@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1").size()); }}); }
new TAuthorizable("resourceType1", "resourceName1"), new TAuthorizable("resourceType2", "resourceName2")), action); client.grantPrivilege(requestorUserName, roleName, COMPONENT, privilege); fieldValueMap.clear(); fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); client.grantPrivilege(requestorUserName, roleName, COMPONENT, invalidPrivilege); fail("Exception should have been thrown"); } catch (Exception e) {
SolrConstants.UPDATE); client.grantPrivilege(adminUser, testRole, SOLR, queryPrivilege); client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege);
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; String roleName2 = "admin_r2"; client.dropRoleIfExists(requestorUserName, roleName1, SOLR); client.createRole(requestorUserName, roleName1, SOLR); client.dropRoleIfExists(requestorUserName, roleName2, SOLR); client.createRole(requestorUserName, roleName2, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1, SOLR, "service1"); assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1); client.grantPrivilege(requestorUserName, roleName2, SOLR, queryPrivilege); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2, SOLR, "service1"); assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r1"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName, SOLR, updatePrivilege); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); assertTrue(privileges.size() == 2); client.revokePrivilege(requestorUserName, roleName, SOLR, updatePrivilege); privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); assertTrue(privileges.size() == 1); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; String roleName2 = "admin_r2"; client.dropRoleIfExists(requestorUserName, roleName1, SOLR); client.createRole(requestorUserName, roleName1, SOLR); client.dropRoleIfExists(requestorUserName, roleName2, SOLR); client.createRole(requestorUserName, roleName2, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); client.grantPrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); client.revokePrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); client.revokePrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); }}); }
SolrConstants.UPDATE); client.grantPrivilege(adminUser, testRole, SOLR, queryPrivilege); client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege);
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size()); assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); client.renamePrivilege(requestorUserName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1")), Arrays.asList(new Collection("c2"), new Field("f2"))); assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c1"), new Field("f1"))).size()); assertEquals(1, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); TSentryPrivilege dropPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c2"), new Field("f2"))), SolrConstants.QUERY); client.dropPrivilege(requestorUserName, SOLR, dropPrivilege); assertEquals(0, client.listPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1", Arrays.asList(new Collection("c2"), new Field("f2"))).size()); }}); }
testPrivilege.setGrantOption(TSentryGrantOption.FALSE); client.grantPrivilege(adminUser, grantRole, SOLR, grantPrivilege); client.grantPrivilege(adminUser, noGrantRole, SOLR, noGrantPrivilege); client.grantPrivilege(grantOptionUser,testRole,SOLR, testPrivilege); } catch (SentryUserException e) { fail("grantOptionUser failed grant privilege to user"); client.grantPrivilege(noGrantOptionUser, testRole, SOLR, testPrivilege); fail("noGrantOptionUser can't grant privilege to user"); } catch (SentryUserException e) {