@Test
 public void testAddDeleteGroups() throws Exception {
   String roleName = "test-groups";
   String grantor = "g1";
   long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
   Set<TSentryGroup> groups = Sets.newHashSet();
   TSentryGroup group = new TSentryGroup();
   group.setGroupName("test-groups-g1");
   groups.add(group);
   group = new TSentryGroup();
   group.setGroupName("test-groups-g2");
   groups.add(group);
   assertEquals(
       seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId());
   assertEquals(
       seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups).getSequenceId());
   MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
   assertEquals(Collections.emptySet(), role.getGroups());
 }
  @Test
  public void testListSentryPrivilegesForProvider() throws Exception {
    String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2";
    String groupName1 = "list-privs-g1", groupName2 = "list-privs-g2";
    String grantor = "g1";
    long seqId = sentryStore.createSentryRole(roleName1, grantor).getSequenceId();
    assertEquals(seqId + 1, sentryStore.createSentryRole(roleName2, grantor).getSequenceId());
    TSentryPrivilege privilege1 = new TSentryPrivilege();
    privilege1.setPrivilegeScope("TABLE");
    privilege1.setServerName("server1");
    privilege1.setDbName("db1");
    privilege1.setTableName("tbl1");
    privilege1.setAction("SELECT");
    privilege1.setGrantorPrincipal(grantor);
    privilege1.setCreateTime(System.currentTimeMillis());
    privilege1.setPrivilegeName(SentryPolicyStoreProcessor.constructPrivilegeName(privilege1));
    assertEquals(
        seqId + 2,
        sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege1).getSequenceId());
    assertEquals(
        seqId + 3,
        sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege1).getSequenceId());
    TSentryPrivilege privilege2 = new TSentryPrivilege();
    privilege2.setPrivilegeScope("SERVER");
    privilege2.setServerName("server1");
    privilege2.setGrantorPrincipal(grantor);
    privilege2.setCreateTime(System.currentTimeMillis());
    privilege2.setPrivilegeName(SentryPolicyStoreProcessor.constructPrivilegeName(privilege2));
    assertEquals(
        seqId + 4,
        sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege2).getSequenceId());
    Set<TSentryGroup> groups = Sets.newHashSet();
    TSentryGroup group = new TSentryGroup();
    group.setGroupName(groupName1);
    groups.add(group);
    assertEquals(
        seqId + 5,
        sentryStore.alterSentryRoleAddGroups(grantor, roleName1, groups).getSequenceId());
    groups.clear();
    group = new TSentryGroup();
    group.setGroupName(groupName2);
    groups.add(group);
    // group 2 has both roles 1 and 2
    assertEquals(
        seqId + 6,
        sentryStore.alterSentryRoleAddGroups(grantor, roleName1, groups).getSequenceId());
    assertEquals(
        seqId + 7,
        sentryStore.alterSentryRoleAddGroups(grantor, roleName2, groups).getSequenceId());
    // group1 all roles
    assertEquals(
        Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName1),
                new TSentryActiveRoleSet(true, new HashSet<String>()))));
    // one active role
    assertEquals(
        Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName1),
                new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
    // unknown active role
    assertEquals(
        Sets.newHashSet(),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName1),
                new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
    // no active roles
    assertEquals(
        Sets.newHashSet(),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName1),
                new TSentryActiveRoleSet(false, new HashSet<String>()))));

    // group2 all roles
    assertEquals(
        Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select", "server=server1"),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName2),
                new TSentryActiveRoleSet(true, new HashSet<String>()))));
    // one active role
    assertEquals(
        Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName2),
                new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
    assertEquals(
        Sets.newHashSet("server=server1"),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName2),
                new TSentryActiveRoleSet(false, Sets.newHashSet(roleName2)))));
    // unknown active role
    assertEquals(
        Sets.newHashSet(),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName2),
                new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
    // no active roles
    assertEquals(
        Sets.newHashSet(),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName2),
                new TSentryActiveRoleSet(false, new HashSet<String>()))));

    // both groups, all active roles
    assertEquals(
        Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select", "server=server1"),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName1, groupName2),
                new TSentryActiveRoleSet(true, new HashSet<String>()))));
    // one active role
    assertEquals(
        Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName1, groupName2),
                new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
    assertEquals(
        Sets.newHashSet("server=server1"),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName1, groupName2),
                new TSentryActiveRoleSet(false, Sets.newHashSet(roleName2)))));
    // unknown active role
    assertEquals(
        Sets.newHashSet(),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName1, groupName2),
                new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
    // no active roles
    assertEquals(
        Sets.newHashSet(),
        SentryStore.toTrimedLower(
            sentryStore.listSentryPrivilegesForProvider(
                Sets.newHashSet(groupName1, groupName2),
                new TSentryActiveRoleSet(false, new HashSet<String>()))));
  }