sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shreepa...@apache.org
Subject [2/2] git commit: SENTRY-6: Use one policy editor exclusively in all the end to end tests (Sravya Tirukkovalur via Shreepadma Venugopalan
Date Wed, 18 Sep 2013 18:14:02 GMT
SENTRY-6: Use one policy editor exclusively in all the end to end tests (Sravya Tirukkovalur via Shreepadma Venugopalan


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/fc9e8839
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/fc9e8839
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/fc9e8839

Branch: refs/heads/master
Commit: fc9e8839191fab3f7b38aa47755eeea8e71b734a
Parents: 629904f
Author: Shreepadma Venugopalan <shreepadma@apache.org>
Authored: Wed Sep 18 11:10:22 2013 -0700
Committer: Shreepadma Venugopalan <shreepadma@apache.org>
Committed: Wed Sep 18 11:12:58 2013 -0700

----------------------------------------------------------------------
 .../apache/sentry/tests/e2e/TestCrossDbOps.java | 147 +++-----
 .../apache/sentry/tests/e2e/TestEndToEnd.java   |  27 +-
 .../tests/e2e/TestExportImportPrivileges.java   |  57 ++-
 .../tests/e2e/TestMetadataPermissions.java      |  18 +-
 .../tests/e2e/TestMovingToProduction.java       |  59 ++--
 .../tests/e2e/TestPerDBConfiguration.java       | 352 +++++++------------
 .../e2e/TestPrivilegesAtDatabaseScope.java      | 179 ++++------
 .../e2e/TestPrivilegesAtFunctionScope.java      |  52 ++-
 .../tests/e2e/TestPrivilegesAtTableScope.java   | 221 +++++-------
 .../tests/e2e/TestRuntimeMetadataRetrieval.java | 112 +++---
 .../apache/sentry/tests/e2e/TestSandboxOps.java | 127 +++----
 .../e2e/TestSentryOnFailureHookLoading.java     |  30 +-
 .../tests/e2e/TestServerConfiguration.java      |  37 +-
 .../sentry/tests/e2e/TestUriPermissions.java    | 117 +++---
 .../sentry/tests/e2e/TestUserManagement.java    | 183 +++++-----
 15 files changed, 702 insertions(+), 1016 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
index 891b7c2..c822863 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestCrossDbOps.java
@@ -76,24 +76,15 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   @Test
   public void testShowDatabasesAndShowTables() throws Exception {
     // edit policy file
-    File policyFile = context.getPolicyFile();
-    PolicyFileEditor editor = new PolicyFileEditor(policyFile);
-    editor.addPolicy("admin = admin", "groups");
-    editor.addPolicy("group1 = select_tab1, insert_tab2", "groups");
-    editor.addPolicy("group2 = select_tab3", "groups");
-    editor.addPolicy("admin = server=server1", "roles");
-    editor.addPolicy(
-        "select_tab1 = server=server1->db=db1->table=tab1->action=select",
-        "roles");
-    editor.addPolicy(
-        "select_tab3 = server=server1->db=db2->table=tab3->action=select",
-        "roles");
-    editor.addPolicy(
-        "insert_tab2 = server=server1->db=db2->table=tab2->action=insert",
-        "roles");
-    editor.addPolicy("admin1 = admin", "users");
-    editor.addPolicy("user1 = group1", "users");
-    editor.addPolicy("user2 = group2", "users");
+    policyFile
+        .addRolesToGroup("group1", "select_tab1", "insert_tab2")
+        .addRolesToGroup("group2", "select_tab3")
+        .addPermissionsToRole("select_tab1",  "server=server1->db=db1->table=tab1->action=select")
+        .addPermissionsToRole("select_tab3", "server=server1->db=db2->table=tab3->action=select")
+        .addPermissionsToRole("insert_tab2", "server=server1->db=db2->table=tab2->action=insert")
+        .addGroupsToUser("user1", "group1")
+        .addGroupsToUser("user2", "group2");
+    policyFile.write(context.getPolicyFile());
 
     // admin create two databases
     Connection connection = context.createConnection(ADMIN1, "foo");
@@ -203,18 +194,14 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   @Test
   public void testJDBCGetSchemasAndGetTables() throws Exception {
     // edit policy file
-    File policyFile = context.getPolicyFile();
-    PolicyFileEditor editor = new PolicyFileEditor(policyFile);
-    editor.addPolicy("admin = admin", "groups");
-    editor.addPolicy("group1 = select_tab1, insert_tab2", "groups");
-    editor.addPolicy("group2 = select_tab3", "groups");
-    editor.addPolicy("admin = server=server1", "roles");
-    editor.addPolicy("select_tab1 = server=server1->db=db1->table=tab1->action=select","roles");
-    editor.addPolicy("select_tab3 = server=server1->db=db2->table=tab3->action=select","roles");
-    editor.addPolicy("insert_tab2 = server=server1->db=db2->table=tab2->action=insert","roles");
-    editor.addPolicy("admin1 = admin", "users");
-    editor.addPolicy("user1 = group1", "users");
-    editor.addPolicy("user2 = group2", "users");
+    policyFile.addRolesToGroup("group1", "select_tab1", "insert_tab2")
+        .addRolesToGroup("group2", "select_tab3")
+        .addPermissionsToRole("select_tab1", "server=server1->db=db1->table=tab1->action=select")
+        .addPermissionsToRole("select_tab3", "server=server1->db=db2->table=tab3->action=select")
+        .addPermissionsToRole("insert_tab2", "server=server1->db=db2->table=tab2->action=insert")
+        .addGroupsToUser("user1", "group1")
+        .addGroupsToUser("user2", "group2");
+    policyFile.write(context.getPolicyFile());
 
