ACCESS-214: Rename Access package to Sentry
Includes refactored commits of following patches :-
ACCESS-219. Fix end to end test failures for Hive binding
ACCESS-220:A badly formatted db level policy file shouldn't impact access to rest of the databases
ACCESS-217. Support for URIs in per DB policy file
ACCESS-208: Add interface for on failure hooks
diff --git a/README.md b/README.md
index afb133a..7152e9b 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-access
+Sentry
======
-Access Server
\ No newline at end of file
+Sentry Authorization
diff --git a/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/TestHiveAuthzConf.java b/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/TestHiveAuthzConf.java
deleted file mode 100644
index e17822e..0000000
--- a/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/TestHiveAuthzConf.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.access.binding.hive;
-
-import org.apache.access.binding.hive.conf.HiveAuthzConf;
-import org.apache.access.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.io.Resources;
-
-public class TestHiveAuthzConf {
- private HiveAuthzConf authzConf;
-
- @Before
- public void setUp() {
- authzConf = new HiveAuthzConf(Resources.getResource("access-site.xml"));
- }
-
- @Test
- public void testConfig() {
- Assert.assertEquals("org.apache.access.provider.file.fooProvider",
- authzConf.get(AuthzConfVars.AUTHZ_PROVIDER.getVar()));
- }
-
- @Test
- public void testConfigOverload() {
- authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), "fooFile");
- Assert.assertEquals("fooFile",
- authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar()));
- }
-}
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPerDBConfiguration.java b/access-tests/src/test/java/org/apache/access/tests/e2e/TestPerDBConfiguration.java
deleted file mode 100644
index 17ab997..0000000
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPerDBConfiguration.java
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.access.tests.e2e;
-
-import static org.junit.Assert.assertTrue;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-
-import junit.framework.Assert;
-
-import org.junit.After;
-import org.junit.Test;
-
-import com.google.common.base.Charsets;
-import com.google.common.base.Joiner;
-import com.google.common.io.Files;
-import com.google.common.io.Resources;
-
-/**
- * Test privileges per database policy files
- */
-public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
- private static final String MULTI_TYPE_DATA_FILE_NAME = "emp.dat";
- private static final String DB2_POLICY_FILE = "db2-policy-file.ini";
-
- private Context context;
-
- @After
- public void teardown() throws Exception {
- if (context != null) {
- context.close();
- }
- }
-
- @Test
- public void testPerDB() throws Exception {
- context = createContext();
- File policyFile = context.getPolicyFile();
- File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
- File dataDir = context.getDataDir();
- //copy data file to test dir
- File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
- FileOutputStream to = new FileOutputStream(dataFile);
- Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
- to.close();
- //delete existing policy file; create new policy file
- assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
- assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
- String[] policyFileContents = {
- // groups : role -> group
- "[groups]",
- "admin = all_server",
- "user_group1 = select_tbl1",
- "user_group2 = select_tbl2",
- // roles: privileges -> role
- "[roles]",
- "all_server = server=server1",
- "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
- // users: users -> groups
- "[users]",
- "hive = admin",
- "user_1 = user_group1",
- "user_2 = user_group2",
- "[databases]",
- "db2 = " + db2PolicyFile.getPath(),
- };
- context.makeNewPolicy(policyFileContents);
-
- String[] db2PolicyFileContents = {
- "[groups]",
- "user_group2 = select_tbl2",
- "[roles]",
- "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
- };
- Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
-
- // setup db objects needed by the test
- Connection connection = context.createConnection("hive", "hive");
- Statement statement = context.createStatement(connection);
-
- statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
- statement.execute("DROP DATABASE IF EXISTS db2 CASCADE");
- statement.execute("CREATE DATABASE db1");
- statement.execute("USE db1");
- statement.execute("CREATE TABLE tbl1(B INT, A STRING) " +
- " row format delimited fields terminated by '|' stored as textfile");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl1");
- statement.execute("DROP DATABASE IF EXISTS db2 CASCADE");
- statement.execute("CREATE DATABASE db2");
- statement.execute("USE db2");
- statement.execute("CREATE TABLE tbl2(B INT, A STRING) " +
- " row format delimited fields terminated by '|' stored as textfile");
- statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl2");
- statement.close();
- connection.close();
-
- // test execution
- connection = context.createConnection("user_1", "password");
- statement = context.createStatement(connection);
- statement.execute("USE db1");
- // test user1 can execute query on tbl1
- verifyCount(statement, "SELECT COUNT(*) FROM tbl1");
-
- // user1 cannot query db2.tbl2
- context.assertAuthzException(statement, "USE db2");
- context.assertAuthzException(statement, "SELECT COUNT(*) FROM db2.tbl2");
- statement.close();
- connection.close();
-
- // test per-db file for db2
-
- connection = context.createConnection("user_2", "password");
- statement = context.createStatement(connection);
- statement.execute("USE db2");
- // test user2 can execute query on tbl2
- verifyCount(statement, "SELECT COUNT(*) FROM tbl2");
-
- // user2 cannot query db1.tbl1
- context.assertAuthzException(statement, "SELECT COUNT(*) FROM db1.tbl1");
- context.assertAuthzException(statement, "USE db1");
-
- statement.close();
- connection.close();
-
- //test cleanup
- connection = context.createConnection("hive", "hive");
- statement = context.createStatement(connection);
- statement.execute("DROP DATABASE db1 CASCADE");
- statement.execute("DROP DATABASE db2 CASCADE");
- statement.close();
- connection.close();
- }
- private void verifyCount(Statement statement, String query) throws SQLException {
- ResultSet resultSet = statement.executeQuery(query);
- int count = 0;
- int countRows = 0;
-
- while (resultSet.next()) {
- count = resultSet.getInt(1);
- countRows++;
- }
- assertTrue("Incorrect row count", countRows == 1);
- assertTrue("Incorrect result", count == 12);
- }
-}
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 37bc597..0378382 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,7 @@
<version>4.4.0-SNAPSHOT</version>
</parent>
- <artifactId>access</artifactId>
+ <artifactId>sentry</artifactId>
<version>1.1.0-SNAPSHOT</version>
<description>Access component</description>
<name>Access</name>
@@ -65,11 +65,25 @@
<guava.version>11.0.2</guava.version>
<shiro.version>1.2.1</shiro.version>
<slf4j.version>1.6.1</slf4j.version>
+ <derby.version>10.4.2.0</derby.version>
+ <libthrift.version>0.9.0-cdh4-1</libthrift.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
+ <groupId>org.apache.derby</groupId>
+ <artifactId>derby</artifactId>
+ <version>${derby.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.thrift</groupId>
+ <artifactId>libthrift</artifactId>
+ <version>${libthrift.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-common</artifactId>
<version>${hive.version}</version>
@@ -142,7 +156,7 @@
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-core</artifactId>
+ <artifactId>sentry-core</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
@@ -219,30 +233,30 @@
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-binding-hive</artifactId>
+ <artifactId>sentry-binding-hive</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-provider-file</artifactId>
+ <artifactId>sentry-provider-file</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-dist</artifactId>
+ <artifactId>sentry-dist</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<modules>
- <module>access-core</module>
- <module>access-binding</module>
- <module>access-provider</module>
- <module>access-tests</module>
- <module>access-dist</module>
+ <module>sentry-core</module>
+ <module>sentry-binding</module>
+ <module>sentry-provider</module>
+ <module>sentry-tests</module>
+ <module>sentry-dist</module>
</modules>
<build>
diff --git a/access-binding/pom.xml b/sentry-binding/pom.xml
similarity index 91%
rename from access-binding/pom.xml
rename to sentry-binding/pom.xml
index 6a1779a..d771d36 100644
--- a/access-binding/pom.xml
+++ b/sentry-binding/pom.xml
@@ -20,17 +20,17 @@
<parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access</artifactId>
+ <artifactId>sentry</artifactId>
<version>1.1.0-SNAPSHOT</version>
</parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-binding</artifactId>
+ <artifactId>sentry-binding</artifactId>
<name>Access Bindings</name>
<packaging>pom</packaging>
<modules>
- <module>access-binding-hive</module>
+ <module>sentry-binding-hive</module>
</modules>
</project>
diff --git a/access-binding/access-binding-hive/pom.xml b/sentry-binding/sentry-binding-hive/pom.xml
similarity index 77%
rename from access-binding/access-binding-hive/pom.xml
rename to sentry-binding/sentry-binding-hive/pom.xml
index 5874799..03a68c1 100644
--- a/access-binding/access-binding-hive/pom.xml
+++ b/sentry-binding/sentry-binding-hive/pom.xml
@@ -21,15 +21,31 @@
<parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-binding</artifactId>
+ <artifactId>sentry-binding</artifactId>
<version>1.1.0-SNAPSHOT</version>
</parent>
- <artifactId>access-binding-hive</artifactId>
+ <artifactId>sentry-binding-hive</artifactId>
<name>Access Binding for Hive</name>
<dependencies>
<dependency>
+ <groupId>org.apache.thrift</groupId>
+ <artifactId>libthrift</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.derby</groupId>
+ <artifactId>derby</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.thrift</groupId>
+ <artifactId>libthrift</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.derby</groupId>
+ <artifactId>derby</artifactId>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
@@ -48,11 +64,11 @@
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-core</artifactId>
+ <artifactId>sentry-core</artifactId>
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-provider-file</artifactId>
+ <artifactId>sentry-provider-file</artifactId>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingSessionHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingSessionHook.java
new file mode 100644
index 0000000..fefe18f
--- /dev/null
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingSessionHook.java
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.access.binding.hive;
+
+import org.apache.hive.service.cli.HiveSQLException;
+import org.apache.hive.service.cli.session.HiveSessionHookContext;
+
+/**
+ * The session hook wrapper for backward compatibility
+ */
+public class HiveAuthzBindingSessionHook
+ implements org.apache.hive.service.cli.session.HiveSessionHook {
+
+ private org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook underlyingHook;
+ public HiveAuthzBindingSessionHook() {
+ underlyingHook = new org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook();
+ }
+ @Override
+ public void run(HiveSessionHookContext sessionHookContext) throws HiveSQLException {
+ underlyingHook.run(sessionHookContext);
+ }
+
+}
diff --git a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
similarity index 86%
rename from access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingHook.java
rename to sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
index 681f3aa..89c7c65 100644
--- a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.binding.hive;
+package org.apache.sentry.binding.hive;
import static org.apache.hadoop.hive.metastore.MetaStoreUtils.DEFAULT_DATABASE_NAME;
@@ -29,19 +29,6 @@
import java.util.List;
import java.util.Set;
-import org.apache.access.binding.hive.authz.HiveAuthzBinding;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivileges;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivileges.HiveOperationScope;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivileges.HiveOperationType;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivilegesMap;
-import org.apache.access.binding.hive.conf.HiveAuthzConf;
-import org.apache.access.core.AccessURI;
-import org.apache.access.core.Action;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Authorizable.AuthorizableType;
-import org.apache.access.core.Database;
-import org.apache.access.core.Subject;
-import org.apache.access.core.Table;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hadoop.hive.ql.HiveDriverFilterHook;
@@ -51,6 +38,7 @@
import org.apache.hadoop.hive.ql.exec.Task;
import org.apache.hadoop.hive.ql.hooks.Entity;
import org.apache.hadoop.hive.ql.hooks.Entity.Type;
+import org.apache.hadoop.hive.ql.hooks.Hook;
import org.apache.hadoop.hive.ql.hooks.ReadEntity;
import org.apache.hadoop.hive.ql.hooks.WriteEntity;
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
@@ -64,6 +52,20 @@
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.ql.session.SessionState;
+import org.apache.sentry.binding.hive.authz.HiveAuthzBinding;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationScope;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationType;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.core.AccessURI;
+import org.apache.sentry.core.Action;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Database;
+import org.apache.sentry.core.Subject;
+import org.apache.sentry.core.Table;
+import org.apache.hadoop.hive.common.JavaUtils;
+import org.apache.sentry.core.Authorizable.AuthorizableType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -84,6 +86,7 @@
public HiveAuthzBindingHook() throws Exception {
SessionState session = SessionState.get();
+ boolean depreicatedConfigFile = false;
if(session == null) {
throw new IllegalStateException("Session has not been started");
}
@@ -91,16 +94,26 @@
if(hiveConf == null) {
throw new IllegalStateException("Session HiveConf is null");
}
- String hiveAuthzConf = hiveConf.get(HiveAuthzConf.HIVE_ACCESS_CONF_URL);
+ String hiveAuthzConf = hiveConf.get(HiveAuthzConf.HIVE_SENTRY_CONF_URL);
if(hiveAuthzConf == null || (hiveAuthzConf = hiveAuthzConf.trim()).isEmpty()) {
- throw new IllegalArgumentException("Configuration key " + HiveAuthzConf.HIVE_ACCESS_CONF_URL
+ hiveAuthzConf = hiveConf.get(HiveAuthzConf.HIVE_ACCESS_CONF_URL);
+ depreicatedConfigFile = true;
+ }
+
+ if(hiveAuthzConf == null || (hiveAuthzConf = hiveAuthzConf.trim()).isEmpty()) {
+ throw new IllegalArgumentException("Configuration key " + HiveAuthzConf.HIVE_SENTRY_CONF_URL
+ " value '" + hiveAuthzConf + "' is invalid.");
}
try {
authzConf = new HiveAuthzConf(new URL(hiveAuthzConf));
} catch (MalformedURLException e) {
- throw new IllegalArgumentException("Configuration key " + HiveAuthzConf.HIVE_ACCESS_CONF_URL
- + " specifies a malformed URL '" + hiveAuthzConf + "'", e);
+ if (depreicatedConfigFile) {
+ throw new IllegalArgumentException("Configuration key " + HiveAuthzConf.HIVE_ACCESS_CONF_URL
+ + " specifies a malformed URL '" + hiveAuthzConf + "'", e);
+ } else {
+ throw new IllegalArgumentException("Configuration key " + HiveAuthzConf.HIVE_SENTRY_CONF_URL
+ + " specifies a malformed URL '" + hiveAuthzConf + "'", e);
+ }
}
hiveAuthzBinding = new HiveAuthzBinding(hiveConf, authzConf);
}
@@ -270,11 +283,27 @@
try {
authorizeWithHiveBindings(context, stmtAuthObject, stmtOperation);
} catch (AuthorizationException e) {
+ executeOnFailureHooks(context, e);
throw new SemanticException("No valid privileges", e);
}
hiveAuthzBinding.set(context.getConf());
}
+ private void executeOnFailureHooks(HiveSemanticAnalyzerHookContext context,
+ AuthorizationException e) {
+ SentryOnFailureHookContext hookCtx = new SentryOnFailureHookContextImpl(
+ context.getCommand(), context.getInputs(), context.getOutputs(),
+ currDB, currTab, udfURI, partitionURI, context.getUserName(),
+ context.getIpAddress(), e);
+ try {
+ for (Hook aofh : getHooks(HiveAuthzConf.AuthzConfVars.AUTHZ_ONFAILURE_HOOKS)) {
+ ((SentryOnFailureHook)aofh).run(hookCtx);
+ }
+ } catch (Exception ex) {
+ LOG.error("Error executing hook:", ex);
+ }
+ }
+
/**
* Convert the input/output entities into authorizables. generate
* authorizables for cases like Database and metadata operations where the
@@ -626,4 +655,57 @@
return false;
}
}
+
+ /**
+ * Returns a set of hooks specified in a configuration variable.
