sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shreepa...@apache.org
Subject [1/6] SENTRY-142: Create database backed ProviderBackend (Brock Noland via Shreepadma Venugopalan)
Date Fri, 14 Mar 2014 19:08:51 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/master 644e8be34 -> 90cdbefd5


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index be3d078..f500c2d 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -23,17 +23,22 @@ import static junit.framework.Assert.fail;
 
 import java.io.File;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Set;
 
 import org.apache.commons.io.FileUtils;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.provider.db.SentryAlreadyExistsException;
+import org.apache.sentry.provider.db.SentryNoSuchObjectException;
 import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
 import org.apache.sentry.provider.db.service.model.MSentryRole;
 import org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor;
+import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
 import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.service.thrift.TSentryRole;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.junit.After;
+import org.junit.Before;
 import org.junit.Test;
 
 import com.google.common.collect.Iterables;
@@ -42,17 +47,20 @@ import com.google.common.io.Files;
 
 public class TestSentryStore {
 
-  private static File dataDir;
-  private static SentryStore sentryStore;
+  private File dataDir;
+  private SentryStore sentryStore;
 
-  @BeforeClass
-  public static void setup() throws Exception {
-    dataDir = new File(Files.createTempDir(), SentryStore.DEFAULT_DATA_DIR);
-    sentryStore = new SentryStore(dataDir.getPath());
+  @Before
+  public void setup() throws Exception {
+    dataDir = new File(Files.createTempDir(), "sentry_policy_db");
+    Configuration conf = new Configuration(false);
+    conf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
+        "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true");
+    sentryStore = new SentryStore(conf);
   }
 
-  @AfterClass
-  public static void teardown() {
+  @After
+  public void teardown() {
     if (sentryStore != null) {
       sentryStore.stop();
     }
@@ -61,21 +69,13 @@ public class TestSentryStore {
     }
   }
 
-  private static CommitContext createRole(String r, String g) throws Exception {
-    TSentryRole role = new TSentryRole();
-    role.setGrantorPrincipal(g);
-    role.setRoleName(r);
-    return sentryStore.createSentryRole(role);
-  }
-
-
   @Test
   public void testCreateDuplicateRole() throws Exception {
     String roleName = "test-dup-role";
     String grantor = "g1";
-    createRole(roleName, grantor);
+    sentryStore.createSentryRole(roleName, grantor);
     try {
-      createRole(roleName, grantor);
+      sentryStore.createSentryRole(roleName, grantor);
       fail("Expected SentryAlreadyExistsException");
     } catch(SentryAlreadyExistsException e) {
       // expected
@@ -86,7 +86,7 @@ public class TestSentryStore {
   public void testCreateDropRole() throws Exception {
     String roleName = "test-drop-role";
     String grantor = "g1";
-    long seqId = createRole(roleName, grantor).getSequenceId();
+    long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
     assertEquals(seqId + 1, sentryStore.dropSentryRole(roleName).getSequenceId());
   }
 
