sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestSentryRole.java - sentry - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.sentry.provider.db.generic.service.persistent;

 import static junit.framework.Assert.assertEquals;
 import static junit.framework.Assert.assertTrue;
 import static junit.framework.Assert.fail;

 import java.io.File;
 import java.util.Arrays;
 import java.util.Properties;

 import javax.jdo.JDOHelper;
 import javax.jdo.PersistenceManager;
 import javax.jdo.PersistenceManagerFactory;
 import javax.jdo.Query;
 import javax.jdo.Transaction;

 import org.apache.commons.io.FileUtils;
 import org.apache.sentry.core.model.search.Collection;
 import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
 import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
 import org.apache.sentry.provider.db.service.model.MSentryRole;
 import org.apache.sentry.provider.db.service.persistent.SentryStore;
 import org.apache.sentry.provider.db.service.persistent.StoreUtils;
 import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;

 import com.google.common.base.Preconditions;
 import com.google.common.io.Files;
 /**
  * The class tests that the new feature SENTRY-398 generic model adds the new field in the MSentryRole
  * will not affect the functionality of the origin hive/impala authorization model
  */
 public class TestSentryRole {
   private static PersistenceManagerFactory pmf;
   private static File dataDir;

   @Before
   public void setup() throws Exception {
     dataDir = new File(Files.createTempDir(), "sentry_policy_db");
     Properties prop = new Properties();
     prop.setProperty(ServerConfig.JAVAX_JDO_URL, "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true");
     prop.setProperty(ServerConfig.JAVAX_JDO_USER, "Sentry");
     prop.setProperty(ServerConfig.JAVAX_JDO_PASS, "Sentry");
     prop.setProperty(ServerConfig.JAVAX_JDO_DRIVER_NAME, "org.apache.derby.jdbc.EmbeddedDriver");
     prop.setProperty("datanucleus.autoCreateSchema", "true");
     prop.setProperty("datanucleus.fixedDatastore", "false");
     prop.setProperty("datanucleus.NontransactionalRead", "false");
     prop.setProperty("datanucleus.NontransactionalWrite", "false");
     pmf = JDOHelper.getPersistenceManagerFactory(prop);
   }

   @After
   public void tearDown() throws Exception {
     pmf.close();
     FileUtils.deleteQuietly(dataDir);
   }

   @Test
   public void grantMixedPrivilegeTest() throws Exception {
     String roleName = "r1";
     //hive/impala privilege
     MSentryPrivilege hivePrivilege = new MSentryPrivilege();
     hivePrivilege.setServerName("hive.server1");
     hivePrivilege.setDbName("db1");
     hivePrivilege.setTableName("tb1");
     hivePrivilege.setPrivilegeScope("table");
     hivePrivilege.setAction("select");
     hivePrivilege.setGrantOption(true);
     //solr privilege
     MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
     solrPrivilege.setComponentName("solr");
     solrPrivilege.setServiceName("solr.server1");
     solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
     solrPrivilege.setAction("query");
     solrPrivilege.setGrantOption(true);

     PersistenceManager pm = null;
     //create role
     pm = openTransaction();
     pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
     commitTransaction(pm);
     //add hivePrivilege to role
     pm = openTransaction();
     MSentryRole role = getMSentryRole(pm, roleName);
     hivePrivilege.appendRole(role);
     pm.makePersistent(hivePrivilege);
     commitTransaction(pm);
     //check hivePrivlege and solrPrivilege
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     assertEquals(1, role.getPrivileges().size());
     assertEquals(0, role.getGmPrivileges().size());
     commitTransaction(pm);
     //add solrPrivilege to role
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     solrPrivilege.appendRole(role);
     pm.makePersistent(solrPrivilege);
     commitTransaction(pm);
     //check hivePrivlege and solrPrivilege
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     assertEquals(1, role.getPrivileges().size());
     assertEquals(1, role.getGmPrivileges().size());
     commitTransaction(pm);
   }

