sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s..@apache.org
Subject [15/25] incubator-sentry git commit: SENTRY-812: Generate audit trail for Sentry generic model when authorization metadata change (Colin Ma, Reviewed by: Dapeng Sun)
Date Thu, 05 Nov 2015 01:44:43 GMT
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6058fbfc/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
index 199f7f5..4e40038 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java
@@ -24,7 +24,6 @@ import java.util.LinkedHashSet;
 import java.util.Set;
 
 import org.apache.hadoop.conf.Configuration;
-import org.apache.log4j.Logger;
 import org.apache.sentry.core.model.db.AccessConstants;
 import org.apache.sentry.provider.db.log.util.Constants;
 import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest;
@@ -53,7 +52,6 @@ import com.google.common.collect.Sets;
 public class TestJsonLogEntityFactory {
 
   private static Configuration conf;
-  private Logger sentryLogger = Logger.getRootLogger();
 
   private static String TEST_IP = "localhost/127.0.0.1";
   private static String TEST_IMPERSONATOR = "impersonator";
@@ -79,18 +77,16 @@ public class TestJsonLogEntityFactory {
     request.setRequestorUserName(TEST_USER_NAME);
     request.setRoleName(TEST_ROLE_NAME);
     response.setStatus(Status.OK());
-    AuditMetadataLogEntity amle = (AuditMetadataLogEntity) JsonLogEntityFactory
+    DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory
         .getInstance().createJsonLogEntity(request, response, conf);
     assertCommon(amle, Constants.TRUE, Constants.OPERATION_CREATE_ROLE,
         "CREATE ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE);
-    sentryLogger.debug(amle.toJsonFormatLog());
 
     response.setStatus(Status.InvalidInput("", null));
-    amle = (AuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
+    amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
         .createJsonLogEntity(request, response, conf);
     assertCommon(amle, Constants.FALSE, Constants.OPERATION_CREATE_ROLE,
         "CREATE ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE);
-    sentryLogger.debug(amle.toJsonFormatLog());
   }
 
   @Test
@@ -100,18 +96,16 @@ public class TestJsonLogEntityFactory {
     request.setRequestorUserName(TEST_USER_NAME);
     request.setRoleName(TEST_ROLE_NAME);
     response.setStatus(Status.OK());
-    AuditMetadataLogEntity amle = (AuditMetadataLogEntity) JsonLogEntityFactory
+    DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory
         .getInstance().createJsonLogEntity(request, response, conf);
     assertCommon(amle, Constants.TRUE, Constants.OPERATION_DROP_ROLE,
         "DROP ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE);
-    sentryLogger.debug(amle.toJsonFormatLog());
 
     response.setStatus(Status.InvalidInput("", null));
-    amle = (AuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
+    amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
         .createJsonLogEntity(request, response, conf);
     assertCommon(amle, Constants.FALSE, Constants.OPERATION_DROP_ROLE,
         "DROP ROLE testRole", null, null, null, Constants.OBJECT_TYPE_ROLE);
-    sentryLogger.debug(amle.toJsonFormatLog());
   }
 
   @Test
@@ -128,18 +122,17 @@ public class TestJsonLogEntityFactory {
     privileges.add(privilege);
     request.setPrivileges(privileges);
     response.setStatus(Status.OK());
-    AuditMetadataLogEntity amle = new AuditMetadataLogEntity();
+    DBAuditMetadataLogEntity amle = new DBAuditMetadataLogEntity();
     Set<JsonLogEntity> amles =  JsonLogEntityFactory
         .getInstance().createJsonLogEntitys(request, response, conf);
     assertEquals(amles.size(),1);
     for (JsonLogEntity amle1 : amles) {
-      amle = (AuditMetadataLogEntity) amle1;
+      amle = (DBAuditMetadataLogEntity) amle1;
       break;
     }
     assertCommon(amle, Constants.TRUE, Constants.OPERATION_GRANT_PRIVILEGE,
         "GRANT ALL ON DATABASE testDB TO ROLE testRole", TEST_DATABASE_NAME,
         null, null, Constants.OBJECT_TYPE_PRINCIPAL);
-    sentryLogger.debug(amle.toJsonFormatLog());
 
