sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject [05/13] sentry git commit: SENTRY-999: Refactor the sentry to integrate with external components quickly (Colin Ma, reviewed by Dapeng Sun)
Date Fri, 22 Apr 2016 06:28:25 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java
deleted file mode 100644
index 89559a6..0000000
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderGeneralCases.java
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.db;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.EnumSet;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.db.AccessConstants;
-import org.apache.sentry.core.model.db.DBModelAction;
-import org.apache.sentry.core.model.db.Database;
-import org.apache.sentry.core.model.db.Server;
-import org.apache.sentry.core.model.db.Table;
-import org.apache.sentry.provider.common.MockGroupMappingServiceProvider;
-import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFiles;
-import org.junit.After;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Objects;
-import com.google.common.collect.HashMultimap;
-import com.google.common.collect.Multimap;
-import com.google.common.io.Files;
-
-
-public class TestResourceAuthorizationProviderGeneralCases {
-
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(TestResourceAuthorizationProviderGeneralCases.class);
-
-  private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap
-      .create();
-
-  private static final Subject SUB_ADMIN = new Subject("admin1");
-  private static final Subject SUB_MANAGER = new Subject("manager1");
-  private static final Subject SUB_ANALYST = new Subject("analyst1");
-  private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1");
-
-  private static final Server SVR_SERVER1 = new Server("server1");
-  private static final Server SVR_ALL = new Server(AccessConstants.ALL);
-
-  private static final Database DB_CUSTOMERS = new Database("customers");
-  private static final Database DB_ANALYST = new Database("analyst1");
-  private static final Database DB_JR_ANALYST = new Database("jranalyst1");
-
-  private static final Table TBL_PURCHASES = new Table("purchases");
-
-  private static final Set<? extends Action> ALL = EnumSet.of(DBModelAction.ALL);
-  private static final Set<? extends Action> SELECT = EnumSet.of(DBModelAction.SELECT);
-  private static final Set<? extends Action> INSERT = EnumSet.of(DBModelAction.INSERT);
-
-  static {
-    USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin"));
-    USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager"));
-    USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst"));
-    USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(),
-        Arrays.asList("jranalyst"));
-  }
-
-  private final ResourceAuthorizationProvider authzProvider;
-  private File baseDir;
-
-  public TestResourceAuthorizationProviderGeneralCases() throws IOException {
-    baseDir = Files.createTempDir();
-    PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini", "test-authz-provider-other-group.ini");
-    authzProvider = new HadoopGroupResourceAuthorizationProvider(
-        new DBPolicyFileBackend("server1",
-        new File(baseDir, "test-authz-provider.ini").getPath()),
-        new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP));
-
-  }
-
-  @After
-  public void teardown() {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  private void doTestAuthorizables(
-      Subject subject, Set<? extends Action> privileges, boolean expected,
-      Authorizable... authorizables) throws Exception {
-    List<Authorizable> authzHierarchy = Arrays.asList(authorizables);
-    Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
-      helper.add("authorizables", authzHierarchy).add("Privileges", privileges);
-    LOGGER.info("Running with " + helper.toString());
-    Assert.assertEquals(helper.toString(), expected,
-        authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
-    LOGGER.info("Passed " + helper.toString());
-  }
-
-  private void doTestResourceAuthorizationProvider(Subject subject,
-      Server server, Database database, Table table,
-      Set<? extends Action> privileges, boolean expected) throws Exception {
-    List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] {
-        server, database, table
-    });
-    Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
-    helper.add("Subject", subject).add("Server", server).add("DB", database)
-    .add("Table", table).add("Privileges", privileges).add("authzHierarchy", authzHierarchy);
-    LOGGER.info("Running with " + helper.toString());
-    Assert.assertEquals(helper.toString(), expected,
-        authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
-    LOGGER.info("Passed " + helper.toString());
-  }
-
-  @Test
-  public void testAdmin() throws Exception {
-    doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, true);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
-    doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, true);
-    doTestAuthorizables(SUB_ADMIN, SELECT, true, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES);
-
-  }
-  @Test
-  public void testManager() throws Exception {
-    doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false);
-    doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
-    doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false);
-    doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
-  }
-  @Test
-  public void testAnalyst() throws Exception {
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false);
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false);
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
-
-    // analyst sandbox
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, ALL, true);
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, SELECT, true);
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, INSERT, true);
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_ANALYST, TBL_PURCHASES, SELECT, true);
-
-    // jr analyst sandbox
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, ALL, false);
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true);
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, INSERT, false);
-    doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true);
-  }
-  @Test
-  public void testJuniorAnalyst() throws Exception {
-    doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false);
-    doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, false);
-    doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false);
-    doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, false);
-    // jr analyst sandbox
-    doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, ALL, true);
-    doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true);
-    doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, INSERT, true);
-    doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_ALL, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java
deleted file mode 100644
index 3d3e45a..0000000
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestResourceAuthorizationProviderSpecialCases.java
+++ /dev/null
@@ -1,122 +0,0 @@
- /*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.db;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.EnumSet;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.db.AccessURI;
-import org.apache.sentry.core.model.db.DBModelAction;
-import org.apache.sentry.core.model.db.Server;
-import org.apache.sentry.provider.common.AuthorizationProvider;
-import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.io.Files;
-
-public class TestResourceAuthorizationProviderSpecialCases {
-  private AuthorizationProvider authzProvider;
-  private PolicyFile policyFile;
-  private File baseDir;
-  private File iniFile;
-  private String initResource;
-  @Before
-  public void setup() throws IOException {
-    baseDir = Files.createTempDir();
-    iniFile = new File(baseDir, "policy.ini");
-    initResource = "file://" + iniFile.getPath();