   @Test
   public void testWantGrantPrivilegeTwice() throws Exception {
     String roleName = "r1";
     //hive/impala privilege
     MSentryPrivilege hivePrivilege = new MSentryPrivilege();
     hivePrivilege.setServerName("hive.server1");
     hivePrivilege.setDbName("db1");
     hivePrivilege.setTableName("tb1");
     hivePrivilege.setPrivilegeScope("table");
     hivePrivilege.setAction("select");
     hivePrivilege.setURI(StoreUtils.NULL_COL);
     hivePrivilege.setColumnName(StoreUtils.NULL_COL);
     hivePrivilege.setGrantOption(true);
     //The same hivePrivilege
     MSentryPrivilege hivePrivilege2 = new MSentryPrivilege(hivePrivilege);
     //solr privilege
     MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
     solrPrivilege.setComponentName("solr");
     solrPrivilege.setServiceName("solr.server1");
     solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
     solrPrivilege.setAction("query");
     solrPrivilege.setGrantOption(true);
     //The same solrPrivilege
     MSentryGMPrivilege solrPrivilege2 = new MSentryGMPrivilege(solrPrivilege);

     PersistenceManager pm = null;
     //create role
     pm = openTransaction();
     pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
     commitTransaction(pm);

     //grant hivePrivilege and solrPrivilege to role
     pm = openTransaction();
     MSentryRole role = getMSentryRole(pm, roleName);
     solrPrivilege.appendRole(role);
     hivePrivilege.appendRole(role);
     pm.makePersistent(solrPrivilege);
     pm.makePersistent(hivePrivilege);
     commitTransaction(pm);
     //check
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     assertEquals(1, role.getPrivileges().size());
     assertEquals(1, role.getGmPrivileges().size());
     commitTransaction(pm);

     //want to grant the same hivePrivilege and solrPrivilege to role again
     //hivePrivilege2 is equal to hivePrivilege
     //solrPrivilege2 is equal to solrPrivilege
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     if (!role.getGmPrivileges().contains(solrPrivilege2)) {
       fail("unexpect happend: the MSentryGMPrivilege:" + solrPrivilege2 + " already be granted");
     }
     if (!role.getPrivileges().contains(hivePrivilege2)) {
       fail("unexpect happend: the MSentryPrivilege:" + hivePrivilege2 + " already be granted");
     }
     commitTransaction(pm);
   }

   @Test
   public void testMixedRevokePrivilege() throws Exception {
     String roleName = "r1";
     //hive/impala privilege
     MSentryPrivilege hivePrivilege = new MSentryPrivilege();
     hivePrivilege.setServerName("hive.server1");
     hivePrivilege.setDbName("db1");
     hivePrivilege.setTableName("tb1");
     hivePrivilege.setPrivilegeScope("table");
     hivePrivilege.setAction("select");
     hivePrivilege.setURI(StoreUtils.NULL_COL);
     hivePrivilege.setColumnName(StoreUtils.NULL_COL);
     hivePrivilege.setGrantOption(true);

     //solr privilege
     MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
     solrPrivilege.setComponentName("solr");
     solrPrivilege.setServiceName("solr.server1");
     solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
     solrPrivilege.setAction("query");
     solrPrivilege.setGrantOption(true);

     PersistenceManager pm = null;
     //create role
     pm = openTransaction();
     pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
     commitTransaction(pm);

     //grant hivePrivilege and solrPrivilege to role
     pm = openTransaction();
     MSentryRole role = getMSentryRole(pm, roleName);
     hivePrivilege.appendRole(role);
     solrPrivilege.appendRole(role);
     pm.makePersistent(hivePrivilege);
     pm.makePersistent(solrPrivilege);
     commitTransaction(pm);

     //check
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     assertEquals(1, role.getPrivileges().size());
     assertEquals(1, role.getGmPrivileges().size());
     commitTransaction(pm);