@@ -103,7 +103,7 @@ public class TestSentryStore {
   public void testAddDeleteGroups() throws Exception {
     String roleName = "test-groups";
     String grantor = "g1";
-    long seqId = createRole(roleName, grantor).getSequenceId();
+    long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
     Set<TSentryGroup> groups = Sets.newHashSet();
     TSentryGroup group = new TSentryGroup();
     group.setGroupName("test-groups-g1");
@@ -123,7 +123,7 @@ public class TestSentryStore {
   public void testGrantRevokePrivilege() throws Exception {
     String roleName = "test-privilege";
     String grantor = "g1";
-    long seqId = createRole(roleName, grantor).getSequenceId();
+    long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
     TSentryPrivilege privilege = new TSentryPrivilege();
     privilege.setPrivilegeScope("TABLE");
     privilege.setServerName("server1");
@@ -142,4 +142,110 @@ public class TestSentryStore {
     assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege.getPrivilegeName())
         .getSequenceId());
   }
+
+  @Test
+  public void testListSentryPrivilegesForProvider() throws Exception {
+    String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2";
+    String groupName1 = "list-privs-g1", groupName2 = "list-privs-g2";
+    String grantor = "g1";
+    long seqId = sentryStore.createSentryRole(roleName1, grantor).getSequenceId();
+    assertEquals(seqId + 1, sentryStore.createSentryRole(roleName2, grantor).getSequenceId());
+    TSentryPrivilege privilege1 = new TSentryPrivilege();
+    privilege1.setPrivilegeScope("TABLE");
+    privilege1.setServerName("server1");
+    privilege1.setDbName("db1");
+    privilege1.setTableName("tbl1");
+    privilege1.setAction("SELECT");
+    privilege1.setGrantorPrincipal(grantor);
+    privilege1.setCreateTime(System.currentTimeMillis());
+    privilege1.setPrivilegeName(SentryPolicyStoreProcessor.constructPrivilegeName(privilege1));
+    assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege1)
+        .getSequenceId());
+    assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege1)
+        .getSequenceId());
+    TSentryPrivilege privilege2 = new TSentryPrivilege();
+    privilege2.setPrivilegeScope("SERVER");
+    privilege2.setServerName("server1");
+    privilege2.setGrantorPrincipal(grantor);
+    privilege2.setCreateTime(System.currentTimeMillis());
+    privilege2.setPrivilegeName(SentryPolicyStoreProcessor.constructPrivilegeName(privilege2));
+    assertEquals(seqId + 4, sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege2)
+        .getSequenceId());
+    Set<TSentryGroup> groups = Sets.newHashSet();
+    TSentryGroup group = new TSentryGroup();
+    group.setGroupName(groupName1);
+    groups.add(group);
+    assertEquals(seqId + 5, sentryStore.alterSentryRoleAddGroups(grantor,
+        roleName1, groups).getSequenceId());
+    groups.clear();
+    group = new TSentryGroup();
+    group.setGroupName(groupName2);
+    groups.add(group);
+    // group 2 has both roles 1 and 2
+    assertEquals(seqId + 6, sentryStore.alterSentryRoleAddGroups(grantor,
+        roleName1, groups).getSequenceId());
+    assertEquals(seqId + 7, sentryStore.alterSentryRoleAddGroups(grantor,
+        roleName2, groups).getSequenceId());
+    // group1 all roles
+    assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
+            new TSentryActiveRoleSet(true, new HashSet<String>()))));
+    // one active role
+    assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
+            new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
+    // unknown active role
+    assertEquals(Sets.newHashSet(),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
+            new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
+    // no active roles
+    assertEquals(Sets.newHashSet(),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.newHashSet(groupName1),
+            new TSentryActiveRoleSet(false, new HashSet<String>()))));
+
+    // group2 all roles
+    assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select", "server=server1"),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
+            new TSentryActiveRoleSet(true, new HashSet<String>()))));
+    // one active role
+    assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
+            new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
+    assertEquals(Sets.newHashSet("server=server1"),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
+            new TSentryActiveRoleSet(false, Sets.newHashSet(roleName2)))));
+    // unknown active role
+    assertEquals(Sets.newHashSet(),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
+            new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
+    // no active roles
+    assertEquals(Sets.newHashSet(),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.newHashSet(groupName2),
+            new TSentryActiveRoleSet(false, new HashSet<String>()))));
+
+    // both groups, all active roles
+    assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select", "server=server1"),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.
+            newHashSet(groupName1, groupName2),
+            new TSentryActiveRoleSet(true, new HashSet<String>()))));
+    // one active role
+    assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.
+            newHashSet(groupName1, groupName2),
+            new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1)))));
+    assertEquals(Sets.newHashSet("server=server1"),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.
+            newHashSet(groupName1, groupName2),
+            new TSentryActiveRoleSet(false, Sets.newHashSet(roleName2)))));
+    // unknown active role
+    assertEquals(Sets.newHashSet(),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.
+            newHashSet(groupName1, groupName2),
+            new TSentryActiveRoleSet(false, Sets.newHashSet("not a role")))));
+    // no active roles
+    assertEquals(Sets.newHashSet(),
+        SentryStore.toTrimedLower(sentryStore.listSentryPrivilegesForProvider(Sets.
+            newHashSet(groupName1, groupName2),
+            new TSentryActiveRoleSet(false, new HashSet<String>()))));
+  }
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java
new file mode 100644
index 0000000..9c851eb
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreToAuthorizable.java
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.persistent;
+
+import static junit.framework.Assert.assertEquals;
+
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
+import org.junit.Test;
+
+public class TestSentryStoreToAuthorizable {
+
+  private MSentryPrivilege privilege;
+
+  @Test
+  public void testServer() {
+    privilege = new MSentryPrivilege(null, null, "server1", null, null, null, null);
+    assertEquals("server=server1",
+        SentryStore.toAuthorizable(privilege));
+    privilege = new MSentryPrivilege(null, null, "server1", null, null, null,
+        AccessConstants.ALL);
+    assertEquals("server=server1->action=*",
+        SentryStore.toAuthorizable(privilege));
+  }
+
+  @Test
+  public void testTable() {
+    privilege = new MSentryPrivilege(null, null, "server1", "db1", "tbl1", null, null);
+    assertEquals("server=server1->db=db1->table=tbl1",
+        SentryStore.toAuthorizable(privilege));
+    privilege = new MSentryPrivilege(null, null, "server1", "db1", "tbl1", null,
+        AccessConstants.INSERT);
+    assertEquals("server=server1->db=db1->table=tbl1->action=insert",
+        SentryStore.toAuthorizable(privilege));
+    privilege = new MSentryPrivilege(null, null, "server1", "db1", "tbl1", null,
+        AccessConstants.SELECT);
+    assertEquals("server=server1->db=db1->table=tbl1->action=select",
+        SentryStore.toAuthorizable(privilege));
+    privilege = new MSentryPrivilege(null, null, "server1", "db1", "tbl1", null,
+        AccessConstants.ALL);
+    assertEquals("server=server1->db=db1->table=tbl1->action=*",
+        SentryStore.toAuthorizable(privilege));
+  }
+
+  @Test
+  public void testDb() {
+    privilege = new MSentryPrivilege(null, null, "server1", "db1", null, null, null);
+    assertEquals("server=server1->db=db1",
+        SentryStore.toAuthorizable(privilege));
+    privilege = new MSentryPrivilege(null, null, "server1", "db1", null, null,
+        AccessConstants.ALL);
+    assertEquals("server=server1->db=db1->action=*",
+        SentryStore.toAuthorizable(privilege));
+  }
+
+  @Test
+  public void testUri() {
+    privilege = new MSentryPrivilege(null, null, "server1", null, null, "file:///", null);
+    assertEquals("server=server1->uri=file:///",
+        SentryStore.toAuthorizable(privilege));
+    privilege = new MSentryPrivilege(null, null, "server1", null, null, "file:///",
+        AccessConstants.SELECT);
+    assertEquals("server=server1->uri=file:///->action=select",
+        SentryStore.toAuthorizable(privilege));
+    privilege = new MSentryPrivilege(null, null, "server1", null, null, "file:///",
+        AccessConstants.ALL);
+    assertEquals("server=server1->uri=file:///->action=*",
+        SentryStore.toAuthorizable(privilege));
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index d073d8b..aa1e860 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -17,154 +17,83 @@
  */
 