+ *
+ * See getHooks(HiveAuthzConf.AuthzConfVars hookConfVar, Class<T> clazz)
+ * @param hookConfVar
+ * @return
+ * @throws Exception
+ */
+ private List<Hook> getHooks(HiveAuthzConf.AuthzConfVars hookConfVar) throws Exception {
+ return getHooks(hookConfVar, Hook.class);
+ }
+
+ /**
+ * Returns the hooks specified in a configuration variable. The hooks are returned in a list in
+ * the order they were specified in the configuration variable.
+ *
+ * @param hookConfVar The configuration variable specifying a comma separated list of the hook
+ * class names.
+ * @param clazz The super type of the hooks.
+ * @return A list of the hooks cast as the type specified in clazz, in the order
+ * they are listed in the value of hookConfVar
+ * @throws Exception
+ */
+ private <T extends Hook> List<T> getHooks(HiveAuthzConf.AuthzConfVars hookConfVar, Class<T> clazz)
+ throws Exception {
+
+ List<T> hooks = new ArrayList<T>();
+ String csHooks = authzConf.get(hookConfVar.getVar(), "");
+ if (csHooks == null) {
+ return hooks;
+ }
+
+ csHooks = csHooks.trim();
+ if (csHooks.equals("")) {
+ return hooks;
+ }
+
+ String[] hookClasses = csHooks.split(",");
+
+ for (String hookClass : hookClasses) {
+ try {
+ T hook =
+ (T) Class.forName(hookClass.trim(), true, JavaUtils.getClassLoader()).newInstance();
+ hooks.add(hook);
+ } catch (ClassNotFoundException e) {
+ LOG.error(hookConfVar.getVar() + " Class not found:" + e.getMessage());
+ throw e;
+ }
+ }
+
+ return hooks;
+ }
}
diff --git a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingPreExecHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
similarity index 89%
rename from access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingPreExecHook.java
rename to sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
index 6e07818..28812c5 100644
--- a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingPreExecHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
@@ -14,20 +14,20 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.binding.hive;
+package org.apache.sentry.binding.hive;
import java.util.ArrayList;
import java.util.List;
-import org.apache.access.binding.hive.authz.HiveAuthzBinding;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivileges.HiveExtendedOperation;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivilegesMap;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Subject;
import org.apache.hadoop.hive.ql.QueryPlan;
import org.apache.hadoop.hive.ql.hooks.ExecuteWithHookContext;
import org.apache.hadoop.hive.ql.hooks.HookContext;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
+import org.apache.sentry.binding.hive.authz.HiveAuthzBinding;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveExtendedOperation;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingSessionHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java
similarity index 81%
rename from access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingSessionHook.java
rename to sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java
index be334dd..f584b9b 100644
--- a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/HiveAuthzBindingSessionHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java
@@ -14,23 +14,23 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.binding.hive;
+package org.apache.sentry.binding.hive;
-import org.apache.access.binding.hive.conf.HiveAuthzConf;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hive.service.cli.HiveSQLException;
import org.apache.hive.service.cli.session.HiveSessionHookContext;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
public class HiveAuthzBindingSessionHook
implements org.apache.hive.service.cli.session.HiveSessionHook {
public static final String SEMANTIC_HOOK =
- "org.apache.access.binding.hive.HiveAuthzBindingHook";
+ "org.apache.sentry.binding.hive.HiveAuthzBindingHook";
public static final String PRE_EXEC_HOOK =
- "org.apache.access.binding.hive.HiveAuthzBindingPreExecHook";
+ "org.apache.sentry.binding.hive.HiveAuthzBindingPreExecHook";
public static final String FILTER_HOOK =
- "org.apache.access.binding.hive.HiveAuthzBindingHook";
+ "org.apache.sentry.binding.hive.HiveAuthzBindingHook";
public static final String SCRATCH_DIR_PERMISSIONS = "700";
public static final String ACCESS_RESTRICT_LIST =
ConfVars.SEMANTIC_ANALYZER_HOOK.varname + "," +
@@ -48,11 +48,13 @@
ConfVars.HIVESTATSDBCONNECTIONSTRING.varname + "," +
ConfVars.SCRATCHDIRPERMISSION.varname + "," +
HiveAuthzConf.HIVE_ACCESS_CONF_URL + "," +
- HiveAuthzConf.HIVE_ACCESS_SUBJECT_NAME;
+ HiveAuthzConf.HIVE_SENTRY_CONF_URL + "," +
+ HiveAuthzConf.HIVE_ACCESS_SUBJECT_NAME + "," +
+ HiveAuthzConf.HIVE_SENTRY_SUBJECT_NAME;
/**
- * The session hook for access authorization that sets the required session level configuration
- * 1. Setup the access hooks -
+ * The session hook for sentry authorization that sets the required session level configuration
+ * 1. Setup the sentry hooks -
* semantic, exec and filter hooks
* 2. Set additional config properties required for auth
* set HIVE_EXTENDED_ENITITY_CAPTURE = true
@@ -62,7 +64,7 @@
*/
@Override
public void run(HiveSessionHookContext sessionHookContext) throws HiveSQLException {
- // Add access hooks to the session configuration
+ // Add sentry hooks to the session configuration
HiveConf sessionConf = sessionHookContext.getSessionConf();
appendConfVar(sessionConf, ConfVars.SEMANTIC_ANALYZER_HOOK, SEMANTIC_HOOK);
@@ -76,18 +78,19 @@
// set user name
sessionConf.set(HiveAuthzConf.HIVE_ACCESS_SUBJECT_NAME, sessionHookContext.getSessionUser());
+ sessionConf.set(HiveAuthzConf.HIVE_SENTRY_SUBJECT_NAME, sessionHookContext.getSessionUser());
// setup restrict list
sessionConf.addToRestrictList(ACCESS_RESTRICT_LIST);
}
- // Setup given access hooks
- private void appendConfVar(HiveConf sessionConf, ConfVars confVar, String accessConfVal) {
+ // Setup given sentry hooks
+ private void appendConfVar(HiveConf sessionConf, ConfVars confVar, String sentryConfVal) {
String currentValue = sessionConf.getVar(confVar);
if ((currentValue == null) || currentValue.isEmpty()) {
- currentValue = accessConfVal;
+ currentValue = sentryConfVal;
} else {
- currentValue = accessConfVal + "," + currentValue;
+ currentValue = sentryConfVal + "," + currentValue;
}
sessionConf.setVar(confVar, currentValue);
}
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHook.java
new file mode 100644
index 0000000..45a2925
--- /dev/null
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHook.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.binding.hive;
+
+import org.apache.hadoop.hive.ql.hooks.Hook;
+
+/**
+ *
+ * SentryOnFailureHook allows Sentry to be extended
+ * with custom logic to be executed upon authorization failure.
+ *
+ */
+public interface SentryOnFailureHook extends Hook {
+
+ /**
+ *
+ * @param context
+ * The hook context passed to each hook.
+ * @throws Exception
+ */
+ void run(SentryOnFailureHookContext context) throws Exception;
+}
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java
new file mode 100644
index 0000000..3b179e6
--- /dev/null
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.binding.hive;
+
+import org.apache.sentry.core.AccessURI;
+import org.apache.sentry.core.Database;
+import org.apache.sentry.core.Table;
+import org.apache.hadoop.hive.ql.exec.Task;
+import org.apache.hadoop.hive.ql.hooks.ReadEntity;
+import org.apache.hadoop.hive.ql.hooks.WriteEntity;
+import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Context information provided by Access to implementations
+ * of AccessOnFailureHook
+ */
+public interface SentryOnFailureHookContext {
+
+ /**
+ * @return the command attempted by user
+ */
+ public String getCommand();
+
+ /**
+ * @return the set of read entities
+ */
+ public Set<ReadEntity> getInputs();
+
+ /**
+ * @return the set of write entities
+ */
+ public Set<WriteEntity> getOutputs();
+
+ /**
+ * @return the user name
+ */
+ public String getUserName();
+
+ /**
+ * @return the ip address
+ */
+ public String getIpAddress();
+
+ /**
+ * @return the database object
+ */
+ public Database getDatabase();
+
+ /**
+ * @return the table object
+ */
+ public Table getTable();
+
+ /**
+ * @return the udf URI
+ */
+ public AccessURI getUdfURI();
+
+ /**
+ * @return the partition URI
+ */
+ public AccessURI getPartitionURI();
+
+ /**
+ * @return the authorization failure exception
+ */
+ public AuthorizationException getException();
+
+}
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java
new file mode 100644
index 0000000..c1d31ce
--- /dev/null
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java
@@ -0,0 +1,111 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.binding.hive;
+
+import org.apache.sentry.core.AccessURI;
+import org.apache.sentry.core.Database;
+import org.apache.sentry.core.Table;
+import org.apache.hadoop.hive.ql.exec.Task;
+import org.apache.hadoop.hive.ql.hooks.ReadEntity;
+import org.apache.hadoop.hive.ql.hooks.WriteEntity;
+import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Set;
+
+public class SentryOnFailureHookContextImpl implements SentryOnFailureHookContext {
+
+ private final String command;
+ private final Set<ReadEntity> inputs;
+ private final Set<WriteEntity> outputs;
+ private final String userName;
+ private final String ipAddress;
+ private final Database database;
+ private final Table table;
+ private final AccessURI udfURI;
+ private final AccessURI partitionURI;
+ private final AuthorizationException authException;
+
+ public SentryOnFailureHookContextImpl(String command,
+ Set<ReadEntity> inputs, Set<WriteEntity> outputs, Database db,
+ Table tab, AccessURI udfURI, AccessURI partitionURI,
+ String userName, String ipAddress, AuthorizationException e) {
+ this.command = command;
+ this.inputs = inputs;
+ this.outputs = outputs;
+ this.userName = userName;
+ this.ipAddress = ipAddress;
+ this.database = db;
+ this.table = tab;
+ this.udfURI = udfURI;
+ this.partitionURI = partitionURI;
+ this.authException = e;
+ }
+
+ @Override
+ public String getCommand() {
+ return command;
+ }
+
+ @Override
+ public Set<ReadEntity> getInputs() {
+ return inputs;
+ }
+
+ @Override
+ public Set<WriteEntity> getOutputs() {
+ return outputs;
+ }
+
+ @Override
+ public String getUserName() {
+ return userName;
+ }
+
+ @Override
+ public String getIpAddress() {
+ return ipAddress;
+ }
+
+ @Override
+ public Database getDatabase() {
+ return database;
+ }
+
+ @Override
+ public Table getTable() {
+ return table;
+ }
+
+ @Override
+ public AccessURI getUdfURI() {
+ return udfURI;
+ }
+
+ @Override
+ public AccessURI getPartitionURI() {
+ return partitionURI;
+ }
+
+ @Override
+ public AuthorizationException getException() {
+ return authException;
+ }
+}
diff --git a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
similarity index 94%
rename from access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/authz/HiveAuthzBinding.java
rename to sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
index 441d790..5190ba6 100644
--- a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/authz/HiveAuthzBinding.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.binding.hive.authz;
+package org.apache.sentry.binding.hive.authz;
import java.lang.reflect.Constructor;
import java.util.EnumSet;
@@ -23,15 +23,6 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger;
-import org.apache.access.binding.hive.conf.HiveAuthzConf;
-import org.apache.access.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
-import org.apache.access.core.Action;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Authorizable.AuthorizableType;
-import org.apache.access.core.AuthorizationProvider;
-import org.apache.access.core.NoAuthorizationProvider;
-import org.apache.access.core.Server;
-import org.apache.access.core.Subject;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.hive.conf.HiveConf;
@@ -39,6 +30,15 @@
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
import org.apache.hadoop.hive.ql.session.SessionState;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.apache.sentry.core.Action;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.AuthorizationProvider;
+import org.apache.sentry.core.NoAuthorizationProvider;
+import org.apache.sentry.core.Server;
+import org.apache.sentry.core.Subject;
+import org.apache.sentry.core.Authorizable.AuthorizableType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/authz/HiveAuthzPrivileges.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java
similarity index 96%
rename from access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/authz/HiveAuthzPrivileges.java
rename to sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java
index fbfcb31..2c480ef 100644
--- a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/authz/HiveAuthzPrivileges.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java
@@ -14,14 +14,14 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.binding.hive.authz;
+package org.apache.sentry.binding.hive.authz;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
-import org.apache.access.core.Action;
-import org.apache.access.core.Authorizable.AuthorizableType;
+import org.apache.sentry.core.Action;
+import org.apache.sentry.core.Authorizable.AuthorizableType;
/**
* Hive objects with required access privileges mapped to auth provider privileges
diff --git a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
similarity index 96%
rename from access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/authz/HiveAuthzPrivilegesMap.java
rename to sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index f6d3d16..7b6c598 100644
--- a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -14,18 +14,18 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.binding.hive.authz;
+package org.apache.sentry.binding.hive.authz;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivileges.HiveExtendedOperation;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivileges.HiveOperationScope;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivileges.HiveOperationType;
-import org.apache.access.core.Action;
-import org.apache.access.core.Authorizable.AuthorizableType;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveExtendedOperation;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationScope;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationType;
+import org.apache.sentry.core.Action;
+import org.apache.sentry.core.Authorizable.AuthorizableType;
public class HiveAuthzPrivilegesMap {
private static final Map <HiveOperation, HiveAuthzPrivileges> hiveAuthzStmtPrivMap =
diff --git a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/conf/HiveAuthzConf.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
similarity index 60%
rename from access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/conf/HiveAuthzConf.java
rename to sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
index 59650bf..bfd58fa 100644
--- a/access-binding/access-binding-hive/src/main/java/org/apache/access/binding/hive/conf/HiveAuthzConf.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.binding.hive.conf;
+package org.apache.sentry.binding.hive.conf;
import java.net.URL;
import java.util.HashMap;
@@ -22,6 +22,7 @@
import java.util.Map.Entry;