     // admin create two databases
     Connection connection = context.createConnection(ADMIN1, "foo");
@@ -367,21 +354,14 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   @Test
   public void testDbPrivileges() throws Exception {
     // edit policy file
-    String testPolicies[] = {
-        "[groups]",
-        "admin_group = admin_role",
-        "user_group  = db1_all,db2_all, load_data",
-        "[roles]",
-        "db1_all = server=server1->db=" + DB1,
-        "db2_all = server=server1->db=" + DB2,
-        "load_data = server=server1->URI=file://" + dataFile.getPath(),
-        "admin_role = server=server1",
-        "[users]",
-        "user1 = user_group",
-        "user2 = user_group",
-        ADMIN1 + " = admin_group"
-    };
-    context.makeNewPolicy(testPolicies);
+    policyFile.addRolesToGroup("user_group", "db1_all,db2_all, load_data")
+        .addPermissionsToRole("db1_all", "server=server1->db=" + DB1)
+        .addPermissionsToRole("db2_all", "server=server1->db=" + DB2)
+        .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
+        .addGroupsToUser("user1", "user_group")
+        .addGroupsToUser("user2", "user_group");
+    policyFile.write(context.getPolicyFile());
+
     dropDb(ADMIN1, DB1, DB2);
     createDb(ADMIN1, DB1, DB2);
     for (String user : new String[]{USER1, USER2}) {
@@ -433,18 +413,13 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   @Test
   public void testNegativeUserPrivileges() throws Exception {
     // edit policy file
-    String testPolicies[] = {
-        "[groups]",
-        "admin_group = admin_role",
-        "user_group  = db1_tab1_insert, db1_tab2_all",
-        "[roles]",
-        "db1_tab2_all = server=server1->db=db1->table=table_2",
-        "db1_tab1_insert = server=server1->db=db1->table=table_1->action=insert",
-        "admin_role = server=server1", "[users]", "user3 = user_group",
-    "admin = admin_group"};
-
-    context.makeNewPolicy(testPolicies);
-    Connection adminCon = context.createConnection("admin", "foo");
+    policyFile.addRolesToGroup("user_group", "db1_tab1_insert", "db1_tab2_all")
+        .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
+        .addPermissionsToRole("db1_tab1_insert", "server=server1->db=db1->table=table_1->action=insert")
+        .addGroupsToUser("user3", "user_group");
+    policyFile.write(context.getPolicyFile());
+
+    Connection adminCon = context.createConnection(ADMIN1, "foo");
     Statement adminStmt = context.createStatement(adminCon);
     String dbName = "db1";
     adminStmt.execute("use default");
@@ -469,10 +444,11 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   @Test
   public void testNegativeUserDMLPrivileges() throws Exception {
     policyFile
-    .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
-    .addRolesToGroup("group1", "db1_tab2_all")
-    .addGroupsToUser("user3", "group1");
+        .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
+        .addRolesToGroup("group1", "db1_tab2_all")
+        .addGroupsToUser("user3", "group1");
     policyFile.write(context.getPolicyFile());
+
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
     Connection adminCon = context.createConnection(ADMIN1, "password");
@@ -510,20 +486,18 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
    */
   @Test
   public void testNegUserPrivilegesAll() throws Exception {
-    String testPolicies[] = {
-        "[groups]",
-        "admin_group = admin_role",
-        "user_group1 = db1_all",
-        "user_group2 = db1_tab1_select",
-        "[roles]",
-        "db1_all = server=server1->db=db1",
-        "db1_tab1_select = server=server1->db=db1->table=table_1->action=select",
-        "admin_role = server=server1", "[users]", "user1 = user_group1",
-        "user2 = user_group2", "admin = admin_group"};
-    context.makeNewPolicy(testPolicies);
+
+    policyFile
+        .addRolesToGroup("user_group1", "db1_all")
+        .addRolesToGroup("user_group2", "db1_tab1_select")
+        .addPermissionsToRole("db1_all", "server=server1->db=db1")
+        .addPermissionsToRole("db1_tab1_select", "server=server1->db=db1->table=table_1->action=select")
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2");
+    policyFile.write(context.getPolicyFile());
 
     // create dbs
-    Connection adminCon = context.createConnection("admin", "foo");
+    Connection adminCon = context.createConnection(ADMIN1, "foo");
     Statement adminStmt = context.createStatement(adminCon);
     String dbName = "db1";
     adminStmt.execute("use default");
@@ -593,9 +567,9 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   @Test
   public void testSandboxOpt9() throws Exception {
     policyFile
-    .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData)
-    .addRolesToGroup(GROUP1, GROUP1_ROLE)
-    .addGroupsToUser(USER1, GROUP1);
+        .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData)
+        .addRolesToGroup(GROUP1, GROUP1_ROLE)
+        .addGroupsToUser(USER1, GROUP1);
     policyFile.write(context.getPolicyFile());
 
     dropDb(ADMIN1, DB1, DB2);
@@ -667,21 +641,14 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   @Test
   public void testCrossDbViewOperations() throws Exception {
     // edit policy file
-    File policyFile = context.getPolicyFile();
-    PolicyFileEditor editor = new PolicyFileEditor(policyFile);
-    editor.clearOldPolicy();
-    editor.addPolicy("admin = admin", "groups");
-    editor.addPolicy("group1 = all_db1,load_data,select_tb2", "groups");
-    editor.addPolicy("admin = server=server1", "roles");
-    editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
-    editor.addPolicy("all_db2 = server=server1->db=db_2", "roles");
-    editor.addPolicy(
-        "select_tb2 = server=server1->db=db_2->table=tb_1->action=select",
-        "roles");
-    editor.addPolicy("load_data = server=server1->URI=file://" + dataFile.getPath(),
-        "roles");
-    editor.addPolicy("admin1 = admin", "users");
-    editor.addPolicy("user1 = group1", "users");
+    policyFile
+        .addRolesToGroup("group1", "all_db1", "load_data", "select_tb2")
+        .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+        .addPermissionsToRole("all_db2", "server=server1->db=db_2")
+        .addPermissionsToRole("select_tb2", "server=server1->db=db_2->table=tb_1->action=select")
+        .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
+        .addGroupsToUser("user1", "group1");
+    policyFile.write(context.getPolicyFile());
 
     // admin create two databases
     dropDb(ADMIN1, DB1, DB2);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
index a643e17..c45dfbc 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestEndToEnd.java
@@ -22,6 +22,7 @@ import java.io.FileOutputStream;
 import java.sql.Connection;
 import java.sql.Statement;
 
+import org.apache.sentry.provider.file.PolicyFile;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -32,6 +33,8 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
   private Context context;
   private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
   private File dataFile;
+  private PolicyFile policyFile;
+
 
   @Before
   public void setup() throws Exception {
@@ -40,6 +43,8 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
+    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
   }
 
   @After
@@ -64,11 +69,7 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
    */
   @Test
   public void testEndToEnd1() throws Exception {
-    File policyFile = context.getPolicyFile();
-    PolicyFileEditor editor = new PolicyFileEditor(policyFile);
-    editor.addPolicy("admin = admin_role", "groups");
-    editor.addPolicy("admin_role = server=server1", "roles");
-    editor.addPolicy("admin1 = admin", "users");
+    policyFile.write(context.getPolicyFile());
 
     String dbName1 = "db_1";
     String dbName2 = "productionDB";
@@ -93,15 +94,17 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // 3
-    editor.addPolicy("user1 = group1", "users");
+    policyFile.addGroupsToUser("user1", "group1");
 
     // 4
-    editor.addPolicy("group1 = all_db1, data_uri, select_tb1, insert_tb1", "groups");
-    editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
-    editor.addPolicy("select_tb1 = server=server1->db=productionDB->table=tb_1->action=select","roles");
-    editor.addPolicy("insert_tb2 = server=server1->db=productionDB->table=tb_2->action=insert","roles");
-    editor.addPolicy("insert_tb1 = server=server1->db=productionDB->table=tb_2->action=insert","roles");
-    editor.addPolicy("data_uri = server=server1->uri=file://" + dataDir.getPath(), "roles");
+    policyFile
+        .addRolesToGroup("group1", "all_db1", "data_uri", "select_tb1", "insert_tb1")
+        .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+        .addPermissionsToRole("select_tb1", "server=server1->db=productionDB->table=tb_1->action=select")
+        .addPermissionsToRole("insert_tb2", "server=server1->db=productionDB->table=tb_2->action=insert")
+        .addPermissionsToRole("insert_tb1", "server=server1->db=productionDB->table=tb_2->action=insert")
+        .addPermissionsToRole("data_uri", "server=server1->uri=file://" + dataDir.getPath());
+    policyFile.write(context.getPolicyFile());
 
     // 5
     connection = context.createConnection("user1", "foo");

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
index 89f7f04..22fe430 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestExportImportPrivileges.java
@@ -24,6 +24,7 @@ import java.sql.Connection;
 import java.sql.Statement;
 
 import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.sentry.provider.file.PolicyFile;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -32,6 +33,7 @@ import com.google.common.io.Resources;
 
 public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
   private File dataFile;
+  private PolicyFile policyFile;
 
