@Override public void runTestAsSubject() throws Exception { String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, "solr"); client.createRole(requestorUserName, roleName, "solr"); stopSentryService(); SentryServiceIntegrationBase.server = SentryServiceFactory.create(SentryServiceIntegrationBase.conf); SentryServiceIntegrationBase.startSentryService(); client.dropRole(requestorUserName, roleName, "solr"); } });
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(requestorUserGroupNames)); Set<TSentryRole> roles = client.listUserRoles(requestorUserName,SOLR); assertEquals("Incorrect number of roles", 1, roles.size()); for (TSentryRole role:roles) { assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); } client.dropRole(requestorUserName, roleName, SOLR); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1").size()); }}); }
client.createRole(requestorUserName, roleName, COMPONENT); Map<String, String> fieldValueMap = new HashMap<String, String>(); fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_CREATE_ROLE); client.createRole(requestorUserName, roleName, COMPONENT); fail("Exception should have been thrown"); } catch (Exception e) {
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; String roleName2 = "admin_r2"; client.dropRoleIfExists(requestorUserName, roleName1, SOLR); client.createRole(requestorUserName, roleName1, SOLR); client.dropRoleIfExists(requestorUserName, roleName2, SOLR); client.createRole(requestorUserName, roleName2, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1, SOLR, "service1"); assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1); client.grantPrivilege(requestorUserName, roleName2, SOLR, queryPrivilege); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2, SOLR, "service1"); assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String testGroupName = "g1"; String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); setLocalGroupMapping(requestorUserName, Sets.newHashSet(testGroupName)); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(testGroupName)); Set<TSentryRole> roles = client.listUserRoles(requestorUserName,SOLR); assertEquals("Incorrect number of roles", 1, roles.size()); for (TSentryRole role:roles) { assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); assertTrue(role.getGroups().size() == 1); for (String group :role.getGroups()) { assertEquals(testGroupName, group); } } client.revokeRoleFromGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(testGroupName)); roles = client.listUserRoles(requestorUserName,SOLR); assertEquals("Incorrect number of roles", 0, roles.size()); client.dropRole(requestorUserName, roleName, SOLR); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r1"; String groupName = "group1"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); setLocalGroupMapping(requestorUserName, Sets.newHashSet(groupName)); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); client.grantRoleToGroups(requestorUserName, roleName, SOLR, Sets.newHashSet(groupName)); Set<TSentryRole> groupRoles = client.listRolesByGroupName(requestorUserName, groupName,SOLR); assertTrue(groupRoles.size() == 1); for (TSentryRole role:groupRoles) { assertTrue(role.getRoleName(), role.getRoleName().equalsIgnoreCase(roleName)); assertTrue(role.getGroups().size() == 1); for (String group :role.getGroups()) { assertEquals(groupName, group); } } client.dropRole(requestorUserName, roleName, SOLR); }}); }
writePolicyFile(); client.createRole(adminUser, testRole, SOLR); client.grantRoleToGroups(adminUser, testRole, SOLR, adminGroup);
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; String roleName2 = "admin_r2"; client.dropRoleIfExists(requestorUserName, roleName1, SOLR); client.createRole(requestorUserName, roleName1, SOLR); client.dropRoleIfExists(requestorUserName, roleName2, SOLR); client.createRole(requestorUserName, roleName2, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); client.grantPrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); client.revokePrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); client.revokePrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size()); assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); client.renamePrivilege(requestorUserName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1")), Arrays.asList(new Collection("c2"), new Field("f2"))); assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size()); assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); TSentryPrivilege dropPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c2"), new Field("f2"))), SolrConstants.QUERY); client.dropPrivilege(requestorUserName, SOLR, dropPrivilege); assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); }}); }
client.createRole(adminUser, testRole, SOLR); client.grantRoleToGroups(adminUser, testRole, SOLR, testGroup);
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r1"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName, SOLR, updatePrivilege); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); assertTrue(privileges.size() == 2); client.revokePrivilege(requestorUserName, roleName, SOLR, updatePrivilege); privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); assertTrue(privileges.size() == 1); }}); }
String testRole = "test_role"; client.createRole(adminUser, grantRole, SOLR); client.createRole(adminUser, noGrantRole, SOLR); client.createRole(adminUser, testRole, SOLR);