@Test(expected = SentryNoSuchObjectException.class) public void testAddGroupsNonExistantRole() throws Exception { String roleName = "non-existant-role"; String grantor = "grantor"; sentryStore.alterRoleAddGroups(SEARCH, roleName, Sets.newHashSet("g1"), grantor); }
@Test(expected = SentryNoSuchObjectException.class) public void testAddGroupsNonExistantRole() throws Exception { String roleName = "non-existant-role"; String grantor = "grantor"; sentryStore.alterRoleAddGroups(SEARCH, roleName, Sets.newHashSet("g1"), grantor); }
@Test public void testGetRolesByGroupNames() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, twoGroups, grantor); assertEquals(Sets.newHashSet(role1,role2), sentryStore.getRolesByGroups(SEARCH, twoGroups)); }
@Test public void testGetRolesByGroupNames() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, twoGroups, grantor); assertEquals(Sets.newHashSet(role1,role2), sentryStore.getRolesByGroups(SEARCH, twoGroups)); }
@Test public void testGetAllRoles() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, twoGroups, grantor); //test get all roles by groupName=null String groupName = null; Set<String> groups = Sets.newHashSet(groupName); assertEquals(Sets.newHashSet(role1,role2), sentryStore.getRolesByGroups(SEARCH, groups)); groups.clear(); assertEquals(0, sentryStore.getRolesByGroups(SEARCH, groups).size()); } }
@Test public void testGetAllRoles() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, twoGroups, grantor); //test get all roles by groupName=null String groupName = null; Set<String> groups = Sets.newHashSet(groupName); assertEquals(Sets.newHashSet(role1,role2), sentryStore.getRolesByGroups(SEARCH, groups)); groups.clear(); assertEquals(0, sentryStore.getRolesByGroups(SEARCH, groups).size()); } }
@Test public void testGetGroupsByRoleNames() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, twoGroups, grantor); assertEquals(twoGroups, sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role1))); assertEquals(twoGroups, sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role2))); assertEquals(twoGroups, sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role1,role2))); }
@Test public void testAddDeleteRoleToGroups() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); Set<String> oneGroup = Sets.newHashSet("g3"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); assertEquals(twoGroups, sentryStore.getGroupsByRoles(SEARCH,Sets.newHashSet(role1))); assertEquals(Sets.newHashSet(role1), sentryStore.getRolesByGroups(SEARCH, twoGroups)); sentryStore.alterRoleAddGroups(SEARCH, role2, oneGroup, grantor); assertEquals(oneGroup, sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role2))); sentryStore.alterRoleDeleteGroups(SEARCH, role1, Sets.newHashSet("g1"), grantor); assertEquals(Sets.newHashSet("g2"), sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role1))); sentryStore.alterRoleDeleteGroups(SEARCH, role2, oneGroup, grantor); assertEquals(Sets.newHashSet(), sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role2))); }
sentryStore.createRole(SEARCH, role3, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, groups1, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, groups2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role3, groups1, grantor); tRoles = sentryStore.getTSentryRolesByGroupName(SEARCH, allGroups); assertEquals(3, tRoles.size());
sentryStore.createRole(SEARCH, role3, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); Set<TSentryRole> tRoles = sentryStore.getTSentryRolesByGroupName(SEARCH, twoGroups); assertEquals(1, tRoles.size()); sentryStore.alterRoleAddGroups(SEARCH, role2, oneGroup, grantor); tRoles = sentryStore.getTSentryRolesByGroupName(SEARCH, oneGroup); assertEquals(1, tRoles.size());
sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName1))); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor);
sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName1))); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor);
@Test public void testGrantWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile(); String roleName1 = "r1"; String grantor = "g1"; sentryStore.createRole(SEARCH, roleName1, grantor); /** * grant query privilege to role r1 with grant option */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege,ADMIN_USER); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); /** * the user with grant option grant query privilege to rolr r2 */ String roleName2 = "r2"; sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); }
@Test public void testGrantWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile(); String roleName1 = "r1"; String grantor = "g1"; sentryStore.createRole(SEARCH, roleName1, grantor); /** * grant query privilege to role r1 with grant option */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege,ADMIN_USER); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); /** * the user with grant option grant query privilege to rolr r2 */ String roleName2 = "r2"; sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); }
sentryStore.createRole(SEARCH, roleName3, grantor); sentryStore.alterRoleAddGroups(SEARCH, roleName3, Sets.newHashSet(group), grantor);
sentryStore.createRole(SEARCH, roleName3, grantor); sentryStore.alterRoleAddGroups(SEARCH, roleName3, Sets.newHashSet(group), grantor);
sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); sentryStore.alterRoleAddGroups(SEARCH, roleName2, Sets.newHashSet(NO_GRANT_OPTION_GROUP), grantor);
sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); sentryStore.alterRoleAddGroups(SEARCH, roleName2, Sets.newHashSet(NO_GRANT_OPTION_GROUP), grantor);