 package org.apache.sentry.provider.db.service.thrift;
+import static junit.framework.Assert.assertEquals;
+
 import java.util.HashSet;
 import java.util.Set;
 
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.provider.common.ProviderBackendContext;
+import org.apache.sentry.provider.db.SimpleDBProviderBackend;
 import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
 import org.apache.sentry.service.thrift.ServiceConstants.ThriftConstants;
-import org.apache.sentry.service.thrift.Status;
 import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
-import com.google.common.base.Preconditions;
+import com.google.common.collect.Sets;
+
 
 public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
-  private static final Logger LOGGER = LoggerFactory.getLogger(TestSentryServiceIntegration.class);
 
   @Test
   public void testCreateRole() throws Exception {
-    Set<String> groupSet = new HashSet<String>();
-    TDropSentryRoleRequest dropReq = new TDropSentryRoleRequest();
-    dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    dropReq.setRoleName("admin_r");
-    dropReq.setRequestorUserName("user_1");
-    groupSet.add("admin");
-    dropReq.setRequestorGroupName(groupSet);
-    TDropSentryRoleResponse dropResp = client.dropRole(dropReq);
-    assertStatus(Status.NO_SUCH_OBJECT, dropResp.getStatus());
-    LOGGER.info("Successfully dropped role: admin_r");
-    groupSet.clear();
-
-    TCreateSentryRoleRequest createReq = new TCreateSentryRoleRequest();
-    createReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    createReq.setRequestorUserName("user_1");
-    groupSet.add("admin");
-    createReq.setRequestorGroupName(groupSet);
-    TSentryRole role = new TSentryRole();
-    role.setRoleName("admin_r");
-    role.setCreateTime(System.currentTimeMillis());
-    role.setGrantorPrincipal("test");
-    role.setPrivileges(new HashSet<TSentryPrivilege>());
-    createReq.setRole(role);
-    TCreateSentryRoleResponse createResp = client.createRole(createReq);
-    assertOK(createResp.getStatus());
-    LOGGER.info("Successfully create role: admin_r");
-    groupSet.clear();
+    String requestorUserName = "user_1";
+    Set<String> requestorUserGroupNames = new HashSet<String>();
+    String roleName = "admin_r";
+
+    client.dropRoleIfExists(requestorUserName, requestorUserGroupNames, roleName);
+
+    client.createRole(requestorUserName, requestorUserGroupNames, roleName);
 