     privilege = getPrivilege(AccessConstants.ALL, PrivilegeScope.TABLE.name(),
         null, TEST_TABLE_NAME, null, null);
@@ -151,13 +144,12 @@ public class TestJsonLogEntityFactory {
         .createJsonLogEntitys(request, response, conf);
     assertEquals(amles.size(),1);
     for (JsonLogEntity amle1 : amles) {
-      amle = (AuditMetadataLogEntity) amle1;
+      amle = (DBAuditMetadataLogEntity) amle1;
       break;
     }
     assertCommon(amle, Constants.FALSE, Constants.OPERATION_GRANT_PRIVILEGE,
         "GRANT ALL ON TABLE testTable TO ROLE testRole", null, TEST_TABLE_NAME,
         null, Constants.OBJECT_TYPE_PRINCIPAL);
-    sentryLogger.debug(amle.toJsonFormatLog());
   }
 
   @Test
@@ -173,18 +165,17 @@ public class TestJsonLogEntityFactory {
     privileges.add(privilege);
     request.setPrivileges(privileges);
     response.setStatus(Status.OK());
-    AuditMetadataLogEntity amle = new AuditMetadataLogEntity();
+    DBAuditMetadataLogEntity amle = new DBAuditMetadataLogEntity();
     Set<JsonLogEntity> amles =  JsonLogEntityFactory
         .getInstance().createJsonLogEntitys(request, response, conf);
     assertEquals(amles.size(),1);
     for (JsonLogEntity amle1 : amles) {
-      amle = (AuditMetadataLogEntity) amle1;
+      amle = (DBAuditMetadataLogEntity) amle1;
       break;
     }
     assertCommon(amle, Constants.TRUE, Constants.OPERATION_REVOKE_PRIVILEGE,
         "REVOKE ALL ON DATABASE testDB FROM ROLE testRole", TEST_DATABASE_NAME,
         null, null, Constants.OBJECT_TYPE_PRINCIPAL);
-    sentryLogger.debug(amle.toJsonFormatLog());
 
     privilege = getPrivilege(AccessConstants.ALL, PrivilegeScope.TABLE.name(),
         null, TEST_TABLE_NAME, null, null);
@@ -196,13 +187,12 @@ public class TestJsonLogEntityFactory {
         .createJsonLogEntitys(request, response, conf);
     assertEquals(amles.size(),1);
     for (JsonLogEntity amle1 : amles) {
-      amle = (AuditMetadataLogEntity) amle1;
+      amle = (DBAuditMetadataLogEntity) amle1;
       break;
     }
     assertCommon(amle, Constants.FALSE, Constants.OPERATION_REVOKE_PRIVILEGE,
         "REVOKE ALL ON TABLE testTable FROM ROLE testRole", null,
         TEST_TABLE_NAME, null, Constants.OBJECT_TYPE_PRINCIPAL);
-    sentryLogger.debug(amle.toJsonFormatLog());
   }
 
   @Test
@@ -213,20 +203,18 @@ public class TestJsonLogEntityFactory {
     request.setRoleName(TEST_ROLE_NAME);
     request.setGroups(getGroups());
     response.setStatus(Status.OK());
-    AuditMetadataLogEntity amle = (AuditMetadataLogEntity) JsonLogEntityFactory
+    DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory
         .getInstance().createJsonLogEntity(request, response, conf);
     assertCommon(amle, Constants.TRUE, Constants.OPERATION_ADD_ROLE,
         "GRANT ROLE testRole TO GROUP testGroup", null, null, null,
         Constants.OBJECT_TYPE_ROLE);
-    sentryLogger.debug(amle.toJsonFormatLog());
 
     response.setStatus(Status.InvalidInput("", null));
-    amle = (AuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
+    amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
         .createJsonLogEntity(request, response, conf);
     assertCommon(amle, Constants.FALSE, Constants.OPERATION_ADD_ROLE,
         "GRANT ROLE testRole TO GROUP testGroup", null, null, null,
         Constants.OBJECT_TYPE_ROLE);
-    sentryLogger.debug(amle.toJsonFormatLog());
   }
 
