sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject [03/13] sentry git commit: SENTRY-999: Refactor the sentry to integrate with external components quickly (Colin Ma, reviewed by Dapeng Sun)
Date Fri, 22 Apr 2016 06:28:23 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/pom.xml b/sentry-policy/sentry-policy-search/pom.xml
deleted file mode 100644
index 177a62b..0000000
--- a/sentry-policy/sentry-policy-search/pom.xml
+++ /dev/null
@@ -1,87 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements.  See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License.  You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <parent>
-    <groupId>org.apache.sentry</groupId>
-    <artifactId>sentry-policy</artifactId>
-    <version>1.8.0-SNAPSHOT</version>
-  </parent>
-
-  <artifactId>sentry-policy-search</artifactId>
-  <name>Sentry Policy for Search</name>
-
-  <dependencies>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.hadoop</groupId>
-      <artifactId>hadoop-common</artifactId>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.hadoop</groupId>
-      <artifactId>hadoop-minicluster</artifactId>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>log4j</groupId>
-      <artifactId>log4j</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.shiro</groupId>
-      <artifactId>shiro-core</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.google.guava</groupId>
-      <artifactId>guava</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-log4j12</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-core-model-search</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-provider-common</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-provider-file</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-provider-common</artifactId>
-      <scope>test</scope>
-      <type>test-jar</type>
-      <version>${project.version}</version>
-    </dependency>
-  </dependencies>
-
-</project>

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java
deleted file mode 100644
index 054c354..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/AbstractSearchPrivilegeValidator.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.policy.common.PolicyConstants.PRIVILEGE_PREFIX;
-
-import java.util.List;
-
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.policy.common.PrivilegeValidator;
-import org.apache.shiro.config.ConfigurationException;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.Lists;
-
-public abstract class AbstractSearchPrivilegeValidator implements PrivilegeValidator {
-
-  @VisibleForTesting
-  public static Iterable<SearchModelAuthorizable> parsePrivilege(String string) {
-    List<SearchModelAuthorizable> result = Lists.newArrayList();
-    System.err.println("privilege = " + string);
-    for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
-      // XXX this ugly hack is because action is not an authorizable
-      if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
-        SearchModelAuthorizable authorizable = SearchModelAuthorizables.from(section);
-        if(authorizable == null) {
-          String msg = "No authorizable found for " + section;
-          throw new ConfigurationException(msg);
-        }
-        result.add(authorizable);
-      }
-    }
-    return result;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java
deleted file mode 100644
index 81ff67f..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/CollectionRequiredInPrivilege.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
-
-public class CollectionRequiredInPrivilege extends AbstractSearchPrivilegeValidator {
-
-  @Override
-  public void validate(PrivilegeValidatorContext context) throws SentryConfigurationException {
-    String privilege = context.getPrivilege();
-    Iterable<SearchModelAuthorizable> authorizables = parsePrivilege(privilege);
-    boolean foundCollectionInAuthorizables = false;
-
-    for(SearchModelAuthorizable authorizable : authorizables) {
-      if(authorizable instanceof Collection) {
-        foundCollectionInAuthorizables = true;
-        break;
-      }
-    }
-    if(!foundCollectionInAuthorizables) {
-      String msg = "Missing collection object in " + privilege;
-      throw new SentryConfigurationException(msg);
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchModelAuthorizables.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchModelAuthorizables.java
deleted file mode 100644
index 252f50a..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchModelAuthorizables.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable.AuthorizableType;
-import org.apache.sentry.policy.common.KeyValue;
-
-public class SearchModelAuthorizables {
-
-  public static SearchModelAuthorizable from(KeyValue keyValue) {
-    String prefix = keyValue.getKey().toLowerCase();
-    String name = keyValue.getValue().toLowerCase();
-    for(AuthorizableType type : AuthorizableType.values()) {