     TListSentryRolesRequest listReq = new TListSentryRolesRequest();
     listReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    listReq.setRoleName("admin_r");
-    listReq.setRequestorUserName("user_1");
-    groupSet.add("admin");
-    listReq.setRequestorGroupName(groupSet);
+    listReq.setRoleName(roleName);
+    listReq.setRequestorUserName(requestorUserName);
     TListSentryRolesResponse listResp = client.listRoleByName(listReq);
     Set<TSentryRole> roles = listResp.getRoles();
-    Preconditions.checkArgument(roles.size() == 1, "Incorrect number of roles");
-    groupSet.clear();
-
-    dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    dropReq.setRoleName("admin_r");
-    dropReq.setRequestorUserName("user_1");
-    groupSet.add("admin");
-    dropReq.setRequestorGroupName(groupSet);
-    dropResp = client.dropRole(dropReq);
-    assertOK(dropResp.getStatus());
-    LOGGER.info("Successfully dropped role: admin_r");
-    groupSet.clear();
+    assertEquals("Incorrect number of roles:" + roles, 1, roles.size());
+
+    client.dropRole(requestorUserName, requestorUserGroupNames, roleName);
   }
 
   @Test
   public void testGrantRevokePrivilege() throws Exception {
-    Set<String> groupSet = new HashSet<String>();
-    TDropSentryRoleRequest dropReq = new TDropSentryRoleRequest();
-    dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    dropReq.setRoleName("admin_testdb");
-    dropReq.setRequestorUserName("server_admin");
-    groupSet.add("admin");
-    dropReq.setRequestorGroupName(groupSet);
-    TDropSentryRoleResponse dropResp = client.dropRole(dropReq);
-    assertStatus(Status.NO_SUCH_OBJECT, dropResp.getStatus());
-    LOGGER.info("Successfully dropped role: admin_testdb");
-    groupSet.clear();
-
-    TCreateSentryRoleRequest createReq = new TCreateSentryRoleRequest();
-    createReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    createReq.setRequestorUserName("server_admin");
-    groupSet.add("admin");
-    createReq.setRequestorGroupName(groupSet);
-    TSentryRole role = new TSentryRole();
-    role.setRoleName("admin_testdb");
-    role.setCreateTime(System.currentTimeMillis());
-    role.setGrantorPrincipal("server_admin");
-    role.setPrivileges(new HashSet<TSentryPrivilege>());
-    createReq.setRole(role);
-    TCreateSentryRoleResponse createResp = client.createRole(createReq);
-    assertOK(createResp.getStatus());
-    LOGGER.info("Successfully create role: admin_testdb");
-    groupSet.clear();
+    String server = "server1";
+    String requestorUserName = "server_admin";
+    Set<String> requestorUserGroupNames = new HashSet<String>();
+    String roleName = "admin_testdb";
+    String db = "testDB";
+    String group = "group1";
+
+    client.dropRoleIfExists(requestorUserName, requestorUserGroupNames, roleName);
+    client.createRole(requestorUserName, requestorUserGroupNames, roleName);
 
