Google Git
Sign in
apache / incubator-sentry / bf3eb482e55f8cf29f9b87a190ee585e3e5f7e2f / . / sentry-provider / sentry-provider-db / src / test / java / org / apache / sentry / provider / db / generic / service / persistent / TestSentryGMPrivilege.java
blob: 141169285567ce8220271ba16942c405d4cba5d8 [file] [log] [blame]
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sentry.provider.db.generic.service.persistent;
import static junit.framework.Assert.assertTrue;
import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.fail;
import java.util.Arrays;
import org.apache.sentry.core.model.db.AccessConstants;
import org.apache.sentry.core.model.search.Collection;
import org.apache.sentry.core.model.search.Field;
import org.apache.sentry.core.model.search.SearchConstants;
import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
import org.junit.Test;
public class TestSentryGMPrivilege {
@Test
public void testValidateAuthorizables() throws Exception {
try {
MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1"), new Field("f1")),SearchConstants.QUERY, false);
} catch (IllegalStateException e) {
fail("unexpect happend: it is a validated privilege");
}
try {
MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection(""), new Field("f1")),SearchConstants.QUERY, false);
fail("unexpect happend: it is not a validated privilege, The empty name of authorizable can't be empty");
} catch (IllegalStateException e) {
}
try {
MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(null, new Field("f1")),SearchConstants.QUERY, false);
fail("unexpect happend: it is not a validated privilege, The authorizable can't be null");
} catch (IllegalStateException e) {
}
}
@Test
public void testImpliesWithServerScope() throws Exception {
//The persistent privilege is server scope
MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr",
"service1", null,SearchConstants.QUERY, false);
MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1")),
SearchConstants.QUERY, false);
assertTrue(serverPrivilege.implies(collectionPrivilege));
MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1"), new Field("f1")),
SearchConstants.QUERY, false);
assertTrue(serverPrivilege.implies(fieldPrivilege));
assertTrue(collectionPrivilege.implies(fieldPrivilege));
serverPrivilege.setAction(SearchConstants.UPDATE);
assertFalse(serverPrivilege.implies(collectionPrivilege));
assertFalse(serverPrivilege.implies(fieldPrivilege));
serverPrivilege.setAction(SearchConstants.ALL);
assertTrue(serverPrivilege.implies(collectionPrivilege));
assertTrue(serverPrivilege.implies(fieldPrivilege));
}
/**
* The requested privilege has the different authorizable size with the persistent privilege
* @throws Exception
*/
@Test
public void testImpliesDifferentAuthorizable() throws Exception {
/**
* Test the scope of persistent privilege is the larger than the requested privilege
*/
MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr",
"service1", null, SearchConstants.QUERY, false);
MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1")),
SearchConstants.QUERY, false);
MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1"), new Field("f1")),
SearchConstants.QUERY, false);
assertTrue(serverPrivilege.implies(collectionPrivilege));
assertTrue(serverPrivilege.implies(fieldPrivilege));
assertTrue(collectionPrivilege.implies(fieldPrivilege));
/**
* Test the scope of persistent privilege is less than the request privilege
*/
assertFalse(fieldPrivilege.implies(collectionPrivilege));
assertFalse(fieldPrivilege.implies(serverPrivilege));
assertFalse(collectionPrivilege.implies(serverPrivilege));
/**
* Test the scope of persistent privilege is less than the request privilege,
* but the name of left authorizable is ALL
*/
MSentryGMPrivilege fieldAllPrivilege = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1"), new Field(AccessConstants.ALL)),
SearchConstants.QUERY, false);
assertTrue(fieldAllPrivilege.implies(collectionPrivilege));
/**
* Test the scope of persistent privilege has the same scope as request privilege
*/
MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1"), new Field("f1")),
SearchConstants.QUERY, false);
MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c2"), new Field("f2")),
SearchConstants.QUERY, false);
assertFalse(fieldPrivilege1.implies(fieldPrivilege2));
}
/**
* The requested privilege has the same authorizable size as with the persistent privilege
* @throws Exception
*/
@Test
public void testSearchImpliesEqualAuthorizable() throws Exception {
MSentryGMPrivilege serverPrivilege1 = new MSentryGMPrivilege("solr",
"service1", null,SearchConstants.QUERY, false);
MSentryGMPrivilege serverPrivilege2 = new MSentryGMPrivilege("solr",
"service2", null,SearchConstants.QUERY, false);
assertFalse(serverPrivilege1.implies(serverPrivilege2));
MSentryGMPrivilege collectionPrivilege1 = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1")),
SearchConstants.QUERY, false);
MSentryGMPrivilege collectionPrivilege2 = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c2")),
SearchConstants.QUERY, false);
assertFalse(collectionPrivilege1.implies(collectionPrivilege2));
MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1"), new Field("f1")),
SearchConstants.QUERY, false);
MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1"), new Field("f2")),
SearchConstants.QUERY, false);
assertFalse(fieldPrivilege1.implies(fieldPrivilege2));
/**
* The authorizables aren't equal,but the persistent privilege has the ALL name
*/
collectionPrivilege2.setAuthorizables(Arrays.asList(new Collection(AccessConstants.ALL)));
collectionPrivilege2.implies(collectionPrivilege1);
fieldPrivilege2.setAuthorizables(Arrays.asList(new Collection("c1"), new Field(AccessConstants.ALL)));
fieldPrivilege2.implies(fieldPrivilege1);
}
@Test
public void testSearchImpliesAction() throws Exception {
/**
* action is equal
*/
MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1"), new Field("f2")),
SearchConstants.QUERY, false);
MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr",
"service1", Arrays.asList(new Collection("c1"), new Field("f2")),
SearchConstants.QUERY, false);
assertTrue(fieldPrivilege1.implies(fieldPrivilege2));
/**
* action isn't equal
*/
fieldPrivilege2.setAction(SearchConstants.UPDATE);
assertFalse(fieldPrivilege1.implies(fieldPrivilege2));
/**
* action isn't equal,but the persistent privilege has the ALL action
*/
fieldPrivilege1.setAction(SearchConstants.ALL);
assertTrue(fieldPrivilege1.implies(fieldPrivilege2));
}
}