/** * Build cache replica with latest values * * @return cache replica with latest values */ private Table<String, String, Set<String>> loadFromRemote() throws Exception { Table<String, String, Set<String>> tempCache = HashBasedTable.create(); String requestor; requestor = UserGroupInformation.getLoginUser().getShortUserName(); try(SentryGenericServiceClient client = getClient()) { Set<TSentryRole> tSentryRoles = client.listAllRoles(requestor, componentType); for (TSentryRole tSentryRole : tSentryRoles) { final String roleName = tSentryRole.getRoleName(); final Set<TSentryPrivilege> tSentryPrivileges = client.listAllPrivilegesByRoleName(requestor, roleName, componentType, serviceName); for (String group : tSentryRole.getGroups()) { Set<String> currentPrivileges = tempCache.get(group, roleName); if (currentPrivileges == null) { currentPrivileges = new HashSet<>(); tempCache.put(group, roleName, currentPrivileges); } for (TSentryPrivilege tSentryPrivilege : tSentryPrivileges) { currentPrivileges.add(tSentryPrivilegeConverter.toString(tSentryPrivilege)); } } } return tempCache; } }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1").size()); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; String roleName2 = "admin_r2"; client.dropRoleIfExists(requestorUserName, roleName1, SOLR); client.createRole(requestorUserName, roleName1, SOLR); client.dropRoleIfExists(requestorUserName, roleName2, SOLR); client.createRole(requestorUserName, roleName2, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1, SOLR, "service1"); assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1); client.grantPrivilege(requestorUserName, roleName2, SOLR, queryPrivilege); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2, SOLR, "service1"); assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r1"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName, SOLR, updatePrivilege); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); assertTrue(privileges.size() == 2); client.revokePrivilege(requestorUserName, roleName, SOLR, updatePrivilege); privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); assertTrue(privileges.size() == 1); }}); }
client.grantPrivilege(adminUser, testRole, SOLR, updatePrivilege); assertEquals(2, client.listAllPrivilegesByRoleName(testUser, testRole, SOLR, "service1").size());