     TListSentryRolesRequest listReq = new TListSentryRolesRequest();
     listReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
     listReq.setRoleName("admin_testdb");
-    listReq.setRequestorUserName("server_admin");
-    groupSet.add("admin");
-    listReq.setRequestorGroupName(groupSet);
+    listReq.setRequestorUserName(requestorUserName);
     TListSentryRolesResponse listResp = client.listRoleByName(listReq);
     Set<TSentryRole> roles = listResp.getRoles();
-    Preconditions.checkArgument(roles.size() == 1, "Incorrect number of roles");
-    groupSet.clear();
-
-    TAlterSentryRoleGrantPrivilegeRequest grantReq = new TAlterSentryRoleGrantPrivilegeRequest();
-    grantReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    grantReq.setRoleName("admin_testdb");
-    grantReq.setRequestorUserName("server_admin");
-    groupSet.add("admin");
-    grantReq.setRequestorGroupName(groupSet);
-    TSentryPrivilege privilege = new TSentryPrivilege();
-    privilege.setPrivilegeScope("DB");
-    privilege.setServerName("server1");
-    privilege.setDbName("testDB");
-    privilege.setAction("ALL");
-    privilege.setGrantorPrincipal("server_admin");
-    privilege.setCreateTime(System.currentTimeMillis());
-    grantReq.setPrivilege(privilege);
-    TAlterSentryRoleGrantPrivilegeResponse grantResp = client.grantPrivilege(grantReq);
-    assertOK(grantResp.getStatus());
-    LOGGER.info("Successfully granted privilege: " + privilege.toString());
-    groupSet.clear();
-
-    TAlterSentryRoleRevokePrivilegeRequest revokeReq = new TAlterSentryRoleRevokePrivilegeRequest();
-    revokeReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    revokeReq.setRoleName("admin_testdb");
-    revokeReq.setRequestorUserName("server_admin");
-    groupSet.add("admin");
-    revokeReq.setRequestorGroupName(groupSet);
-    revokeReq.setPrivilege(privilege);
-    TAlterSentryRoleRevokePrivilegeResponse revokeResp = client.revokePrivilege(revokeReq);
-    assertOK(revokeResp.getStatus());
-    LOGGER.info("Successfully revoked privilege: " + privilege.toString());
-    groupSet.clear();
-
-    dropReq.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
-    dropReq.setRoleName("admin_testdb");
-    dropReq.setRequestorUserName("server_admin");
-    groupSet.add("admin");
-    dropReq.setRequestorGroupName(groupSet);
-    dropResp = client.dropRole(dropReq);
-    assertOK(dropResp.getStatus());
-    LOGGER.info("Successfully dropped role: admin_testdb");
-    groupSet.clear();
+    assertEquals("Incorrect number of roles:" + roles, 1, roles.size());
+
+    client.grantDatabasePrivilege(requestorUserName, requestorUserGroupNames, roleName, server, db);
+
+    // verify we can get the privileges from the backend
+    SimpleDBProviderBackend dbBackend = new SimpleDBProviderBackend(client);
+    dbBackend.initialize(new ProviderBackendContext());
+    assertEquals(Sets.newHashSet(), dbBackend.getPrivileges(Sets.newHashSet(group),
+        new ActiveRoleSet(true)));
+    client.grantRoleToGroup(requestorUserName, requestorUserGroupNames, group, roleName);
+    assertEquals(Sets.newHashSet(), dbBackend.getPrivileges(Sets.newHashSet(group),
+        new ActiveRoleSet(new HashSet<String>())));
+    assertEquals(Sets.newHashSet("server="+ server + "->db=" + db + "->action=*"),
+        dbBackend.getPrivileges(Sets.newHashSet("group1"),
+        new ActiveRoleSet(true)));
+    assertEquals(Sets.newHashSet("server="+ server + "->db=" + db + "->action=*"),
+        dbBackend.getPrivileges(Sets.newHashSet(group),
+        new ActiveRoleSet(Sets.newHashSet(roleName))));
+
+    client.revokeDatabasePrivilege(requestorUserName, requestorUserGroupNames, roleName, server, db);
+    client.dropRole(requestorUserName, requestorUserGroupNames, roleName);
   }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
index db76aa8..ee5ca69 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java
@@ -26,6 +26,7 @@ import javax.security.auth.Subject;
 import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.security.auth.login.LoginContext;
 