import org.apache.hadoop.conf.Configuration;
+import org.mortbay.log.Log;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -29,23 +30,37 @@
public class HiveAuthzConf extends Configuration {
/**
- * Configuration key used in hive-site.xml to point at access-site.xml
+ * Configuration key used in hive-site.xml to point at sentry-site.xml
*/
public static final String HIVE_ACCESS_CONF_URL = "hive.access.conf.url";
+ public static final String HIVE_SENTRY_CONF_URL = "hive.sentry.conf.url";
public static final String HIVE_ACCESS_SUBJECT_NAME = "hive.access.subject.name";
+ public static final String HIVE_SENTRY_SUBJECT_NAME = "hive.sentry.subject.name";
/**
* Config setting definitions
*/
public static enum AuthzConfVars {
- AUTHZ_PROVIDER("hive.access.provider",
- "org.apache.access.provider.file.ResourceAuthorizationProvider"),
- AUTHZ_PROVIDER_RESOURCE("hive.access.provider.resource", ""),
- AUTHZ_SERVER_NAME("hive.access.server", "HS2"),
- AUTHZ_RESTRICT_DEFAULT_DB("hive.access.restrict.defaultDB", "false"),
- ACCESS_TESTING_MODE("hive.access.testing.mode", "false"),
- AUTHZ_UDF_WHITELIST("hive.access.udf.whitelist", HIVE_UDF_WHITE_LIST),
- AUTHZ_ALLOW_HIVE_IMPERSONATION("hive.access.allow.hive.impersonation", "false"),
+ AUTHZ_PROVIDER("hive.sentry.provider",
+ "org.apache.sentry.provider.file.ResourceAuthorizationProvider"),
+ AUTHZ_PROVIDER_RESOURCE("hive.sentry.provider.resource", ""),
+ AUTHZ_SERVER_NAME("hive.sentry.server", "HS2"),
+ AUTHZ_RESTRICT_DEFAULT_DB("hive.sentry.restrict.defaultDB", "false"),
+ ACCESS_TESTING_MODE("hive.sentry.testing.mode", "false"),
+ AUTHZ_UDF_WHITELIST("hive.sentry.udf.whitelist", HIVE_UDF_WHITE_LIST),
+ AUTHZ_ALLOW_HIVE_IMPERSONATION("hive.sentry.allow.hive.impersonation", "false"),
+ AUTHZ_ONFAILURE_HOOKS("hive.sentry.failure.hooks", ""),
+
+ AUTHZ_PROVIDER_DEPRECATED("hive.access.provider",
+ "org.apache.sentry.provider.file.ResourceAuthorizationProvider"),
+ AUTHZ_PROVIDER_RESOURCE_DEPRECATED("hive.access.provider.resource", ""),
+ AUTHZ_SERVER_NAME_DEPRECATED("hive.access.server", "HS2"),
+ AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED("hive.access.restrict.defaultDB", "false"),
+ ACCESS_TESTING_MODE_DEPRECATED("hive.access.testing.mode", "false"),
+ AUTHZ_UDF_WHITELIST_DEPRECATED("hive.access.udf.whitelist", HIVE_UDF_WHITE_LIST),
+ AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED("hive.access.allow.hive.impersonation", "false"),
+ AUTHZ_ONFAILURE_HOOKS_DEPRECATED("hive.access.failure.hooks", ""),
+
;
private final String varName;
@@ -93,10 +108,23 @@
"variance,weekofyear,when,xpath,xpath_boolean,xpath_double,xpath_float,xpath_int,xpath_long," +
"xpath_number,xpath_short,xpath_string,year";
+ private static final Map<String, AuthzConfVars> deprecatedConfigs =
+ new HashMap<String, AuthzConfVars>();
+ static {
+ deprecatedConfigs.put(AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_PROVIDER);
+ deprecatedConfigs.put(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_PROVIDER_RESOURCE);
+ deprecatedConfigs.put(AuthzConfVars.AUTHZ_SERVER_NAME_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_SERVER_NAME);
+ deprecatedConfigs.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB);
+ deprecatedConfigs.put(AuthzConfVars.ACCESS_TESTING_MODE_DEPRECATED.getVar(), AuthzConfVars.ACCESS_TESTING_MODE);
+ deprecatedConfigs.put(AuthzConfVars.AUTHZ_UDF_WHITELIST_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_UDF_WHITELIST);
+ deprecatedConfigs.put(AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_ALLOW_HIVE_IMPERSONATION);
+ deprecatedConfigs.put(AuthzConfVars.AUTHZ_ONFAILURE_HOOKS_DEPRECATED.getVar(), AuthzConfVars.AUTHZ_ONFAILURE_HOOKS);
+ };
+
@SuppressWarnings("unused")
private static final Logger LOG = LoggerFactory
.getLogger(HiveAuthzConf.class);
- public static final String AUTHZ_SITE_FILE = "access-site.xml";
+ public static final String AUTHZ_SITE_FILE = "sentry-site.xml";
public HiveAuthzConf(URL hiveAuthzSiteURL) {
super(false);
@@ -134,8 +162,17 @@
public String get(String varName) {
String retVal = super.get(varName);
if (retVal == null) {
- retVal = AuthzConfVars.getDefault(varName);
+ // check if the deprecated value is set here
+ if (deprecatedConfigs.containsKey(varName)) {
+ retVal = super.get(deprecatedConfigs.get(varName).getVar());
+ }
+ if (retVal == null) {
+ retVal = AuthzConfVars.getDefault(varName);
+ } else {
+ Log.info("Using the deprecated config setting " + deprecatedConfigs.get(varName).getVar() +
+ " instead of " + varName);
+ }
}
return retVal;
}
-}
\ No newline at end of file
+}
diff --git a/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/MockUserToGroupMapping.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
similarity index 91%
rename from access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/MockUserToGroupMapping.java
rename to sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
index e46e7a5..881712b 100644
--- a/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/MockUserToGroupMapping.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/MockUserToGroupMapping.java
@@ -15,11 +15,11 @@
* limitations under the License.
*/
-package org.apache.access.binding.hive;
+package org.apache.sentry.binding.hive;
import java.util.List;
-import org.apache.access.provider.file.GroupMappingService;
+import org.apache.sentry.provider.file.GroupMappingService;
import com.google.common.collect.Lists;
diff --git a/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/TestHiveAuthzBindings.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
similarity index 94%
rename from access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/TestHiveAuthzBindings.java
rename to sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
index c3f254b..20d4e8f 100644
--- a/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/TestHiveAuthzBindings.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
@@ -14,31 +14,31 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.binding.hive;
+package org.apache.sentry.binding.hive;
import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
-import org.apache.access.binding.hive.authz.HiveAuthzBinding;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivileges;
-import org.apache.access.binding.hive.authz.HiveAuthzPrivilegesMap;
-import org.apache.access.binding.hive.conf.HiveAuthzConf;
-import org.apache.access.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
-import org.apache.access.core.AccessConstants;
-import org.apache.access.core.AccessURI;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Database;
-import org.apache.access.core.Server;
-import org.apache.access.core.Subject;
-import org.apache.access.core.Table;
-import org.apache.access.provider.file.PolicyFiles;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hadoop.hive.ql.metadata.AuthorizationException;
import org.apache.hadoop.hive.ql.plan.HiveOperation;
+import org.apache.sentry.binding.hive.authz.HiveAuthzBinding;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges;
+import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.apache.sentry.core.AccessConstants;
+import org.apache.sentry.core.AccessURI;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Database;
+import org.apache.sentry.core.Server;
+import org.apache.sentry.core.Subject;
+import org.apache.sentry.core.Table;
+import org.apache.sentry.provider.file.PolicyFiles;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -103,7 +103,7 @@
// create auth configuration
authzConf.set(AuthzConfVars.AUTHZ_PROVIDER.getVar(),
- "org.apache.access.provider.file.LocalGroupResourceAuthorizationProvider");
+ "org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider");
authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(),
new File(baseDir, RESOURCE_PATH).getPath());
authzConf.set(AuthzConfVars.AUTHZ_SERVER_NAME.getVar(), SERVER1);
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java
new file mode 100644
index 0000000..de59546
--- /dev/null
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzConf.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.binding.hive;
+
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import com.google.common.io.Resources;
+
+public class TestHiveAuthzConf {
+ private HiveAuthzConf authzConf;
+ private HiveAuthzConf authzDepConf;
+
+ @Before
+ public void setUp() {
+ authzConf = new HiveAuthzConf(Resources.getResource("sentry-site.xml"));
+ authzDepConf = new HiveAuthzConf(Resources.getResource("access-site.xml"));
+ }
+
+ @Test
+ public void testConfig() {
+ Assert.assertEquals("org.apache.sentry.provider.file.fooProvider",
+ authzDepConf.get(AuthzConfVars.AUTHZ_PROVIDER_DEPRECATED.getVar()));
+ Assert.assertEquals("org.apache.sentry.provider.file.fooProvider",
+ authzConf.get(AuthzConfVars.AUTHZ_PROVIDER.getVar()));
+ }
+
+ @Test
+ public void testConfigOverload() {
+ authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), "fooFile");
+ Assert.assertEquals("fooFile",
+ authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar()));
+ authzDepConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar(), "fooFile");
+ Assert.assertEquals("fooFile",
+ authzDepConf.get(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar()));
+ }
+
+ /**
+ * Check the deprecated properties from the config files that doesn't explicitly set it
+ */
+ @Test
+ public void testDeprecatedConfig() {
+ Assert.assertEquals("classpath:test-authz-provider.ini",
+ authzConf.get(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE_DEPRECATED.getVar()));
+ }
+}
diff --git a/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/TestURI.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestURI.java
similarity index 95%
rename from access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/TestURI.java
rename to sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestURI.java
index 91c803f..1853559 100644
--- a/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/TestURI.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestURI.java
@@ -14,12 +14,13 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.binding.hive;
+package org.apache.sentry.binding.hive;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.session.SessionState;
+import org.apache.sentry.binding.hive.HiveAuthzBindingHook;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
diff --git a/access-binding/access-binding-hive/src/test/resources/access-site.xml b/sentry-binding/sentry-binding-hive/src/test/resources/access-site.xml
similarity index 94%
rename from access-binding/access-binding-hive/src/test/resources/access-site.xml
rename to sentry-binding/sentry-binding-hive/src/test/resources/access-site.xml
index 6a5ddff..1936c21 100644
--- a/access-binding/access-binding-hive/src/test/resources/access-site.xml
+++ b/sentry-binding/sentry-binding-hive/src/test/resources/access-site.xml
@@ -20,7 +20,7 @@
<configuration>
<property>
<name>hive.access.provider</name>
- <value>org.apache.access.provider.file.fooProvider</value>
+ <value>org.apache.sentry.provider.file.fooProvider</value>
</property>
<property>
<name>hive.access.provider.resource</name>
diff --git a/access-binding/access-binding-hive/src/test/resources/log4j.properties b/sentry-binding/sentry-binding-hive/src/test/resources/log4j.properties
similarity index 100%
rename from access-binding/access-binding-hive/src/test/resources/log4j.properties
rename to sentry-binding/sentry-binding-hive/src/test/resources/log4j.properties
diff --git a/access-binding/access-binding-hive/src/test/resources/access-site.xml b/sentry-binding/sentry-binding-hive/src/test/resources/sentry-site.xml
similarity index 84%
copy from access-binding/access-binding-hive/src/test/resources/access-site.xml
copy to sentry-binding/sentry-binding-hive/src/test/resources/sentry-site.xml
index 6a5ddff..beef40d 100644
--- a/access-binding/access-binding-hive/src/test/resources/access-site.xml
+++ b/sentry-binding/sentry-binding-hive/src/test/resources/sentry-site.xml
@@ -19,16 +19,16 @@
<configuration>
<property>
- <name>hive.access.provider</name>
- <value>org.apache.access.provider.file.fooProvider</value>
+ <name>hive.sentry.provider</name>
+ <value>org.apache.sentry.provider.file.fooProvider</value>
</property>
<property>
- <name>hive.access.provider.resource</name>
+ <name>hive.sentry.provider.resource</name>
<value>classpath:test-authz-provider.ini</value>
</property>
<property>
- <name>hive.access.server</name>
+ <name>hive.sentry.server</name>
<value>myHS2</value>
</property>
</configuration>
-
+
diff --git a/access-binding/access-binding-hive/src/test/resources/test-authz-provider.ini b/sentry-binding/sentry-binding-hive/src/test/resources/test-authz-provider.ini
similarity index 100%
rename from access-binding/access-binding-hive/src/test/resources/test-authz-provider.ini
rename to sentry-binding/sentry-binding-hive/src/test/resources/test-authz-provider.ini
diff --git a/access-core/pom.xml b/sentry-core/pom.xml
similarity index 94%
rename from access-core/pom.xml
rename to sentry-core/pom.xml
index 5ceaf16..5466009 100644
--- a/access-core/pom.xml
+++ b/sentry-core/pom.xml
@@ -20,12 +20,12 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access</artifactId>
+ <artifactId>sentry</artifactId>
<version>1.1.0-SNAPSHOT</version>
</parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-core</artifactId>
+ <artifactId>sentry-core</artifactId>
<name>Access core</name>
<dependencies>
diff --git a/access-core/src/main/java/org/apache/access/core/AccessConstants.java b/sentry-core/src/main/java/org/apache/sentry/core/AccessConstants.java
similarity index 96%
rename from access-core/src/main/java/org/apache/access/core/AccessConstants.java
rename to sentry-core/src/main/java/org/apache/sentry/core/AccessConstants.java
index 38a2ba0..7551a1d 100644
--- a/access-core/src/main/java/org/apache/access/core/AccessConstants.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/AccessConstants.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public class AccessConstants {
diff --git a/access-core/src/main/java/org/apache/access/core/AccessURI.java b/sentry-core/src/main/java/org/apache/sentry/core/AccessURI.java
similarity index 97%
rename from access-core/src/main/java/org/apache/access/core/AccessURI.java
rename to sentry-core/src/main/java/org/apache/sentry/core/AccessURI.java
index 42c18eb..e6d817e 100644
--- a/access-core/src/main/java/org/apache/access/core/AccessURI.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/AccessURI.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public class AccessURI implements Authorizable {
/**
diff --git a/access-core/src/main/java/org/apache/access/core/Action.java b/sentry-core/src/main/java/org/apache/sentry/core/Action.java
similarity index 96%
rename from access-core/src/main/java/org/apache/access/core/Action.java
rename to sentry-core/src/main/java/org/apache/sentry/core/Action.java
index 3a847c9..94e1984 100644
--- a/access-core/src/main/java/org/apache/access/core/Action.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/Action.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public enum Action {
diff --git a/access-core/src/main/java/org/apache/access/core/Authorizable.java b/sentry-core/src/main/java/org/apache/sentry/core/Authorizable.java