-      if(prefix.equalsIgnoreCase(type.name())) {
-        return from(type, name);
-      }
-    }
-    return null;
-  }
-  public static SearchModelAuthorizable from(String s) {
-    return from(new KeyValue(s));
-  }
-
-  private static SearchModelAuthorizable from(AuthorizableType type, String name) {
-    switch (type) {
-    case Collection:
-      return new Collection(name);
-    default:
-      return null;
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
deleted file mode 100644
index e25faf2..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SearchWildcardPrivilege.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-// copied from apache shiro
-
-package org.apache.sentry.policy.search;
-
-import java.util.List;
-
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.policy.common.PolicyConstants;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.KeyValue;
-
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Lists;
-
-public class SearchWildcardPrivilege implements Privilege {
-
-  private final ImmutableList<KeyValue> parts;
-
-  public SearchWildcardPrivilege(String wildcardString) {
-    wildcardString = Strings.nullToEmpty(wildcardString).trim();
-    if (wildcardString.isEmpty()) {
-      throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
-    }
-    List<KeyValue>parts = Lists.newArrayList();
-    for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.trimResults().split(
-        wildcardString)) {
-      if (authorizable.isEmpty()) {
-        throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
-      }
-      parts.add(new KeyValue(authorizable));
-    }
-    if (parts.isEmpty()) {
-      throw new AssertionError("Should never occur: " + wildcardString);
-    }
-    this.parts = ImmutableList.copyOf(parts);
-  }
-
-
-  @Override
-  public boolean implies(Privilege p) {
-    // By default only supports comparisons with other SearchWildcardPermissions
-    if (!(p instanceof SearchWildcardPrivilege)) {
-      return false;
-    }
-
-    SearchWildcardPrivilege wp = (SearchWildcardPrivilege) p;
-
-    List<KeyValue> otherParts = wp.parts;
-    if(equals(wp)) {
-      return true;
-    }
-    int index = 0;
-    for (KeyValue otherPart : otherParts) {
-      // If this privilege has less parts than the other privilege, everything
-      // after the number of parts contained
-      // in this privilege is automatically implied, so return true
-      if (parts.size() - 1 < index) {
-        return true;
-      } else {
-        KeyValue part = parts.get(index);
-        // are the keys even equal
-        if(!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
-          return false;
-        }
-        if (!impliesKeyValue(part, otherPart)) {
-          return false;
-        }
-        index++;
-      }
-    }
-    // If this privilege has more parts than
-    // the other parts, only imply it if
-    // all of the other parts are wildcards
-    for (; index < parts.size(); index++) {
-      KeyValue part = parts.get(index);
-      if (!part.getValue().equals(SearchConstants.ALL)) {
-        return false;
-      }
-    }
-
-    return true;
-  }
-
-  private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
-    Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
-        "Please report, this method should not be called with two different keys");
-    if(policyPart.getValue().equals(SearchConstants.ALL) || policyPart.equals(requestPart)) {
-      return true;
-    } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
-        && SearchConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
-      /* privilege request is to match with any object of given type */
-      return true;
-    }
-    return false;
-  }
-
-  @Override
-  public String toString() {
-    return PolicyConstants.AUTHORIZABLE_JOINER.join(parts);
-  }
-
-  @Override
-  public boolean equals(Object o) {
-    if (o instanceof SearchWildcardPrivilege) {
-      SearchWildcardPrivilege wp = (SearchWildcardPrivilege) o;
-      return parts.equals(wp.parts);
-    }
-    return false;
-  }
-
-  @Override
-  public int hashCode() {
-    return parts.hashCode();
-  }
-
-  public static class SearchWildcardPrivilegeFactory implements PrivilegeFactory {
-    @Override
-    public Privilege createPrivilege(String privilege) {
-      return new SearchWildcardPrivilege(privilege);
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java b/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
deleted file mode 100644
index c71036e..0000000
--- a/sentry-policy/sentry-policy-search/src/main/java/org/apache/sentry/policy/search/SimpleSearchPolicyEngine.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.util.Set;
-
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.PrivilegeValidator;
-import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.ProviderBackendContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableSet;
-
-/**
- * A PolicyEngine for a search service.