-    policyFile = new PolicyFile();
-  }
-
-  @After
-  public void teardown() throws IOException {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  @Test
-  public void testDuplicateEntries() throws Exception {
-    Subject user1 = new Subject("user1");
-    Server server1 = new Server("server1");
-    AccessURI uri = new AccessURI("file:///path/to/");
-    Set<? extends Action> actions = EnumSet.of(DBModelAction.ALL, DBModelAction.SELECT, DBModelAction.INSERT);
-    policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
-      .addRolesToGroup("group1",  true, "role1", "role1")
-      .addPermissionsToRole("role1", true, "server=" + server1.getName() + "->uri=" + uri.getName(),
-          "server=" + server1.getName() + "->uri=" + uri.getName());
-    policyFile.write(iniFile);
-    DBPolicyFileBackend policy = new DBPolicyFileBackend(server1.getName(), initResource);
-    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
-    List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri);
-    Assert.assertTrue(authorizableHierarchy.toString(),
-        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-  }
-  @Test
-  public void testNonAbolutePath() throws Exception {
-    Subject user1 = new Subject("user1");
-    Server server1 = new Server("server1");
-    AccessURI uri = new AccessURI("file:///path/to/");
-    Set<? extends Action> actions = EnumSet.of(DBModelAction.ALL, DBModelAction.SELECT, DBModelAction.INSERT);
-    policyFile.addGroupsToUser(user1.getName(), "group1")
-      .addRolesToGroup("group1", "role1")
-      .addPermissionsToRole("role1", "server=" + server1.getName() + "->uri=" + uri.getName());
-    policyFile.write(iniFile);
-    DBPolicyFileBackend policy = new DBPolicyFileBackend(server1.getName(), initResource);
-    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
-    // positive test
-    List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri);
-    Assert.assertTrue(authorizableHierarchy.toString(),
-        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-    // negative tests
-    // TODO we should support the case of /path/to/./ but let's to that later
-    uri = new AccessURI("file:///path/to/./");
-    authorizableHierarchy = ImmutableList.of(server1, uri);
-    Assert.assertFalse(authorizableHierarchy.toString(),
-        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-    uri = new AccessURI("file:///path/to/../");
-    authorizableHierarchy = ImmutableList.of(server1, uri);
-    Assert.assertFalse(authorizableHierarchy.toString(),
-        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-    uri = new AccessURI("file:///path/to/../../");
-    authorizableHierarchy = ImmutableList.of(server1, uri);
-    Assert.assertFalse(authorizableHierarchy.toString(),
-        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-    uri = new AccessURI("file:///path/to/dir/../../");
-    authorizableHierarchy = ImmutableList.of(server1, uri);
-    Assert.assertFalse(authorizableHierarchy.toString(),
-        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-  }
-  @Test(expected=IllegalArgumentException.class)
-  public void testInvalidPath() throws Exception {
-    new AccessURI(":invaliduri");
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java
deleted file mode 100644
index 77232a6..0000000
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineDFS.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.db;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hdfs.MiniDFSCluster;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.provider.file.PolicyFiles;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public class TestSimpleDBPolicyEngineDFS extends AbstractTestSimplePolicyEngine {
-
-  private static MiniDFSCluster dfsCluster;
-  private static FileSystem fileSystem;
-  private static Path root;
-  private static Path etc;
-
-  @BeforeClass
-  public static void setupLocalClazz() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    File dfsDir = new File(baseDir, "dfs");
-    Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs());
-    Configuration conf = new Configuration();
-    conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
-    dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
-    fileSystem = dfsCluster.getFileSystem();
-    root = new Path(fileSystem.getUri().toString());
-    etc = new Path(root, "/etc");
-    fileSystem.mkdirs(etc);
-  }
-  @AfterClass
-  public static void teardownLocalClazz() {
-    if(dfsCluster != null) {
-      dfsCluster.shutdown();
-    }
-  }
-
-  @Override
-  protected void  afterSetup() throws IOException {
-    fileSystem.delete(etc, true);
-    fileSystem.mkdirs(etc);
-    PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini", "test-authz-provider-other-group.ini");
-    setPolicy(new DBPolicyFileBackend("server1",
-        new Path(etc, "test-authz-provider.ini").toString()));
-  }
-  @Override
-  protected void beforeTeardown() throws IOException {
-    fileSystem.delete(etc, true);
-  }
-
-  @Test
-  public void testMultiFSPolicy() throws Exception {
-    File globalPolicyFile = new File(Files.createTempDir(), "global-policy.ini");
-    File dbPolicyFile = new File(Files.createTempDir(), "db11-policy.ini");
-
-    // Create global policy file
-    PolicyFile dbPolicy = new PolicyFile()
-      .addPermissionsToRole("db11_role", "server=server1->db=db11")
-      .addRolesToGroup("group1", "db11_role");
-
-    dbPolicy.write(dbPolicyFile);
-    Path dbPolicyPath = new Path(etc, "db11-policy.ini");
-
-    // create per-db policy file
-    PolicyFile globalPolicy = new PolicyFile()
-      .addPermissionsToRole("admin_role", "server=server1")
-      .addRolesToGroup("admin_group", "admin_role")
-      .addGroupsToUser("db", "admin_group");
-    globalPolicy.addDatabase("db11", dbPolicyPath.toUri().toString());
-    globalPolicy.write(globalPolicyFile);
-
-
-    PolicyFiles.copyFilesToDir(fileSystem, etc, globalPolicyFile);
-    PolicyFiles.copyFilesToDir(fileSystem, etc, dbPolicyFile);
-    DBPolicyFileBackend multiFSEngine =
-        new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
-
-    Set<String> dbGroups = Sets.newHashSet();
-    dbGroups.add("group1");
-    ImmutableSet<String> dbPerms =
-        multiFSEngine.getAllPrivileges(dbGroups, ActiveRoleSet.ALL);
-    Assert.assertEquals("No DB permissions found", 1, dbPerms.size());
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java
deleted file mode 100644
index f779949..0000000
--- a/sentry-policy/sentry-policy-db/src/test/java/org/apache/sentry/policy/db/TestSimpleDBPolicyEngineLocalFS.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.db;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.provider.file.PolicyFiles;
-
-public class TestSimpleDBPolicyEngineLocalFS extends AbstractTestSimplePolicyEngine {
-
-  @Override
-  protected void  afterSetup() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
-    PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini", "test-authz-provider-other-group.ini");
-    setPolicy(new DBPolicyFileBackend("server1",
-        new File(baseDir, "test-authz-provider.ini").getPath()));
-  }
-  @Override
-  protected void beforeTeardown() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    FileUtils.deleteQuietly(baseDir);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-db/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/resources/log4j.properties b/sentry-policy/sentry-policy-db/src/test/resources/log4j.properties
deleted file mode 100644
index c41373c..0000000
--- a/sentry-policy/sentry-policy-db/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-# Define some default values that can be overridden by system properties.
-#
-# For testing, it may also be convenient to specify
-
-log4j.rootLogger=DEBUG,console
-
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.target=System.err
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n
-
-log4j.logger.org.apache.hadoop.conf.Configuration=INFO

