sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestFileLoggingSentryStore.java - sentry - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.sentry.provider.db.service.persistent;

 import static junit.framework.Assert.assertEquals;

 import java.util.HashSet;
 import java.util.Set;

 import org.apache.hadoop.conf.Configuration;
 import org.apache.sentry.core.model.db.AccessConstants;
 import org.apache.sentry.provider.db.SentryInvalidInputException;
 import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
 import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
 import org.junit.Test;

 import com.google.common.collect.Sets;
 import com.google.common.io.Files;

 public class TestFileLoggingSentryStore extends TestInMemSentryStore{

   private String logDir;

   @Override
   public void setup() throws Exception {
     super.setup();
     logDir = Files.createTempDir().getAbsolutePath();
     Configuration conf = new Configuration(false);
     conf.set(FileLog.SENTRY_FILE_LOG_STORE_LOCATION, logDir);
     sentryStore = new SentryStoreWithLocalLock(new SentryStoreWithFileLog(sentryStore));
   }

   @Test
   public void testPersistence() throws Exception {
     String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2";
     String groupName1 = "list-privs-g1", groupName2 = "list-privs-g2";
     String grantor = "g1";
     long seqId = sentryStore.createSentryRole(roleName1).getSequenceId();
     assertEquals(seqId + 1, sentryStore.createSentryRole(roleName2).getSequenceId());
     TSentryPrivilege privilege1 = new TSentryPrivilege();
     privilege1.setPrivilegeScope("TABLE");
     privilege1.setServerName("server1");
     privilege1.setDbName("db1");
     privilege1.setTableName("tbl1");
     privilege1.setAction("SELECT");
     privilege1.setCreateTime(System.currentTimeMillis());
     assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1)
         .getSequenceId());
     assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege1)
         .getSequenceId());
     TSentryPrivilege privilege2 = new TSentryPrivilege();
     privilege2.setPrivilegeScope("SERVER");
     privilege2.setServerName("server1");
     privilege2.setAction(AccessConstants.ALL);
     privilege2.setCreateTime(System.currentTimeMillis());
     assertEquals(seqId + 4, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege2)
         .getSequenceId());
     Set<TSentryGroup> groups = Sets.newHashSet();
     TSentryGroup group = new TSentryGroup();
     group.setGroupName(groupName1);
     groups.add(group);
     assertEquals(seqId + 5, sentryStore.alterSentryRoleAddGroups(grantor,
         roleName1, groups).getSequenceId());
     groups.clear();
     group = new TSentryGroup();
     group.setGroupName(groupName2);
     groups.add(group);
     // group 2 has both roles 1 and 2
     assertEquals(seqId + 6, sentryStore.alterSentryRoleAddGroups(grantor,
         roleName1, groups).getSequenceId());
     assertEquals(seqId + 7, sentryStore.alterSentryRoleAddGroups(grantor,
         roleName2, groups).getSequenceId());
     verifyStore(roleName1, roleName2, groupName1, groupName2);

     // KILL The store and restart using same directory..
     Configuration conf = new Configuration(false);
     conf.set(FileLog.SENTRY_FILE_LOG_STORE_LOCATION, logDir);
     sentryStore = new SentryStoreWithLocalLock(new SentryStoreWithFileLog(sentryStore));

     verifyStore(roleName1, roleName2, groupName1, groupName2);
   }

   private void verifyStore(String roleName1, String roleName2,
       String groupName1, String groupName2) throws SentryInvalidInputException {
     // group1 all roles
     assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
             new TSentryActiveRoleSet(true, new HashSet<String>()))));
     // one active role
     assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
             new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
     // unknown active role
     assertEquals(Sets.newHashSet(),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
             new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
     // no active roles
     assertEquals(Sets.newHashSet(),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
             new TSentryActiveRoleSet(false, new HashSet<String>()))));

     // group2 all roles
     assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select", "server=server1"),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
             new TSentryActiveRoleSet(true, new HashSet<String>()))));
     // one active role
     assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
             new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
     assertEquals(Sets.newHashSet(
         "server=server1->db=db1->table=tbl1->action=select", "server=server1"),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
             new TSentryActiveRoleSet(false, Sets.newHashSet(roleName2)))));
     // unknown active role
     assertEquals(Sets.newHashSet(),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
             new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
     // no active roles
     assertEquals(Sets.newHashSet(),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
             new TSentryActiveRoleSet(false, new HashSet<String>()))));

     // both groups, all active roles
     assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select", "server=server1"),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.
             newHashSet(groupName1, groupName2),
             new TSentryActiveRoleSet(true, new HashSet<String>()))));
     // one active role
     assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.
             newHashSet(groupName1, groupName2),
             new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
     assertEquals(Sets.newHashSet(
         "server=server1->db=db1->table=tbl1->action=select", "server=server1"),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.
             newHashSet(groupName1, groupName2),
             new TSentryActiveRoleSet(false, Sets.newHashSet(roleName2)))));
     // unknown active role
     assertEquals(Sets.newHashSet(),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.
             newHashSet(groupName1, groupName2),
             new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
 //    // no active roles
     assertEquals(Sets.newHashSet(),
         StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.
             newHashSet(groupName1, groupName2),
             new TSentryActiveRoleSet(false, new HashSet<String>()))));
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.sentry.provider.db.service.persistent;

	import static junit.framework.Assert.assertEquals;

	import java.util.HashSet;
	import java.util.Set;

	import org.apache.hadoop.conf.Configuration;
	import org.apache.sentry.core.model.db.AccessConstants;
	import org.apache.sentry.provider.db.SentryInvalidInputException;
	import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
	import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
	import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
	import org.junit.Test;

	import com.google.common.collect.Sets;
	import com.google.common.io.Files;

	public class TestFileLoggingSentryStore extends TestInMemSentryStore{

	private String logDir;