   @Before
   public void setup() throws Exception {
@@ -40,6 +42,7 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
+    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
   }
 
   @After
@@ -55,22 +58,15 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
     Statement statement = null;
     String dumpDir = context.getDFSUri().toString() + "/hive_data_dump";
 
-    String testPolicies[] = {
-        "[groups]",
-        "admin_group = admin_role",
-        "user_group1  = db1_read, db1_write, data_dump",
-        "user_group2  = db1_read, db1_write",
-        "[roles]",
-        "db1_write = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT",
-        "db1_read = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT",
-        "data_dump = server=server1->URI=" + dumpDir,
-        "admin_role = server=server1",
-        "[users]",
-        "user1 = user_group1",
-        "user2 = user_group2",
-        ADMIN1 + " = admin_group"
-    };
-    context.makeNewPolicy(testPolicies);
+    policyFile
+        .addRolesToGroup("user_group1", "db1_read", "db1_write", "data_dump")
+        .addRolesToGroup("user_group2", "db1_read", "db1_write")
+        .addPermissionsToRole("db1_write", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT")
+        .addPermissionsToRole("db1_read", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT")
+        .addPermissionsToRole("data_dump", "server=server1->URI=" + dumpDir)
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2");
+    policyFile.write(context.getPolicyFile());
 
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
@@ -107,24 +103,17 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
     Statement statement = null;
     String exportDir = context.getDFSUri().toString() + "/hive_export1";
 
-    String testPolicies[] = {
-        "[groups]",
-        "admin_group = admin_role",
-        "user_group1  = tab1_read, tab1_write, db1_all, data_read, data_export",
-        "user_group2  = tab1_write, tab1_read",
-        "[roles]",
-        "tab1_write = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT",
-        "tab1_read = server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT",
-        "db1_all = server=server1->db=" + DB1,
-        "data_read = server=server1->URI=file://" + dataFile.getPath(),
-        "data_export = server=server1->URI=" + exportDir,
-        "admin_role = server=server1",
-        "[users]",
-        "user1 = user_group1",
-        "user2 = user_group2",
-        ADMIN1 + " = admin_group"
-    };
-    context.makeNewPolicy(testPolicies);
+    policyFile
+        .addRolesToGroup("user_group1", "tab1_read", "tab1_write", "db1_all", "data_read", "data_export")
+        .addRolesToGroup("user_group2", "tab1_write", "tab1_read")
+        .addPermissionsToRole("tab1_write", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT")
+        .addPermissionsToRole("tab1_read", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT")
+        .addPermissionsToRole("db1_all", "server=server1->db=" + DB1)
+        .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile.getPath())
+        .addPermissionsToRole("data_export", "server=server1->URI=" + exportDir)
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2");
+    policyFile.write(context.getPolicyFile());
 
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
index 6036eaa..f3d493f 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMetadataPermissions.java
@@ -22,6 +22,7 @@ import java.sql.Statement;
 
 import junit.framework.Assert;
 
+import org.apache.sentry.provider.file.PolicyFile;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -29,9 +30,14 @@ import org.junit.Test;
 
 public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
   private Context context;
+  private PolicyFile policyFile;
+
   @Before
   public void setup() throws Exception {
     context = createContext();
+    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
+/*
     String testPolicies[] = {
         "[groups]",
         "admin_group = admin_role",
@@ -47,7 +53,17 @@ public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
         "admin = admin_group"
         };
     context.makeNewPolicy(testPolicies);
-    Connection adminCon = context.createConnection("admin", "foo");
+*/
+    policyFile
+        .addRolesToGroup("user_group1", "db1_all", "db2_all")
+        .addRolesToGroup("user_group2", "db1_all")
+        .addPermissionsToRole("db1_all", "server=server1->db=db1")
+        .addPermissionsToRole("db2_all", "server=server1->db=db2")
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2")
+        .write(context.getPolicyFile());
+
+    Connection adminCon = context.createConnection(ADMIN1, "foo");
     Statement adminStmt = context.createStatement(adminCon);
     for (String dbName : new String[] { "db1", "db2" }) {
       adminStmt.execute("USE default");

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
index dba6d9f..c7b5e31 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestMovingToProduction.java
@@ -28,6 +28,7 @@ import java.sql.Statement;
 
 import junit.framework.Assert;
 
+import org.apache.sentry.provider.file.PolicyFile;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -37,6 +38,8 @@ import com.google.common.io.Resources;
 public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
   private Context context;
   private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
+  private PolicyFile policyFile;
+
 
   @Before
   public void setUp() throws Exception {
@@ -45,6 +48,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
+    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
   }
 
   @After
@@ -72,23 +76,19 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
    */
   @Test
   public void testMovingTable1() throws Exception {
-    File policyFile = context.getPolicyFile();
-    Assert.assertTrue(policyFile.delete() && policyFile.createNewFile());
-
-    PolicyFileEditor editor = new PolicyFileEditor(policyFile);
-    editor.addPolicy("admin = admin", "groups");
-    editor.addPolicy("group1 = all_db1, load_data, select_proddb_tbl1, insert_proddb_tbl1", "groups");
-    editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
-    editor.addPolicy("load_data = server=server1->uri=file://" + dataDir.getPath(), "roles");
-    editor.addPolicy("admin = server=server1", "roles");
-    editor.addPolicy("admin1 = admin", "users");
-    editor.addPolicy("user1 = group1", "users");
-    editor.addPolicy("user2 = group2", "users");
+    policyFile
+        .addRolesToGroup("group1", "all_db1", "load_data", "select_proddb_tbl1", "insert_proddb_tbl1")
+        .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataDir.getPath())
+        .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+        .addGroupsToUser("user1", "group1")
+        .addGroupsToUser("user2", "group2")
+        .write(context.getPolicyFile());
 
     String dbName1 = "db_1";
     String dbName2 = "proddb";
     String tableName1 = "tb_1";
-    Connection connection = context.createConnection("admin1", "foo");
+
+    Connection connection = context.createConnection(ADMIN1, "foo");
     Statement statement = context.createStatement(connection);
     statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
     statement.execute("DROP DATABASE IF EXISTS " + dbName2 + " CASCADE");
@@ -110,14 +110,18 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
     statement.execute("LOAD DATA INPATH 'file://" + dataDir.getPath()
         + "' INTO TABLE " + tableName1);
 
-    editor.addPolicy("insert_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=insert", "roles");
+    policyFile
+        .addPermissionsToRole("insert_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=insert")
+        .write(context.getPolicyFile());
     statement.execute("USE " + dbName2);
     statement.execute("INSERT OVERWRITE TABLE "
         + tableName1 + " SELECT * FROM " + dbName1
         + "." + tableName1);
 
