@Test
public void testAddDeleteGroups() throws Exception {
String roleName = "test-groups";
String grantor = "g1";
long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
Set<TSentryGroup> groups = Sets.newHashSet();
TSentryGroup group = new TSentryGroup();
group.setGroupName("test-groups-g1");
groups.add(group);
group = new TSentryGroup();
group.setGroupName("test-groups-g2");
groups.add(group);
assertEquals(
seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId());
assertEquals(
seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups).getSequenceId());
MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
assertEquals(Collections.emptySet(), role.getGroups());
}
@Test
public void testListSentryPrivilegesForProvider() throws Exception {
String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2";
String groupName1 = "list-privs-g1", groupName2 = "list-privs-g2";
String grantor = "g1";
long seqId = sentryStore.createSentryRole(roleName1, grantor).getSequenceId();
assertEquals(seqId + 1, sentryStore.createSentryRole(roleName2, grantor).getSequenceId());
TSentryPrivilege privilege1 = new TSentryPrivilege();
privilege1.setPrivilegeScope("TABLE");
privilege1.setServerName("server1");
privilege1.setDbName("db1");
privilege1.setTableName("tbl1");
privilege1.setAction("SELECT");
privilege1.setGrantorPrincipal(grantor);
privilege1.setCreateTime(System.currentTimeMillis());
privilege1.setPrivilegeName(SentryPolicyStoreProcessor.constructPrivilegeName(privilege1));
assertEquals(
seqId + 2,
sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege1).getSequenceId());
assertEquals(
seqId + 3,
sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege1).getSequenceId());
TSentryPrivilege privilege2 = new TSentryPrivilege();
privilege2.setPrivilegeScope("SERVER");
privilege2.setServerName("server1");
privilege2.setGrantorPrincipal(grantor);
privilege2.setCreateTime(System.currentTimeMillis());
privilege2.setPrivilegeName(SentryPolicyStoreProcessor.constructPrivilegeName(privilege2));
assertEquals(
seqId + 4,
sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege2).getSequenceId());
Set<TSentryGroup> groups = Sets.newHashSet();
TSentryGroup group = new TSentryGroup();
group.setGroupName(groupName1);
groups.add(group);
assertEquals(
seqId + 5,
sentryStore.alterSentryRoleAddGroups(grantor, roleName1, groups).getSequenceId());
groups.clear();
group = new TSentryGroup();
group.setGroupName(groupName2);
groups.add(group);
// group 2 has both roles 1 and 2
assertEquals(
seqId + 6,
sentryStore.alterSentryRoleAddGroups(grantor, roleName1, groups).getSequenceId());
assertEquals(
seqId + 7,
sentryStore.alterSentryRoleAddGroups(grantor, roleName2, groups).getSequenceId());
// group1 all roles
assertEquals(
Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName1),
new TSentryActiveRoleSet(true, new HashSet<String>()))));
// one active role
assertEquals(
Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName1),
new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
// unknown active role
assertEquals(
Sets.newHashSet(),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName1),
new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
// no active roles
assertEquals(
Sets.newHashSet(),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName1),
new TSentryActiveRoleSet(false, new HashSet<String>()))));
// group2 all roles
assertEquals(
Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select", "server=server1"),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName2),
new TSentryActiveRoleSet(true, new HashSet<String>()))));
// one active role
assertEquals(
Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName2),
new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
assertEquals(
Sets.newHashSet("server=server1"),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName2),
new TSentryActiveRoleSet(false, Sets.newHashSet(roleName2)))));
// unknown active role
assertEquals(
Sets.newHashSet(),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName2),
new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
// no active roles
assertEquals(
Sets.newHashSet(),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName2),
new TSentryActiveRoleSet(false, new HashSet<String>()))));
// both groups, all active roles
assertEquals(
Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select", "server=server1"),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName1, groupName2),
new TSentryActiveRoleSet(true, new HashSet<String>()))));
// one active role
assertEquals(
Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName1, groupName2),
new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
assertEquals(
Sets.newHashSet("server=server1"),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName1, groupName2),
new TSentryActiveRoleSet(false, Sets.newHashSet(roleName2)))));
// unknown active role
assertEquals(
Sets.newHashSet(),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName1, groupName2),
new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
// no active roles
assertEquals(
Sets.newHashSet(),
SentryStore.toTrimedLower(
sentryStore.listSentryPrivilegesForProvider(
Sets.newHashSet(groupName1, groupName2),
new TSentryActiveRoleSet(false, new HashSet<String>()))));
}