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider-other-group.ini
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider-other-group.ini b/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider-other-group.ini
deleted file mode 100644
index cd3695c..0000000
--- a/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider-other-group.ini
+++ /dev/null
@@ -1,22 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-[groups]
-other_group = analyst_role
-
-[roles]
-analyst_role = server=server1->db=other_group_db->table=purchases->action=select
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider.ini
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider.ini b/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider.ini
deleted file mode 100644
index 2d00699..0000000
--- a/sentry-policy/sentry-policy-db/src/test/resources/test-authz-provider.ini
+++ /dev/null
@@ -1,32 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-[databases]
-other_group_db = test-authz-provider-other-group.ini
-
-[groups]
-manager = analyst_role, junior_analyst_role
-analyst = analyst_role
-jranalyst = junior_analyst_role
-admin = admin
-
-[roles]
-analyst_role = server=server1->db=customers->table=purchases->action=select, \
-  server=server1->db=analyst1, \
-  server=server1->db=jranalyst1->table=*->action=select
-junior_analyst_role = server=server1->db=jranalyst1, server=server1->db=customers->table=purchases_partial->action=select
-admin = server=server1

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-engine/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-engine/pom.xml b/sentry-policy/sentry-policy-engine/pom.xml
new file mode 100644
index 0000000..e9c44d7
--- /dev/null
+++ b/sentry-policy/sentry-policy-engine/pom.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.sentry</groupId>
+        <artifactId>sentry-policy</artifactId>
+        <version>1.8.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>sentry-policy-engine</artifactId>
+    <name>Sentry Policy Engine</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-log4j12</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sentry</groupId>
+            <artifactId>sentry-provider-common</artifactId>
+        </dependency>
+    </dependencies>
+
+</project>

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPolicyEngine.java b/sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPolicyEngine.java
new file mode 100644
index 0000000..16e1ba2
--- /dev/null
+++ b/sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPolicyEngine.java
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.engine.common;
+
+import com.google.common.collect.ImmutableSet;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.SentryConfigurationException;
+import org.apache.sentry.policy.common.PolicyEngine;
+import org.apache.sentry.policy.common.PrivilegeFactory;
+import org.apache.sentry.provider.common.ProviderBackend;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Set;
+
+public class CommonPolicyEngine implements PolicyEngine {
+
+  private static final Logger LOGGER = LoggerFactory
+          .getLogger(CommonPolicyEngine.class);
+
+  private final ProviderBackend providerBackend;
+
+  public CommonPolicyEngine(ProviderBackend providerBackend) {
+    this.providerBackend = providerBackend;
+  }
+
+  /**
+   * {@inheritDoc}
+   */
+  @Override
+  public PrivilegeFactory getPrivilegeFactory() {
+    return new CommonPrivilegeFactory();
+  }
+
+  /**
+   * {@inheritDoc}
+   */
+  @Override
+  public ImmutableSet<String> getAllPrivileges(Set<String> groups,
+          ActiveRoleSet roleSet) throws SentryConfigurationException {
+    return getPrivileges(groups, roleSet);
+  }
+
+  @Override
+  public ImmutableSet<String> getAllPrivileges(Set<String> groups, Set<String> users,
+          ActiveRoleSet roleSet) throws SentryConfigurationException {
+    return getPrivileges(groups, users, roleSet);
+  }
+
+  /**
+   * {@inheritDoc}
+   */
+  @Override
+  public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy)
+          throws SentryConfigurationException {
+    if(LOGGER.isDebugEnabled()) {
+      LOGGER.debug("Getting permissions for {}", groups);
+    }
+
+    ImmutableSet<String> result = providerBackend.getPrivileges(groups, roleSet);
+    if(LOGGER.isDebugEnabled()) {
+      LOGGER.debug("result = " + result);
+    }
+    return result;
+  }
+
+  @Override
+  public ImmutableSet<String> getPrivileges(Set<String> groups, Set<String> users, ActiveRoleSet roleSet,
+          Authorizable... authorizableHierarchy) throws SentryConfigurationException {
+    if (LOGGER.isDebugEnabled()) {
+      LOGGER.debug("Getting permissions for groups: {}, users: {}", groups, users);
+    }
+    ImmutableSet<String> result = providerBackend.getPrivileges(groups, users, roleSet);
+    if (LOGGER.isDebugEnabled()) {
+      LOGGER.debug("result = " + result);
+    }
+    return result;
+  }
+
+  @Override
+  public void validatePolicy(boolean strictValidation) throws SentryConfigurationException {
+    this.providerBackend.validatePolicy(strictValidation);
+  }
+
+  @Override
+  public void close() {
+    if (providerBackend != null) {
+      providerBackend.close();
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPrivilegeFactory.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPrivilegeFactory.java b/sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPrivilegeFactory.java
new file mode 100644
index 0000000..d338f0e
--- /dev/null
+++ b/sentry-policy/sentry-policy-engine/src/main/java/org/apache/sentry/policy/engine/common/CommonPrivilegeFactory.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.engine.common;
+
+import org.apache.sentry.policy.common.CommonPrivilege;
+import org.apache.sentry.policy.common.Privilege;
+import org.apache.sentry.policy.common.PrivilegeFactory;
+
+public class CommonPrivilegeFactory implements PrivilegeFactory {
+
+  @Override
+  public Privilege createPrivilege(String privilege) {
+    return new CommonPrivilege(privilege);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/pom.xml b/sentry-policy/sentry-policy-indexer/pom.xml
index 9b307c5..e6ef72f 100644
--- a/sentry-policy/sentry-policy-indexer/pom.xml
+++ b/sentry-policy/sentry-policy-indexer/pom.xml
@@ -73,6 +73,10 @@ limitations under the License.
     </dependency>
     <dependency>
       <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-policy-engine</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
       <artifactId>sentry-provider-file</artifactId>
     </dependency>
     <dependency>