     // b
-    editor.addPolicy("select_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=select", "roles");
+    policyFile
+        .addPermissionsToRole("select_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=select")
+        .write(context.getPolicyFile());
     ResultSet resultSet = statement.executeQuery("SELECT * FROM " + tableName1 + " LIMIT 10");
     int count = 0;
     while(resultSet.next()) {
@@ -154,16 +158,13 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
    */
   @Test
   public void testMovingTable2() throws Exception {
-    File policyFile = context.getPolicyFile();
-    PolicyFileEditor editor = new PolicyFileEditor(policyFile);
-    editor.addPolicy("admin = admin", "groups");
-    editor.addPolicy("group1 = all_db1, load_data, select_proddb_tbl1, insert_proddb_tbl1", "groups");
-    editor.addPolicy("all_db1 = server=server1->db=db_1", "roles");
-    editor.addPolicy("load_data = server=server1->uri=file://" + dataDir.getPath(), "roles");
-    editor.addPolicy("admin = server=server1", "roles");
-    editor.addPolicy("admin1 = admin", "users");
-    editor.addPolicy("user1 = group1", "users");
-    editor.addPolicy("user2 = group2", "users");
+    policyFile
+        .addRolesToGroup("group1", "all_db1", "load_data", "select_proddb_tbl1", "insert_proddb_tbl1")
+        .addPermissionsToRole("all_db1", "server=server1->db=db_1")
+        .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataDir.getPath())
+        .addGroupsToUser("user1", "group1")
+        .addGroupsToUser("user2", "group2")
+        .write(context.getPolicyFile());
 
     String dbName1 = "db_1";
     String dbName2 = "proddb";
@@ -189,13 +190,17 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
     statement.execute("LOAD DATA INPATH 'file://" + dataDir.getPath()
         + "' INTO TABLE " + dbName1 + "." + tableName1);
 
-    editor.addPolicy("insert_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=insert", "roles");
+    policyFile
+        .addPermissionsToRole("insert_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=insert")
+        .write(context.getPolicyFile());
     statement.execute("INSERT OVERWRITE TABLE "
         + dbName2 + "." + tableName1 + " SELECT * FROM " + dbName1
         + "." + tableName1);
 
     // b
-    editor.addPolicy("select_proddb_tbl1 = server=server1->db=proddb->table=tb_1->action=select", "roles");
+    policyFile
+        .addPermissionsToRole("select_proddb_tbl1", "server=server1->db=proddb->table=tb_1->action=select")
+        .write(context.getPolicyFile());
     assertTrue("user1 should be able to select data from "
         + dbName2 + "." + dbName2 + "." + tableName1, statement.execute("SELECT * FROM "
             + dbName2 + "." + tableName1 + " LIMIT 10"));

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
index 7fb7f6c..8d520fc 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPerDBConfiguration.java
@@ -26,8 +26,10 @@ import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
 
+import org.apache.sentry.provider.file.PolicyFile;
 import org.apache.sentry.provider.file.SimplePolicyEngine;
 import org.junit.After;
+import org.junit.Before;
 import org.junit.Test;
 
 import com.google.common.base.Charsets;
@@ -43,6 +45,22 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
   private static final String DB2_POLICY_FILE = "db2-policy-file.ini";
 
   private Context context;
+  private File dataFile;
+  private PolicyFile policyFile;
+
+  @Before
+  public void setup() throws Exception {
+    context = createContext();
+    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
+    File dataDir = context.getDataDir();
+    //copy data file to test dir
+    dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
+    FileOutputStream to = new FileOutputStream(dataFile);
+    Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
+    to.close();
+
+  }
 
   @After
   public void teardown() throws Exception {
@@ -53,49 +71,24 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
 
   @Test
   public void testPerDB() throws Exception {
-    context = createContext();
-    File policyFile = context.getPolicyFile();
-    File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
-    File dataDir = context.getDataDir();
-    //copy data file to test dir
-    File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
-    to.close();
-    //delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
-    String[] policyFileContents = {
-        // groups : role -> group
-        "[groups]",
-        "admin = all_server",
-        "user_group1 = select_tbl1",
-        "user_group2 = select_tbl2",
-        // roles: privileges -> role
-        "[roles]",
-        "all_server = server=server1",
-        "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
-        // users: users -> groups
-        "[users]",
-        "hive = admin",
-        "user1 = user_group1",
-        "user2 = user_group2",
-        "[databases]",
-        "db2 = " + db2PolicyFile.getPath(),
-    };
-    context.makeNewPolicy(policyFileContents);
-
-    String[] db2PolicyFileContents = {
-        "[groups]",
-        "user_group2 = select_tbl2",
-        "[roles]",
-        "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
-    };
-    Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
+    PolicyFile db2PolicyFile = new PolicyFile();
+    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+    db2PolicyFile
+        .addRolesToGroup("user_group2", "select_tbl2")
+        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+        .write(db2PolicyFileHandle);
+
+    policyFile
+        .addRolesToGroup("user_group1", "select_tbl1")
+        .addRolesToGroup("user_group2", "select_tbl2")
+        .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2")
+        .addDatabase("db2", db2PolicyFileHandle.getPath())
+        .write(context.getPolicyFile());
 
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection(ADMIN1, "hive");
     Statement statement = context.createStatement(connection);
 
     statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
@@ -143,7 +136,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     //test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection(ADMIN1, "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE db1 CASCADE");
     statement.execute("DROP DATABASE db2 CASCADE");
@@ -162,70 +155,40 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     String DB3_POLICY_FILE = "db3-policy-file.ini";
     String DB4_POLICY_FILE = "db4-policy-file.ini";
 
-    context = createContext();
-    File policyFile = context.getPolicyFile();
-    File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
-    File db3PolicyFile = new File(policyFile.getParent(), DB3_POLICY_FILE);
-    File db4PolicyFile = new File(policyFile.getParent(), DB4_POLICY_FILE);
-    File dataDir = context.getDataDir();
-    //copy data file to test dir
-    File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
-    to.close();
-    //delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
-    String[] policyFileContents = {
-        // groups : role -> group
-        "[groups]",
-        "admin = all_server",
-        "user_group1 = select_tbl1",
-        "user_group2 = select_tbl2",
-        // roles: privileges -> role
-        "[roles]",
-        "all_server = server=server1",
-        "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
-        // users: users -> groups
-        "[users]",
-        "hive = admin",
-        "user1 = user_group1",
-        "user2 = user_group2",
-        "user3 = user_group3",
-        "user4 = user_group4",
-        "[databases]",
-        "db2 = " + db2PolicyFile.getPath(),
-        "db3 = " + db3PolicyFile.getPath(),
-        "db4 = " + db4PolicyFile.getPath(),
-    };
-    context.makeNewPolicy(policyFileContents);
-
-    String[] db2PolicyFileContents = {
-        "[groups]",
-        "user_group2 = select_tbl2",
-        "[roles]",
-        "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
-    };
-    String[] db3PolicyFileContents = {
-        "[groups]",
-        "user_group3 = select_tbl3_BAD",
-        "[roles]",
-        "select_tbl3_BAD = server=server1->db=db3------>table->action=select"
-    };
-    String[] db4PolicyFileContents = {
-        "[groups]",
-        "user_group4 = select_tbl4",
-        "[roles]",
-        "select_tbl4 = server=server1->db=db4->table=tbl4->action=select"
-    };
-
-    Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
-    Files.write(Joiner.on("\n").join(db3PolicyFileContents), db3PolicyFile, Charsets.UTF_8);
-    Files.write(Joiner.on("\n").join(db4PolicyFileContents), db4PolicyFile, Charsets.UTF_8);
+    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+    File db3PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB3_POLICY_FILE);
+    File db4PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB4_POLICY_FILE);
+
+    PolicyFile db2PolicyFile = new PolicyFile();
+    PolicyFile db3PolicyFile = new PolicyFile();
+    PolicyFile db4PolicyFile = new PolicyFile();
+    db2PolicyFile
+        .addRolesToGroup("user_group2", "select_tbl2")
+        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+        .write(db2PolicyFileHandle);
+    db3PolicyFile
+        .addRolesToGroup("user_group3", "select_tbl3_BAD")
+        .addPermissionsToRole("select_tbl3_BAD", "server=server1->db=db3------>table->action=select")
+        .write(db3PolicyFileHandle);
+    db4PolicyFile
+        .addRolesToGroup("user_group4", "select_tbl4")
+        .addPermissionsToRole("select_tbl4", "server=server1->db=db4->table=tbl4->action=select")
+        .write(db4PolicyFileHandle);
+    policyFile
+        .addRolesToGroup("user_group1", "select_tbl1")
+        .addRolesToGroup("user_group2", "select_tbl2")
+        .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2")
+        .addGroupsToUser("user3", "user_group3")
+        .addGroupsToUser("user4", "user_group4")
+        .addDatabase("db2", db2PolicyFileHandle.getPath())
+        .addDatabase("db3", db3PolicyFileHandle.getPath())
+        .addDatabase("db4", db4PolicyFileHandle.getPath())
+        .write(context.getPolicyFile());
 