similarity index 96%
rename from access-core/src/main/java/org/apache/access/core/Authorizable.java
rename to sentry-core/src/main/java/org/apache/sentry/core/Authorizable.java
index 73df183..2849a9f 100644
--- a/access-core/src/main/java/org/apache/access/core/Authorizable.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/Authorizable.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public interface Authorizable {
diff --git a/access-core/src/main/java/org/apache/access/core/AuthorizationProvider.java b/sentry-core/src/main/java/org/apache/sentry/core/AuthorizationProvider.java
similarity index 97%
rename from access-core/src/main/java/org/apache/access/core/AuthorizationProvider.java
rename to sentry-core/src/main/java/org/apache/sentry/core/AuthorizationProvider.java
index b5ac574..c026fce 100644
--- a/access-core/src/main/java/org/apache/access/core/AuthorizationProvider.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/AuthorizationProvider.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
import java.util.EnumSet;
import java.util.List;
diff --git a/access-core/src/main/java/org/apache/access/core/Database.java b/sentry-core/src/main/java/org/apache/sentry/core/Database.java
similarity index 97%
rename from access-core/src/main/java/org/apache/access/core/Database.java
rename to sentry-core/src/main/java/org/apache/sentry/core/Database.java
index 2f3c038..169057d 100644
--- a/access-core/src/main/java/org/apache/access/core/Database.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/Database.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public class Database implements Authorizable {
diff --git a/access-core/src/main/java/org/apache/access/core/NoAuthorizationProvider.java b/sentry-core/src/main/java/org/apache/sentry/core/NoAuthorizationProvider.java
similarity index 97%
rename from access-core/src/main/java/org/apache/access/core/NoAuthorizationProvider.java
rename to sentry-core/src/main/java/org/apache/sentry/core/NoAuthorizationProvider.java
index 1e448b7..a0a6201 100644
--- a/access-core/src/main/java/org/apache/access/core/NoAuthorizationProvider.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/NoAuthorizationProvider.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
import java.util.EnumSet;
import java.util.List;
diff --git a/access-core/src/main/java/org/apache/access/core/Server.java b/sentry-core/src/main/java/org/apache/sentry/core/Server.java
similarity index 97%
rename from access-core/src/main/java/org/apache/access/core/Server.java
rename to sentry-core/src/main/java/org/apache/sentry/core/Server.java
index 0c95666..caed9a9 100644
--- a/access-core/src/main/java/org/apache/access/core/Server.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/Server.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public class Server implements Authorizable {
diff --git a/access-core/src/main/java/org/apache/access/core/ServerResource.java b/sentry-core/src/main/java/org/apache/sentry/core/ServerResource.java
similarity index 95%
rename from access-core/src/main/java/org/apache/access/core/ServerResource.java
rename to sentry-core/src/main/java/org/apache/sentry/core/ServerResource.java
index bdbdd57..91334dc 100644
--- a/access-core/src/main/java/org/apache/access/core/ServerResource.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/ServerResource.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public enum ServerResource {
UDFS();
diff --git a/access-core/src/main/java/org/apache/access/core/Subject.java b/sentry-core/src/main/java/org/apache/sentry/core/Subject.java
similarity index 96%
rename from access-core/src/main/java/org/apache/access/core/Subject.java
rename to sentry-core/src/main/java/org/apache/sentry/core/Subject.java
index 111895e..fa5cd6e 100644
--- a/access-core/src/main/java/org/apache/access/core/Subject.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/Subject.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public class Subject {
diff --git a/access-core/src/main/java/org/apache/access/core/Table.java b/sentry-core/src/main/java/org/apache/sentry/core/Table.java
similarity index 97%
rename from access-core/src/main/java/org/apache/access/core/Table.java
rename to sentry-core/src/main/java/org/apache/sentry/core/Table.java
index 47cc724..9053d9a 100644
--- a/access-core/src/main/java/org/apache/access/core/Table.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/Table.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public class Table implements TableOrView {
diff --git a/access-core/src/main/java/org/apache/access/core/TableOrView.java b/sentry-core/src/main/java/org/apache/sentry/core/TableOrView.java
similarity index 95%
rename from access-core/src/main/java/org/apache/access/core/TableOrView.java
rename to sentry-core/src/main/java/org/apache/sentry/core/TableOrView.java
index 1cbb2e0..d6f8837 100644
--- a/access-core/src/main/java/org/apache/access/core/TableOrView.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/TableOrView.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public interface TableOrView extends Authorizable {
diff --git a/access-core/src/main/java/org/apache/access/core/View.java b/sentry-core/src/main/java/org/apache/sentry/core/View.java
similarity index 97%
rename from access-core/src/main/java/org/apache/access/core/View.java
rename to sentry-core/src/main/java/org/apache/sentry/core/View.java
index bed52ed..471a09c 100644
--- a/access-core/src/main/java/org/apache/access/core/View.java
+++ b/sentry-core/src/main/java/org/apache/sentry/core/View.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.core;
+package org.apache.sentry.core;
public class View implements TableOrView {
diff --git a/access-core/src/test/java/org/apache/access/core/TestURI.java b/sentry-core/src/test/java/org/apache/sentry/core/TestURI.java
similarity index 94%
rename from access-core/src/test/java/org/apache/access/core/TestURI.java
rename to sentry-core/src/test/java/org/apache/sentry/core/TestURI.java
index 6cb7689..5507285 100644
--- a/access-core/src/test/java/org/apache/access/core/TestURI.java
+++ b/sentry-core/src/test/java/org/apache/sentry/core/TestURI.java
@@ -1,4 +1,4 @@
-package org.apache.access.core;
+package org.apache.sentry.core;
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
@@ -17,6 +17,7 @@
*/
+import org.apache.sentry.core.AccessURI;
import org.junit.Test;
public class TestURI {
diff --git a/access-dist/pom.xml b/sentry-dist/pom.xml
similarity index 88%
rename from access-dist/pom.xml
rename to sentry-dist/pom.xml
index d37ab2d..30a3494 100644
--- a/access-dist/pom.xml
+++ b/sentry-dist/pom.xml
@@ -19,24 +19,24 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access</artifactId>
+ <artifactId>sentry</artifactId>
<version>1.1.0-SNAPSHOT</version>
</parent>
- <artifactId>access-dist</artifactId>
+ <artifactId>sentry-dist</artifactId>
<name>Access Distribution</name>
<description>Access distribution</description>
<dependencies>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-core</artifactId>
+ <artifactId>sentry-core</artifactId>
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-binding-hive</artifactId>
+ <artifactId>sentry-binding-hive</artifactId>
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-provider-file</artifactId>
+ <artifactId>sentry-provider-file</artifactId>
</dependency>
</dependencies>
<build>
@@ -53,7 +53,7 @@
</goals>
<inherited>false</inherited>
<configuration>
- <finalName>access-${project.version}</finalName>
+ <finalName>sentry-${project.version}</finalName>
<descriptors>
<descriptor>src/main/assembly/src.xml</descriptor>
</descriptors>
diff --git a/access-dist/src/main/assembly/src.xml b/sentry-dist/src/main/assembly/src.xml
similarity index 80%
rename from access-dist/src/main/assembly/src.xml
rename to sentry-dist/src/main/assembly/src.xml
index 1964f40..05ea8f7 100644
--- a/access-dist/src/main/assembly/src.xml
+++ b/sentry-dist/src/main/assembly/src.xml
@@ -28,7 +28,7 @@
<format>tar.gz</format>
</formats>
- <baseDirectory>access-${project.version}</baseDirectory>
+ <baseDirectory>sentry-${project.version}</baseDirectory>
<moduleSets>
@@ -36,13 +36,13 @@
<useAllReactorProjects>true</useAllReactorProjects>
<includes>
- <include>com.cloudera.cdh:access-binding</include>
- <include>com.cloudera.cdh:access-binding-hive</include>
- <include>com.cloudera.cdh:access-core</include>
- <include>com.cloudera.cdh:access-provider</include>
- <include>com.cloudera.cdh:access-provider-file</include>
- <include>com.cloudera.cdh:access-tests</include>
- <include>com.cloudera.cdh:access-dist</include>
+ <include>com.cloudera.cdh:sentry-binding</include>
+ <include>com.cloudera.cdh:sentry-binding-hive</include>
+ <include>com.cloudera.cdh:sentry-core</include>
+ <include>com.cloudera.cdh:sentry-provider</include>
+ <include>com.cloudera.cdh:sentry-provider-file</include>
+ <include>com.cloudera.cdh:sentry-tests</include>
+ <include>com.cloudera.cdh:sentry-dist</include>
</includes>
<binaries>
@@ -85,11 +85,11 @@
<directory>../</directory>
<excludes>
- <exclude>access-binding/**</exclude>
- <exclude>access-core/**</exclude>
- <exclude>access-dist/**</exclude>
- <exclude>access-provider/**</exclude>
- <exclude>access-test/**</exclude>
+ <exclude>sentry-binding/**</exclude>
+ <exclude>sentry-core/**</exclude>
+ <exclude>sentry-dist/**</exclude>
+ <exclude>sentry-provider/**</exclude>
+ <exclude>sentry-test/**</exclude>
<exclude>**/target/**</exclude>
<exclude>**/.classpath</exclude>
<exclude>**/.project</exclude>
diff --git a/access-provider/pom.xml b/sentry-provider/pom.xml
similarity index 91%
rename from access-provider/pom.xml
rename to sentry-provider/pom.xml
index 6f42075..f9f9915 100644
--- a/access-provider/pom.xml
+++ b/sentry-provider/pom.xml
@@ -20,17 +20,17 @@
<parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access</artifactId>
+ <artifactId>sentry</artifactId>
<version>1.1.0-SNAPSHOT</version>
</parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-provider</artifactId>
+ <artifactId>sentry-provider</artifactId>
<name>Access Providers</name>
<packaging>pom</packaging>
<modules>
- <module>access-provider-file</module>
+ <module>sentry-provider-file</module>
</modules>
</project>
diff --git a/access-provider/access-provider-file/pom.xml b/sentry-provider/sentry-provider-file/pom.xml
similarity index 94%
rename from access-provider/access-provider-file/pom.xml
rename to sentry-provider/sentry-provider-file/pom.xml
index 289a6e5..fdee8cc 100644
--- a/access-provider/access-provider-file/pom.xml
+++ b/sentry-provider/sentry-provider-file/pom.xml
@@ -20,12 +20,12 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-provider</artifactId>
+ <artifactId>sentry-provider</artifactId>
<version>1.1.0-SNAPSHOT</version>
</parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-provider-file</artifactId>
+ <artifactId>sentry-provider-file</artifactId>
<name>Access Provider File</name>
<dependencies>
@@ -67,7 +67,7 @@
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-core</artifactId>
+ <artifactId>sentry-core</artifactId>
</dependency>
</dependencies>
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/AbstractRoleValidator.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/AbstractRoleValidator.java
similarity index 88%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/AbstractRoleValidator.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/AbstractRoleValidator.java
index 28fdfff..35889e4 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/AbstractRoleValidator.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/AbstractRoleValidator.java
@@ -14,14 +14,14 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
-import static org.apache.access.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.access.provider.file.PolicyFileConstants.PRIVILEGE_PREFIX;
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.PRIVILEGE_PREFIX;
import java.util.List;
-import org.apache.access.core.Authorizable;
+import org.apache.sentry.core.Authorizable;
import org.apache.shiro.config.ConfigurationException;
import com.google.common.annotations.VisibleForTesting;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/Authorizables.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/Authorizables.java
similarity index 82%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/Authorizables.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/Authorizables.java
index bb7cffc..4062473 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/Authorizables.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/Authorizables.java
@@ -14,15 +14,15 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
-import org.apache.access.core.AccessURI;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Authorizable.AuthorizableType;
-import org.apache.access.core.Database;
-import org.apache.access.core.Server;
-import org.apache.access.core.Table;
-import org.apache.access.core.View;
+import org.apache.sentry.core.AccessURI;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Database;
+import org.apache.sentry.core.Server;
+import org.apache.sentry.core.Table;
+import org.apache.sentry.core.View;
+import org.apache.sentry.core.Authorizable.AuthorizableType;
public class Authorizables {
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/DatabaseMustMatch.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/DatabaseMustMatch.java
similarity index 92%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/DatabaseMustMatch.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/DatabaseMustMatch.java
index ea1c0a7..ef6486b 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/DatabaseMustMatch.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/DatabaseMustMatch.java
@@ -14,10 +14,10 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Database;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Database;
import org.apache.shiro.config.ConfigurationException;
public class DatabaseMustMatch extends AbstractRoleValidator {
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/DatabaseRequiredInRole.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/DatabaseRequiredInRole.java
similarity index 62%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/DatabaseRequiredInRole.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/DatabaseRequiredInRole.java
index 7a3c42a..fd0f2c1 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/DatabaseRequiredInRole.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/DatabaseRequiredInRole.java
@@ -14,12 +14,13 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import javax.annotation.Nullable;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Database;
+import org.apache.sentry.core.AccessURI;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Database;
import org.apache.shiro.config.ConfigurationException;
public class DatabaseRequiredInRole extends AbstractRoleValidator {
@@ -33,16 +34,34 @@
Iterable<Authorizable> authorizables = parseRole(role);
/*
* Each permission in a non-global file must have a database
- * object.
+ * object except for URIs.
+ *
+ * We allow URIs to be specified in the per DB policy file for
+ * ease of mangeability. URIs will contain to remain server scope
+ * objects.