   @Test
@@ -237,23 +225,21 @@ public class TestJsonLogEntityFactory {
     request.setRoleName(TEST_ROLE_NAME);
     request.setGroups(getGroups());
     response.setStatus(Status.OK());
-    AuditMetadataLogEntity amle = (AuditMetadataLogEntity) JsonLogEntityFactory
+    DBAuditMetadataLogEntity amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory
         .getInstance().createJsonLogEntity(request, response, conf);
     assertCommon(amle, Constants.TRUE, Constants.OPERATION_DELETE_ROLE,
         "REVOKE ROLE testRole FROM GROUP testGroup", null, null, null,
         Constants.OBJECT_TYPE_ROLE);
-    sentryLogger.debug(amle.toJsonFormatLog());
 
     response.setStatus(Status.InvalidInput("", null));
-    amle = (AuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
+    amle = (DBAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
         .createJsonLogEntity(request, response, conf);
     assertCommon(amle, Constants.FALSE, Constants.OPERATION_DELETE_ROLE,
         "REVOKE ROLE testRole FROM GROUP testGroup", null, null, null,
         Constants.OBJECT_TYPE_ROLE);
-    sentryLogger.debug(amle.toJsonFormatLog());
   }
 
-  private void assertCommon(AuditMetadataLogEntity amle,
+  private void assertCommon(DBAuditMetadataLogEntity amle,
       String allowedExcepted, String operationExcepted,
       String operationTextExcepted, String databaseNameExcepted,
       String tableNameExcepted, String resourcePathExcepted,
@@ -272,37 +258,6 @@ public class TestJsonLogEntityFactory {
     assertEquals(objectTypeExcepted, amle.getObjectType());
   }
 
-  // private TAlterSentryRoleGrantPrivilegeRequest getGrantPrivilegeRequest() {
-  // TAlterSentryRoleGrantPrivilegeRequest request = new
-  // TAlterSentryRoleGrantPrivilegeRequest();
-  // request.setRoleName(TEST_ROLE_NAME);
-  // return request;
-  // }
-  //
-  // private TAlterSentryRoleGrantPrivilegeResponse getGrantPrivilegeResponse(
-  // TSentryResponseStatus status) {
-  // TAlterSentryRoleGrantPrivilegeResponse response = new
-  // TAlterSentryRoleGrantPrivilegeResponse();
-  // response.setStatus(status);
-  // return response;
-  // }
-
-  // private TAlterSentryRoleRevokePrivilegeRequest getRevokePrivilegeRequest()
-  // {
-  // TAlterSentryRoleRevokePrivilegeRequest request = new
-  // TAlterSentryRoleRevokePrivilegeRequest();
-  // request.setRoleName(TEST_ROLE_NAME);
-  // return request;
-  // }
-  //
-  // private TAlterSentryRoleRevokePrivilegeResponse getRevokePrivilegeResponse(
-  // TSentryResponseStatus status) {
-  // TAlterSentryRoleRevokePrivilegeResponse response = new
-  // TAlterSentryRoleRevokePrivilegeResponse();
-  // response.setStatus(status);
-  // return response;
-  // }
-
   private TSentryPrivilege getPrivilege(String action, String privilegeScope,
       String dbName, String tableName, String serverName, String URI) {
     TSentryPrivilege privilege = new TSentryPrivilege();