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection(ADMIN1, "hive");
     Statement statement = context.createStatement(connection);
 
     statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
@@ -290,7 +253,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     //test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection(ADMIN1, "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE db1 CASCADE");
     statement.execute("DROP DATABASE db2 CASCADE");
@@ -302,54 +265,30 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
 
   @Test
   public void testPerDBPolicyFileWithURI() throws Exception {
-    context = createContext();
-    File policyFile = context.getPolicyFile();
-    File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
-    File dataDir = context.getDataDir();
-    //copy data file to test dir
-    File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
-    to.close();
-    //delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-
-    String[] policyFileContents = {
-        // groups : role -> group
-        "[groups]",
-        "admin = all_server",
-        "user_group1 = select_tbl1",
-        "user_group2 = select_tbl2",
-        // roles: privileges -> role
-        "[roles]",
-        "all_server = server=server1",
-        "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
-        // users: users -> groups
-        "[users]",
-        "hive = admin",
-        "user1 = user_group1",
-        "user2 = user_group2",
-        "[databases]",
-        "db2 = " + db2PolicyFile.getPath(),
-    };
-    context.makeNewPolicy(policyFileContents);
-
-    String[] db2PolicyFileContents = {
-        "[groups]",
-        "user_group2 = select_tbl2, data_read, insert_tbl2",
-        "[roles]",
-        "select_tbl2 = server=server1->db=db2->table=tbl2->action=select",
-        "insert_tbl2 = server=server1->db=db2->table=tbl2->action=insert",
-        "data_read = server=server1->URI=file://" + dataFile
-    };
-    Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
+    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+
+    policyFile
+        .addRolesToGroup("user_group1", "select_tbl1")
+        .addRolesToGroup("user_group2", "select_tbl2")
+        .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2")
+        .addDatabase("db2", db2PolicyFileHandle.getPath())
+        .write(context.getPolicyFile());
+
+    PolicyFile db2PolicyFile = new PolicyFile();
+    db2PolicyFile
+        .addRolesToGroup("user_group2", "select_tbl2", "data_read", "insert_tbl2")
+        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+        .addPermissionsToRole("insert_tbl2", "server=server1->db=db2->table=tbl2->action=insert")
+        .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile)
+        .write(db2PolicyFileHandle);
     // ugly hack: needs to go away once this becomes a config property. Note that this property
     // will not be set with external HS and this test will fail. Hope is this fix will go away
     // by then.
     System.setProperty(SimplePolicyEngine.ACCESS_ALLOW_URI_PER_DB_POLICYFILE, "true");
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection(ADMIN1, "hive");
     Statement statement = context.createStatement(connection);
 
     statement.execute("DROP DATABASE IF EXISTS db1 CASCADE");
@@ -399,7 +338,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     //test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection(ADMIN1, "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE db1 CASCADE");
     statement.execute("DROP DATABASE db2 CASCADE");
@@ -414,36 +353,15 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
    */
   @Test
   public void testDefaultDb() throws Exception {
-    context = createContext();
-    File policyFile = context.getPolicyFile();
-    File dataDir = context.getDataDir();
-    //copy data file to test dir
-    File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
-    to.close();
-    //delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-
-    String[] policyFileContents = {
-        // groups : role -> group
-        "[groups]",
-        "admin = all_server",
-        "user_group1 = select_tbl1",
-        // roles: privileges -> role
-        "[roles]",
-        "all_server = server=server1",
-        "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
-        // users: users -> groups
-        "[users]",
-        "hive = admin",
-        "user_1 = user_group1",
-        "user_2 = user_group2",
-    };
-    context.makeNewPolicy(policyFileContents);
+    policyFile
+        .addRolesToGroup("user_group1", "select_tbl1")
+        .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+        .addGroupsToUser("user_1", "user_group1")
+        .addGroupsToUser("user_2", "user_group2")
+        .write(context.getPolicyFile());
 
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection(ADMIN1, "hive");
     Statement statement = context.createStatement(connection);
 
     statement.execute("USE default");
@@ -475,62 +393,34 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
 
   @Test
   public void testDefaultDBwithDbPolicy() throws Exception {
-    context = createContext();
-    File policyFile = context.getPolicyFile();
-    File db2PolicyFile = new File(policyFile.getParent(), DB2_POLICY_FILE);
-    File defaultPolicyFile = new File(policyFile.getParent(), "default-policy-file.ini");
-    File dataDir = context.getDataDir();
-    //copy data file to test dir
-    File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
-    FileOutputStream to = new FileOutputStream(dataFile);
-    Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
-    to.close();
-    //delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    assertTrue("Could not delete " + db2PolicyFile,!db2PolicyFile.exists() || db2PolicyFile.delete());
-    assertTrue("Could not delete " + defaultPolicyFile,!defaultPolicyFile.exists() || defaultPolicyFile.delete());
-
-    String[] policyFileContents = {
-        // groups : role -> group
-        "[groups]",
-        "admin = all_server",
-        "user_group1 = select_tbl1",
-        "user_group2 = select_tbl2",
-        // roles: privileges -> role
-        "[roles]",
-        "all_server = server=server1",
-        "select_tbl1 = server=server1->db=db1->table=tbl1->action=select",
-        // users: users -> groups
-        "[users]",
-        "hive = admin",
-        "user_1 = user_group1",
-        "user_2 = user_group2",
-        "user_3 = user_group3",
-        "[databases]",
-        "db2 = " + db2PolicyFile.getPath(),
-        "default = " + defaultPolicyFile.getPath()
-    };
-    context.makeNewPolicy(policyFileContents);
-
-    String[] db2PolicyFileContents = {
-        "[groups]",
-        "user_group2 = select_tbl2",
-        "[roles]",
-        "select_tbl2 = server=server1->db=db2->table=tbl2->action=select"
-    };
-    Files.write(Joiner.on("\n").join(db2PolicyFileContents), db2PolicyFile, Charsets.UTF_8);
-
-    String[] defautlPolicyFileContents = {
-        "[groups]",
-        "user_group2 = select_def",
-        "[roles]",
-        "select_def = server=server1->db=default->table=dtab->action=select"
-    };
-    Files.write(Joiner.on("\n").join(defautlPolicyFileContents), defaultPolicyFile, Charsets.UTF_8);
-
+    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
+    File defaultPolicyFileHandle = new File(context.getPolicyFile().getParent(), "default.ini");
+
+    policyFile
+        .addRolesToGroup("user_group1", "select_tbl1")
+        .addRolesToGroup("user_group2", "select_tbl2")
+        .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
+        .addGroupsToUser("user_1", "user_group1")
+        .addGroupsToUser("user_2", "user_group2")
+        .addGroupsToUser("user_3", "user_group3")
+        .addDatabase("db2", db2PolicyFileHandle.getPath())
+        .addDatabase("default", defaultPolicyFileHandle.getPath())
+        .write(context.getPolicyFile());
+
+    PolicyFile db2PolicyFile = new PolicyFile();
+    db2PolicyFile
+        .addRolesToGroup("user_group2", "select_tbl2")
+        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
+        .write(db2PolicyFileHandle);
+
+    PolicyFile defaultPolicyFile = new PolicyFile();
+    defaultPolicyFile
+        .addRolesToGroup("user_group2", "select_def")
+        .addPermissionsToRole("select_def", "server=server1->db=default->table=dtab->action=select")
+        .write(defaultPolicyFileHandle);
 