     //revoke solrPrivilege from role
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     solrPrivilege = (MSentryGMPrivilege)role.getGmPrivileges().toArray()[0];
     solrPrivilege.removeRole(role);
     pm.makePersistent(solrPrivilege);
     commitTransaction(pm);

     //check
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     assertEquals(1, role.getPrivileges().size());
     assertEquals(0, role.getGmPrivileges().size());
     commitTransaction(pm);

     //revoke hivePrivilege from role
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     hivePrivilege = (MSentryPrivilege)role.getPrivileges().toArray()[0];
     hivePrivilege.removeRole(role);
     pm.makePersistent(hivePrivilege);
     commitTransaction(pm);

     //check
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     assertEquals(0, role.getPrivileges().size());
     assertEquals(0, role.getGmPrivileges().size());
     commitTransaction(pm);
   }

   @Test
   public void testDeletePrivilegeAndRole() throws Exception {
     String roleName = "r1";
     //hive/impala privilege
     MSentryPrivilege hivePrivilege = new MSentryPrivilege();
     hivePrivilege.setServerName("hive.server1");
     hivePrivilege.setDbName("db1");
     hivePrivilege.setTableName("tb1");
     hivePrivilege.setPrivilegeScope("table");
     hivePrivilege.setAction("select");
     hivePrivilege.setURI(StoreUtils.NULL_COL);
     hivePrivilege.setColumnName(StoreUtils.NULL_COL);
     hivePrivilege.setGrantOption(true);

     //solr privilege
     MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
     solrPrivilege.setComponentName("solr");
     solrPrivilege.setServiceName("solr.server1");
     solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
     solrPrivilege.setAction("query");
     solrPrivilege.setGrantOption(true);

     PersistenceManager pm = null;
     //create role
     pm = openTransaction();
     pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
     commitTransaction(pm);

     //grant hivePrivilege and solrPrivilege to role
     pm = openTransaction();
     MSentryRole role = getMSentryRole(pm, roleName);
     hivePrivilege.appendRole(role);
     solrPrivilege.appendRole(role);
     pm.makePersistent(hivePrivilege);
     pm.makePersistent(solrPrivilege);
     commitTransaction(pm);

     //check
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     assertEquals(1, role.getPrivileges().size());
     assertEquals(1, role.getGmPrivileges().size());
     commitTransaction(pm);

     //remove all privileges
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     role.removeGMPrivileges();
     role.removePrivileges();
     pm.makePersistent(role);
     commitTransaction(pm);

     //check
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.retrieve(role);
     assertEquals(0, role.getPrivileges().size());
     assertEquals(0, role.getGmPrivileges().size());
     commitTransaction(pm);

     //delete role
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     pm.deletePersistent(role);
     commitTransaction(pm);

     //check
     pm = openTransaction();
     role = getMSentryRole(pm, roleName);
     assertTrue(role == null);
     commitTransaction(pm);
   }

   private PersistenceManager openTransaction() {
     PersistenceManager pm = pmf.getPersistenceManager();
     Transaction currentTransaction = pm.currentTransaction();
     currentTransaction.begin();
     return pm;
   }

   private void commitTransaction(PersistenceManager pm) {
     Transaction currentTransaction = pm.currentTransaction();
     try {
       Preconditions.checkState(currentTransaction.isActive(), "Transaction is not active");
       currentTransaction.commit();
     } finally {
       pm.close();
     }
   }

   private MSentryRole getMSentryRole(PersistenceManager pm, String roleName) {
     Query query = pm.newQuery(MSentryRole.class);
     query.setFilter("this.roleName == t");
     query.declareParameters("java.lang.String t");
     query.setUnique(true);
     MSentryRole sentryRole = (MSentryRole) query.execute(roleName);
     return sentryRole;
   }