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/AbstractIndexerPrivilegeValidator.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/AbstractIndexerPrivilegeValidator.java b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/AbstractIndexerPrivilegeValidator.java
deleted file mode 100644
index a01824c..0000000
--- a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/AbstractIndexerPrivilegeValidator.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.indexer;
-
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.policy.common.PolicyConstants.PRIVILEGE_PREFIX;
-
-import java.util.List;
-
-import org.apache.sentry.core.model.indexer.IndexerModelAuthorizable;
-import org.apache.sentry.policy.common.PrivilegeValidator;
-import org.apache.shiro.config.ConfigurationException;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.Lists;
-
-public abstract class AbstractIndexerPrivilegeValidator implements PrivilegeValidator {
-
-  @VisibleForTesting
-  public static Iterable<IndexerModelAuthorizable> parsePrivilege(String string) {
-    List<IndexerModelAuthorizable> result = Lists.newArrayList();
-    for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
-      // XXX this ugly hack is because action is not an authorizable
-      if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
-        IndexerModelAuthorizable authorizable = IndexerModelAuthorizables.from(section);
-        if(authorizable == null) {
-          String msg = "No authorizable found for " + section;
-          throw new ConfigurationException(msg);
-        }
-        result.add(authorizable);
-      }
-    }
-    return result;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerModelAuthorizables.java b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerModelAuthorizables.java
deleted file mode 100644
index 13893b3..0000000
--- a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerModelAuthorizables.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.indexer;
-
-import org.apache.sentry.core.model.indexer.Indexer;
-import org.apache.sentry.core.model.indexer.IndexerModelAuthorizable;
-import org.apache.sentry.core.model.indexer.IndexerModelAuthorizable.AuthorizableType;
-import org.apache.sentry.policy.common.KeyValue;
-
-public class IndexerModelAuthorizables {
-
-  public static IndexerModelAuthorizable from(KeyValue keyValue) {
-    String prefix = keyValue.getKey().toLowerCase();
-    String name = keyValue.getValue().toLowerCase();
-    for(AuthorizableType type : AuthorizableType.values()) {
-      if(prefix.equalsIgnoreCase(type.name())) {
-        return from(type, name);
-      }
-    }
-    return null;
-  }
-  public static IndexerModelAuthorizable from(String s) {
-    return from(new KeyValue(s));
-  }
-
-  private static IndexerModelAuthorizable from(AuthorizableType type, String name) {
-    switch (type) {
-    case Indexer:
-      return new Indexer(name);
-    default:
-      return null;
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerRequiredInPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerRequiredInPrivilege.java b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerRequiredInPrivilege.java
deleted file mode 100644
index 06b815f..0000000
--- a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerRequiredInPrivilege.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.indexer;
-
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.model.indexer.Indexer;
-import org.apache.sentry.core.model.indexer.IndexerModelAuthorizable;
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
-
-public class IndexerRequiredInPrivilege extends AbstractIndexerPrivilegeValidator {
-
-  @Override
-  public void validate(PrivilegeValidatorContext context) throws SentryConfigurationException {
-    String privilege = context.getPrivilege();
-    Iterable<IndexerModelAuthorizable> authorizables = parsePrivilege(privilege);
-    boolean foundIndexerInAuthorizables = false;
-
-    for(IndexerModelAuthorizable authorizable : authorizables) {
-      if(authorizable instanceof Indexer) {
-        foundIndexerInAuthorizables = true;
-        break;
-      }
-    }
-    if(!foundIndexerInAuthorizables) {
-      String msg = "Missing indexer object in " + privilege;
-      throw new SentryConfigurationException(msg);
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerWildcardPrivilege.java b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerWildcardPrivilege.java
index 0ec0ce1..71d2a66 100644
--- a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerWildcardPrivilege.java
+++ b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/IndexerWildcardPrivilege.java
@@ -23,11 +23,12 @@ package org.apache.sentry.policy.indexer;
 
 import java.util.List;
 
+import org.apache.sentry.core.common.Model;
+import org.apache.sentry.core.common.utils.SentryConstants;
 import org.apache.sentry.core.model.indexer.IndexerConstants;
-import org.apache.sentry.policy.common.PolicyConstants;
 import org.apache.sentry.policy.common.Privilege;
 import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.KeyValue;
+import org.apache.sentry.core.common.utils.KeyValue;
 
 import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
@@ -44,7 +45,7 @@ public class IndexerWildcardPrivilege implements Privilege {
       throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
     }
     List<KeyValue>parts = Lists.newArrayList();
-    for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.trimResults().split(
+    for (String authorizable : SentryConstants.AUTHORIZABLE_SPLITTER.trimResults().split(
         wildcardString)) {
       if (authorizable.isEmpty()) {
         throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
@@ -59,7 +60,7 @@ public class IndexerWildcardPrivilege implements Privilege {
 
 
   @Override
-  public boolean implies(Privilege p) {
+  public boolean implies(Privilege p, Model model) {
     // By default only supports comparisons with other IndexerWildcardPermissions
     if (!(p instanceof IndexerWildcardPrivilege)) {
       return false;
@@ -108,7 +109,7 @@ public class IndexerWildcardPrivilege implements Privilege {
         "Please report, this method should not be called with two different keys");
     if(policyPart.getValue().equals(IndexerConstants.ALL) || policyPart.equals(requestPart)) {
       return true;
-    } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
+    } else if (!SentryConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
         && IndexerConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
       /* privilege request is to match with any object of given type */
       return true;
@@ -118,7 +119,7 @@ public class IndexerWildcardPrivilege implements Privilege {
 
   @Override
   public String toString() {
-    return PolicyConstants.AUTHORIZABLE_JOINER.join(parts);
+    return SentryConstants.AUTHORIZABLE_JOINER.join(parts);
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java
index 8914319..7b1536a 100644
--- a/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java
+++ b/sentry-policy/sentry-policy-indexer/src/main/java/org/apache/sentry/policy/indexer/SimpleIndexerPolicyEngine.java
@@ -21,15 +21,12 @@ import java.util.Set;
 import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.PolicyEngine;
 import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.PrivilegeValidator;
+import org.apache.sentry.policy.common.PolicyEngine;
 import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.ProviderBackendContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 
 /**
@@ -44,10 +41,6 @@ public class SimpleIndexerPolicyEngine implements PolicyEngine {
 
   public SimpleIndexerPolicyEngine(ProviderBackend providerBackend) {
     this.providerBackend = providerBackend;
-    ProviderBackendContext context = new ProviderBackendContext();
-    context.setAllowPerDatabase(false);
-    context.setValidators(createPrivilegeValidators());
-    this.providerBackend.initialize(context);
   }
 