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6058fbfc/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
new file mode 100644
index 0000000..a5aff35
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactoryGM.java
@@ -0,0 +1,259 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.log.entity;
+
+import static junit.framework.Assert.assertEquals;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest;
+import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse;
+import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
+import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleDeleteGroupsResponse;
+import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
+import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeResponse;
+import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
+import org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeResponse;
+import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
+import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleRequest;
+import org.apache.sentry.provider.db.generic.service.thrift.TCreateSentryRoleResponse;
+import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleRequest;
+import org.apache.sentry.provider.db.generic.service.thrift.TDropSentryRoleResponse;
+import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
+import org.apache.sentry.provider.db.log.util.Constants;
+import org.apache.sentry.provider.db.service.thrift.ThriftUtil;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.apache.sentry.service.thrift.Status;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class TestJsonLogEntityFactoryGM {
+
+  private static Configuration conf;
+  private static String TEST_IP = "localhost/127.0.0.1";
+  private static String TEST_IMPERSONATOR = "impersonator";
+  private static String TEST_ROLE_NAME = "testRole";
+  private static String TEST_USER_NAME = "requestUser";
+  private static String TEST_GROUP = "testGroup";
+  private static String TEST_ACTION = "action";
+  private static String TEST_COMPONENT = "component";
+  private static Map<String, String> TEST_PRIVILEGES_MAP = new HashMap<String, String>();
+
+  @BeforeClass
+  public static void init() {
+    conf = new Configuration();
+    conf.set(ServerConfig.SENTRY_SERVICE_NAME, ServerConfig.SENTRY_SERVICE_NAME_DEFAULT);
+    ThriftUtil.setIpAddress(TEST_IP);
+    ThriftUtil.setImpersonator(TEST_IMPERSONATOR);
+    TEST_PRIVILEGES_MAP.put("resourceType1", "resourceName1");
+    TEST_PRIVILEGES_MAP.put("resourceType2", "resourceName2");
+    TEST_PRIVILEGES_MAP.put("resourceType3", "resourceName3");
+  }
+
+  @Test
+  public void testCreateRole() {
+    TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
+    TCreateSentryRoleResponse response = new TCreateSentryRoleResponse();
+    request.setRequestorUserName(TEST_USER_NAME);
+    request.setRoleName(TEST_ROLE_NAME);
+    response.setStatus(Status.OK());
+    GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
+        .createJsonLogEntity(request, response, conf);
+    assertCommon(amle, Constants.TRUE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole",
+        Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>());
+
+    response.setStatus(Status.InvalidInput("", null));
+    amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
+        request, response, conf);
+    assertCommon(amle, Constants.FALSE, Constants.OPERATION_CREATE_ROLE, "CREATE ROLE testRole",
+        Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>());
+  }
+
+  @Test
+  public void testDropRole() {
+    TDropSentryRoleRequest request = new TDropSentryRoleRequest();
+    TDropSentryRoleResponse response = new TDropSentryRoleResponse();
+    request.setRequestorUserName(TEST_USER_NAME);
+    request.setRoleName(TEST_ROLE_NAME);
+    response.setStatus(Status.OK());
+    GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory
+        .getInstance().createJsonLogEntity(request, response, conf);
+    assertCommon(amle, Constants.TRUE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole",
+        Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>());
+
+    response.setStatus(Status.InvalidInput("", null));
+    amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
+        request, response, conf);
+    assertCommon(amle, Constants.FALSE, Constants.OPERATION_DROP_ROLE, "DROP ROLE testRole",
+        Constants.OBJECT_TYPE_ROLE, new HashMap<String, String>());
+  }
+
+  @Test
+  public void testGrantRole() {
+    TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest();
+    request.setRequestorUserName(TEST_USER_NAME);
+    request.setRoleName(TEST_ROLE_NAME);
+
+    TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse();
+
+    TSentryPrivilege privilege = getPrivilege();
+    request.setPrivilege(privilege);
+    response.setStatus(Status.OK());
+    GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
+        .createJsonLogEntity(
+        request, response, conf);
+    assertCommon(
+        amle,
+        Constants.TRUE,
+        Constants.OPERATION_GRANT_PRIVILEGE,
+        "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3
resourceName3 TO ROLE testRole",
+        Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP);
+
+    response.setStatus(Status.InvalidInput("", null));
+    amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
+        request, response, conf);
+    assertCommon(
+        amle,
+        Constants.FALSE,
+        Constants.OPERATION_GRANT_PRIVILEGE,
