@Test(expected=SentryAlreadyExistsException.class) public void testCreateDuplicateRole() throws Exception { String roleName = "test-dup-role"; String grantor = "grantor"; sentryStore.createRole(SEARCH, roleName, grantor); sentryStore.createRole(SEARCH, roleName, grantor); }
@Test(expected=Exception.class) public void testCreateDuplicateRole() throws Exception { String roleName = "test-dup-role"; String grantor = "grantor"; sentryStore.createRole(SEARCH, roleName, grantor); sentryStore.createRole(SEARCH, roleName, grantor); }
@Test public void testCreateDropRole() throws Exception { String roleName = "test-drop-role"; String grantor = "grantor"; sentryStore.createRole(SEARCH, roleName, grantor); sentryStore.dropRole(SEARCH, roleName, grantor); }
@Test public void testGetRolesByGroupNames() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, twoGroups, grantor); assertEquals(Sets.newHashSet(role1,role2), sentryStore.getRolesByGroups(SEARCH, twoGroups)); }
@Test public void testGetRolesByGroupNames() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, twoGroups, grantor); assertEquals(Sets.newHashSet(role1,role2), sentryStore.getRolesByGroups(SEARCH, twoGroups)); }
@Test public void testCaseInsensitiveCreateDropRole() throws Exception { String roleName1 = "test"; String roleName2 = "TeSt"; String grantor = "grantor"; sentryStore.createRole(SEARCH, roleName1, grantor); try { sentryStore.createRole(SEARCH, roleName2, grantor); fail("Fail to throw Exception"); } catch (SentryAlreadyExistsException e) { //ignore the exception } try { sentryStore.dropRole(SEARCH, roleName2, grantor); } catch (SentryNoSuchObjectException e) { fail("Shouldn't throw SentryNoSuchObjectException"); } }
@Test public void testCaseInsensitiveCreateDropRole() throws Exception { String roleName1 = "test"; String roleName2 = "TeSt"; String grantor = "grantor"; sentryStore.createRole(SEARCH, roleName1, grantor); try { sentryStore.createRole(SEARCH, roleName2, grantor); fail("Fail to throw SentryAlreadyExistsException"); } catch (SentryAlreadyExistsException e) { //ignore the exception } try { sentryStore.dropRole(SEARCH, roleName2, grantor); } catch (SentryNoSuchObjectException e) { fail("Shouldn't throw SentryNoSuchObjectException"); } }
@Test public void testGetAllRoles() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, twoGroups, grantor); //test get all roles by groupName=null String groupName = null; Set<String> groups = Sets.newHashSet(groupName); assertEquals(Sets.newHashSet(role1,role2), sentryStore.getRolesByGroups(SEARCH, groups)); groups.clear(); assertEquals(0, sentryStore.getRolesByGroups(SEARCH, groups).size()); } }
@Test public void testGetAllRoles() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, twoGroups, grantor); //test get all roles by groupName=null String groupName = null; Set<String> groups = Sets.newHashSet(groupName); assertEquals(Sets.newHashSet(role1,role2), sentryStore.getRolesByGroups(SEARCH, groups)); groups.clear(); assertEquals(0, sentryStore.getRolesByGroups(SEARCH, groups).size()); } }
@Test public void testGetGroupsByRoleNames() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); sentryStore.alterRoleAddGroups(SEARCH, role2, twoGroups, grantor); assertEquals(twoGroups, sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role1))); assertEquals(twoGroups, sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role2))); assertEquals(twoGroups, sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role1,role2))); }
@Test public void testAddDeleteRoleToGroups() throws Exception { String role1 = "r1", role2 = "r2"; Set<String> twoGroups = Sets.newHashSet("g1", "g2"); Set<String> oneGroup = Sets.newHashSet("g3"); String grantor = "grantor"; sentryStore.createRole(SEARCH, role1, grantor); sentryStore.createRole(SEARCH, role2, grantor); sentryStore.alterRoleAddGroups(SEARCH, role1, twoGroups, grantor); assertEquals(twoGroups, sentryStore.getGroupsByRoles(SEARCH,Sets.newHashSet(role1))); assertEquals(Sets.newHashSet(role1), sentryStore.getRolesByGroups(SEARCH, twoGroups)); sentryStore.alterRoleAddGroups(SEARCH, role2, oneGroup, grantor); assertEquals(oneGroup, sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role2))); sentryStore.alterRoleDeleteGroups(SEARCH, role1, Sets.newHashSet("g1"), grantor); assertEquals(Sets.newHashSet("g2"), sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role1))); sentryStore.alterRoleDeleteGroups(SEARCH, role2, oneGroup, grantor); assertEquals(Sets.newHashSet(), sentryStore.getGroupsByRoles(SEARCH, Sets.newHashSet(role2))); }
@Test public void testCreateDropRole() throws Exception { String roleName = "test-drop-role"; String grantor = "grantor"; long seqId = sentryStore.createRole(SEARCH, roleName, grantor).getSequenceId(); assertEquals(seqId + 1, sentryStore.dropRole(SEARCH, roleName, grantor).getSequenceId()); }
@Test public void testGrantWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile(); String roleName1 = "r1"; String grantor = "g1"; sentryStore.createRole(SEARCH, roleName1, grantor); /** * grant query privilege to role r1 with grant option */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege,ADMIN_USER); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); /** * the user with grant option grant query privilege to rolr r2 */ String roleName2 = "r2"; sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); }
@Test public void testGrantWithGrantOption() throws Exception { addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP); addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP); writePolicyFile(); String roleName1 = "r1"; String grantor = "g1"; sentryStore.createRole(SEARCH, roleName1, grantor); /** * grant query privilege to role r1 with grant option */ PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .withGrantOption(true) .build(); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege,ADMIN_USER); sentryStore.alterRoleAddGroups(SEARCH, roleName1, Sets.newHashSet(GRANT_OPTION_GROUP), grantor); /** * the user with grant option grant query privilege to rolr r2 */ String roleName2 = "r2"; sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege, GRANT_OPTION_USER); assertEquals(Sets.newHashSet(queryPrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName2))); }
@Test public void testGetPrivilegesByRoleName() throws Exception { String roleName1 = "r1"; String roleName2 = "r2"; String grantor = "g1"; PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege, ADMIN_USER); PrivilegeObject updatePrivilege = new Builder() .setComponent(SEARCH) .setAction(SolrConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, updatePrivilege, ADMIN_USER); assertEquals(Sets.newHashSet(queryPrivilege,updatePrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName1,roleName2))); }
@Test public void testGetPrivilegesByRoleName() throws Exception { String roleName1 = "r1"; String roleName2 = "r2"; String grantor = "g1"; PrivilegeObject queryPrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName1, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege, ADMIN_USER); PrivilegeObject updatePrivilege = new Builder() .setComponent(SEARCH) .setAction(SearchConstants.QUERY) .setService(SERVICE) .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))) .build(); sentryStore.createRole(SEARCH, roleName2, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, updatePrivilege, ADMIN_USER); assertEquals(Sets.newHashSet(queryPrivilege,updatePrivilege), sentryStore.getPrivilegesByRole(SEARCH, Sets.newHashSet(roleName1,roleName2))); }
.build(); sentryStore.createRole(SEARCH, roleName, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, updatePrivilege, grantor);
.build(); sentryStore.createRole(SEARCH, roleName, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, queryPrivilege, grantor); sentryStore.alterRoleGrantPrivilege(SEARCH, roleName, updatePrivilege, grantor);
.build(); sentryStore.createRole(SEARCH, roleName, grantor);
.build(); sentryStore.createRole(SEARCH, roleName, grantor);