	@Override
	public void setup() throws Exception {
	super.setup();
	logDir = Files.createTempDir().getAbsolutePath();
	Configuration conf = new Configuration(false);
	conf.set(FileLog.SENTRY_FILE_LOG_STORE_LOCATION, logDir);
	sentryStore = new SentryStoreWithLocalLock(new SentryStoreWithFileLog(sentryStore));
	}

	@Test
	public void testPersistence() throws Exception {
	String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2";
	String groupName1 = "list-privs-g1", groupName2 = "list-privs-g2";
	String grantor = "g1";
	long seqId = sentryStore.createSentryRole(roleName1).getSequenceId();
	assertEquals(seqId + 1, sentryStore.createSentryRole(roleName2).getSequenceId());
	TSentryPrivilege privilege1 = new TSentryPrivilege();
	privilege1.setPrivilegeScope("TABLE");
	privilege1.setServerName("server1");
	privilege1.setDbName("db1");
	privilege1.setTableName("tbl1");
	privilege1.setAction("SELECT");
	privilege1.setCreateTime(System.currentTimeMillis());
	assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1)
	.getSequenceId());
	assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege1)
	.getSequenceId());
	TSentryPrivilege privilege2 = new TSentryPrivilege();
	privilege2.setPrivilegeScope("SERVER");
	privilege2.setServerName("server1");
	privilege2.setAction(AccessConstants.ALL);
	privilege2.setCreateTime(System.currentTimeMillis());
	assertEquals(seqId + 4, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege2)
	.getSequenceId());
	Set<TSentryGroup> groups = Sets.newHashSet();
	TSentryGroup group = new TSentryGroup();
	group.setGroupName(groupName1);
	groups.add(group);
	assertEquals(seqId + 5, sentryStore.alterSentryRoleAddGroups(grantor,
	roleName1, groups).getSequenceId());
	groups.clear();
	group = new TSentryGroup();
	group.setGroupName(groupName2);
	groups.add(group);
	// group 2 has both roles 1 and 2
	assertEquals(seqId + 6, sentryStore.alterSentryRoleAddGroups(grantor,
	roleName1, groups).getSequenceId());
	assertEquals(seqId + 7, sentryStore.alterSentryRoleAddGroups(grantor,
	roleName2, groups).getSequenceId());
	verifyStore(roleName1, roleName2, groupName1, groupName2);

	// KILL The store and restart using same directory..
	Configuration conf = new Configuration(false);
	conf.set(FileLog.SENTRY_FILE_LOG_STORE_LOCATION, logDir);
	sentryStore = new SentryStoreWithLocalLock(new SentryStoreWithFileLog(sentryStore));

	verifyStore(roleName1, roleName2, groupName1, groupName2);
	}

	private void verifyStore(String roleName1, String roleName2,
	String groupName1, String groupName2) throws SentryInvalidInputException {
	// group1 all roles
	assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
	new TSentryActiveRoleSet(true, new HashSet<String>()))));
	// one active role
	assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
	new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
	// unknown active role
	assertEquals(Sets.newHashSet(),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
	new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
	// no active roles
	assertEquals(Sets.newHashSet(),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
	new TSentryActiveRoleSet(false, new HashSet<String>()))));

	// group2 all roles
	assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select", "server=server1"),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
	new TSentryActiveRoleSet(true, new HashSet<String>()))));
	// one active role
	assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
	new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
	assertEquals(Sets.newHashSet(
	"server=server1->db=db1->table=tbl1->action=select", "server=server1"),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
	new TSentryActiveRoleSet(false, Sets.newHashSet(roleName2)))));
	// unknown active role
	assertEquals(Sets.newHashSet(),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
	new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
	// no active roles
	assertEquals(Sets.newHashSet(),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
	new TSentryActiveRoleSet(false, new HashSet<String>()))));

	// both groups, all active roles
	assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select", "server=server1"),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.
	newHashSet(groupName1, groupName2),
	new TSentryActiveRoleSet(true, new HashSet<String>()))));
	// one active role
	assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.
	newHashSet(groupName1, groupName2),
	new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
	assertEquals(Sets.newHashSet(
	"server=server1->db=db1->table=tbl1->action=select", "server=server1"),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.
	newHashSet(groupName1, groupName2),
	new TSentryActiveRoleSet(false, Sets.newHashSet(roleName2)))));
	// unknown active role
	assertEquals(Sets.newHashSet(),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.
	newHashSet(groupName1, groupName2),
	new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
	// // no active roles
	assertEquals(Sets.newHashSet(),
	StoreUtils.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.
	newHashSet(groupName1, groupName2),
	new TSentryActiveRoleSet(false, new HashSet<String>()))));
	}
	}