- */
-public class SimpleSearchPolicyEngine implements PolicyEngine {
-
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(SimpleSearchPolicyEngine.class);
-
-  private final ProviderBackend providerBackend;
-
-  public SimpleSearchPolicyEngine(ProviderBackend providerBackend) {
-    this.providerBackend = providerBackend;
-    ProviderBackendContext context = new ProviderBackendContext();
-    context.setAllowPerDatabase(false);
-    context.setValidators(createPrivilegeValidators());
-    this.providerBackend.initialize(context);
-  }
-
-  /**
-   * {@inheritDoc}
-   */
-  @Override
-  public PrivilegeFactory getPrivilegeFactory() {
-    return new SearchWildcardPrivilege.SearchWildcardPrivilegeFactory();
-  }
-
-  /**
-   * {@inheritDoc}
-   */
-  @Override
-  public ImmutableSet<String> getAllPrivileges(Set<String> groups,
-      ActiveRoleSet roleSet) throws SentryConfigurationException {
-    return getPrivileges(groups, roleSet);
-  }
-
-  /**
-   * {@inheritDoc}
-   */
-  @Override
-  public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizationHierarchy ) {
-    if(LOGGER.isDebugEnabled()) {
-      LOGGER.debug("Getting permissions for {}", groups);
-    }
-    ImmutableSet<String> result = providerBackend.getPrivileges(groups, roleSet);
-    if(LOGGER.isDebugEnabled()) {
-      LOGGER.debug("result = " + result);
-    }
-    return result;
-  }
-
-  @Override
-  public ImmutableSet<String> getAllPrivileges(Set<String> groups, Set<String> users,
-      ActiveRoleSet roleSet) throws SentryConfigurationException {
-    return getPrivileges(groups, users, roleSet);
-  }
-
-  @Override
-  public ImmutableSet<String> getPrivileges(Set<String> groups, Set<String> users,
-      ActiveRoleSet roleSet, Authorizable... authorizationHierarchy) {
-    if (LOGGER.isDebugEnabled()) {
-      LOGGER.debug("Getting permissions for groups: {}, users: {}", groups, users);
-    }
-    ImmutableSet<String> result = providerBackend.getPrivileges(groups, users, roleSet);
-    if (LOGGER.isDebugEnabled()) {
-      LOGGER.debug("result = " + result);
-    }
-    return result;
-  }
-
-  @Override
-  public void validatePolicy(boolean strictValidation)
-      throws SentryConfigurationException {
-    providerBackend.validatePolicy(strictValidation);
-  }
-
-  public static ImmutableList<PrivilegeValidator> createPrivilegeValidators() {
-    return ImmutableList.<PrivilegeValidator>of(new CollectionRequiredInPrivilege());
-  }
-
-  @Override
-  public void close() {
-    if (providerBackend != null) {
-      providerBackend.close();
-    }
-  }
-
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java
deleted file mode 100644
index 1a9b1a1..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/AbstractTestSearchPolicyEngine.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Set;
-import java.util.TreeSet;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public abstract class AbstractTestSearchPolicyEngine {
-  private static final String ANALYST_PURCHASES_UPDATE = "collection=purchases->action=update";
-  private static final String ANALYST_ANALYST1_ALL = "collection=analyst1";
-  private static final String ANALYST_JRANALYST1_ACTION_ALL = "collection=jranalyst1->action=*";
-  private static final String ANALYST_TMPCOLLECTION_UPDATE = "collection=tmpcollection->action=update";
-  private static final String ANALYST_TMPCOLLECTION_QUERY = "collection=tmpcollection->action=query";
-  private static final String JRANALYST_JRANALYST1_ALL = "collection=jranalyst1";
-  private static final String JRANALYST_PURCHASES_PARTIAL_QUERY = "collection=purchases_partial->action=query";
-  private static final String ADMIN_COLLECTION_ALL = "collection=*";
-
-  private PolicyEngine policy;
-  private static File baseDir;
-
-  @BeforeClass
-  public static void setupClazz() throws IOException {
-    baseDir = Files.createTempDir();
-  }
-
-  @AfterClass
-  public static void teardownClazz() throws IOException {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  protected void setPolicy(PolicyEngine policy) {
-    this.policy = policy;
-  }
-  protected static File getBaseDir() {
-    return baseDir;
-  }
-  @Before
-  public void setup() throws IOException {
-    afterSetup();
-  }
-  @After
-  public void teardown() throws IOException {
-    beforeTeardown();
-  }
-  protected void afterSetup() throws IOException {
-
-  }
-
-  protected void beforeTeardown() throws IOException {
-
-  }
-
-  @Test
-  public void testManager() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
-        ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
-        ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
-        ANALYST_TMPCOLLECTION_QUERY, JRANALYST_JRANALYST1_ALL,