*/
boolean foundDatabaseInAuthorizables = false;
+ boolean foundURIInAuthorizables = false;
+ boolean allowURIInAuthorizables = false;
+
+ if ("true".equalsIgnoreCase(
+ System.getProperty(SimplePolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE))) {
+ allowURIInAuthorizables = true;
+ }
+
for(Authorizable authorizable : authorizables) {
if(authorizable instanceof Database) {
foundDatabaseInAuthorizables = true;
- break;
+ }
+ if (authorizable instanceof AccessURI) {
+ if (foundDatabaseInAuthorizables) {
+ String msg = "URI object is specified at DB scope in " + role;
+ throw new ConfigurationException(msg);
+ }
+ foundURIInAuthorizables = true;
}
}
- if(!foundDatabaseInAuthorizables) {
+ if(!foundDatabaseInAuthorizables && !(foundURIInAuthorizables && allowURIInAuthorizables)) {
String msg = "Missing database object in " + role;
throw new ConfigurationException(msg);
}
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/GroupMappingService.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/GroupMappingService.java
similarity index 95%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/GroupMappingService.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/GroupMappingService.java
index ebfdf30..6af2edf 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/GroupMappingService.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/GroupMappingService.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.util.List;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/HadoopGroupMappingService.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java
similarity index 96%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/HadoopGroupMappingService.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java
index 9e22730..1bbb125 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/HadoopGroupMappingService.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.IOException;
import java.util.Collections;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/HadoopGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
similarity index 96%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/HadoopGroupResourceAuthorizationProvider.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
index ac2b199..f99ae8c 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/HadoopGroupResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.IOException;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/KeyValue.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/KeyValue.java
similarity index 93%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/KeyValue.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/KeyValue.java
index 2921eb7..622736a 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/KeyValue.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/KeyValue.java
@@ -16,9 +16,9 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.access.provider.file;
-import static org.apache.access.provider.file.PolicyFileConstants.KV_JOINER;
-import static org.apache.access.provider.file.PolicyFileConstants.KV_SPLITTER;
+package org.apache.sentry.provider.file;
+import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.KV_SPLITTER;
import java.util.List;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/LocalGroupMappingService.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
similarity index 98%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/LocalGroupMappingService.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
index 2c876ea..fa3e804 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/LocalGroupMappingService.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupMappingService.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.IOException;
import java.util.Collections;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/LocalGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
similarity index 96%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/LocalGroupResourceAuthorizationProvider.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
index 5df64d1..ef595c8 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/LocalGroupResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.IOException;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyEngine.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyEngine.java
similarity index 94%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyEngine.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyEngine.java
index cbee32b..954e1d5 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyEngine.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyEngine.java
@@ -15,11 +15,11 @@
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.util.List;
-import org.apache.access.core.Authorizable;
+import org.apache.sentry.core.Authorizable;
import com.google.common.collect.ImmutableSetMultimap;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyFile.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
similarity index 96%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyFile.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
index c52c703..fafe79b 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyFile.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
@@ -15,11 +15,11 @@
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
-import static org.apache.access.provider.file.PolicyFileConstants.DATABASES;
-import static org.apache.access.provider.file.PolicyFileConstants.GROUPS;
-import static org.apache.access.provider.file.PolicyFileConstants.ROLES;
+import static org.apache.sentry.provider.file.PolicyFileConstants.DATABASES;
+import static org.apache.sentry.provider.file.PolicyFileConstants.GROUPS;
+import static org.apache.sentry.provider.file.PolicyFileConstants.ROLES;
import java.io.File;
import java.io.IOException;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyFileConstants.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFileConstants.java
similarity index 97%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyFileConstants.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFileConstants.java
index 0f80b0a..d28cde2 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyFileConstants.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFileConstants.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyFiles.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java
similarity index 98%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyFiles.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java
index 652a0e0..ff4c984 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/PolicyFiles.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFiles.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.File;
import java.io.FileNotFoundException;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/ResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
similarity index 89%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/ResourceAuthorizationProvider.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
index 5aece44..60282e6 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/ResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
@@ -14,24 +14,24 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
-import static org.apache.access.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
-import static org.apache.access.provider.file.PolicyFileConstants.KV_JOINER;
-import static org.apache.access.provider.file.PolicyFileConstants.PRIVILEGE_NAME;
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.PRIVILEGE_NAME;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;
-import org.apache.access.core.Action;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.AuthorizationProvider;
-import org.apache.access.core.Database;
-import org.apache.access.core.Server;
-import org.apache.access.core.ServerResource;
-import org.apache.access.core.Subject;
-import org.apache.access.core.Table;
+import org.apache.sentry.core.Action;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.AuthorizationProvider;
+import org.apache.sentry.core.Database;
+import org.apache.sentry.core.Server;
+import org.apache.sentry.core.ServerResource;
+import org.apache.sentry.core.Subject;
+import org.apache.sentry.core.Table;
import org.apache.shiro.authz.Permission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/RoleValidator.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/RoleValidator.java
similarity index 95%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/RoleValidator.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/RoleValidator.java
index 02ea02f..323a18a 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/RoleValidator.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/RoleValidator.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import javax.annotation.Nullable;
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/Roles.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/Roles.java
similarity index 78%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/Roles.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/Roles.java
index 71ccdcd..556be01 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/Roles.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/Roles.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import javax.annotation.Nullable;
@@ -24,6 +24,7 @@
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.ImmutableSetMultimap;
+import com.google.common.io.Resources;
public class Roles {
private static final Logger LOGGER = LoggerFactory
@@ -41,14 +42,27 @@
this.globalRoles = globalRoles;
this.perDatabaseRoles = perDatabaseRoles;
}
- public ImmutableSet<String> getRoles(@Nullable String database, String group) {
+ public ImmutableSet<String> getRoles(@Nullable String database, String group, Boolean isURI) {
ImmutableSet.Builder<String> resultBuilder = ImmutableSet.builder();
+ String allowURIPerDbFile =
+ System.getProperty(SimplePolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE);
+ Boolean consultPerDbRolesForURI = isURI && ("true".equalsIgnoreCase(allowURIPerDbFile));
+
if(database != null) {
ImmutableSetMultimap<String, String> dbPolicies = perDatabaseRoles.get(database);
if(dbPolicies != null && dbPolicies.containsKey(group)) {
resultBuilder.addAll(dbPolicies.get(group));
}
}
+ if (consultPerDbRolesForURI) {
+ for(String db:perDatabaseRoles.keySet()) {
+ ImmutableSetMultimap<String, String> dbPolicies = perDatabaseRoles.get(db);
+ if(dbPolicies != null && dbPolicies.containsKey(group)) {
+ resultBuilder.addAll(dbPolicies.get(group));
+ }
+ }
+ }
+
if(globalRoles.containsKey(group)) {
resultBuilder.addAll(globalRoles.get(group));
}
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/ServerNameMustMatch.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ServerNameMustMatch.java
similarity index 92%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/ServerNameMustMatch.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ServerNameMustMatch.java
index 020c07b..1d2a8c6 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/ServerNameMustMatch.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ServerNameMustMatch.java
@@ -14,12 +14,12 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import javax.annotation.Nullable;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Server;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Server;
import org.apache.shiro.config.ConfigurationException;
public class ServerNameMustMatch extends AbstractRoleValidator {
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/ServersAllIsInvalid.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ServersAllIsInvalid.java
similarity index 91%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/ServersAllIsInvalid.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ServersAllIsInvalid.java
index c13fbb7..8ee1c43 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/ServersAllIsInvalid.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ServersAllIsInvalid.java
@@ -14,12 +14,12 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import javax.annotation.Nullable;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Server;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Server;
import org.apache.shiro.config.ConfigurationException;
public class ServersAllIsInvalid extends AbstractRoleValidator {
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/SimplePolicyEngine.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimplePolicyEngine.java
similarity index 91%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/SimplePolicyEngine.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimplePolicyEngine.java
index 21f6d9c..868736c 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/SimplePolicyEngine.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimplePolicyEngine.java
@@ -14,9 +14,13 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
-import static org.apache.access.provider.file.PolicyFileConstants.*;
+import static org.apache.sentry.provider.file.PolicyFileConstants.DATABASES;
+import static org.apache.sentry.provider.file.PolicyFileConstants.GROUPS;
+import static org.apache.sentry.provider.file.PolicyFileConstants.ROLES;
+import static org.apache.sentry.provider.file.PolicyFileConstants.ROLE_SPLITTER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.USERS;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -29,11 +33,12 @@
import javax.annotation.Nullable;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Database;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
+import org.apache.sentry.core.AccessURI;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Database;
import org.apache.shiro.config.ConfigurationException;
import org.apache.shiro.config.Ini;
import org.apache.shiro.util.PermissionUtils;
@@ -63,6 +68,7 @@
private final String serverName;
private final List<Path> perDbResources = Lists.newArrayList();
private final AtomicReference<Roles> rolesReference;
+ public final static String ACCESS_ALLOW_URI_PER_DB_POLICYFILE = "sentry.allow.uri.db.policyfile";
public SimplePolicyEngine(String resourcePath, String serverName) throws IOException {
this(new Configuration(), new Path(resourcePath), serverName);
@@ -118,11 +124,11 @@
if(perDbIni.containsKey(DATABASES)) {
throw new ConfigurationException("Per-db policy files cannot contain " + DATABASES + " section");
}
- perDatabaseRoles.put(database, parseIni(database, perDbIni));
+ ImmutableSetMultimap<String, String> currentDbRoles = parseIni(database, perDbIni);
+ perDatabaseRoles.put(database, currentDbRoles);
perDbResources.add(perDbPolicy);
} catch (Exception e) {
LOGGER.error("Error processing key " + entry.getKey() + ", skipping " + entry.getValue(), e);
- throw e;
}
}
}
@@ -239,17 +245,22 @@
public ImmutableSetMultimap<String, String> getPermissions(List<Authorizable> authorizables, List<String> groups) {
Roles roles = rolesReference.get();
String database = null;
+ Boolean isURI = false;
for(Authorizable authorizable : authorizables) {
if(authorizable instanceof Database) {
database = authorizable.getName();
}
+ if (authorizable instanceof AccessURI) {
+ isURI = true;
+ }
}
+
if(LOGGER.isDebugEnabled()) {
LOGGER.debug("Getting permissions for {} via {}", groups, database);
}
ImmutableSetMultimap.Builder<String, String> resultBuilder = ImmutableSetMultimap.builder();
for(String group : groups) {
- resultBuilder.putAll(group, roles.getRoles(database, group));
+ resultBuilder.putAll(group, roles.getRoles(database, group, isURI));
}
ImmutableSetMultimap<String, String> result = resultBuilder.build();
if(LOGGER.isDebugEnabled()) {
@@ -257,4 +268,4 @@
}
return result;
}
-}
\ No newline at end of file
+}
diff --git a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/WildcardPermission.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/WildcardPermission.java
similarity index 95%
rename from access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/WildcardPermission.java
rename to sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/WildcardPermission.java
index 20ba719..e989d82 100644
--- a/access-provider/access-provider-file/src/main/java/org/apache/access/provider/file/WildcardPermission.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/WildcardPermission.java
@@ -19,19 +19,19 @@
// copied from apache shiro
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
-import static org.apache.access.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
-import static org.apache.access.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_SPLITTER;
import java.io.Serializable;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
-import org.apache.access.core.AccessConstants;
-import org.apache.access.core.Authorizable.AuthorizableType;
import org.apache.commons.lang.text.StrSubstitutor;
+import org.apache.sentry.core.AccessConstants;
+import org.apache.sentry.core.Authorizable.AuthorizableType;
import org.apache.shiro.authz.Permission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/AbstractTestSimplePolicyEngine.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/AbstractTestSimplePolicyEngine.java
similarity index 96%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/AbstractTestSimplePolicyEngine.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/AbstractTestSimplePolicyEngine.java
index 8bb101f..bfa2d68 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/AbstractTestSimplePolicyEngine.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/AbstractTestSimplePolicyEngine.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.File;
import java.io.IOException;
@@ -24,9 +24,10 @@
import junit.framework.Assert;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Database;
import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Database;
+import org.apache.sentry.provider.file.PolicyEngine;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/MockGroupMappingServiceProvider.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/MockGroupMappingServiceProvider.java
similarity index 93%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/MockGroupMappingServiceProvider.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/MockGroupMappingServiceProvider.java
index be04259..74956fc 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/MockGroupMappingServiceProvider.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/MockGroupMappingServiceProvider.java
@@ -14,11 +14,12 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.util.Collection;
import java.util.List;
+import org.apache.sentry.provider.file.GroupMappingService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestAuthorizables.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestAuthorizables.java
similarity index 89%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestAuthorizables.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestAuthorizables.java
index 853b20f..f81b574 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestAuthorizables.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestAuthorizables.java
@@ -16,15 +16,16 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertNull;
-import org.apache.access.core.AccessURI;
-import org.apache.access.core.Database;
-import org.apache.access.core.Server;
-import org.apache.access.core.Table;
-import org.apache.access.core.View;
+import org.apache.sentry.core.AccessURI;
+import org.apache.sentry.core.Database;
+import org.apache.sentry.core.Server;
+import org.apache.sentry.core.Table;
+import org.apache.sentry.core.View;
+import org.apache.sentry.provider.file.Authorizables;
import org.junit.Test;
public class TestAuthorizables {
diff --git a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestDatabaseRequiredInRole.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestDatabaseRequiredInRole.java
new file mode 100644
index 0000000..fc35043
--- /dev/null
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestDatabaseRequiredInRole.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sentry.provider.file;
+
+import junit.framework.Assert;
+
+import org.apache.shiro.config.ConfigurationException;
+import org.junit.Test;
+
+public class TestDatabaseRequiredInRole {
+
+ @Test
+ public void testURIInPerDbPolicyFile() throws Exception {
+ DatabaseRequiredInRole dbRequiredInRole = new DatabaseRequiredInRole();
+ System.setProperty("sentry.allow.uri.db.policyfile", "true");
+ dbRequiredInRole.validate("db1",
+ "server=server1->URI=file:///user/hive/warehouse/tab1");
+ System.setProperty("sentry.allow.uri.db.policyfile", "false");
+ }
+
+ @Test
+ public void testURIWithDBInPerDbPolicyFile() throws Exception {
+ DatabaseRequiredInRole dbRequiredInRole = new DatabaseRequiredInRole();
+ try {
+ dbRequiredInRole.validate("db1",
+ "server=server1->db=db1->URI=file:///user/hive/warehouse/tab1");
+ Assert.fail("Expected ConfigurationException");
+ } catch (ConfigurationException e) {
+ ;
+ }
+ }
+}
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestKeyValue.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java
similarity index 93%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestKeyValue.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java
index 3f419bc..1fd64f1 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestKeyValue.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestKeyValue.java
@@ -16,11 +16,12 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertFalse;
-import static org.apache.access.provider.file.PolicyFileConstants.KV_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
+import org.apache.sentry.provider.file.KeyValue;
import org.junit.Test;
public class TestKeyValue {
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestLocalGroupMapping.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java
similarity index 93%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestLocalGroupMapping.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java
index 939a0c1..f1d8192 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestLocalGroupMapping.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestLocalGroupMapping.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.File;
import java.io.IOException;
@@ -23,6 +23,8 @@
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.fs.Path;
+import org.apache.sentry.provider.file.LocalGroupMappingService;
+import org.apache.sentry.provider.file.PolicyFiles;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestPolicyParsingNegative.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestPolicyParsingNegative.java
similarity index 72%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestPolicyParsingNegative.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestPolicyParsingNegative.java
index 3e9fe0f..7285806 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestPolicyParsingNegative.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestPolicyParsingNegative.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.File;
import java.io.IOException;
@@ -22,10 +22,13 @@
import junit.framework.Assert;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Database;
-import org.apache.access.core.Server;
import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Database;
+import org.apache.sentry.core.Server;
+import org.apache.sentry.provider.file.PolicyEngine;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.provider.file.SimplePolicyEngine;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -105,7 +108,7 @@
Arrays.asList(new Authorizable[] {
new Server("server1")
}), Lists.newArrayList("admin")).get("admin");
- Assert.assertTrue(permissions.toString(), permissions.isEmpty());
+ Assert.assertEquals(permissions.toString(), "[server=server1]");
// test to ensure [databases] fails parsing of per-db file
// by removing the user mapping from the per-db policy file
policyFile.removeGroupsFromUser("admin1", "admin")
@@ -115,7 +118,7 @@
Arrays.asList(new Authorizable[] {
new Server("server1")
}), Lists.newArrayList("admin")).get("admin");
- Assert.assertTrue(permissions.toString(), permissions.isEmpty());
+ Assert.assertEquals(permissions.toString(), "[server=server1]");
}
@Test
public void testDatabaseRequiredInRole() throws Exception {
@@ -177,4 +180,61 @@
Assert.assertTrue(permissions.toString(), permissions.isEmpty());
}
+ /**
+ * Create policy file with multiple per db files.