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection(ADMIN1, "hive");
     Statement statement = context.createStatement(connection);
     statement.execute("USE default");
     statement.execute("CREATE TABLE dtab(B INT, A STRING) " +

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
index 7330d4a..69bfddc 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtDatabaseScope.java
@@ -32,6 +32,7 @@ import java.util.Map;
 import junit.framework.Assert;
 
 import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
+import org.apache.sentry.provider.file.PolicyFile;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -44,12 +45,16 @@ import com.google.common.io.Resources;
 public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
 
   private Context context;
+  private File dataFile;
+  private PolicyFile policyFile;
+
   Map <String, String >testProperties;
   private static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
 
   @Before
   public void setup() throws Exception {
     testProperties = new HashMap<String, String>();
+    policyFile = PolicyFile.createAdminOnServer1("admin1");
   }
 
   @After
@@ -66,33 +71,25 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
   public void testAllPrivilege() throws Exception {
     context = createContext(testProperties);
 
-    File policyFile = context.getPolicyFile();
-    File dataDir = context.getDataDir();
     //copy data file to test dir
+    File dataDir = context.getDataDir();
     File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
-    //delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    // groups : role -> group
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group1 = all_db1, load_data");
-    context.append("user_group2 = all_db2");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("all_db1 = server=server1->db=DB_1");
-    context.append("all_db2 = server=server1->db=DB_2");
-    context.append("load_data = server=server1->uri=file://" + dataFile.getPath());
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group1");
-    context.append("user2 = user_group2");
+
+    policyFile
+        .addRolesToGroup("user_group1", "all_db1", "load_data")
+        .addRolesToGroup("user_group2", "all_db2")
+        .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+        .addPermissionsToRole("all_db2", "server=server1->db=DB_2")
+        .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath())
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2")
+        .write(context.getPolicyFile());
+
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
     statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
@@ -170,7 +167,7 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
     connection.close();
 
     //test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection("admin1", "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE DB_1 CASCADE");
     statement.execute("DROP DATABASE DB_2 CASCADE");
@@ -186,36 +183,27 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
   public void testAllPrivilegeOnObjectOwnedByAdmin() throws Exception {
     context = createContext(testProperties);
 
-    File policyFile = context.getPolicyFile();
-    File dataDir = context.getDataDir();
     //copy data file to test dir
+    File dataDir = context.getDataDir();
     File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
     File externalTblDir = new File(dataDir, "exttab");
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
-    //delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    // groups : role -> group
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group1 = all_db1, load_data, exttab");
-    context.append("user_group2 = all_db2");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("all_db1 = server=server1->db=DB_1");
-    context.append("all_db2 = server=server1->db=DB_2");
-    context.append("exttab = server=server1->uri=file://" + dataDir.getPath());
-    context.append("load_data = server=server1->uri=file://" + dataFile.getPath());
-
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group1");
-    context.append("user2 = user_group2");
+
+    policyFile
+        .addRolesToGroup("user_group1", "all_db1", "load_data", "exttab")
+        .addRolesToGroup("user_group2", "all_db2")
+        .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+        .addPermissionsToRole("all_db2", "server=server1->db=DB_2")
+        .addPermissionsToRole("exttab", "server=server1->uri=file://" + dataDir.getPath())
+        .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataFile.getPath())
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2")
+        .write(context.getPolicyFile());
+
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
     statement.execute("DROP DATABASE IF EXISTS DB_2 CASCADE");
@@ -301,7 +289,7 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
     connection.close();
 
     //test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection("admin1", "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE DB_1 CASCADE");
     statement.execute("DROP DATABASE DB_2 CASCADE");
@@ -322,28 +310,21 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
   public void testUseDbPrivilege() throws Exception {
     context = createContext(testProperties);
 
-    // groups : role -> group
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group1 = all_db1");
-    context.append("user_group2 = select_db2");
-    context.append("user_group3 = all_db3");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("all_db1 = server=server1->db=DB_1");
-    context.append("select_db2 = server=server1->db=DB_2->table=tab_2->action=select");
-    context.append("all_db3 = server=server1->db=DB_3");
-
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group1");
-    context.append("user2 = user_group2");
-    context.append("user3 = user_group3");
+    policyFile
+        .addRolesToGroup("user_group1", "all_db1")
+        .addRolesToGroup("user_group2", "select_db2")
+        .addRolesToGroup("user_group3", "all_db3")
+        .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+        .addPermissionsToRole("select_db2", "server=server1->db=DB_2->table=tab_2->action=select")
+        .addPermissionsToRole("all_db3", "server=server1->db=DB_3")
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2")
+        .addGroupsToUser("user3", "user_group3")
+        .write(context.getPolicyFile());
+
 
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
     statement.execute("CREATE DATABASE DB_1");
@@ -395,26 +376,19 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
   public void testDefaultDbPrivilege() throws Exception {
     context = createContext(testProperties);
 
-    // groups : role -> group
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group1 = all_db1");
-    context.append("user_group2 = select_db2");
-    context.append("user_group3 = all_default");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("all_db1 = server=server1->db=DB_1");
-    context.append("select_db2 = server=server1->db=DB_2->table=tab_2->action=select");
-    context.append("all_default = server=server1->db=default");
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group1");
-    context.append("user2 = user_group2");
-    context.append("user3 = user_group3");
-
-    Connection connection = context.createConnection("hive", "hive");
+    policyFile
+        .addRolesToGroup("user_group1", "all_db1")
+        .addRolesToGroup("user_group2", "select_db2")
+        .addRolesToGroup("user_group3", "all_default")
+        .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+        .addPermissionsToRole("select_db2", "server=server1->db=DB_2->table=tab_2->action=select")
+        .addPermissionsToRole("all_default", "server=server1->db=default")
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2")
+        .addGroupsToUser("user3", "user_group3")
+        .write(context.getPolicyFile());
+
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
     statement.execute("use default");
     context.close();
@@ -448,26 +422,19 @@ public class TestPrivilegesAtDatabaseScope extends AbstractTestWithHiveServer {
     testProperties.put(AuthzConfVars.AUTHZ_RESTRICT_DEFAULT_DB.getVar(), "true");
     context = createContext(testProperties);
 