-        JRANALYST_PURCHASES_PARTIAL_QUERY));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("manager"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  @Test
-  public void testAnalyst() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
-        ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
-        ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
-        ANALYST_TMPCOLLECTION_QUERY));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  @Test
-  public void testJuniorAnalyst() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets
-        .newHashSet(JRANALYST_JRANALYST1_ALL,
-            JRANALYST_PURCHASES_PARTIAL_QUERY));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  @Test
-  public void testAdmin() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ADMIN_COLLECTION_ALL));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  private static Set<String> set(String... values) {
-    return Sets.newHashSet(values);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java
deleted file mode 100644
index be23e15..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/SearchPolicyFileBackend.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.IOException;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.provider.file.SimpleFileProviderBackend;
-
-public class SearchPolicyFileBackend extends SimpleSearchPolicyEngine {
-  public SearchPolicyFileBackend(String resource) throws IOException{
-    super(new SimpleFileProviderBackend(new Configuration(), resource));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java
deleted file mode 100644
index f0bb622..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestCollectionRequiredInRole.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.search;
-
-import org.junit.Assert;
-
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
-import org.apache.shiro.config.ConfigurationException;
-import org.junit.Test;
-
-public class TestCollectionRequiredInRole {
-
-  @Test
-  public void testEmptyRole() throws Exception {
-    CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
-
-    // check no db
-    try {
-      collRequiredInRole.validate(new PrivilegeValidatorContext("index=index1"));
-      Assert.fail("Expected ConfigurationException");
-    } catch (ConfigurationException e) {
-      // expected
-    }
-
-    // check with db
-    try {
-      collRequiredInRole.validate(new PrivilegeValidatorContext("db1","index=index2"));
-      Assert.fail("Expected ConfigurationException");
-    } catch (ConfigurationException e) {
-      // expected
-    }
-  }
-
-  @Test
-  public void testCollectionWithoutAction() throws Exception {
-    CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
-    collRequiredInRole.validate(new PrivilegeValidatorContext("collection=nodb"));
-    collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db"));
-  }
-
-  @Test
-  public void testCollectionWithAction() throws Exception {
-    CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
-    collRequiredInRole.validate(new PrivilegeValidatorContext(null,"collection=nodb->action=query"));
-    collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db->action=update"));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java
deleted file mode 100644
index 9e1b1a7..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderGeneralCases.java
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.EnumSet;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAction;
-import org.apache.sentry.provider.common.MockGroupMappingServiceProvider;
-import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFiles;
-import org.junit.After;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Objects;
-import com.google.common.collect.HashMultimap;
-import com.google.common.collect.Multimap;
-import com.google.common.io.Files;
-
-
-public class TestSearchAuthorizationProviderGeneralCases {
-
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(TestSearchAuthorizationProviderGeneralCases.class);
-
-  private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap
-      .create();
-
-  private static final Subject SUB_ADMIN = new Subject("admin1");
-  private static final Subject SUB_MANAGER = new Subject("manager1");
-  private static final Subject SUB_ANALYST = new Subject("analyst1");
-  private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1");
-
-  private static final Collection COLL_PURCHASES = new Collection("purchases");
-  private static final Collection COLL_ANALYST1 = new Collection("analyst1");
-  private static final Collection COLL_JRANALYST1 = new Collection("jranalyst1");
-  private static final Collection COLL_TMP = new Collection("tmpcollection");