   /**
@@ -107,10 +100,6 @@ public class SimpleIndexerPolicyEngine implements PolicyEngine {
     throw new SentryConfigurationException("Not implemented yet");
   }
 
-  public static ImmutableList<PrivilegeValidator> createPrivilegeValidators() {
-    return ImmutableList.<PrivilegeValidator>of(new IndexerRequiredInPrivilege());
-  }
-
   @Override
   public void close() {
     if (providerBackend != null) {

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java
new file mode 100644
index 0000000..45f100e
--- /dev/null
+++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexPolicyTestUtil.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.indexer;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel;
+import org.apache.sentry.policy.common.PolicyEngine;
+import org.apache.sentry.policy.engine.common.CommonPolicyEngine;
+import org.apache.sentry.provider.common.ProviderBackend;
+import org.apache.sentry.provider.common.ProviderBackendContext;
+import org.apache.sentry.provider.file.SimpleFileProviderBackend;
+
+import java.io.IOException;
+
+public class IndexPolicyTestUtil {
+
+  public static PolicyEngine createPolicyEngineForTest(String resource) throws IOException {
+
+    ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource);
+
+    // create backendContext
+    ProviderBackendContext context = new ProviderBackendContext();
+    context.setAllowPerDatabase(false);
+    context.setValidators(IndexerPrivilegeModel.getInstance().getPrivilegeValidators());
+    // initialize the backend with the context
+    providerBackend.initialize(context);
+
+    return new CommonPolicyEngine(providerBackend);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexerPolicyFileBackend.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexerPolicyFileBackend.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexerPolicyFileBackend.java
deleted file mode 100644
index ba1b3ed..0000000
--- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/IndexerPolicyFileBackend.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.indexer;
-
-import java.io.IOException;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.file.SimpleFileProviderBackend;
-
-public class IndexerPolicyFileBackend extends SimpleIndexerPolicyEngine {
-  public IndexerPolicyFileBackend(String resource) throws IOException{
-    super(new SimpleFileProviderBackend(new Configuration(), resource));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestCommonPrivilegeForIndexer.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestCommonPrivilegeForIndexer.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestCommonPrivilegeForIndexer.java
new file mode 100644
index 0000000..2a3bde7
--- /dev/null
+++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestCommonPrivilegeForIndexer.java
@@ -0,0 +1,214 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.indexer;
+
+import org.apache.sentry.core.common.Model;
+import org.apache.sentry.core.common.utils.KeyValue;
+import org.apache.sentry.core.common.utils.SentryConstants;
+import org.apache.sentry.core.model.indexer.IndexerConstants;
+import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel;
+import org.apache.sentry.policy.common.CommonPrivilege;
+import org.apache.sentry.policy.common.Privilege;
+import org.junit.Before;
+import org.junit.Test;
+
+import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertTrue;
+
+public class TestCommonPrivilegeForIndexer {
+
+  private Model indexerPrivilegeModel;
+
+  private static final String ALL = IndexerConstants.ALL;
+
+  @Before
+  public void prepareData() {
+    indexerPrivilegeModel = IndexerPrivilegeModel.getInstance();
+  }
+
+  @Test
+  public void testSimpleNoAction() throws Exception {
+    CommonPrivilege indexer1 = create(new KeyValue("indexer", "ind1"));
+    CommonPrivilege indexer2 = create(new KeyValue("indexer", "ind2"));
+    CommonPrivilege indexer1Case = create(new KeyValue("indeXeR", "inD1"));
+
+    assertTrue(indexer1.implies(indexer1, indexerPrivilegeModel));
+    assertTrue(indexer2.implies(indexer2, indexerPrivilegeModel));
+    assertTrue(indexer1.implies(indexer1Case, indexerPrivilegeModel));
+    assertTrue(indexer1Case.implies(indexer1, indexerPrivilegeModel));
+
+    assertFalse(indexer1.implies(indexer2, indexerPrivilegeModel));
+    assertFalse(indexer1Case.implies(indexer2, indexerPrivilegeModel));
+    assertFalse(indexer2.implies(indexer1, indexerPrivilegeModel));
+    assertFalse(indexer2.implies(indexer1Case, indexerPrivilegeModel));
+  }
+
+  @Test
+  public void testSimpleAction() throws Exception {
+    CommonPrivilege read =
+            create(new KeyValue("indexer", "ind1"), new KeyValue("action", "read"));
+    CommonPrivilege write =
+            create(new KeyValue("indexer", "ind1"), new KeyValue("action", "write"));
+    CommonPrivilege readCase =
+            create(new KeyValue("indeXeR", "iNd1"), new KeyValue("AcTiOn", "ReAd"));
+
+    assertTrue(read.implies(read, indexerPrivilegeModel));
+    assertTrue(write.implies(write, indexerPrivilegeModel));
+    assertTrue(read.implies(readCase, indexerPrivilegeModel));
+    assertTrue(readCase.implies(read, indexerPrivilegeModel));
+
+    assertFalse(read.implies(write, indexerPrivilegeModel));
+    assertFalse(readCase.implies(write, indexerPrivilegeModel));
+    assertFalse(write.implies(read, indexerPrivilegeModel));
+    assertFalse(write.implies(readCase, indexerPrivilegeModel));
+  }
+
+  @Test
+  public void testRoleShorterThanRequest() throws Exception {
+    CommonPrivilege indexer1 = create(new KeyValue("indexer", "ind1"));
+    CommonPrivilege read =
+            create(new KeyValue("indexer", "ind1"), new KeyValue("action", "read"));
+    CommonPrivilege write =
+            create(new KeyValue("indexer", "ind1"), new KeyValue("action", "write"));
+    CommonPrivilege all =
+            create(new KeyValue("indexer", "ind1"), new KeyValue("action", ALL));
+
+    assertTrue(indexer1.implies(read, indexerPrivilegeModel));
+    assertTrue(indexer1.implies(write, indexerPrivilegeModel));
+    assertTrue(indexer1.implies(all, indexerPrivilegeModel));
+
+    assertFalse(read.implies(indexer1, indexerPrivilegeModel));
+    assertFalse(write.implies(indexer1, indexerPrivilegeModel));
+    assertTrue(all.implies(indexer1, indexerPrivilegeModel));
+  }
+
+  @Test