+        "GRANT ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3
resourceName3 TO ROLE testRole",
+        Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP);
+  }
+
+  @Test
+  public void testRevokeRole() {
+    TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest();
+    TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse();
+    request.setRequestorUserName(TEST_USER_NAME);
+    request.setRoleName(TEST_ROLE_NAME);
+
+    TSentryPrivilege privilege = getPrivilege();
+    request.setPrivilege(privilege);
+    response.setStatus(Status.OK());
+    GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
+        .createJsonLogEntity(request, response, conf);
+    assertCommon(
+        amle,
+        Constants.TRUE,
+        Constants.OPERATION_REVOKE_PRIVILEGE,
+        "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3
resourceName3 FROM ROLE testRole",
+        Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP);
+
+    response.setStatus(Status.InvalidInput("", null));
+    amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
+        request, response, conf);
+
+    assertCommon(
+        amle,
+        Constants.FALSE,
+        Constants.OPERATION_REVOKE_PRIVILEGE,
+        "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3
resourceName3 FROM ROLE testRole",
+        Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP);
+  }
+
+  @Test
+  public void testAddRole() {
+    TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest();
+    TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse();
+    request.setRequestorUserName(TEST_USER_NAME);
+    request.setRoleName(TEST_ROLE_NAME);
+    request.setGroups(getGroups());
+    response.setStatus(Status.OK());
+    GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance()
+        .createJsonLogEntity(request, response, conf);
+    assertCommon(amle, Constants.TRUE, Constants.OPERATION_ADD_ROLE,
+        "GRANT ROLE testRole TO GROUP testGroup", Constants.OBJECT_TYPE_ROLE,
+        new HashMap<String, String>());
+
+    response.setStatus(Status.InvalidInput("", null));
+    amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
+        request, response, conf);
+    assertCommon(amle, Constants.FALSE, Constants.OPERATION_ADD_ROLE,
+        "GRANT ROLE testRole TO GROUP testGroup", Constants.OBJECT_TYPE_ROLE,
+        new HashMap<String, String>());
+  }
+
+  @Test
+  public void testDeleteRole() {
+    TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest();
+    TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse();
+    request.setRequestorUserName(TEST_USER_NAME);
+    request.setRoleName(TEST_ROLE_NAME);
+    request.setGroups(getGroups());
+    response.setStatus(Status.OK());
+    GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory
+        .getInstance().createJsonLogEntity(request, response, conf);
+    assertCommon(amle, Constants.TRUE, Constants.OPERATION_DELETE_ROLE,
+        "REVOKE ROLE testRole FROM GROUP testGroup", Constants.OBJECT_TYPE_ROLE,
+        new HashMap<String, String>());
+
+    response.setStatus(Status.InvalidInput("", null));
+    amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity(
+        request, response, conf);
+    assertCommon(amle, Constants.FALSE, Constants.OPERATION_DELETE_ROLE,
+        "REVOKE ROLE testRole FROM GROUP testGroup", Constants.OBJECT_TYPE_ROLE,
+        new HashMap<String, String>());
+  }
+
+  private void assertCommon(GMAuditMetadataLogEntity amle, String allowedExcepted,
+      String operationExcepted, String operationTextExcepted, String objectTypeExcepted,
+      Map<String, String> privilegesExcepted) {
+    assertEquals(ServerConfig.SENTRY_SERVICE_NAME_DEFAULT, amle.getServiceName());
+    assertEquals(TEST_IP, amle.getIpAddress());
+    assertEquals(TEST_USER_NAME, amle.getUserName());
+    assertEquals(TEST_IMPERSONATOR, amle.getImpersonator());
+    assertEquals(allowedExcepted, amle.getAllowed());
+    assertEquals(operationExcepted, amle.getOperation());
+    assertEquals(operationTextExcepted, amle.getOperationText());
+    assertEquals(objectTypeExcepted, amle.getObjectType());
+    assertPrivilegesMap(privilegesExcepted, amle.getPrivilegesMap());
+  }
+
+  private void assertPrivilegesMap(Map<String, String> privilegesExcepted,
+      Map<String, String> privilegesActual) {
+    assertEquals(privilegesExcepted.size(), privilegesActual.size());
+    for (Map.Entry<String, String> privilege : privilegesExcepted.entrySet()) {
+      assertEquals(privilege.getValue(), privilegesActual.get(privilege.getKey()));
+    }
+  }
+
+  private TSentryPrivilege getPrivilege() {
+    TSentryPrivilege privilege = new TSentryPrivilege();
+    privilege.setAction(TEST_ACTION);
+    privilege.setComponent(TEST_COMPONENT);
+    List<TAuthorizable> authorizables = new ArrayList<TAuthorizable>();
+    authorizables.add(new TAuthorizable("resourceType1", "resourceName1"));
+    authorizables.add(new TAuthorizable("resourceType2", "resourceName2"));
+    authorizables.add(new TAuthorizable("resourceType3", "resourceName3"));
+    privilege.setAuthorizables(authorizables);
+    return privilege;
+  }
+
+  private Set<String> getGroups() {
+    Set<String> groups = new HashSet<String>();
+    groups.add(TEST_GROUP);
+    return groups;
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6058fbfc/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
index 0a2b0b2..02a79ff 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/log/util/TestCommandUtil.java
@@ -18,18 +18,17 @@
 