-    // groups : role -> group
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group1 = all_default");
-    context.append("user_group2 = select_default");
-    context.append("user_group3 = all_db1");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("all_default = server=server1->db=default");
-    context.append("select_default = server=server1->db=default->table=tab_2->action=select");
-    context.append("all_db1 = server=server1->db=DB_1");
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group1");
-    context.append("user2 = user_group2");
-    context.append("user3 = user_group3");
-
-    Connection connection = context.createConnection("hive", "hive");
+    policyFile
+        .addRolesToGroup("user_group1", "all_default")
+        .addRolesToGroup("user_group2", "select_default")
+        .addRolesToGroup("user_group3", "all_db1")
+        .addPermissionsToRole("all_default", "server=server1->db=default")
+        .addPermissionsToRole("select_default", "server=server1->db=default->table=tab_2->action=select")
+        .addPermissionsToRole("all_db1", "server=server1->db=DB_1")
+        .addGroupsToUser("user1", "user_group1")
+        .addGroupsToUser("user2", "user_group2")
+        .addGroupsToUser("user3", "user_group3")
+        .write(context.getPolicyFile());
+
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
     statement.execute("use default");
     context.close();

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
index 90d6214..25746c1 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtFunctionScope.java
@@ -25,6 +25,7 @@ import java.sql.Connection;
 import java.sql.SQLException;
 import java.sql.Statement;
 
+import org.apache.sentry.provider.file.PolicyFile;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -36,6 +37,7 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
   private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
   private File dataDir;
   private File dataFile;
+  private PolicyFile policyFile;
 
   @Before
   public void setup() throws Exception {
@@ -45,6 +47,8 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
+    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+
   }
 
   @After
@@ -64,21 +68,18 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
   public void testFuncPrivileges1() throws Exception {
     String dbName1 = "db_1";
     String tableName1 = "tb_1";
-    // edit policy file
-    File policyFile = context.getPolicyFile();
-    PolicyFileEditor editor = new PolicyFileEditor(policyFile);
-    editor.addPolicy("admin = admin", "groups");
-    editor.addPolicy("group1 = db1_all,UDF_JAR", "groups");
-    editor.addPolicy("group2 = db1_tab1,UDF_JAR", "groups");
-    editor.addPolicy("group3 = db1_tab1", "groups");
-    editor.addPolicy("admin = server=server1", "roles");
-    editor.addPolicy("db1_all = server=server1->db=" + dbName1, "roles");
-    editor.addPolicy("db1_tab1 = server=server1->db=" + dbName1 + "->table=" + tableName1, "roles");
-    editor.addPolicy("UDF_JAR = server=server1->uri=file://${user.home}/.m2", "roles");
-    editor.addPolicy("admin1 = admin", "users");
-    editor.addPolicy("user1 = group1", "users");
-    editor.addPolicy("user2 = group2", "users");
-    editor.addPolicy("user3 = group3", "users");
+
+    policyFile
+        .addRolesToGroup("group1", "db1_all", "UDF_JAR")
+        .addRolesToGroup("group2", "db1_tab1", "UDF_JAR")
+        .addRolesToGroup("group3", "db1_tab1")
+        .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1)
+        .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1)
+        .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2")
+        .addGroupsToUser("user1", "group1")
+        .addGroupsToUser("user2", "group2")
+        .addGroupsToUser("user3", "group3")
+        .write(context.getPolicyFile());
 
     Connection connection = context.createConnection("admin1", "foo");
     Statement statement = context.createStatement(connection);
@@ -145,18 +146,15 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticLocalFS
     String dbName1 = "db1";
     String tableName1 = "tab1";
 
-    File policyFile = context.getPolicyFile();
-    PolicyFileEditor editor = new PolicyFileEditor(policyFile);
-    editor.addPolicy("admin = admin", "groups");
-    editor.addPolicy("group1 = db1_all,UDF_JAR", "groups");
-    editor.addPolicy("group2 = db1_tab1,UDF_JAR", "groups");
-    editor.addPolicy("group3 = db1_tab1", "groups");
-    editor.addPolicy("admin = server=server1", "roles");
-    editor.addPolicy("db1_all = server=server1->db=" + dbName1, "roles");
-    editor.addPolicy("db1_tab1 = server=server1->db=" + dbName1 + "->table=" + tableName1, "roles");
-    editor.addPolicy("UDF_JAR = server=server1->uri=file://${user.home}/.m2", "roles");
-    editor.addPolicy("admin1 = admin", "users");
-    editor.addPolicy("user1 = group1", "users");
+    policyFile
+        .addRolesToGroup("group1", "db1_all", "UDF_JAR")
+        .addRolesToGroup("group2", "db1_tab1", "UDF_JAR")
+        .addRolesToGroup("group3", "db1_tab1")
+        .addPermissionsToRole("db1_all", "server=server1->db=" + dbName1)
+        .addPermissionsToRole("db1_tab1", "server=server1->db=" + dbName1 + "->table=" + tableName1)
+        .addPermissionsToRole("UDF_JAR", "server=server1->uri=file://${user.home}/.m2")
+        .addGroupsToUser("user1", "group1")
+        .write(context.getPolicyFile());
 
     Connection connection = context.createConnection("admin1", "password");
     Statement statement = connection.createStatement();

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fc9e8839/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
----------------------------------------------------------------------
diff --git a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
index 21bc846..ed4509e 100644
--- a/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
+++ b/sentry-tests/src/test/java/org/apache/sentry/tests/e2e/TestPrivilegesAtTableScope.java
@@ -30,6 +30,7 @@ import java.sql.Statement;
 
 import junit.framework.Assert;
 
+import org.apache.sentry.provider.file.PolicyFile;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -39,17 +40,18 @@ import com.google.common.io.Resources;
 /* Tests privileges at table scope within a single database.
  */
 
-public class TestPrivilegesAtTableScope
-    extends
-      AbstractTestWithStaticLocalFS {
+public class TestPrivilegesAtTableScope extends AbstractTestWithStaticLocalFS {
 
   private Context context;
+  private PolicyFile policyFile;
+
   private final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
   private final String MULTI_TYPE_DATA_FILE_NAME = "emp.dat";
 
   @Before
   public void setup() throws Exception {
     context = createContext();
+    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
   }
 
   @After
@@ -66,32 +68,23 @@ public class TestPrivilegesAtTableScope
    */
   @Test
   public void testInsertAndSelect() throws Exception {
-    File policyFile = context.getPolicyFile();
     File dataDir = context.getDataDir();
     // copy data file to test dir
     File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
-    // delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    // groups : role -> group
-
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group = select_tab1, insert_tab1, select_tab2");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
-    context.append("insert_tab1 = server=server1->db=DB_1->table=TAB_1->action=insert");
-    context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group");
+
+    policyFile
+        .addRolesToGroup("user_group", "select_tab1", "insert_tab1", "select_tab2")
+        .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+        .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
+        .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+        .addGroupsToUser("user1", "user_group")
+        .write(context.getPolicyFile());
+
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
     statement.execute("CREATE DATABASE DB_1");
@@ -135,7 +128,7 @@ public class TestPrivilegesAtTableScope
     connection.close();
 