+import org.apache.commons.io.FileUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.minikdc.KerberosSecurityTestcase;
 import org.apache.hadoop.minikdc.MiniKdc;
@@ -40,6 +41,7 @@ import org.slf4j.LoggerFactory;
 
 import com.google.common.base.Strings;
 import com.google.common.collect.Sets;
+import com.google.common.io.Files;
 
 public abstract class SentryServiceIntegrationBase extends KerberosSecurityTestcase {
   private static final Logger LOGGER = LoggerFactory.getLogger(SentryServiceIntegrationBase.class);
@@ -61,6 +63,7 @@ public abstract class SentryServiceIntegrationBase extends KerberosSecurityTestc
   protected SentryPolicyServiceClient client;
   protected MiniKdc kdc;
   protected File kdcWorkDir;
+  protected File dbDir;
   protected File serverKeytab;
   protected File clientKeytab;
   protected Subject clientSubject;
@@ -100,6 +103,9 @@ public abstract class SentryServiceIntegrationBase extends KerberosSecurityTestc
     conf.set(ServerConfig.RPC_ADDRESS, SERVER_HOST);
     conf.set(ServerConfig.RPC_PORT, String.valueOf(0));
     conf.set(ServerConfig.ALLOW_CONNECT, CLIENT_KERBEROS_NAME);
+    dbDir = new File(Files.createTempDir(), "sentry_policy_db");
+    conf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
+        "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true");
     server = new SentryServiceFactory().create(conf);
     conf.set(ClientConfig.SERVER_RPC_ADDRESS, server.getAddress().getHostString());
     conf.set(ClientConfig.SERVER_RPC_PORT, String.valueOf(server.getAddress().getPort()));
@@ -139,6 +145,9 @@ public abstract class SentryServiceIntegrationBase extends KerberosSecurityTestc
     if(server != null) {
       server.stop();
     }
+    if (dbDir != null) {
+      FileUtils.deleteQuietly(dbDir);
+    }
     afterTeardown();
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java
deleted file mode 100644
index f2bb39c..0000000
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupMappingService.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.file;
-
-import java.io.IOException;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.hadoop.security.Groups;
-import org.apache.sentry.provider.common.GroupMappingService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class HadoopGroupMappingService implements GroupMappingService {
-
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(HadoopGroupMappingService.class);
-  private final Groups groups;
-
-  public HadoopGroupMappingService(Groups groups) {
-    this.groups = groups;
-  }
-
-  @Override
-  public Set<String> getGroups(String user) {
-    try {
-      return new HashSet<String>(groups.getGroups(user));
-    } catch (IOException e) {
-      LOGGER.warn("Unable to obtain groups for " + user, e);
-    }
-    return Collections.emptySet();
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
deleted file mode 100644
index b2e4196..0000000
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/HadoopGroupResourceAuthorizationProvider.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.file;
-
-import java.io.IOException;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.Groups;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.provider.common.GroupMappingService;
-
-import com.google.common.annotations.VisibleForTesting;
-
-public class HadoopGroupResourceAuthorizationProvider extends
-  ResourceAuthorizationProvider {
-
-  // resource parameter present so that other AuthorizationProviders (e.g.
-  // LocalGroupResourceAuthorizationProvider) has the same constructor params.
-  public HadoopGroupResourceAuthorizationProvider(String resource, PolicyEngine policy) throws IOException {
-    this(policy, new HadoopGroupMappingService(
-        Groups.getUserToGroupsMappingService(new Configuration())));
-  }
-
-  @VisibleForTesting
-  public HadoopGroupResourceAuthorizationProvider(PolicyEngine policy,
-      GroupMappingService groupService) {
-    super(policy, groupService);
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
index e8293f6..e66361b 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/LocalGroupResourceAuthorizationProvider.java
@@ -21,6 +21,7 @@ import java.io.IOException;
 
 import org.apache.hadoop.fs.Path;
 import org.apache.sentry.policy.common.PolicyEngine;
+import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
 
 
 public class LocalGroupResourceAuthorizationProvider extends

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFileConstants.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFileConstants.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFileConstants.java
index d28cde2..b2bc531 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFileConstants.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFileConstants.java
@@ -16,28 +16,13 @@
  */
 package org.apache.sentry.provider.file;
 
-import com.google.common.base.Joiner;
-import com.google.common.base.Splitter;
+import org.apache.sentry.provider.common.ProviderConstants;
 
-public class PolicyFileConstants {
+public class PolicyFileConstants extends ProviderConstants {
 
   public static final String DATABASES = "databases";
   public static final String GROUPS = "groups";
   public static final String ROLES = "roles";
   public static final String USERS = "users";
 