-  private static final Collection COLL_PURCHASES_PARTIAL = new Collection("purchases_partial");
-
-  private static final SearchModelAction QUERY = SearchModelAction.QUERY;
-  private static final SearchModelAction UPDATE = SearchModelAction.UPDATE;
-
-  static {
-    USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin"));
-    USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager"));
-    USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst"));
-    USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(),
-        Arrays.asList("jranalyst"));
-  }
-
-  private final ResourceAuthorizationProvider authzProvider;
-  private File baseDir;
-
-  public TestSearchAuthorizationProviderGeneralCases() throws IOException {
-    baseDir = Files.createTempDir();
-    PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini");
-    authzProvider = new HadoopGroupResourceAuthorizationProvider(
-        new SearchPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath()),
-        new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP));
-
-  }
-
-  @After
-  public void teardown() {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  private void doTestAuthProviderOnCollection(Subject subject,
-      Collection collection, Set<? extends Action> expectedPass) throws Exception {
-    Set<SearchModelAction> allActions = EnumSet.of(SearchModelAction.ALL, SearchModelAction.QUERY, SearchModelAction.UPDATE);
-    for(SearchModelAction action : allActions) {
-      doTestResourceAuthorizationProvider(subject, collection,
-        EnumSet.of(action), expectedPass.contains(action));
-    }
-  }
-
-  private void doTestResourceAuthorizationProvider(Subject subject,
-      Collection collection,
-      Set<? extends Action> privileges, boolean expected) throws Exception {
-    List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] {
-        collection
-    });
-    Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
-    helper.add("Subject", subject).add("Collection", collection)
-      .add("Privileges", privileges).add("authzHierarchy", authzHierarchy);
-    LOGGER.info("Running with " + helper.toString());
-    Assert.assertEquals(helper.toString(), expected,
-        authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
-    LOGGER.info("Passed " + helper.toString());
-  }
-
-  @Test
-  public void testAdmin() throws Exception {
-    Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
-    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES, allActions);
-    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_ANALYST1, allActions);
-    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_JRANALYST1, allActions);
-    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_TMP, allActions);
-    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES_PARTIAL, allActions);
-  }
-
-  @Test
-  public void testManager() throws Exception {
-    Set<SearchModelAction> updateOnly = EnumSet.of(SearchModelAction.UPDATE);
-    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES, updateOnly);
-
-    Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
-    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_ANALYST1, allActions);
-    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_JRANALYST1, allActions);
-
-    Set<SearchModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
-    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_TMP, queryUpdateOnly);
-
-    Set<SearchModelAction> queryOnly = EnumSet.of(SearchModelAction.QUERY);
-    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES_PARTIAL, queryOnly);
-  }
-
-  @Test
-  public void testAnalyst() throws Exception {
-    Set<SearchModelAction> updateOnly = EnumSet.of(SearchModelAction.UPDATE);
-    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES, updateOnly);
-
-    Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
-    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_ANALYST1, allActions);
-    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_JRANALYST1, allActions);
-
-    Set<SearchModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
-    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_TMP, queryUpdateOnly);
-
-    Set<SearchModelAction> noActions = EnumSet.noneOf(SearchModelAction.class);
-    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES_PARTIAL, noActions);
-  }
-
-  @Test
-  public void testJuniorAnalyst() throws Exception {
-     Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
-     doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_JRANALYST1, allActions);
-
-    Set<SearchModelAction> queryOnly = EnumSet.of(SearchModelAction.QUERY);
-    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES_PARTIAL, queryOnly);
-