 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.sentry.provider.db.generic.service.persistent;

	import static junit.framework.Assert.assertEquals;
	import static junit.framework.Assert.assertTrue;
	import static junit.framework.Assert.fail;

	import java.io.File;
	import java.util.Arrays;
	import java.util.Properties;

	import javax.jdo.JDOHelper;
	import javax.jdo.PersistenceManager;
	import javax.jdo.PersistenceManagerFactory;
	import javax.jdo.Query;
	import javax.jdo.Transaction;

	import org.apache.commons.io.FileUtils;
	import org.apache.sentry.core.model.search.Collection;
	import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
	import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
	import org.apache.sentry.provider.db.service.model.MSentryRole;
	import org.apache.sentry.provider.db.service.persistent.SentryStore;
	import org.apache.sentry.provider.db.service.persistent.StoreUtils;
	import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
	import org.junit.After;
	import org.junit.AfterClass;
	import org.junit.Before;
	import org.junit.BeforeClass;
	import org.junit.Test;

	import com.google.common.base.Preconditions;
	import com.google.common.io.Files;
	/**
	* The class tests that the new feature SENTRY-398 generic model adds the new field in the MSentryRole
	* will not affect the functionality of the origin hive/impala authorization model
	*/
	public class TestSentryRole {
	private static PersistenceManagerFactory pmf;
	private static File dataDir;

	@Before
	public void setup() throws Exception {
	dataDir = new File(Files.createTempDir(), "sentry_policy_db");
	Properties prop = new Properties();
	prop.setProperty(ServerConfig.JAVAX_JDO_URL, "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true");
	prop.setProperty(ServerConfig.JAVAX_JDO_USER, "Sentry");
	prop.setProperty(ServerConfig.JAVAX_JDO_PASS, "Sentry");
	prop.setProperty(ServerConfig.JAVAX_JDO_DRIVER_NAME, "org.apache.derby.jdbc.EmbeddedDriver");
	prop.setProperty("datanucleus.autoCreateSchema", "true");
	prop.setProperty("datanucleus.fixedDatastore", "false");
	prop.setProperty("datanucleus.NontransactionalRead", "false");
	prop.setProperty("datanucleus.NontransactionalWrite", "false");
	pmf = JDOHelper.getPersistenceManagerFactory(prop);
	}

	@After
	public void tearDown() throws Exception {
	pmf.close();
	FileUtils.deleteQuietly(dataDir);
	}

	@Test
	public void grantMixedPrivilegeTest() throws Exception {
	String roleName = "r1";
	//hive/impala privilege
	MSentryPrivilege hivePrivilege = new MSentryPrivilege();
	hivePrivilege.setServerName("hive.server1");
	hivePrivilege.setDbName("db1");
	hivePrivilege.setTableName("tb1");
	hivePrivilege.setPrivilegeScope("table");
	hivePrivilege.setAction("select");
	hivePrivilege.setGrantOption(true);
	//solr privilege
	MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
	solrPrivilege.setComponentName("solr");
	solrPrivilege.setServiceName("solr.server1");
	solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
	solrPrivilege.setAction("query");
	solrPrivilege.setGrantOption(true);

	PersistenceManager pm = null;
	//create role
	pm = openTransaction();
	pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
	commitTransaction(pm);
	//add hivePrivilege to role
	pm = openTransaction();
	MSentryRole role = getMSentryRole(pm, roleName);
	hivePrivilege.appendRole(role);
	pm.makePersistent(hivePrivilege);
	commitTransaction(pm);
	//check hivePrivlege and solrPrivilege
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	assertEquals(1, role.getPrivileges().size());
	assertEquals(0, role.getGmPrivileges().size());
	commitTransaction(pm);
	//add solrPrivilege to role
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	solrPrivilege.appendRole(role);
	pm.makePersistent(solrPrivilege);
	commitTransaction(pm);
	//check hivePrivlege and solrPrivilege
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	assertEquals(1, role.getPrivileges().size());
	assertEquals(1, role.getGmPrivileges().size());
	commitTransaction(pm);
	}