 package org.apache.sentry.provider.db.log.util;
 
-import java.util.LinkedHashSet;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Set;
 
 import junit.framework.TestCase;
 
 import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleAddGroupsRequest;
-import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleDeleteGroupsRequest;
+import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
 import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleGrantPrivilegeRequest;
 import org.apache.sentry.provider.db.service.thrift.TAlterSentryRoleRevokePrivilegeRequest;
 import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
 import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
 import org.junit.Test;
@@ -56,18 +55,11 @@ public class TestCommandUtil extends TestCase {
   @Test
   public void testCreateCmdForRoleAddOrDeleteGroup1() {
 
-    TAlterSentryRoleAddGroupsRequest requestAdd = getRoleAddGroupsRequest();
-    TAlterSentryRoleDeleteGroupsRequest requestDelete = getRoleDeleteGroupsRequest();
-
-    Set<TSentryGroup> groups = getGroups(1);
-    requestAdd.setGroups(groups);
-    requestDelete.setGroups(groups);
-
-    String createRoleAddGroupCmdResult = CommandUtil
-        .createCmdForRoleAddGroup(requestAdd);
+    String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole",
+        getGroupStr(1));
     String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1";
-    String createRoleDeleteGroupCmdResult = CommandUtil
-        .createCmdForRoleDeleteGroup(requestDelete);
+    String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole",
+        getGroupStr(1));
     String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1";
 
     assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult);
@@ -77,19 +69,11 @@ public class TestCommandUtil extends TestCase {
 
   @Test
   public void testCreateCmdForRoleAddOrDeleteGroup2() {
-
-    TAlterSentryRoleAddGroupsRequest requestAdd = getRoleAddGroupsRequest();
-    TAlterSentryRoleDeleteGroupsRequest requestDelete = getRoleDeleteGroupsRequest();
-
-    Set<TSentryGroup> groups = getGroups(3);
-    requestAdd.setGroups(groups);
-    requestDelete.setGroups(groups);
-
-    String createRoleAddGroupCmdResult = CommandUtil
-        .createCmdForRoleAddGroup(requestAdd);
+    String createRoleAddGroupCmdResult = CommandUtil.createCmdForRoleAddGroup("testRole",
+        getGroupStr(3));
     String createRoleAddGroupCmdExcepted = "GRANT ROLE testRole TO GROUP testGroup1, testGroup2,
testGroup3";
-    String createRoleDeleteGroupCmdResult = CommandUtil
-        .createCmdForRoleDeleteGroup(requestDelete);
+    String createRoleDeleteGroupCmdResult = CommandUtil.createCmdForRoleDeleteGroup("testRole",
+        getGroupStr(3));
     String createRoleDeleteGroupCmdExcepted = "REVOKE ROLE testRole FROM GROUP testGroup1,
testGroup2, testGroup3";
 
     assertEquals(createRoleAddGroupCmdExcepted, createRoleAddGroupCmdResult);
@@ -294,26 +278,55 @@ public class TestCommandUtil extends TestCase {
     assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult);
   }
 