+ * Verify that a file with bad format is the only one that's ignored
+ * @throws Exception
+ */
+ @Test
+ public void testMultiDbWithErrors() throws Exception {
+ File db1PolicyFile = new File(baseDir, "db1.ini");
+ File db2PolicyFile = new File(baseDir, "db2.ini");
+
+ // global policy file
+ append("[databases]", globalPolicyFile);
+ append("db1 = " + db1PolicyFile.getPath(), globalPolicyFile);
+ append("db2 = " + db2PolicyFile.getPath(), globalPolicyFile);
+ append("[groups]", globalPolicyFile);
+ append("db3_group = db3_rule", globalPolicyFile);
+ append("[roles]", globalPolicyFile);
+ append("db3_rule = server=server1->db=db3->table=sales->action=select", globalPolicyFile);
+
+ //db1 policy file with badly formatted rule
+ append("[groups]", db1PolicyFile);
+ append("db1_group = bad_rule", db1PolicyFile);
+ append("[roles]", db1PolicyFile);
+ append("bad_rule = server=server1->db=customers->=purchases->action=", db1PolicyFile);
+
+ //db2 policy file with proper rule
+ append("[groups]", db2PolicyFile);
+ append("db2_group = db2_rule", db2PolicyFile);
+ append("[roles]", db2PolicyFile);
+ append("db2_rule = server=server1->db=db2->table=purchases->action=select", db2PolicyFile);
+
+ PolicyEngine policy = new SimplePolicyEngine(globalPolicyFile.getPath(), "server1");
+
+ // verify that the db1 rule is empty
+ ImmutableSet<String> permissions = policy.getPermissions(
+ Arrays.asList(new Authorizable[] {
+ new Server("server1"),
+ new Database("db1")
+ }), Lists.newArrayList("db1_group")).get("db1_group");
+ Assert.assertTrue(permissions.toString(), permissions.isEmpty());
+
+ permissions = policy.getPermissions(
+ Arrays.asList(new Authorizable[] {
+ new Server("server1"),
+ new Database("db2")
+ }), Lists.newArrayList("db2_group")).get("db2_group");
+ Assert.assertEquals(permissions.toString(), 1, permissions.size());
+
+ permissions = policy.getPermissions(
+ Arrays.asList(new Authorizable[] {
+ new Server("server1"),
+ new Database("db2")
+ }), Lists.newArrayList("db2_group")).get("db2_group");
+ Assert.assertEquals(permissions.toString(), 1, permissions.size());
+
+ }
+
}
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestResourceAuthorizationProviderGeneralCases.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestResourceAuthorizationProviderGeneralCases.java
similarity index 93%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestResourceAuthorizationProviderGeneralCases.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestResourceAuthorizationProviderGeneralCases.java
index 27a94ad..a8a946d 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestResourceAuthorizationProviderGeneralCases.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestResourceAuthorizationProviderGeneralCases.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.File;
import java.io.IOException;
@@ -24,14 +24,18 @@
import junit.framework.Assert;
-import org.apache.access.core.AccessConstants;
-import org.apache.access.core.Action;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.Database;
-import org.apache.access.core.Server;
-import org.apache.access.core.Subject;
-import org.apache.access.core.Table;
import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.AccessConstants;
+import org.apache.sentry.core.Action;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.Database;
+import org.apache.sentry.core.Server;
+import org.apache.sentry.core.Subject;
+import org.apache.sentry.core.Table;
+import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
+import org.apache.sentry.provider.file.PolicyFiles;
+import org.apache.sentry.provider.file.ResourceAuthorizationProvider;
+import org.apache.sentry.provider.file.SimplePolicyEngine;
import org.junit.After;
import org.junit.Test;
import org.slf4j.Logger;
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestResourceAuthorizationProviderSpecialCases.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestResourceAuthorizationProviderSpecialCases.java
similarity index 91%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestResourceAuthorizationProviderSpecialCases.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestResourceAuthorizationProviderSpecialCases.java
index 7dd7cd8..14e2ff5 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestResourceAuthorizationProviderSpecialCases.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestResourceAuthorizationProviderSpecialCases.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.File;
import java.io.IOException;
@@ -23,13 +23,15 @@
import junit.framework.Assert;
-import org.apache.access.core.AccessURI;
-import org.apache.access.core.Action;
-import org.apache.access.core.Authorizable;
-import org.apache.access.core.AuthorizationProvider;
-import org.apache.access.core.Server;
-import org.apache.access.core.Subject;
import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.AccessURI;
+import org.apache.sentry.core.Action;
+import org.apache.sentry.core.Authorizable;
+import org.apache.sentry.core.AuthorizationProvider;
+import org.apache.sentry.core.Server;
+import org.apache.sentry.core.Subject;
+import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestSimplePolicyEngineDFS.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineDFS.java
similarity index 93%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestSimplePolicyEngineDFS.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineDFS.java
index ef0f109..92e3b03 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestSimplePolicyEngineDFS.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineDFS.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.File;
import java.io.IOException;
@@ -25,6 +25,8 @@
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.MiniDFSCluster;
+import org.apache.sentry.provider.file.PolicyFiles;
+import org.apache.sentry.provider.file.SimplePolicyEngine;
import org.junit.AfterClass;
import org.junit.BeforeClass;
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestSimplePolicyEngineLocalFS.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineLocalFS.java
similarity index 90%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestSimplePolicyEngineLocalFS.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineLocalFS.java
index 3093e4a..73cd673 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestSimplePolicyEngineLocalFS.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineLocalFS.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import java.io.File;
import java.io.IOException;
@@ -22,6 +22,8 @@
import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
+import org.apache.sentry.provider.file.PolicyFiles;
+import org.apache.sentry.provider.file.SimplePolicyEngine;
public class TestSimplePolicyEngineLocalFS extends AbstractTestSimplePolicyEngine {
diff --git a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestWildcardPermission.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestWildcardPermission.java
similarity index 96%
rename from access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestWildcardPermission.java
rename to sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestWildcardPermission.java
index 2b230c6..77c3838 100644
--- a/access-provider/access-provider-file/src/test/java/org/apache/access/provider/file/TestWildcardPermission.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestWildcardPermission.java
@@ -16,15 +16,17 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.access.provider.file;
+package org.apache.sentry.provider.file;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertTrue;
-import static org.apache.access.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
-import static org.apache.access.provider.file.PolicyFileConstants.KV_JOINER;
-import static org.apache.access.provider.file.PolicyFileConstants.KV_SEPARATOR;
+import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
+import static org.apache.sentry.provider.file.PolicyFileConstants.KV_SEPARATOR;
-import org.apache.access.core.AccessConstants;
+import org.apache.sentry.core.AccessConstants;
+import org.apache.sentry.provider.file.KeyValue;
+import org.apache.sentry.provider.file.WildcardPermission;
import org.apache.shiro.authz.Permission;
import org.junit.Test;
diff --git a/access-provider/access-provider-file/src/test/resources/log4j.properties b/sentry-provider/sentry-provider-file/src/test/resources/log4j.properties
similarity index 100%
rename from access-provider/access-provider-file/src/test/resources/log4j.properties
rename to sentry-provider/sentry-provider-file/src/test/resources/log4j.properties
diff --git a/access-provider/access-provider-file/src/test/resources/test-authz-provider-local-group-mapping.ini b/sentry-provider/sentry-provider-file/src/test/resources/test-authz-provider-local-group-mapping.ini
similarity index 100%
rename from access-provider/access-provider-file/src/test/resources/test-authz-provider-local-group-mapping.ini
rename to sentry-provider/sentry-provider-file/src/test/resources/test-authz-provider-local-group-mapping.ini
diff --git a/access-provider/access-provider-file/src/test/resources/test-authz-provider-other-group.ini b/sentry-provider/sentry-provider-file/src/test/resources/test-authz-provider-other-group.ini
similarity index 100%
rename from access-provider/access-provider-file/src/test/resources/test-authz-provider-other-group.ini
rename to sentry-provider/sentry-provider-file/src/test/resources/test-authz-provider-other-group.ini
diff --git a/access-provider/access-provider-file/src/test/resources/test-authz-provider.ini b/sentry-provider/sentry-provider-file/src/test/resources/test-authz-provider.ini
similarity index 100%
rename from access-provider/access-provider-file/src/test/resources/test-authz-provider.ini
rename to sentry-provider/sentry-provider-file/src/test/resources/test-authz-provider.ini
diff --git a/access-tests/pom.xml b/sentry-tests/pom.xml
similarity index 92%
rename from access-tests/pom.xml
rename to sentry-tests/pom.xml
index 5ce26d5..22e6cde 100644
--- a/access-tests/pom.xml
+++ b/sentry-tests/pom.xml
@@ -19,20 +19,36 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access</artifactId>
+ <artifactId>sentry</artifactId>
<version>1.1.0-SNAPSHOT</version>
</parent>
- <artifactId>access-tests</artifactId>
+ <artifactId>sentry-tests</artifactId>
<name>Access Tests</name>
- <description>end to end tests for access project</description>
+ <description>end to end tests for sentry project</description>
<properties>
<hadoop-dist></hadoop-dist>
<hive-dist>${hadoop-dist}</hive-dist>
</properties>
<dependencies>
<dependency>
+ <groupId>org.apache.thrift</groupId>
+ <artifactId>libthrift</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.derby</groupId>
+ <artifactId>derby</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.thrift</groupId>
+ <artifactId>libthrift</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.derby</groupId>
+ <artifactId>derby</artifactId>
+ </dependency>
+ <dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-core</artifactId>
+ <artifactId>sentry-core</artifactId>
</dependency>
<dependency>
<groupId>org.apache.hive</groupId>
@@ -179,7 +195,7 @@
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-binding-hive</artifactId>
+ <artifactId>sentry-binding-hive</artifactId>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
@@ -188,7 +204,7 @@
</dependency>
<dependency>
<groupId>com.cloudera.cdh</groupId>
- <artifactId>access-provider-file</artifactId>
+ <artifactId>sentry-provider-file</artifactId>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithHiveServer.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithHiveServer.java
similarity index 94%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithHiveServer.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithHiveServer.java
index 880e5ec..d4060d3 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithHiveServer.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithHiveServer.java
@@ -14,18 +14,18 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import java.io.File;
import java.util.Map;
import junit.framework.Assert;
-import org.apache.access.tests.e2e.hiveserver.HiveServer;
-import org.apache.access.tests.e2e.hiveserver.HiveServerFactory;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
+import org.apache.sentry.tests.e2e.hiveserver.HiveServer;
+import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
import org.junit.After;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithStaticConfiguration.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticConfiguration.java
similarity index 96%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithStaticConfiguration.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticConfiguration.java
index b0600ec..40232c8 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithStaticConfiguration.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticConfiguration.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import java.io.File;
import java.sql.Connection;
@@ -24,10 +24,10 @@
import junit.framework.Assert;
-import org.apache.access.tests.e2e.hiveserver.HiveServer;
-import org.apache.access.tests.e2e.hiveserver.HiveServerFactory;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.fs.FileSystem;
+import org.apache.sentry.tests.e2e.hiveserver.HiveServer;
+import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.slf4j.Logger;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithStaticDFS.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticDFS.java
similarity index 95%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithStaticDFS.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticDFS.java
index d0fb2f0..ab30fa5 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithStaticDFS.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticDFS.java
@@ -14,17 +14,17 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import java.io.File;
import java.io.IOException;
import junit.framework.Assert;
-import org.apache.access.tests.e2e.hiveserver.HiveServerFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.MiniDFSCluster;
+import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithStaticLocalFS.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticLocalFS.java
similarity index 93%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithStaticLocalFS.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticLocalFS.java
index f449247..c29c16c 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/AbstractTestWithStaticLocalFS.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/AbstractTestWithStaticLocalFS.java
@@ -14,11 +14,11 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
-import org.apache.access.tests.e2e.hiveserver.HiveServerFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
+import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
import org.junit.BeforeClass;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/Context.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/Context.java
similarity index 98%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/Context.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/Context.java
index e7d9d9d..687b154 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/Context.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/Context.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
@@ -34,8 +34,8 @@
import junit.framework.Assert;
-import org.apache.access.tests.e2e.hiveserver.HiveServer;
import org.apache.hadoop.fs.FileSystem;
+import org.apache.sentry.tests.e2e.hiveserver.HiveServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/MockUserToGroupMapping.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/DummySentryOnFailureHook.java
similarity index 68%
copy from access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/MockUserToGroupMapping.java
copy to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/DummySentryOnFailureHook.java
index e46e7a5..87d1b01 100644
--- a/access-binding/access-binding-hive/src/test/java/org/apache/access/binding/hive/MockUserToGroupMapping.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/DummySentryOnFailureHook.java
@@ -15,20 +15,18 @@
* limitations under the License.