	@Test
	public void testWantGrantPrivilegeTwice() throws Exception {
	String roleName = "r1";
	//hive/impala privilege
	MSentryPrivilege hivePrivilege = new MSentryPrivilege();
	hivePrivilege.setServerName("hive.server1");
	hivePrivilege.setDbName("db1");
	hivePrivilege.setTableName("tb1");
	hivePrivilege.setPrivilegeScope("table");
	hivePrivilege.setAction("select");
	hivePrivilege.setURI(StoreUtils.NULL_COL);
	hivePrivilege.setColumnName(StoreUtils.NULL_COL);
	hivePrivilege.setGrantOption(true);
	//The same hivePrivilege
	MSentryPrivilege hivePrivilege2 = new MSentryPrivilege(hivePrivilege);
	//solr privilege
	MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
	solrPrivilege.setComponentName("solr");
	solrPrivilege.setServiceName("solr.server1");
	solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
	solrPrivilege.setAction("query");
	solrPrivilege.setGrantOption(true);
	//The same solrPrivilege
	MSentryGMPrivilege solrPrivilege2 = new MSentryGMPrivilege(solrPrivilege);

	PersistenceManager pm = null;
	//create role
	pm = openTransaction();
	pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
	commitTransaction(pm);

	//grant hivePrivilege and solrPrivilege to role
	pm = openTransaction();
	MSentryRole role = getMSentryRole(pm, roleName);
	solrPrivilege.appendRole(role);
	hivePrivilege.appendRole(role);
	pm.makePersistent(solrPrivilege);
	pm.makePersistent(hivePrivilege);
	commitTransaction(pm);
	//check
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	assertEquals(1, role.getPrivileges().size());
	assertEquals(1, role.getGmPrivileges().size());
	commitTransaction(pm);

	//want to grant the same hivePrivilege and solrPrivilege to role again
	//hivePrivilege2 is equal to hivePrivilege
	//solrPrivilege2 is equal to solrPrivilege
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	if (!role.getGmPrivileges().contains(solrPrivilege2)) {
	fail("unexpect happend: the MSentryGMPrivilege:" + solrPrivilege2 + " already be granted");
	}
	if (!role.getPrivileges().contains(hivePrivilege2)) {
	fail("unexpect happend: the MSentryPrivilege:" + hivePrivilege2 + " already be granted");
	}
	commitTransaction(pm);
	}

	@Test
	public void testMixedRevokePrivilege() throws Exception {
	String roleName = "r1";
	//hive/impala privilege
	MSentryPrivilege hivePrivilege = new MSentryPrivilege();
	hivePrivilege.setServerName("hive.server1");
	hivePrivilege.setDbName("db1");
	hivePrivilege.setTableName("tb1");
	hivePrivilege.setPrivilegeScope("table");
	hivePrivilege.setAction("select");
	hivePrivilege.setURI(StoreUtils.NULL_COL);
	hivePrivilege.setColumnName(StoreUtils.NULL_COL);
	hivePrivilege.setGrantOption(true);

	//solr privilege
	MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
	solrPrivilege.setComponentName("solr");
	solrPrivilege.setServiceName("solr.server1");
	solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
	solrPrivilege.setAction("query");
	solrPrivilege.setGrantOption(true);

	PersistenceManager pm = null;
	//create role
	pm = openTransaction();
	pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
	commitTransaction(pm);

	//grant hivePrivilege and solrPrivilege to role
	pm = openTransaction();
	MSentryRole role = getMSentryRole(pm, roleName);
	hivePrivilege.appendRole(role);
	solrPrivilege.appendRole(role);
	pm.makePersistent(hivePrivilege);
	pm.makePersistent(solrPrivilege);
	commitTransaction(pm);

	//check
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	assertEquals(1, role.getPrivileges().size());
	assertEquals(1, role.getGmPrivileges().size());
	commitTransaction(pm);

