.build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilegeWithOption, grantor); assertEquals(1,sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName)).size()); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilegeWithOption, grantor); assertEquals(1,sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName)).size()); .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilegeWithNoOption, grantor); assertEquals(2,sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName)).size()); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilegeWithNoOption, grantor); assertEquals(2,sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName)).size()); .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilegeWithNullGrant, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilegeWithNullGrant, grantor); assertEquals(3,sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName)).size());
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, allPrivilege, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege, grantor);
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, allPrivilege, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege, grantor);
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege, grantor); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName))); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, updatePrivilege, grantor); assertEquals(Sets.newHashSet(queryPrivilege, updatePrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName))); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, allPrivilege, grantor); assertEquals(Sets.newHashSet(allPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName)));
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, updatePrivilege, grantor);
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, updatePrivilege, grantor);
@Test public void testGrantWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile(); String roleName1 = "r1"; String grantor = "g1"; sentryStore.createRole(SEARCH, roleName1, grantor); /** * grant query privilege to role r1 with grant option */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege,ADMIN_USER); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); /** * the user with grant option grant query privilege to rolr r2 */ String roleName2 = "r2"; sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); }
.build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege, ADMIN_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege),
.build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege, ADMIN_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege),
@Test public void testGrantWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile(); String roleName1 = "r1"; String grantor = "g1"; sentryStore.createRole(SEARCH, roleName1, grantor); /** * grant query privilege to role r1 with grant option */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege,ADMIN_USER); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); /** * the user with grant option grant query privilege to rolr r2 */ String roleName2 = "r2"; sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); }
@Test public void testGetPrivilegesByRoleName() throws Exception { String roleName1 = "r1"; String roleName2 = "r2"; String grantor = "g1"; PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege, ADMIN_USER); PrivilegeObject updatePrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, updatePrivilege, ADMIN_USER); assertEquals(Sets.newHashSet(queryPrivilege,updatePrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName1,roleName2))); }
@Test public void testGetPrivilegesByRoleName() throws Exception { String roleName1 = "r1"; String roleName2 = "r2"; String grantor = "g1"; PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege, ADMIN_USER); PrivilegeObject updatePrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, updatePrivilege, ADMIN_USER); assertEquals(Sets.newHashSet(queryPrivilege,updatePrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName1,roleName2))); }
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, updatePrivilege, grantor);
sentryStore.createRole(SEARCH, roleName3, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, updatePrivilege1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName3, updatePrivilege2, grantor);
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, updatePrivilege, grantor);
sentryStore.createRole(SEARCH, roleName3, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, updatePrivilege1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName3, updatePrivilege2, grantor);
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, allPrivilege, grantor);
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, allPrivilege, grantor);
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, updatePrivilege1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege2, grantor);
sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, updatePrivilege1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege2, grantor);