*/
-package org.apache.access.binding.hive;
+package org.apache.sentry.tests.e2e;
-import java.util.List;
+import org.apache.sentry.binding.hive.SentryOnFailureHook;
+import org.apache.sentry.binding.hive.SentryOnFailureHookContext;
-import org.apache.access.provider.file.GroupMappingService;
+public class DummySentryOnFailureHook implements SentryOnFailureHook {
-import com.google.common.collect.Lists;
+ static boolean invoked = false;
-public class MockUserToGroupMapping implements GroupMappingService {
-
- // User to group 1-to-1 map
@Override
- public List<String> getGroups(String user) {
- return Lists.newArrayList(user);
+ public void run(SentryOnFailureHookContext failureHookContext)
+ throws Exception {
+ invoked = true;
}
-
}
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/PolicyFileEditor.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/PolicyFileEditor.java
similarity index 97%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/PolicyFileEditor.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/PolicyFileEditor.java
index 8207cde..69bf2ad 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/PolicyFileEditor.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/PolicyFileEditor.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestCrossDbOps.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
similarity index 98%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestCrossDbOps.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
index 5d585fc..c619bb0 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestCrossDbOps.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
@@ -32,7 +32,7 @@
import junit.framework.Assert;
-import org.apache.access.provider.file.PolicyFile;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -242,7 +242,7 @@
ResultSet res = conn.getMetaData().getSchemas();
ResultSetMetaData resMeta = res.getMetaData();
assertEquals(2, resMeta.getColumnCount());
- assertEquals("TABLE_SCHEMA", resMeta.getColumnName(1));
+ assertEquals("TABLE_SCHEM", resMeta.getColumnName(1));
assertEquals("TABLE_CATALOG", resMeta.getColumnName(2));
result.add("db1");
@@ -310,7 +310,7 @@
res = conn.getMetaData().getSchemas();
resMeta = res.getMetaData();
assertEquals(2, resMeta.getColumnCount());
- assertEquals("TABLE_SCHEMA", resMeta.getColumnName(1));
+ assertEquals("TABLE_SCHEM", resMeta.getColumnName(1));
assertEquals("TABLE_CATALOG", resMeta.getColumnName(2));
result.add("db2");
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestEndToEnd.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
similarity index 98%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestEndToEnd.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
index 878424f..a643e17 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestEndToEnd.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import java.io.File;
import java.io.FileOutputStream;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestExportImportPrivileges.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
similarity index 98%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestExportImportPrivileges.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
index 3bc3227..dba478e 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestExportImportPrivileges.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertTrue;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestMetadataObjectRetrieval.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataObjectRetrieval.java
similarity index 99%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestMetadataObjectRetrieval.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataObjectRetrieval.java
index a604d47..ffc79c5 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestMetadataObjectRetrieval.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataObjectRetrieval.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
@@ -26,7 +26,7 @@
import java.sql.ResultSet;
import java.sql.Statement;
-import org.apache.access.provider.file.PolicyFile;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestMetadataPermissions.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
similarity index 98%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestMetadataPermissions.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
index 7b90b74..6036eaa 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestMetadataPermissions.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import java.sql.Connection;
import java.sql.SQLException;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestMovingToProduction.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
similarity index 99%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestMovingToProduction.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
index 90890d8..dba6d9f 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestMovingToProduction.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
new file mode 100644
index 0000000..e265f3d
--- /dev/null
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
@@ -0,0 +1,423 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.tests.e2e;
+
+import static org.junit.Assert.assertTrue;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import org.apache.sentry.provider.file.SimplePolicyEngine;
+import org.junit.After;
+import org.junit.Test;
+
+import com.google.common.base.Charsets;
+import com.google.common.base.Joiner;
+import com.google.common.io.Files;
+import com.google.common.io.Resources;
+
+/**
+ * Test privileges per database policy files
+ */
+public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
+ private static final String MULTI_TYPE_DATA_FILE_NAME = "emp.dat";
+ private static final String DB2_POLICY_FILE = "db2-policy-file.ini";
+
+ private Context context;
+
+ @After
+ public void teardown() throws Exception {
+ if (context != null) {
+ context.close();
+ }
+ }
+
+ @Test
+ public void testPerDB() throws Exception {
+ context = createContext();
+ File policyFile = context.getPolicyFile();
+ File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
+ File dataDir = context.getDataDir();
+ //copy data file to test dir
+ File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
+ FileOutputStream to = new FileOutputStream(dataFile);
+ Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
+ to.close();
+ //delete existing policy file; create new policy file
+ assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
+ assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
+
+ String[] policyFileContents = {
+ // groups : role -> group
+ "[groups]",
+ "admin = all_server",
+ "user_group1 = select_tbl1",
+ "user_group2 = select_tbl2",
+ // roles: privileges -> role
+ "[roles]",
+ "all_server = server=server1",
+ "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
+ // users: users -> groups
+ "[users]",
+ "hive = admin",
+ "user_1 = user_group1",
+ "user_2 = user_group2",
+ "[databases]",
+ "db2 = " + db2PolicyFile.getPath(),
+ };
+ context.makeNewPolicy(policyFileContents);
+
+ String[] db2PolicyFileContents = {
+ "[groups]",
+ "user_group2 = select_tbl2",
+ "[roles]",
+ "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
+ };
+ Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
+
+ // setup db objects needed by the test
+ Connection connection = context.createConnection("hive", "hive");
+ Statement statement = context.createStatement(connection);
+
+ statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
+ statement.execute("DROP DATABASE IF EXISTS db2 CASCADE");
+ statement.execute("CREATE DATABASE db1");
+ statement.execute("USE db1");
+ statement.execute("CREATE TABLE tbl1(B INT, A STRING) " +
+ " row format delimited fields terminated by '|' stored as textfile");
+ statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl1");
+ statement.execute("DROP DATABASE IF EXISTS db2 CASCADE");
+ statement.execute("CREATE DATABASE db2");
+ statement.execute("USE db2");
+ statement.execute("CREATE TABLE tbl2(B INT, A STRING) " +
+ " row format delimited fields terminated by '|' stored as textfile");
+ statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl2");
+ statement.close();
+ connection.close();
+
+ // test execution
+ connection = context.createConnection("user_1", "password");
+ statement = context.createStatement(connection);
+ statement.execute("USE db1");
+ // test user1 can execute query on tbl1
+ verifyCount(statement, "SELECT COUNT(*) FROM tbl1");
+
+ // user1 cannot query db2.tbl2
+ context.assertAuthzException(statement, "USE db2");
+ context.assertAuthzException(statement, "SELECT COUNT(*) FROM db2.tbl2");
+ statement.close();
+ connection.close();
+
+ // test per-db file for db2
+
+ connection = context.createConnection("user_2", "password");
+ statement = context.createStatement(connection);
+ statement.execute("USE db2");
+ // test user2 can execute query on tbl2
+ verifyCount(statement, "SELECT COUNT(*) FROM tbl2");
+
+ // user2 cannot query db1.tbl1
+ context.assertAuthzException(statement, "SELECT COUNT(*) FROM db1.tbl1");
+ context.assertAuthzException(statement, "USE db1");
+
+ statement.close();
+ connection.close();
+
+ //test cleanup
+ connection = context.createConnection("hive", "hive");
+ statement = context.createStatement(connection);
+ statement.execute("DROP DATABASE db1 CASCADE");
+ statement.execute("DROP DATABASE db2 CASCADE");
+ statement.close();
+ connection.close();
+ }
+
+ /**
+ * Multiple DB files with some containing badly formatted rules
+ * The privileges should work for good files
+ * No access for bad formatted ones
+ * @throws Exception
+ */
+ @Test
+ public void testMultiPerDBwithErrors() throws Exception {
+ String DB3_POLICY_FILE = "db3-policy-file.ini";
+ String DB4_POLICY_FILE = "db4-policy-file.ini";
+
+ context = createContext();
+ File policyFile = context.getPolicyFile();
+ File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
+ File db3PolicyFile = new File(policyFile.getParent(), DB3_POLICY_FILE);
+ File db4PolicyFile = new File(policyFile.getParent(), DB4_POLICY_FILE);
+ File dataDir = context.getDataDir();
+ //copy data file to test dir
+ File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
+ FileOutputStream to = new FileOutputStream(dataFile);
+ Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
+ to.close();
+ //delete existing policy file; create new policy file
+ assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
+ assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
+
+ String[] policyFileContents = {
+ // groups : role -> group
+ "[groups]",
+ "admin = all_server",
+ "user_group1 = select_tbl1",
+ "user_group2 = select_tbl2",
+ // roles: privileges -> role
+ "[roles]",
+ "all_server = server=server1",
+ "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
+ // users: users -> groups
+ "[users]",
+ "hive = admin",
+ "user_1 = user_group1",
+ "user_2 = user_group2",
+ "user_3 = user_group3",
+ "user_4 = user_group4",
+ "[databases]",
+ "db2 = " + db2PolicyFile.getPath(),
+ "db3 = " + db3PolicyFile.getPath(),
+ "db4 = " + db4PolicyFile.getPath(),
+ };
+ context.makeNewPolicy(policyFileContents);
+
+ String[] db2PolicyFileContents = {
+ "[groups]",
+ "user_group2 = select_tbl2",
+ "[roles]",
+ "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
+ };
+ String[] db3PolicyFileContents = {
+ "[groups]",
+ "user_group3 = select_tbl3_BAD",
+ "[roles]",
+ "select_tbl3_BAD = server=server1->db=db3------>table->action=select"
+ };
+ String[] db4PolicyFileContents = {
+ "[groups]",
+ "user_group4 = select_tbl4",
+ "[roles]",
+ "select_tbl4 = server=server1->db=db4->table=tbl4->action=select"
+ };
+
+ Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
+ Files.write(Joiner.on("\n").join(db3PolicyFileContents), db3PolicyFile, Charsets.UTF_8);
+ Files.write(Joiner.on("\n").join(db4PolicyFileContents), db4PolicyFile, Charsets.UTF_8);
+
+ // setup db objects needed by the test
+ Connection connection = context.createConnection("hive", "hive");
+ Statement statement = context.createStatement(connection);
+
+ statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
+ statement.execute("CREATE DATABASE db1");
+ statement.execute("USE db1");
+ statement.execute("CREATE TABLE tbl1(B INT, A STRING) " +
+ " row format delimited fields terminated by '|' stored as textfile");
+ statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl1");
+
+ statement.execute("DROP DATABASE IF EXISTS db2 CASCADE");
+ statement.execute("CREATE DATABASE db2");
+ statement.execute("USE db2");
+ statement.execute("CREATE TABLE tbl2(B INT, A STRING) " +
+ " row format delimited fields terminated by '|' stored as textfile");
+ statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl2");
+
+ statement.execute("DROP DATABASE IF EXISTS db3 CASCADE");
+ statement.execute("CREATE DATABASE db3");
+ statement.execute("USE db3");
+ statement.execute("CREATE TABLE tbl3(B INT, A STRING) " +
+ " row format delimited fields terminated by '|' stored as textfile");
+ statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl3");
+
+ statement.execute("DROP DATABASE IF EXISTS db4 CASCADE");
+ statement.execute("CREATE DATABASE db4");
+ statement.execute("USE db4");
+ statement.execute("CREATE TABLE tbl4(B INT, A STRING) " +
+ " row format delimited fields terminated by '|' stored as textfile");
+ statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl4");
+
+ statement.close();
+ connection.close();
+
+ // test execution
+ connection = context.createConnection("user_1", "password");
+ statement = context.createStatement(connection);
+ statement.execute("USE db1");
+ // test user1 can execute query on tbl1
+ verifyCount(statement, "SELECT COUNT(*) FROM tbl1");
+ connection.close();
+
+ connection = context.createConnection("user_2", "password");
+ statement = context.createStatement(connection);
+ statement.execute("USE db2");
+ // test user1 can execute query on tbl1
+ verifyCount(statement, "SELECT COUNT(*) FROM tbl2");
+ connection.close();
+
+ // verify no access to db3 due to badly formatted rule in db3 policy file
+ connection = context.createConnection("user_3", "password");
+ statement = context.createStatement(connection);
+ context.assertAuthzException(statement, "USE db3");
+ // test user1 can execute query on tbl1
+ context.assertAuthzException(statement, "SELECT COUNT(*) FROM db3.tbl3");
+ connection.close();
+
+ connection = context.createConnection("user_4", "password");
+ statement = context.createStatement(connection);
+ statement.execute("USE db4");
+ // test user1 can execute query on tbl1
+ verifyCount(statement, "SELECT COUNT(*) FROM tbl4");
+ connection.close();
+
+ //test cleanup
+ connection = context.createConnection("hive", "hive");
+ statement = context.createStatement(connection);
+ statement.execute("DROP DATABASE db1 CASCADE");
+ statement.execute("DROP DATABASE db2 CASCADE");
+ statement.execute("DROP DATABASE db3 CASCADE");
+ statement.execute("DROP DATABASE db4 CASCADE");
+ statement.close();
+ connection.close();
+ }
+
+ @Test
+ public void testPerDBPolicyFileWithURI() throws Exception {
+ context = createContext();
+ File policyFile = context.getPolicyFile();
+ File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
+ File dataDir = context.getDataDir();
+ //copy data file to test dir
+ File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
+ FileOutputStream to = new FileOutputStream(dataFile);
+ Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
+ to.close();
+ //delete existing policy file; create new policy file
+ assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
+ assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
+
+ String[] policyFileContents = {
+ // groups : role -> group
+ "[groups]",
+ "admin = all_server",
+ "user_group1 = select_tbl1",
+ "user_group2 = select_tbl2",
+ // roles: privileges -> role
+ "[roles]",
+ "all_server = server=server1",
+ "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
+ // users: users -> groups
+ "[users]",
+ "hive = admin",
+ "user_1 = user_group1",
+ "user_2 = user_group2",
+ "[databases]",
+ "db2 = " + db2PolicyFile.getPath(),
+ };
+ context.makeNewPolicy(policyFileContents);
+
+ String[] db2PolicyFileContents = {
+ "[groups]",
+ "user_group2 = select_tbl2, data_read, insert_tbl2",
+ "[roles]",
+ "select_tbl2 = server=server1->db=db2->table=tbl2->action=select",
+ "insert_tbl2 = server=server1->db=db2->table=tbl2->action=insert",
+ "data_read = server=server1->URI=file://" + dataFile
+ };
+ Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
+ // ugly hack: needs to go away once this becomes a config property. Note that this property
+ // will not be set with external HS and this test will fail. Hope is this fix will go away
+ // by then.
+ System.setProperty(SimplePolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
+ // setup db objects needed by the test
+ Connection connection = context.createConnection("hive", "hive");
+ Statement statement = context.createStatement(connection);
+
+ statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
+ statement.execute("DROP DATABASE IF EXISTS db2 CASCADE");
+ statement.execute("CREATE DATABASE db1");
+ statement.execute("USE db1");
+ statement.execute("CREATE TABLE tbl1(B INT, A STRING) " +
+ " row format delimited fields terminated by '|' stored as textfile");
+ statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl1");
+ statement.execute("DROP DATABASE IF EXISTS db2 CASCADE");
+ statement.execute("CREATE DATABASE db2");
+ statement.execute("USE db2");
+ statement.execute("CREATE TABLE tbl2(B INT, A STRING) " +
+ " row format delimited fields terminated by '|' stored as textfile");
+ statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl2");
+ statement.close();
+ connection.close();
+
+ // test execution
+ connection = context.createConnection("user_1", "password");
+ statement = context.createStatement(connection);
+ statement.execute("USE db1");
+ // test user1 can execute query on tbl1
+ verifyCount(statement, "SELECT COUNT(*) FROM tbl1");
+
+ // user1 cannot query db2.tbl2
+ context.assertAuthzException(statement, "USE db2");
+ context.assertAuthzException(statement, "SELECT COUNT(*) FROM db2.tbl2");
+ statement.close();
+ connection.close();
+
+ // test per-db file for db2
+ connection = context.createConnection("user_2", "password");
+ statement = context.createStatement(connection);
+ statement.execute("USE db2");
+ // test user2 can execute query on tbl2
+ verifyCount(statement, "SELECT COUNT(*) FROM tbl2");
+
+ // verify user2 can execute LOAD
+ statement.execute("LOAD DATA LOCAL INPATH '" + dataFile.getPath() + "' INTO TABLE tbl2");
+
+ // user2 cannot query db1.tbl1
+ context.assertAuthzException(statement, "SELECT COUNT(*) FROM db1.tbl1");
+ context.assertAuthzException(statement, "USE db1");
+
+ statement.close();
+ connection.close();
+
+ //test cleanup
+ connection = context.createConnection("hive", "hive");
+ statement = context.createStatement(connection);
+ statement.execute("DROP DATABASE db1 CASCADE");
+ statement.execute("DROP DATABASE db2 CASCADE");
+ statement.close();
+ connection.close();
+ System.setProperty(SimplePolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "false");
+ }
+
+ private void verifyCount(Statement statement, String query) throws SQLException {
+ ResultSet resultSet = statement.executeQuery(query);
+ int count = 0;
+ int countRows = 0;
+
+ while (resultSet.next()) {
+ count = resultSet.getInt(1);
+ countRows++;
+ }
+ assertTrue("Incorrect row count", countRows == 1);
+ assertTrue("Incorrect result", count == 12);
+ }
+}
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPerDatabasePolicyFile.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDatabasePolicyFile.java
similarity index 97%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestPerDatabasePolicyFile.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDatabasePolicyFile.java
index f2ec906..8c0fb71 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPerDatabasePolicyFile.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDatabasePolicyFile.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertTrue;
@@ -24,7 +24,7 @@
import java.sql.Connection;
import java.sql.Statement;
-import org.apache.access.provider.file.PolicyFile;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegeAtTransform.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegeAtTransform.java
similarity index 97%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegeAtTransform.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegeAtTransform.java
index 4d71a5f..53f295d 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegeAtTransform.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegeAtTransform.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertTrue;
@@ -24,7 +24,7 @@
import java.sql.Connection;
import java.sql.Statement;
-import org.apache.access.provider.file.PolicyFile;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegesAtDatabaseScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
similarity index 99%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegesAtDatabaseScope.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
index fdf1544..a046c8f 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegesAtDatabaseScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@@ -31,7 +31,7 @@
import junit.framework.Assert;
-import org.apache.access.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegesAtFunctionScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
similarity index 99%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegesAtFunctionScope.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
index f8324b6..90d6214 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegesAtFunctionScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertFalse;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegesAtTableScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
similarity index 99%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegesAtTableScope.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
index dcaa8fe..3da96a0 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestPrivilegesAtTableScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.*;
import static org.junit.Assert.assertEquals;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestRuntimeMetadataRetrieval.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java
similarity index 99%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestRuntimeMetadataRetrieval.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java
index 3a90656..27871a1 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestRuntimeMetadataRetrieval.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestRuntimeMetadataRetrieval.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import java.io.File;
import java.io.FileOutputStream;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestSandboxOps.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSandboxOps.java
similarity index 99%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestSandboxOps.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSandboxOps.java
index 1bec36d..2996eab 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestSandboxOps.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSandboxOps.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
@@ -26,8 +26,8 @@
import java.sql.ResultSet;
import java.sql.Statement;
-import org.apache.access.provider.file.PolicyFile;
import org.apache.hadoop.fs.Path;
+import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSentryOnFailureHookLoading.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSentryOnFailureHookLoading.java
new file mode 100644
index 0000000..139d43f
--- /dev/null
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestSentryOnFailureHookLoading.java
@@ -0,0 +1,133 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.tests.e2e;
+
+import com.google.common.io.Resources;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.HashMap;
+import java.util.Map;
+import junit.framework.Assert;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
+
+public class TestSentryOnFailureHookLoading extends AbstractTestWithHiveServer {
+
+ private Context context;
+ Map<String, String > testProperties;
+ private static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
+
+ @Before
+ public void setup() throws Exception {
+ testProperties = new HashMap<String, String>();
+ testProperties.put(HiveAuthzConf.AuthzConfVars.AUTHZ_ONFAILURE_HOOKS.getVar(),
+ DummySentryOnFailureHook.class.getName());
+ }
+
+ @After
+ public void teardown() throws Exception {
+ if (context != null) {
+ context.close();
+ }
+ }
+
+ /* Admin creates database DB_2
+ * USER_1 tries to drop DB_2, but it has permissions for DB_1.
