new PolicyFile(); addGroupsToUser(ADMIN_USER, getAdminGroups()); writePolicyFile(); }
/** * Grant query privilege to role r1 */ @Test public void testGrantPrivilege() throws Exception { testGrantPrivilege(sentryStore, SEARCH); }
@Test public void testGrantWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile(); String roleName1 = "r1"; String grantor = "g1"; sentryStore.createRole(SEARCH, roleName1, grantor); /** * grant query privilege to role r1 with grant option */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege,ADMIN_USER); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); /** * the user with grant option grant query privilege to rolr r2 */ String roleName2 = "r2"; sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); }
@Test public void testGrantWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile(); String roleName1 = "r1"; String grantor = "g1"; sentryStore.createRole(SEARCH, roleName1, grantor); /** * grant query privilege to role r1 with grant option */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege,ADMIN_USER); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); /** * the user with grant option grant query privilege to rolr r2 */ String roleName2 = "r2"; sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); }
@Test public void testRevokeWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile();
@Before public void configure() throws Exception { /** * add the solr user to admin groups */ policyFile = new PolicyFile(); addGroupsToUser(ADMIN_USER, getAdminGroups()); writePolicyFile(); }
/** * Grant query privilege to role r1 */ @Test public void testGrantPrivilege() throws Exception { testGrantPrivilege(sentryStore, SEARCH); }
@Test public void testRevokeWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile();
@Test(expected = Exception.class) public void testGrantPrivilegeExternalComponentMissingConf() throws Exception { testGrantPrivilege(sentryStore, "externalComponent"); }
@Test public void testGrantRevokeCheckWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile();
@Test(expected = RuntimeException.class) public void testGrantPrivilegeExternalComponentMissingConf() throws SentryUserException { testGrantPrivilege(sentryStore, "externalComponent"); }
@Test public void testGrantRevokeCheckWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile();
@Test(expected = RuntimeException.class) public void testGrantPrivilegeExternalComponentInvalidConf() throws Exception { String externalComponent = "mycomponent"; Configuration confCopy = new Configuration(conf); confCopy.set(String.format(ServiceConstants.ServerConfig.SENTRY_COMPONENT_ACTION_FACTORY_FORMAT, externalComponent), InvalidActionFactory.class.getName()); SentryStoreLayer store = new DelegateSentryStore(confCopy); testGrantPrivilege(store, externalComponent); }
@Test(expected = Exception.class) public void testGrantPrivilegeExternalComponentInvalidConf() throws Exception { String externalComponent = "mycomponent"; Configuration confCopy = new Configuration(conf); confCopy.set(String.format(ServiceConstants.ServerConfig.SENTRY_COMPONENT_ACTION_FACTORY_FORMAT, externalComponent), InvalidActionFactory.class.getName()); SentryStoreLayer store = new DelegateSentryStore(confCopy); testGrantPrivilege(store, externalComponent); }
@Test public void testGrantPrivilegeExternalComponent() throws Exception { String externalComponent = "mycomponent"; Configuration confCopy = new Configuration(conf); confCopy.set(String.format(ServiceConstants.ServerConfig.SENTRY_COMPONENT_ACTION_FACTORY_FORMAT, externalComponent), MyComponentActionFactory.class.getName()); SentryStoreLayer store = new DelegateSentryStore(confCopy); testGrantPrivilege(store, externalComponent); }
@Test public void testGrantPrivilegeExternalComponent() throws Exception { String externalComponent = "mycomponent"; Configuration confCopy = new Configuration(conf); confCopy.set(String.format(ServiceConstants.ServerConfig.SENTRY_COMPONENT_ACTION_FACTORY_FORMAT, externalComponent), MyComponentActionFactory.class.getName()); SentryStoreLayer store = new DelegateSentryStore(confCopy); testGrantPrivilege(store, externalComponent); }
@Test public void testGrantPrivilegeExternalComponentCaseInsensitivity() throws Exception { String externalComponent = "MyCoMpOnEnT"; Configuration confCopy = new Configuration(conf); confCopy.set(String.format(ServiceConstants.ServerConfig.SENTRY_COMPONENT_ACTION_FACTORY_FORMAT, "mycomponent"), MyComponentActionFactory.class.getName()); SentryStoreLayer store = new DelegateSentryStore(confCopy); testGrantPrivilege(store, externalComponent); }
@Test public void testGrantPrivilegeExternalComponentCaseInsensitivity() throws Exception { String externalComponent = "MyCoMpOnEnT"; Configuration confCopy = new Configuration(conf); confCopy.set(String.format(ServiceConstants.ServerConfig.SENTRY_COMPONENT_ACTION_FACTORY_FORMAT, "mycomponent"), MyComponentActionFactory.class.getName()); SentryStoreLayer store = new DelegateSentryStore(confCopy); testGrantPrivilege(store, externalComponent); }