+  public void testIndexerAll() throws Exception {
+    CommonPrivilege indexerAll = create(new KeyValue("indexer", ALL));
+    CommonPrivilege indexer1 = create(new KeyValue("indexer", "ind1"));
+    assertTrue(indexerAll.implies(indexer1, indexerPrivilegeModel));
+    assertTrue(indexer1.implies(indexerAll, indexerPrivilegeModel));
+
+    CommonPrivilege allWrite =
+            create(new KeyValue("indexer", ALL), new KeyValue("action", "write"));
+    CommonPrivilege allRead =
+            create(new KeyValue("indexer", ALL), new KeyValue("action", "read"));
+    CommonPrivilege ind1Write =
+            create(new KeyValue("indexer", "ind1"), new KeyValue("action", "write"));
+    CommonPrivilege ind1Read =
+            create(new KeyValue("indexer", "ind1"), new KeyValue("action", "read"));
+    assertTrue(allWrite.implies(ind1Write, indexerPrivilegeModel));
+    assertTrue(allRead.implies(ind1Read, indexerPrivilegeModel));
+    assertTrue(ind1Write.implies(allWrite, indexerPrivilegeModel));
+    assertTrue(ind1Read.implies(allRead, indexerPrivilegeModel));
+    assertFalse(allWrite.implies(ind1Read, indexerPrivilegeModel));
+    assertFalse(ind1Write.implies(ind1Read, indexerPrivilegeModel));
+    assertFalse(allRead.implies(ind1Write, indexerPrivilegeModel));
+    assertFalse(ind1Read.implies(allWrite, indexerPrivilegeModel));
+    assertFalse(allWrite.implies(allRead, indexerPrivilegeModel));
+    assertFalse(allRead.implies(allWrite, indexerPrivilegeModel));
+    assertFalse(ind1Write.implies(ind1Read, indexerPrivilegeModel));
+    assertFalse(ind1Read.implies(ind1Write, indexerPrivilegeModel));
+
+    // test different length paths
+    assertTrue(indexerAll.implies(allWrite, indexerPrivilegeModel));
+    assertTrue(indexerAll.implies(allRead, indexerPrivilegeModel));
+    assertTrue(indexerAll.implies(ind1Write, indexerPrivilegeModel));
+    assertTrue(indexerAll.implies(ind1Read, indexerPrivilegeModel));
+    assertFalse(allWrite.implies(indexerAll, indexerPrivilegeModel));
+    assertFalse(allRead.implies(indexerAll, indexerPrivilegeModel));
+    assertFalse(ind1Write.implies(indexerAll, indexerPrivilegeModel));
+    assertFalse(ind1Read.implies(indexerAll, indexerPrivilegeModel));
+  }
+
+  @Test
+  public void testActionAll() throws Exception {
+    CommonPrivilege ind1All =
+            create(new KeyValue("indexer", "index1"), new KeyValue("action", ALL));
+    CommonPrivilege ind1Write =
+            create(new KeyValue("indexer", "index1"), new KeyValue("action", "write"));
+    CommonPrivilege ind1Read =
+            create(new KeyValue("indexer", "index1"), new KeyValue("action", "read"));
+    assertTrue(ind1All.implies(ind1All, indexerPrivilegeModel));
+    assertTrue(ind1All.implies(ind1Write, indexerPrivilegeModel));
+    assertTrue(ind1All.implies(ind1Read, indexerPrivilegeModel));
+    assertFalse(ind1Write.implies(ind1All, indexerPrivilegeModel));
+    assertFalse(ind1Read.implies(ind1All, indexerPrivilegeModel));
+
+    // test different lengths
+    CommonPrivilege ind1 =
+            create(new KeyValue("indexer", "index1"));
+    assertTrue(ind1All.implies(ind1, indexerPrivilegeModel));
+    assertTrue(ind1.implies(ind1All, indexerPrivilegeModel));
+  }
+
+  @Test
+  public void testUnexpected() throws Exception {
+    Privilege p = new Privilege() {
+      @Override
+      public boolean implies(Privilege p, Model model) {
+        return false;
+      }
+    };
+    CommonPrivilege indexer1 = create(new KeyValue("indexer", "index1"));
+    assertFalse(indexer1.implies(null, indexerPrivilegeModel));
+    assertFalse(indexer1.implies(p, indexerPrivilegeModel));
+    assertFalse(indexer1.equals(null));
+    assertFalse(indexer1.equals(p));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testNullString() throws Exception {
+    System.out.println(create((String)null));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testEmptyString() throws Exception {
+    System.out.println(create(""));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testEmptyKey() throws Exception {
+    System.out.println(create(SentryConstants.KV_JOINER.join("indexer", "")));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testEmptyValue() throws Exception {
+    System.out.println(create(SentryConstants.KV_JOINER.join("", "index1")));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testEmptyPart() throws Exception {
+    System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
+            join(SentryConstants.KV_JOINER.join("indexer11", "index1"), "")));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testOnlySeperators() throws Exception {
+    System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
+            join(SentryConstants.KV_SEPARATOR, SentryConstants.KV_SEPARATOR,
+            SentryConstants.KV_SEPARATOR)));
+  }
+
+  static CommonPrivilege create(KeyValue... keyValues) {
+    return create(SentryConstants.AUTHORIZABLE_JOINER.join(keyValues));
+  }
+
+  static CommonPrivilege create(String s) {
+    return new CommonPrivilege(s);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java
index d6d8b79..939621b 100644
--- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java
+++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderGeneralCases.java
@@ -32,6 +32,7 @@ import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.Subject;
 import org.apache.sentry.core.model.indexer.Indexer;
 import org.apache.sentry.core.model.indexer.IndexerModelAction;
+import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel;
 import org.apache.sentry.provider.common.MockGroupMappingServiceProvider;
 import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
 import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
@@ -84,8 +85,8 @@ public class TestIndexerAuthorizationProviderGeneralCases {
     baseDir = Files.createTempDir();
     PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini");
     authzProvider = new HadoopGroupResourceAuthorizationProvider(
-        new IndexerPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath()),
-        new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP));
+        IndexPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "test-authz-provider.ini").getPath()),
+        new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP), IndexerPrivilegeModel.getInstance());
 