     // connect as admin and drop tab_1
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection("admin1", "hive");
     statement = context.createStatement(connection);
     statement.execute("USE DB_1");
     statement.execute("DROP TABLE TAB_1");
@@ -157,7 +150,7 @@ public class TestPrivilegesAtTableScope
     connection.close();
 
     // test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection("admin1", "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE DB_1 CASCADE");
     statement.close();
@@ -172,31 +165,22 @@ public class TestPrivilegesAtTableScope
    */
   @Test
   public void testInsert() throws Exception {
-    File policyFile = context.getPolicyFile();
     File dataDir = context.getDataDir();
     // copy data file to test dir
     File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
-    // delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    // groups : role -> group
-
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group = insert_tab1, select_tab2");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("insert_tab1 = server=server1->db=DB_1->table=TAB_1->action=insert");
-    context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group");
+
+    policyFile
+        .addRolesToGroup("user_group", "insert_tab1", "select_tab2")
+        .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
+        .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+        .addGroupsToUser("user1", "user_group")
+        .write(context.getPolicyFile());
+
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
     statement.execute("CREATE DATABASE DB_1");
@@ -254,7 +238,7 @@ public class TestPrivilegesAtTableScope
     connection.close();
 
     // test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection("admin1", "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE DB_1 CASCADE");
     statement.close();
@@ -268,31 +252,23 @@ public class TestPrivilegesAtTableScope
    */
   @Test
   public void testSelect() throws Exception {
-    File policyFile = context.getPolicyFile();
-    File dataDir = context.getDataDir();
     // copy data file to test dir
+    File dataDir = context.getDataDir();
     File dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
-    // delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    // groups : role -> group
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group = select_tab1, select_tab2");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
-    context.append("insert_tab1 = server=server1->db=DB_1->table=TAB_1->action=insert");
-    context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group");
+
+    policyFile
+        .addRolesToGroup("user_group", "select_tab1", "select_tab2")
+        .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+        .addPermissionsToRole("insert_tab1", "server=server1->db=DB_1->table=TAB_1->action=insert")
+        .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+        .addGroupsToUser("user1", "user_group")
+        .write(context.getPolicyFile());
+
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
 
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -351,7 +327,7 @@ public class TestPrivilegesAtTableScope
     connection.close();
 
     // test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection("admin1", "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE DB_1 CASCADE");
     statement.close();
@@ -365,30 +341,22 @@ public class TestPrivilegesAtTableScope
    */
   @Test
   public void testTableViewJoin() throws Exception {
-    File policyFile = context.getPolicyFile();
-    File dataDir = context.getDataDir();
     // copy data file to test dir
+    File dataDir = context.getDataDir();
     File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
     to.close();
-    // delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    // groups : role -> group
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group = select_tab1, select_tab2");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
-    context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group");
+
+    policyFile
+        .addRolesToGroup("user_group", "select_tab1", "select_tab2")
+        .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+        .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+        .addGroupsToUser("user1", "user_group")
+        .write(context.getPolicyFile());
+
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
 
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -436,7 +404,7 @@ public class TestPrivilegesAtTableScope
     connection.close();
 
     // test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection("admin1", "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE DB_1 CASCADE");
     statement.close();
@@ -450,32 +418,23 @@ public class TestPrivilegesAtTableScope
    */
   @Test
   public void testTableViewJoin2() throws Exception {
-    File policyFile = context.getPolicyFile();
+
     File dataDir = context.getDataDir();
     // copy data file to test dir
     File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
     to.close();
-    // delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    // groups : role -> group
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group = select_tab2");
-    // roles: privileges -> role
-
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
-    context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
-
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group");
+
+    policyFile
+        .addRolesToGroup("user_group", "select_tab2")
+        .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+        .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+        .addGroupsToUser("user1", "user_group")
+        .write(context.getPolicyFile());
+
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
 
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -531,7 +490,7 @@ public class TestPrivilegesAtTableScope
     connection.close();
 
     // test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection("admin1", "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE DB_1 CASCADE");
     statement.close();
@@ -545,31 +504,22 @@ public class TestPrivilegesAtTableScope
    */
   @Test
   public void testTableViewJoin3() throws Exception {
-    File policyFile = context.getPolicyFile();
     File dataDir = context.getDataDir();
     // copy data file to test dir
     File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
     to.close();
-    // delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    // groups : role -> group
-
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group = select_tab2, select_view1");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("select_view1 = server=server1->db=DB_1->table=VIEW_1->action=select");
-    context.append("select_tab2 = server=server1->db=DB_1->table=TAB_2->action=select");
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group");
+
+    policyFile
+        .addRolesToGroup("user_group", "select_tab2", "select_view1")
+        .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select")
+        .addPermissionsToRole("select_tab2", "server=server1->db=DB_1->table=TAB_2->action=select")
+        .addGroupsToUser("user1", "user_group")
+        .write(context.getPolicyFile());
+
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
 
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -641,7 +591,7 @@ public class TestPrivilegesAtTableScope
     connection.close();
 
     // test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection("admin1", "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE DB_1 CASCADE");
     statement.close();
@@ -655,31 +605,22 @@ public class TestPrivilegesAtTableScope
    */
   @Test
   public void testTableViewJoin4() throws Exception {
-    File policyFile = context.getPolicyFile();
     File dataDir = context.getDataDir();
     // copy data file to test dir
     File dataFile = new File(dataDir, MULTI_TYPE_DATA_FILE_NAME);
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(MULTI_TYPE_DATA_FILE_NAME), to);
     to.close();
-    // delete existing policy file; create new policy file
-    assertTrue("Could not delete " + policyFile, context.deletePolicyFile());
-    // groups : role -> group
-
-    context.append("[groups]");
-    context.append("admin = all_server");
-    context.append("user_group = select_tab1, select_view1");
-    // roles: privileges -> role
-    context.append("[roles]");
-    context.append("all_server = server=server1");
-    context.append("select_view1 = server=server1->db=DB_1->table=VIEW_1->action=select");
-    context.append("select_tab1 = server=server1->db=DB_1->table=TAB_1->action=select");
-    // users: users -> groups
-    context.append("[users]");
-    context.append("hive = admin");
-    context.append("user1 = user_group");
+
+    policyFile
+        .addRolesToGroup("user_group", "select_tab1", "select_view1")
+        .addPermissionsToRole("select_view1", "server=server1->db=DB_1->table=VIEW_1->action=select")
+        .addPermissionsToRole("select_tab1", "server=server1->db=DB_1->table=TAB_1->action=select")
+        .addGroupsToUser("user1", "user_group")
+        .write(context.getPolicyFile());
+
     // setup db objects needed by the test
-    Connection connection = context.createConnection("hive", "hive");
+    Connection connection = context.createConnection("admin1", "hive");
     Statement statement = context.createStatement(connection);
 
     statement.execute("DROP DATABASE IF EXISTS DB_1 CASCADE");
@@ -728,7 +669,7 @@ public class TestPrivilegesAtTableScope
     connection.close();
 
     // test cleanup
-    connection = context.createConnection("hive", "hive");
+    connection = context.createConnection("admin1", "hive");
     statement = context.createStatement(connection);
     statement.execute("DROP DATABASE DB_1 CASCADE");
     statement.close();


Mime
View raw message