-  private TAlterSentryRoleAddGroupsRequest getRoleAddGroupsRequest() {
-    TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest();
-    request.setRoleName("testRole");
-    return request;
+  // generate the command without grant option
+  @Test
+  public void testCreateCmdForGrantOrRevokeGMPrivilege1() {
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest
grantRequest = getGrantGMPrivilegeRequest();
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest
revokeRequest = getRevokeGMPrivilegeRequest();
+    org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege();
+    grantRequest.setPrivilege(privilege);
+    revokeRequest.setPrivilege(privilege);
+
+    String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1
resourceType2 resourceName2 TO ROLE testRole";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokeGMPrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1
resourceType2 resourceName2 FROM ROLE testRole";
+
+    assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult);
   }
 
-  private TAlterSentryRoleDeleteGroupsRequest getRoleDeleteGroupsRequest() {
-    TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest();
-    request.setRoleName("testRole");
-    return request;
+  // generate the command with grant option
+  @Test
+  public void testCreateCmdForGrantOrRevokeGMPrivilege2() {
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest
grantRequest = getGrantGMPrivilegeRequest();
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest
revokeRequest = getRevokeGMPrivilegeRequest();
+    org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = getGMPrivilege();
+    privilege
+        .setGrantOption(org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption.TRUE);
+    grantRequest.setPrivilege(privilege);
+    revokeRequest.setPrivilege(privilege);
+
+    String createGrantPrivilegeCmdResult = CommandUtil.createCmdForGrantGMPrivilege(grantRequest);
+    String createGrantPrivilegeCmdExcepted = "GRANT ACTION ON resourceType1 resourceName1
resourceType2 resourceName2 TO ROLE testRole WITH GRANT OPTION";
+    String createRevokePrivilegeCmdResult = CommandUtil
+        .createCmdForRevokeGMPrivilege(revokeRequest);
+    String createRevokePrivilegeCmdExcepted = "REVOKE ACTION ON resourceType1 resourceName1
resourceType2 resourceName2 FROM ROLE testRole WITH GRANT OPTION";
+
+    assertEquals(createGrantPrivilegeCmdExcepted, createGrantPrivilegeCmdResult);
+    assertEquals(createRevokePrivilegeCmdExcepted, createRevokePrivilegeCmdResult);
   }
 
-  private Set<TSentryGroup> getGroups(int num) {
-    Set<TSentryGroup> groups = new LinkedHashSet<TSentryGroup>();
+  private String getGroupStr(int num) {
+    StringBuilder sb = new StringBuilder();
     for (int i = 0; i < num; i++) {
-      TSentryGroup group = new TSentryGroup();
-      group.setGroupName("testGroup" + (i + 1));
-      groups.add(group);
+      if (i > 0) {
+        sb.append(", ");
+      }
+      sb.append("testGroup" + (i + 1));
     }
-    return groups;
+    return sb.toString();
   }
 
   private TAlterSentryRoleGrantPrivilegeRequest getGrantPrivilegeRequest() {
@@ -328,6 +341,18 @@ public class TestCommandUtil extends TestCase {
     return request;
   }
 
+  private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest
getGrantGMPrivilegeRequest() {
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest
request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleGrantPrivilegeRequest();
+    request.setRoleName("testRole");
+    return request;
+  }
+
+  private org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest
getRevokeGMPrivilegeRequest() {
+    org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest
request = new org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleRevokePrivilegeRequest();
+    request.setRoleName("testRole");
+    return request;
+  }
+
   private TSentryPrivilege getPrivilege(String action, String privilegeScope,
       String dbName, String tableName, String serverName, String URI) {
     TSentryPrivilege privilege = new TSentryPrivilege();
@@ -339,4 +364,15 @@ public class TestCommandUtil extends TestCase {
     privilege.setURI(URI);
     return privilege;
   }
+
+  private org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege getGMPrivilege()
{
+    org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege privilege = new
org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege();
+    privilege.setAction("ACTION");
+    privilege.setComponent("COMPONENT");
+    List<TAuthorizable> authorizables = new ArrayList<TAuthorizable>();
+    authorizables.add(new TAuthorizable("resourceType1", "resourceName1"));
+    authorizables.add(new TAuthorizable("resourceType2", "resourceName2"));
+    privilege.setAuthorizables(authorizables);
+    return privilege;
+  }
 }


Mime
View raw message