-  public static final String ROLE_SEPARATOR = ",";
-  public static final String AUTHORIZABLE_SEPARATOR = "->";
-  public static final String KV_SEPARATOR = "=";
-
-  public static final Splitter ROLE_SPLITTER = Splitter.on(ROLE_SEPARATOR);
-  public static final Splitter AUTHORIZABLE_SPLITTER = Splitter.on(AUTHORIZABLE_SEPARATOR);
-  public static final Splitter KV_SPLITTER = Splitter.on(KV_SEPARATOR);
-  public static final Joiner ROLE_JOINER = Joiner.on(ROLE_SEPARATOR);
-  public static final Joiner AUTHORIZABLE_JOINER = Joiner.on(AUTHORIZABLE_SEPARATOR);
-  public static final Joiner KV_JOINER = Joiner.on(KV_SEPARATOR);
-
-  // TODO change to privilege
-  public static final String PRIVILEGE_NAME = "action";
-  public static final String PRIVILEGE_PREFIX = (PRIVILEGE_NAME + KV_SEPARATOR).toLowerCase();
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
deleted file mode 100644
index 448d7c1..0000000
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/ResourceAuthorizationProvider.java
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.file;
-
-import static org.apache.sentry.provider.file.PolicyFileConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.provider.file.PolicyFileConstants.KV_JOINER;
-import static org.apache.sentry.provider.file.PolicyFileConstants.PRIVILEGE_NAME;
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.provider.common.AuthorizationProvider;
-import org.apache.sentry.provider.common.GroupMappingService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Function;
-import com.google.common.base.Preconditions;
-import com.google.common.collect.Iterables;
-import com.google.common.collect.Sets;
-
-public abstract class ResourceAuthorizationProvider implements AuthorizationProvider {
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(ResourceAuthorizationProvider.class);
-  private final GroupMappingService groupService;
-  private final PolicyEngine policy;
-  private final PrivilegeFactory privilegeFactory;
-  private final ThreadLocal<List<String>> lastFailedPrivileges;
-
-  public ResourceAuthorizationProvider(PolicyEngine policy,
-      GroupMappingService groupService) {
-    this.policy = policy;
-    this.groupService = groupService;
-    this.privilegeFactory = policy.getPrivilegeFactory();
-    this.lastFailedPrivileges = new ThreadLocal<List<String>>() {
-      @Override
-      protected List<String> initialValue() {
-        return new ArrayList<String>();
-      }
-    };
-  }
-
-  /***
-   * @param subject: UserID to validate privileges
-   * @param authorizableHierarchy : List of object according to namespace hierarchy.
-   *        eg. Server->Db->Table or Server->Function
-   *        The privileges will be validated from the higher to lower scope
-   * @param actions : Privileges to validate
-   * @return
-   *        True if the subject is authorized to perform requested action on the given object
-   */
-  @Override
-  public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy,
-      Set<? extends Action> actions, ActiveRoleSet roleSet) {
-    if(LOGGER.isDebugEnabled()) {
-      LOGGER.debug("Authorization Request for " + subject + " " +
-          authorizableHierarchy + " and " + actions);
-    }
-    Preconditions.checkNotNull(subject, "Subject cannot be null");
-    Preconditions.checkNotNull(authorizableHierarchy, "Authorizable cannot be null");
-    Preconditions.checkArgument(!authorizableHierarchy.isEmpty(), "Authorizable cannot be empty");
-    Preconditions.checkNotNull(actions, "Actions cannot be null");
-    Preconditions.checkArgument(!actions.isEmpty(), "Actions cannot be empty");
-    Preconditions.checkNotNull(roleSet, "ActiveRoleSet cannot be null");
-    return doHasAccess(subject, authorizableHierarchy, actions, roleSet);
-  }
-
-  private boolean doHasAccess(Subject subject,
-      List<? extends Authorizable> authorizables, Set<? extends Action> actions,
-      ActiveRoleSet roleSet) {
-    Set<String> groups =  getGroups(subject);
-    Set<String> hierarchy = new HashSet<String>();
-    for (Authorizable authorizable : authorizables) {
-      hierarchy.add(KV_JOINER.join(authorizable.getTypeName(), authorizable.getName()));
-    }
-    Iterable<Privilege> privileges = getPrivileges(groups, roleSet);
-    List<String> requestPrivileges = buildPermissions(authorizables, actions);
-    lastFailedPrivileges.get().clear();
-
-    for (String requestPrivilege : requestPrivileges) {
-      for (Privilege permission : privileges) {
-        /*
-         * Does the permission granted in the policy file imply the requested action?
-         */
-        boolean result = permission.implies(privilegeFactory.createPrivilege(requestPrivilege));
-        if(LOGGER.isDebugEnabled()) {
-          LOGGER.debug("ProviderPrivilege {}, RequestPrivilege {}, RoleSet, {}, Result {}",
-              new Object[]{ permission, requestPrivilege, roleSet, result});
-        }
-        if (result) {
-          return true;
-        }
-      }
-    }
-    lastFailedPrivileges.get().addAll(requestPrivileges);
-    return false;
-  }
-
-  private Iterable<Privilege> getPrivileges(Set<String> groups, ActiveRoleSet roleSet) {
-    return Iterables.transform(policy.getPrivileges(groups, roleSet),
-        new Function<String, Privilege>() {
-      @Override
-      public Privilege apply(String privilege) {
-        return privilegeFactory.createPrivilege(privilege);
-      }
-    });
-  }
-
-  @Override
-  public GroupMappingService getGroupMapping() {
-    return groupService;
-  }
-
-  private Set<String> getGroups(Subject subject) {
-    return groupService.getGroups(subject.getName());
-  }
-
-  @Override
-  public void validateResource(boolean strictValidation) throws SentryConfigurationException {
-    policy.validatePolicy(strictValidation);
-  }
-
-  @Override
-  public Set<String> listPrivilegesForSubject(Subject subject) throws SentryConfigurationException {
-    return policy.getPrivileges(getGroups(subject), ActiveRoleSet.ALL);
-  }
-
-  @Override
-  public Set<String> listPrivilegesForGroup(String groupName) throws SentryConfigurationException {
-    return policy.getPrivileges(Sets.newHashSet(groupName), ActiveRoleSet.ALL);
-  }
-
-  @Override
-  public List<String> getLastFailedPrivileges() {
-    return lastFailedPrivileges.get();
-  }
-
-  private List<String> buildPermissions(List<? extends Authorizable> authorizables,
-      Set<? extends Action> actions) {
-    List<String> hierarchy = new ArrayList<String>();
-    List<String> requestedPermissions = new ArrayList<String>();
-
-    for (Authorizable authorizable : authorizables) {
-      hierarchy.add(KV_JOINER.join(authorizable.getTypeName(), authorizable.getName()));
-    }
-
-    for (Action action : actions) {
-      String requestPermission = AUTHORIZABLE_JOINER.join(hierarchy);
-      requestPermission = AUTHORIZABLE_JOINER.join(requestPermission,
-          KV_JOINER.join(PRIVILEGE_NAME, action.getValue()));
-      requestedPermissions.add(requestPermission);
-    }
-    return requestedPermissions;
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java
index 89a2d31..9fcebbb 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java
@@ -163,6 +163,11 @@ public class SimpleFileProviderBackend implements ProviderBackend {
   }
 
