client.revokePrivilege(requestorUserName, roleName, COMPONENT, privilege); fieldValueMap.clear(); fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE); client.revokePrivilege(requestorUserName, "invalidRole", COMPONENT, invalidPrivilege); fail("Exception should have been thrown"); } catch (Exception e) {
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; String roleName2 = "admin_r2"; client.dropRoleIfExists(requestorUserName, roleName1, SOLR); client.createRole(requestorUserName, roleName1, SOLR); client.dropRoleIfExists(requestorUserName, roleName2, SOLR); client.createRole(requestorUserName, roleName2, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); client.grantPrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); client.revokePrivilege(requestorUserName, roleName1, SOLR, queryPrivilege); client.revokePrivilege(requestorUserName, roleName2, SOLR, updatePrivilege); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r1"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, SOLR); client.createRole(requestorUserName, roleName, SOLR); TSentryPrivilege queryPrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.QUERY); TSentryPrivilege updatePrivilege = new TSentryPrivilege(SOLR, "service1", fromAuthorizable(Arrays.asList(new Collection("c1"), new Field("f1"))), SolrConstants.UPDATE); client.grantPrivilege(requestorUserName, roleName, SOLR, updatePrivilege); client.grantPrivilege(requestorUserName, roleName, SOLR, queryPrivilege); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); assertTrue(privileges.size() == 2); client.revokePrivilege(requestorUserName, roleName, SOLR, updatePrivilege); privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName, SOLR, "service1"); assertTrue(privileges.size() == 1); }}); }
client.revokePrivilege(grantOptionUser, testRole, SOLR, testPrivilege); } catch(SentryUserException e) { fail("grantOptionUser failed revoke privilege to user"); client.revokePrivilege(noGrantOptionUser, testRole, SOLR, testPrivilege); fail("noGrantOptionUser can't revoke privilege to user"); } catch (SentryUserException e) {