public void importPolicy() throws Exception { String requestorUserName = System.getProperty("user.name", ""); // get the FileFormatter according to the configuration SentryPolicyFileFormatter sentryPolicyFileFormatter = SentryPolicyFileFormatFactory .createFileFormatter(authzConf); // parse the input file, get the mapping data in map structure Map<String, Map<String, Set<String>>> policyFileMappingData = sentryPolicyFileFormatter.parse( importPolicyFilePath, authzConf); // todo: here should be an validator to check the data's value, format, hierarchy SentryPolicyServiceClient client = SentryServiceClientFactory.create(getAuthzConf()); // import the mapping data to database client.importPolicy(policyFileMappingData, requestorUserName, importOverwriteRole); }
@Override public void runTestAsSubject() throws Exception { Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); Set<String> roles = Sets.newHashSet("role1", "role2"); groupRolesMap.put("group1", roles); Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap(); policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap); client.importPolicy(policyFileMappingData, ADMIN_USER, false); Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER); validateSentryMappingData(sentryMappingData, policyFileMappingData); } });
@Override public void runTestAsSubject() throws Exception { Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); Set<String> roles = Sets.newHashSet("role1", "role2", "role3"); groupRolesMap.put("group1", roles); groupRolesMap.put("group2", roles); groupRolesMap.put("group3", roles); Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap(); for (String roleName : roles) { rolePrivilegesMap.put(roleName, Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); } policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap); client.importPolicy(policyFileMappingData, ADMIN_USER, false); Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER); validateSentryMappingData(sentryMappingData, policyFileMappingData); } });
policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); client.importPolicy(policyFileMappingData1, ADMIN_USER, false); policyFileMappingData2.put(PolicyFileConstants.GROUPS, groupRolesMap2); policyFileMappingData2.put(PolicyFileConstants.ROLES, rolePrivilegesMap2); client.importPolicy(policyFileMappingData2, ADMIN_USER, false);
policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); client.importPolicy(policyFileMappingData1, ADMIN_USER, true);
policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); client.importPolicy(policyFileMappingData1, ADMIN_USER, true); policyFileMappingData2.put(PolicyFileConstants.GROUPS, groupRolesMap2); policyFileMappingData2.put(PolicyFileConstants.ROLES, rolePrivilegesMap2); client.importPolicy(policyFileMappingData2, ADMIN_USER, true);
policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); client.importPolicy(policyFileMappingData1, ADMIN_USER, false); policyFileMappingData2.put(PolicyFileConstants.GROUPS, groupRolesMap2); policyFileMappingData2.put(PolicyFileConstants.ROLES, rolePrivilegesMap2); client.importPolicy(policyFileMappingData2, ADMIN_USER, false);
policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); client.importPolicy(policyFileMappingData1, ADMIN_USER, true); policyFileMappingData2.put(PolicyFileConstants.GROUPS, groupRolesMap2); policyFileMappingData2.put(PolicyFileConstants.ROLES, rolePrivilegesMap2); client.importPolicy(policyFileMappingData2, ADMIN_USER, true);
@Override public void runTestAsSubject() throws Exception { Map<String, Map<String, Set<String>>> policyFileMappingData1 = Maps.newHashMap(); Map<String, Set<String>> groupRolesMap1 = Maps.newHashMap(); Map<String, Set<String>> rolePrivilegesMap1 = Maps.newHashMap(); policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); try { client.importPolicy(policyFileMappingData1, "no-admin-user", false); fail("non-admin can't do the import."); } catch (Exception e) { // excepted exception } try { client.exportPolicy("no-admin-user"); fail("non-admin can't do the export."); } catch (Exception e) { // excepted exception } } });
policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); client.importPolicy(policyFileMappingData1, ADMIN_USER, false); policyFileMappingData2.put(PolicyFileConstants.GROUPS, groupRolesMap2); policyFileMappingData2.put(PolicyFileConstants.ROLES, rolePrivilegesMap2); client.importPolicy(policyFileMappingData2, ADMIN_USER, false);