   @Override
+  public void close() {
+    groupRolePrivilegeTable.clear();
+  }
+
+  @Override
   public void validatePolicy(boolean strictValidation) throws SentryConfigurationException {
     if (!initialized) {
       throw new IllegalStateException("Backend has not been properly initialized");

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/90cdbefd/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
deleted file mode 100644
index d3127d7..0000000
--- a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestGetGroupMapping.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.file;
-
-import static org.junit.Assert.assertSame;
-
-import java.util.Set;
-
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.provider.common.GroupMappingService;
-import org.junit.Test;
-
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Sets;
-
-public class TestGetGroupMapping {
-
-  private static class TestResourceAuthorizationProvider extends ResourceAuthorizationProvider {
-    public TestResourceAuthorizationProvider(PolicyEngine policy,
-      GroupMappingService groupService) {
-      super(policy, groupService);
-    }
-  };
-
-  @Test
-  public void testResourceAuthorizationProvider() {
-    final Set<String> set = Sets.newHashSet("a", "b", "c");
-    GroupMappingService mappingService = new GroupMappingService() {
-      public Set<String> getGroups(String user) { return set; }
-    };
-    PolicyEngine policyEngine = new PolicyEngine() {
-      public PrivilegeFactory getPrivilegeFactory() { return null; }
-
-      public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet) {
-        return ImmutableSet.of();
-      }
-
-      public void validatePolicy(boolean strictValidation)
-          throws SentryConfigurationException {
-        return;
-      }
-    };
-
-    TestResourceAuthorizationProvider authProvider =
-      new TestResourceAuthorizationProvider(policyEngine, mappingService);
-    assertSame(authProvider.getGroupMapping(), mappingService);
-  }
-}


Mime
View raw message