	//revoke solrPrivilege from role
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	solrPrivilege = (MSentryGMPrivilege)role.getGmPrivileges().toArray()[0];
	solrPrivilege.removeRole(role);
	pm.makePersistent(solrPrivilege);
	commitTransaction(pm);

	//check
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	assertEquals(1, role.getPrivileges().size());
	assertEquals(0, role.getGmPrivileges().size());
	commitTransaction(pm);

	//revoke hivePrivilege from role
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	hivePrivilege = (MSentryPrivilege)role.getPrivileges().toArray()[0];
	hivePrivilege.removeRole(role);
	pm.makePersistent(hivePrivilege);
	commitTransaction(pm);

	//check
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	assertEquals(0, role.getPrivileges().size());
	assertEquals(0, role.getGmPrivileges().size());
	commitTransaction(pm);
	}

	@Test
	public void testDeletePrivilegeAndRole() throws Exception {
	String roleName = "r1";
	//hive/impala privilege
	MSentryPrivilege hivePrivilege = new MSentryPrivilege();
	hivePrivilege.setServerName("hive.server1");
	hivePrivilege.setDbName("db1");
	hivePrivilege.setTableName("tb1");
	hivePrivilege.setPrivilegeScope("table");
	hivePrivilege.setAction("select");
	hivePrivilege.setURI(StoreUtils.NULL_COL);
	hivePrivilege.setColumnName(StoreUtils.NULL_COL);
	hivePrivilege.setGrantOption(true);

	//solr privilege
	MSentryGMPrivilege solrPrivilege = new MSentryGMPrivilege();
	solrPrivilege.setComponentName("solr");
	solrPrivilege.setServiceName("solr.server1");
	solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1")));
	solrPrivilege.setAction("query");
	solrPrivilege.setGrantOption(true);

	PersistenceManager pm = null;
	//create role
	pm = openTransaction();
	pm.makePersistent(new MSentryRole(roleName, System.currentTimeMillis()));
	commitTransaction(pm);

	//grant hivePrivilege and solrPrivilege to role
	pm = openTransaction();
	MSentryRole role = getMSentryRole(pm, roleName);
	hivePrivilege.appendRole(role);
	solrPrivilege.appendRole(role);
	pm.makePersistent(hivePrivilege);
	pm.makePersistent(solrPrivilege);
	commitTransaction(pm);

	//check
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	assertEquals(1, role.getPrivileges().size());
	assertEquals(1, role.getGmPrivileges().size());
	commitTransaction(pm);

	//remove all privileges
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	role.removeGMPrivileges();
	role.removePrivileges();
	pm.makePersistent(role);
	commitTransaction(pm);

	//check
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.retrieve(role);
	assertEquals(0, role.getPrivileges().size());
	assertEquals(0, role.getGmPrivileges().size());
	commitTransaction(pm);

	//delete role
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	pm.deletePersistent(role);
	commitTransaction(pm);

	//check
	pm = openTransaction();
	role = getMSentryRole(pm, roleName);
	assertTrue(role == null);
	commitTransaction(pm);
	}

	private PersistenceManager openTransaction() {
	PersistenceManager pm = pmf.getPersistenceManager();
	Transaction currentTransaction = pm.currentTransaction();
	currentTransaction.begin();
	return pm;
	}

	private void commitTransaction(PersistenceManager pm) {
	Transaction currentTransaction = pm.currentTransaction();
	try {
	Preconditions.checkState(currentTransaction.isActive(), "Transaction is not active");
	currentTransaction.commit();
	} finally {
	pm.close();
	}
	}

	private MSentryRole getMSentryRole(PersistenceManager pm, String roleName) {
	Query query = pm.newQuery(MSentryRole.class);
	query.setFilter("this.roleName == t");
	query.declareParameters("java.lang.String t");
	query.setUnique(true);
	MSentryRole sentryRole = (MSentryRole) query.execute(roleName);
	return sentryRole;
	}


	}