+ */
+ @Test
+ public void testOnFailureHookLoading() throws Exception {
+
+ // Do not run this test if run with external HiveServer2
+ // This test checks for a static member, which will not
+ // be set if HiveServer2 and the test run in different JVMs
+ String hiveServer2Type = System.getProperty(
+ HiveServerFactory.HIVESERVER2_TYPE);
+ if (hiveServer2Type != null &&
+ HiveServerFactory.HiveServer2Type.valueOf(hiveServer2Type.trim()) !=
+ HiveServerFactory.HiveServer2Type.InternalHiveServer2) {
+ return;
+ }
+
+ context = createContext(testProperties);
+
+ File policyFile = context.getPolicyFile();
+ File dataDir = context.getDataDir();
+ //copy data file to test dir
+ File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
+ FileOutputStream to = new FileOutputStream(dataFile);
+ Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
+ to.close();
+ //delete existing policy file; create new policy file
+ assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
+ // groups : role -> group
+ context.append("[groups]");
+ context.append("admin = all_server");
+ context.append("user_group1 = all_db1, load_data");
+ // roles: privileges -> role
+ context.append("[roles]");
+ context.append("all_server = server=server1");
+ context.append("all_db1 = server=server1->db=DB_1");
+ // users: users -> groups
+ context.append("[users]");
+ context.append("hive = admin");
+ context.append("user_1 = user_group1");
+ // setup db objects needed by the test
+ Connection connection = context.createConnection("hive", "hive");
+ Statement statement = context.createStatement(connection);
+ statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
+ statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
+ statement.execute("CREATE DATABASE DB_1");
+ statement.execute("CREATE DATABASE DB_2");
+ statement.close();
+ connection.close();
+
+ // test execution
+ connection = context.createConnection("user_1", "password");
+ statement = context.createStatement(connection);
+
+ //negative test case: user can't drop another user's database
+ assertFalse(DummySentryOnFailureHook.invoked);
+ try {
+ statement.execute("DROP DATABASE DB_2 CASCADE");
+ Assert.fail("Expected SQL exception");
+ } catch (SQLException e) {
+ assertTrue(DummySentryOnFailureHook.invoked);
+ }
+
+ statement.close();
+ connection.close();
+
+ //test cleanup
+ connection = context.createConnection("hive", "hive");
+ statement = context.createStatement(connection);
+ statement.execute("DROP DATABASE DB_1 CASCADE");
+ statement.execute("DROP DATABASE DB_2 CASCADE");
+ statement.close();
+ connection.close();
+ context.close();
+ }
+}
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestServerConfiguration.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestServerConfiguration.java
similarity index 96%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestServerConfiguration.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestServerConfiguration.java
index 971244a..aaad396 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestServerConfiguration.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestServerConfiguration.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
@@ -29,12 +29,12 @@
import java.sql.Statement;
import java.util.Map;
-import org.apache.access.binding.hive.HiveAuthzBindingSessionHook;
-import org.apache.access.binding.hive.conf.HiveAuthzConf;
-import org.apache.access.provider.file.PolicyFile;
-import org.apache.access.tests.e2e.hiveserver.HiveServerFactory;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
+import org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestUriPermissions.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUriPermissions.java
similarity index 98%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestUriPermissions.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUriPermissions.java
index 6c08617..cd6eb14 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestUriPermissions.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUriPermissions.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import java.sql.Connection;
import java.sql.ResultSet;
@@ -22,7 +22,7 @@
import junit.framework.Assert;
-import org.apache.access.tests.e2e.hiveserver.HiveServerFactory;
+import org.apache.sentry.tests.e2e.hiveserver.HiveServerFactory;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/TestUserManagement.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUserManagement.java
similarity index 99%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/TestUserManagement.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUserManagement.java
index 8f82b97..fba3878 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/TestUserManagement.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestUserManagement.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e;
+package org.apache.sentry.tests.e2e;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/AbstractHiveServer.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/AbstractHiveServer.java
similarity index 97%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/AbstractHiveServer.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/AbstractHiveServer.java
index ae53d7f..0c2fbc3 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/AbstractHiveServer.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/AbstractHiveServer.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e.hiveserver;
+package org.apache.sentry.tests.e2e.hiveserver;
import java.sql.Connection;
import java.sql.DriverManager;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/EmbeddedHiveServer.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/EmbeddedHiveServer.java
similarity index 96%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/EmbeddedHiveServer.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/EmbeddedHiveServer.java
index 9052f00..48c112c 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/EmbeddedHiveServer.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/EmbeddedHiveServer.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e.hiveserver;
+package org.apache.sentry.tests.e2e.hiveserver;
import org.apache.hadoop.hive.metastore.HiveMetaStore;
import org.fest.reflect.core.Reflection;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/ExternalHiveServer.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/ExternalHiveServer.java
similarity index 94%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/ExternalHiveServer.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/ExternalHiveServer.java
index 28b82dc..6065002 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/ExternalHiveServer.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/ExternalHiveServer.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e.hiveserver;
+package org.apache.sentry.tests.e2e.hiveserver;
import java.io.BufferedReader;
import java.io.File;
@@ -107,13 +107,13 @@
String clazzPath = Preconditions.checkNotNull(System.getProperty("java.class.path"), "java.class.path");
String sep = Preconditions.checkNotNull(System.getProperty("path.separator"), "path.separator");
for(String item : Splitter.on(sep).omitEmptyStrings().trimResults().split(clazzPath)) {
- if(item.endsWith("/access-tests/target/classes") ||
- item.endsWith("/access-tests/target/test-classes")) {
+ if(item.endsWith("/sentry-tests/target/classes") ||
+ item.endsWith("/sentry-tests/target/test-classes")) {
result.add(item);
} else {
File clazzPathItem = new File(item);
String fileName = clazzPathItem.getName();
- if(clazzPathItem.isFile() && fileName.startsWith("access-") && fileName.endsWith(".jar")) {
+ if(clazzPathItem.isFile() && fileName.startsWith("sentry-") && fileName.endsWith(".jar")) {
result.add(item);
}
}
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/HiveServer.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/HiveServer.java
similarity index 95%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/HiveServer.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/HiveServer.java
index 58e161e..ce4b3e8 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/HiveServer.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/HiveServer.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e.hiveserver;
+package org.apache.sentry.tests.e2e.hiveserver;
public interface HiveServer {
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/HiveServerFactory.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/HiveServerFactory.java
similarity index 92%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/HiveServerFactory.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/HiveServerFactory.java
index 873176c..5292eaa 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/HiveServerFactory.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/HiveServerFactory.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e.hiveserver;
+package org.apache.sentry.tests.e2e.hiveserver;
import java.io.File;
import java.io.FileOutputStream;
@@ -24,12 +24,13 @@
import java.net.URL;
import java.util.Map;
-import org.apache.access.binding.hive.conf.HiveAuthzConf;
-import org.apache.access.provider.file.LocalGroupResourceAuthorizationProvider;
+import com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
+import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
+import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
import org.fest.reflect.core.Reflection;
import org.junit.Assert;
import org.slf4j.Logger;
@@ -42,8 +43,8 @@
.getLogger(HiveServerFactory.class);
private static final String HIVE_DRIVER_NAME = "org.apache.hive.jdbc.HiveDriver";
private static final String DERBY_DRIVER_NAME = "org.apache.derby.jdbc.EmbeddedDriver";
- public static final String HIVESERVER2_TYPE = "access.e2etest.hiveServer2Type";
- public static final String KEEP_BASEDIR = "access.e2etest.keepBaseDir";
+ public static final String HIVESERVER2_TYPE = "sentry.e2etest.hiveServer2Type";
+ public static final String KEEP_BASEDIR = "sentry.e2etest.keepBaseDir";
public static final String METASTORE_CONNECTION_URL = HiveConf.ConfVars.METASTORECONNECTURLKEY.varname;
public static final String WAREHOUSE_DIR = HiveConf.ConfVars.METASTOREWAREHOUSE.varname;
public static final String AUTHZ_PROVIDER = HiveAuthzConf.AuthzConfVars.AUTHZ_PROVIDER.getVar();
@@ -148,7 +149,7 @@
.in(HiveConf.class)
.set(null);
HiveConf hiveConf = new HiveConf();
- HiveAuthzConf authzConf = new HiveAuthzConf(Resources.getResource("access-site.xml"));
+ HiveAuthzConf authzConf = new HiveAuthzConf(Resources.getResource("sentry-site.xml"));
for(Map.Entry<String, String> entry : properties.entrySet()) {
LOGGER.info(entry.getKey() + " => " + entry.getValue());
hiveConf.set(entry.getKey(), entry.getValue());
@@ -161,8 +162,10 @@
out.close();
// points hive-site.xml at access-site.xml
hiveConf.set(HiveAuthzConf.HIVE_ACCESS_CONF_URL, accessSite.toURI().toURL().toExternalForm());
- hiveConf.set(HiveConf.ConfVars.HIVE_SERVER2_SESSION_HOOK.varname,
- "org.apache.access.binding.hive.HiveAuthzBindingSessionHook");
+ if(!properties.containsKey(HiveConf.ConfVars.HIVE_SERVER2_SESSION_HOOK.varname)) {
+ hiveConf.set(HiveConf.ConfVars.HIVE_SERVER2_SESSION_HOOK.varname,
+ "org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook");
+ }
out = new FileOutputStream(hiveSite);
hiveConf.writeXml(out);
out.close();
@@ -196,7 +199,8 @@
return port;
}
- private static enum HiveServer2Type {
+ @VisibleForTesting
+ public static enum HiveServer2Type {
EmbeddedHiveServer2, // Embedded HS2, directly executed by JDBC, without thrift
InternalHiveServer2, // Start a thrift HS2 in the same process
ExternalHiveServer2, // start a remote thrift HS2
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/InternalHiveServer.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/InternalHiveServer.java
similarity index 97%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/InternalHiveServer.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/InternalHiveServer.java
index 50739c7..7e0fed7 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/InternalHiveServer.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/InternalHiveServer.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.access.tests.e2e.hiveserver;
+package org.apache.sentry.tests.e2e.hiveserver;
import java.io.IOException;
import org.apache.hadoop.hive.conf.HiveConf;
diff --git a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/UnmanagedHiveServer.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/UnmanagedHiveServer.java
similarity index 95%
rename from access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/UnmanagedHiveServer.java
rename to sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/UnmanagedHiveServer.java
index 7691e29..288d2f7 100644
--- a/access-tests/src/test/java/org/apache/access/tests/e2e/hiveserver/UnmanagedHiveServer.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/hiveserver/UnmanagedHiveServer.java
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.access.tests.e2e.hiveserver;
+package org.apache.sentry.tests.e2e.hiveserver;
import org.apache.hadoop.hive.conf.HiveConf;
diff --git a/access-tests/src/test/resources/access-site.xml b/sentry-tests/src/test/resources/access-site.xml
similarity index 100%
rename from access-tests/src/test/resources/access-site.xml
rename to sentry-tests/src/test/resources/access-site.xml
diff --git a/access-tests/src/test/resources/emp.dat b/sentry-tests/src/test/resources/emp.dat
similarity index 100%
rename from access-tests/src/test/resources/emp.dat
rename to sentry-tests/src/test/resources/emp.dat
diff --git a/access-tests/src/test/resources/hive-site.xml b/sentry-tests/src/test/resources/hive-site.xml
similarity index 100%
rename from access-tests/src/test/resources/hive-site.xml
rename to sentry-tests/src/test/resources/hive-site.xml
diff --git a/access-tests/src/test/resources/kv1.dat b/sentry-tests/src/test/resources/kv1.dat
similarity index 100%
rename from access-tests/src/test/resources/kv1.dat
rename to sentry-tests/src/test/resources/kv1.dat
diff --git a/access-tests/src/test/resources/log4j.properties b/sentry-tests/src/test/resources/log4j.properties
similarity index 100%
rename from access-tests/src/test/resources/log4j.properties
rename to sentry-tests/src/test/resources/log4j.properties
diff --git a/access-binding/access-binding-hive/src/test/resources/access-site.xml b/sentry-tests/src/test/resources/sentry-site.xml
similarity index 80%
copy from access-binding/access-binding-hive/src/test/resources/access-site.xml
copy to sentry-tests/src/test/resources/sentry-site.xml
index 6a5ddff..de0c9cf 100644
--- a/access-binding/access-binding-hive/src/test/resources/access-site.xml
+++ b/sentry-tests/src/test/resources/sentry-site.xml
@@ -19,16 +19,15 @@
<configuration>
<property>
- <name>hive.access.provider</name>
- <value>org.apache.access.provider.file.fooProvider</value>
+ <name>hive.sentry.provider</name>
+ <value>invalid</value>
</property>
<property>
- <name>hive.access.provider.resource</name>
- <value>classpath:test-authz-provider.ini</value>
+ <name>hive.sentry.provider.resource</name>
+ <value>invalid</value>
</property>
<property>
- <name>hive.access.server</name>
+ <name>hive.sentry.server</name>
<value>myHS2</value>
</property>
</configuration>
-
diff --git a/access-tests/src/test/resources/test-authz-provider.ini b/sentry-tests/src/test/resources/test-authz-provider.ini
similarity index 100%
rename from access-tests/src/test/resources/test-authz-provider.ini
rename to sentry-tests/src/test/resources/test-authz-provider.ini