   }
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java
index 9c211b7..1717c42 100644
--- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java
+++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerAuthorizationProviderSpecialCases.java
@@ -31,6 +31,8 @@ import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.common.Subject;
 import org.apache.sentry.core.model.indexer.Indexer;
 import org.apache.sentry.core.model.indexer.IndexerModelAction;
+import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel;
+import org.apache.sentry.policy.common.PolicyEngine;
 import org.apache.sentry.provider.common.AuthorizationProvider;
 import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
 import org.apache.sentry.provider.file.PolicyFile;
@@ -72,8 +74,8 @@ public class TestIndexerAuthorizationProviderSpecialCases {
       .addPermissionsToRole("role1", true, "indexer=" + indexer1.getName(),
           "indexer=" + indexer1.getName());
     policyFile.write(iniFile);
-    IndexerPolicyFileBackend policy = new IndexerPolicyFileBackend(initResource);
-    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
+    PolicyEngine policy = IndexPolicyTestUtil.createPolicyEngineForTest(initResource);
+    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy, IndexerPrivilegeModel.getInstance());
     List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(indexer1);
     Assert.assertTrue(authorizableHierarchy.toString(),
         authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerModelAuthorizables.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerModelAuthorizables.java
index 8d21dc3..1d8ca53 100644
--- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerModelAuthorizables.java
+++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerModelAuthorizables.java
@@ -21,13 +21,14 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
 
 import org.apache.sentry.core.model.indexer.Indexer;
+import org.apache.sentry.core.model.indexer.IndexerModelAuthorizables;
 import org.junit.Test;
 
 public class TestIndexerModelAuthorizables {
 
   @Test
   public void testIndexer() throws Exception {
-    Indexer indexer = (Indexer)IndexerModelAuthorizables.from("InDexEr=indexer1");
+    Indexer indexer = (Indexer) IndexerModelAuthorizables.from("InDexEr=indexer1");
     assertEquals("indexer1", indexer.getName());
   }
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineDFS.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineDFS.java
index c6d6718..e644827 100644
--- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineDFS.java
+++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineDFS.java
@@ -63,7 +63,7 @@ public class TestIndexerPolicyEngineDFS extends AbstractTestIndexerPolicyEngine
     fileSystem.delete(etc, true);
     fileSystem.mkdirs(etc);
     PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini");
-    setPolicy(new IndexerPolicyFileBackend(new Path(etc,
+    setPolicy(IndexPolicyTestUtil.createPolicyEngineForTest(new Path(etc,
         "test-authz-provider.ini").toString()));
   }
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineLocalFS.java
index f083f49..bd827fc 100644
--- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineLocalFS.java
+++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyEngineLocalFS.java
@@ -32,7 +32,7 @@ public class TestIndexerPolicyEngineLocalFS extends AbstractTestIndexerPolicyEng
     Assert.assertNotNull(baseDir);
     Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
     PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini");
-    setPolicy(new IndexerPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath()));
+    setPolicy(IndexPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "test-authz-provider.ini").getPath()));
   }
   @Override
   protected void beforeTeardown() throws IOException {

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyNegative.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyNegative.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyNegative.java
index a453c48..e1a0dcc 100644
--- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyNegative.java
+++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerPolicyNegative.java
@@ -72,7 +72,7 @@ public class TestIndexerPolicyNegative {
     append("other_group = some_role", otherPolicyFile);
     append("[roles]", otherPolicyFile);
     append("some_role = indexer=i1", otherPolicyFile);
-    IndexerPolicyFileBackend policy = new IndexerPolicyFileBackend(globalPolicyFile.getPath());
+    PolicyEngine policy = IndexPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
     Assert.assertEquals(Collections.emptySet(),
         policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL));
   }
@@ -83,7 +83,7 @@ public class TestIndexerPolicyNegative {
     append("group = some_role", globalPolicyFile);
     append("[roles]", globalPolicyFile);
     append("some_role = action=read", globalPolicyFile);
-    PolicyEngine policy = new IndexerPolicyFileBackend(globalPolicyFile.getPath());
+    PolicyEngine policy = IndexPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
     ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
     Assert.assertTrue(permissions.toString(), permissions.isEmpty());
   }
@@ -94,7 +94,7 @@ public class TestIndexerPolicyNegative {
     append("group = malicious_role", globalPolicyFile);
     append("[roles]", globalPolicyFile);
     append("malicious_role = indexer=*", globalPolicyFile);
-    PolicyEngine policy = new IndexerPolicyFileBackend(globalPolicyFile.getPath());
+    PolicyEngine policy = IndexPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
     ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL);
     Assert.assertTrue(permissions.toString(), permissions.isEmpty());
   }

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerRequiredInRole.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerRequiredInRole.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerRequiredInRole.java
index 57876e5..ff20d03 100644
--- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerRequiredInRole.java
+++ b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerRequiredInRole.java
@@ -20,7 +20,8 @@ package org.apache.sentry.policy.indexer;
 
 import org.junit.Assert;
 
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
+import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
+import org.apache.sentry.core.model.indexer.validator.IndexerRequiredInPrivilege;
 import org.apache.shiro.config.ConfigurationException;
 import org.junit.Test;
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerWildcardPrivilege.java b/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerWildcardPrivilege.java
deleted file mode 100644
index 17cebc3..0000000
--- a/sentry-policy/sentry-policy-indexer/src/test/java/org/apache/sentry/policy/indexer/TestIndexerWildcardPrivilege.java
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.indexer;
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_SEPARATOR;
-
-import org.apache.sentry.core.model.indexer.IndexerConstants;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.KeyValue;
-import org.junit.Test;
-
-public class TestIndexerWildcardPrivilege extends org.junit.Assert {
-
-  private static final String ALL = IndexerConstants.ALL;
-
-  @Test
-  public void testSimpleNoAction() throws Exception {
-    Privilege indexer1 = create(new KeyValue("indexer", "ind1"));
-    Privilege indexer2 = create(new KeyValue("indexer", "ind2"));
-    Privilege indexer1Case = create(new KeyValue("indeXeR", "inD1"));
-
-    assertTrue(indexer1.implies(indexer1));
-    assertTrue(indexer2.implies(indexer2));
-    assertTrue(indexer1.implies(indexer1Case));
-    assertTrue(indexer1Case.implies(indexer1));
-
-    assertFalse(indexer1.implies(indexer2));
-    assertFalse(indexer1Case.implies(indexer2));
-    assertFalse(indexer2.implies(indexer1));
-    assertFalse(indexer2.implies(indexer1Case));
-  }
-
-  @Test
-  public void testSimpleAction() throws Exception {
-    Privilege read =
-      create(new KeyValue("indexer", "ind1"), new KeyValue("action", "read"));
-    Privilege write =
-      create(new KeyValue("indexer", "ind1"), new KeyValue("action", "write"));
-    Privilege readCase =
-      create(new KeyValue("indeXeR", "iNd1"), new KeyValue("AcTiOn", "ReAd"));
-
-    assertTrue(read.implies(read));
-    assertTrue(write.implies(write));
-    assertTrue(read.implies(readCase));
-    assertTrue(readCase.implies(read));
-
-    assertFalse(read.implies(write));
-    assertFalse(readCase.implies(write));
-    assertFalse(write.implies(read));
-    assertFalse(write.implies(readCase));
-  }
-
-  @Test
-  public void testRoleShorterThanRequest() throws Exception {
-    Privilege indexer1 = create(new KeyValue("indexer", "ind1"));
-    Privilege read =
-      create(new KeyValue("indexer", "ind1"), new KeyValue("action", "read"));
-    Privilege write =
-      create(new KeyValue("indexer", "ind1"), new KeyValue("action", "write"));
-    Privilege all =
-      create(new KeyValue("indexer", "ind1"), new KeyValue("action", ALL));
-
-    assertTrue(indexer1.implies(read));
-    assertTrue(indexer1.implies(write));
-    assertTrue(indexer1.implies(all));
-
-    assertFalse(read.implies(indexer1));
-    assertFalse(write.implies(indexer1));
-    assertTrue(all.implies(indexer1));
-  }
-
-  @Test
-  public void testIndexerAll() throws Exception {
-    Privilege indexerAll = create(new KeyValue("indexer", ALL));
-    Privilege indexer1 = create(new KeyValue("indexer", "ind1"));
-    assertTrue(indexerAll.implies(indexer1));
-    assertTrue(indexer1.implies(indexerAll));
-
-    Privilege allWrite =
-      create(new KeyValue("indexer", ALL), new KeyValue("action", "write"));
-    Privilege allRead =
-      create(new KeyValue("indexer", ALL), new KeyValue("action", "read"));
-    Privilege ind1Write =
-      create(new KeyValue("indexer", "ind1"), new KeyValue("action", "write"));
-    Privilege ind1Read =
-      create(new KeyValue("indexer", "ind1"), new KeyValue("action", "read"));
-    assertTrue(allWrite.implies(ind1Write));
-    assertTrue(allRead.implies(ind1Read));
-    assertTrue(ind1Write.implies(allWrite));
-    assertTrue(ind1Read.implies(allRead));
-    assertFalse(allWrite.implies(ind1Read));
-    assertFalse(ind1Write.implies(ind1Read));
-    assertFalse(allRead.implies(ind1Write));
-    assertFalse(ind1Read.implies(allWrite));
-    assertFalse(allWrite.implies(allRead));
-    assertFalse(allRead.implies(allWrite));
-    assertFalse(ind1Write.implies(ind1Read));
-    assertFalse(ind1Read.implies(ind1Write));
-
-    // test different length paths
-    assertTrue(indexerAll.implies(allWrite));
-    assertTrue(indexerAll.implies(allRead));
-    assertTrue(indexerAll.implies(ind1Write));
-    assertTrue(indexerAll.implies(ind1Read));
-    assertFalse(allWrite.implies(indexerAll));
-    assertFalse(allRead.implies(indexerAll));
-    assertFalse(ind1Write.implies(indexerAll));
-    assertFalse(ind1Read.implies(indexerAll));
-  }
-
-  @Test
-  public void testActionAll() throws Exception {
-    Privilege ind1All =
-       create(new KeyValue("indexer", "index1"), new KeyValue("action", ALL));
-    Privilege ind1Write =
-      create(new KeyValue("indexer", "index1"), new KeyValue("action", "write"));
-    Privilege ind1Read =
-      create(new KeyValue("indexer", "index1"), new KeyValue("action", "read"));
-    assertTrue(ind1All.implies(ind1All));
-    assertTrue(ind1All.implies(ind1Write));
-    assertTrue(ind1All.implies(ind1Read));
-    assertFalse(ind1Write.implies(ind1All));
-    assertFalse(ind1Read.implies(ind1All));
-
-    // test different lengths
-    Privilege ind1 =
-       create(new KeyValue("indexer", "index1"));
-    assertTrue(ind1All.implies(ind1));
-    assertTrue(ind1.implies(ind1All));
-  }
-
-  @Test
-  public void testUnexpected() throws Exception {
-    Privilege p = new Privilege() {
-      @Override
-      public boolean implies(Privilege p) {
-        return false;
-      }
-    };
-    Privilege indexer1 = create(new KeyValue("indexer", "index1"));
-    assertFalse(indexer1.implies(null));
-    assertFalse(indexer1.implies(p));
-    assertFalse(indexer1.equals(null));
-    assertFalse(indexer1.equals(p));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testNullString() throws Exception {
-    System.out.println(create((String)null));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyString() throws Exception {
-    System.out.println(create(""));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyKey() throws Exception {
-    System.out.println(create(KV_JOINER.join("indexer", "")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyValue() throws Exception {
-    System.out.println(create(KV_JOINER.join("", "index1")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyPart() throws Exception {
-    System.out.println(create(AUTHORIZABLE_JOINER.
-        join(KV_JOINER.join("indexer11", "index1"), "")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testOnlySeperators() throws Exception {
-    System.out.println(create(AUTHORIZABLE_JOINER.
-        join(KV_SEPARATOR, KV_SEPARATOR, KV_SEPARATOR)));
-  }
-
-  static IndexerWildcardPrivilege create(KeyValue... keyValues) {
-    return create(AUTHORIZABLE_JOINER.join(keyValues));
-
-  }
-  static IndexerWildcardPrivilege create(String s) {
-    return new IndexerWildcardPrivilege(s);
-  }
-}


Mime
View raw message