-    Set<SearchModelAction> noActions = EnumSet.noneOf(SearchModelAction.class);
-    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES, noActions);
-    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_ANALYST1, noActions);
-    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_TMP, noActions);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java
deleted file mode 100644
index 3cd0b75..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchAuthorizationProviderSpecialCases.java
+++ /dev/null
@@ -1,82 +0,0 @@
- /*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.EnumSet;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAction;
-import org.apache.sentry.provider.common.AuthorizationProvider;
-import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.io.Files;
-
-public class TestSearchAuthorizationProviderSpecialCases {
-  private AuthorizationProvider authzProvider;
-  private PolicyFile policyFile;
-  private File baseDir;
-  private File iniFile;
-  private String initResource;
-  @Before
-  public void setup() throws IOException {
-    baseDir = Files.createTempDir();
-    iniFile = new File(baseDir, "policy.ini");
-    initResource = "file://" + iniFile.getPath();
-    policyFile = new PolicyFile();
-  }
-
-  @After
-  public void teardown() throws IOException {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  @Test
-  public void testDuplicateEntries() throws Exception {
-    Subject user1 = new Subject("user1");
-    Collection collection1 = new Collection("collection1");
-    Set<? extends Action> actions = EnumSet.allOf(SearchModelAction.class);
-    policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
-      .addRolesToGroup("group1",  true, "role1", "role1")
-      .addPermissionsToRole("role1", true, "collection=" + collection1.getName(),
-          "collection=" + collection1.getName());
-    policyFile.write(iniFile);
-    SearchPolicyFileBackend policy = new SearchPolicyFileBackend(initResource);
-    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
-    List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(collection1);
-    Assert.assertTrue(authorizableHierarchy.toString(),
-        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java
deleted file mode 100644
index 94fe9f0..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchModelAuthorizables.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.search;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.junit.Test;
-
-public class TestSearchModelAuthorizables {
-
-  @Test
-  public void testCollection() throws Exception {
-    Collection coll = (Collection)SearchModelAuthorizables.from("CoLleCtiOn=collection1");
-    assertEquals("collection1", coll.getName());
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testNoKV() throws Exception {
-    System.out.println(SearchModelAuthorizables.from("nonsense"));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyKey() throws Exception {
-    System.out.println(SearchModelAuthorizables.from("=v"));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyValue() throws Exception {
-    System.out.println(SearchModelAuthorizables.from("k="));
-  }
-
-  @Test
-  public void testNotAuthorizable() throws Exception {
-    assertNull(SearchModelAuthorizables.from("k=v"));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java
deleted file mode 100644
index 5c14ab6..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineDFS.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hdfs.MiniDFSCluster;
-import org.apache.sentry.provider.file.PolicyFiles;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-
-public class TestSearchPolicyEngineDFS extends AbstractTestSearchPolicyEngine {
-
-  private static MiniDFSCluster dfsCluster;
-  private static FileSystem fileSystem;
-  private static Path root;
-  private static Path etc;
-
-  @BeforeClass
-  public static void setupLocalClazz() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    File dfsDir = new File(baseDir, "dfs");
-    Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs());
-    Configuration conf = new Configuration();
-    conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
-    dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
-    fileSystem = dfsCluster.getFileSystem();
-    root = new Path(fileSystem.getUri().toString());
-    etc = new Path(root, "/etc");
-    fileSystem.mkdirs(etc);
-  }
-
-  @AfterClass
-  public static void teardownLocalClazz() {
-    if(dfsCluster != null) {
-      dfsCluster.shutdown();
-    }
-  }
-
-  @Override
-  protected void  afterSetup() throws IOException {
-    fileSystem.delete(etc, true);
-    fileSystem.mkdirs(etc);
-    PolicyFiles.copyToDir(fileSystem, etc, "test-authz-provider.ini");
-    setPolicy(new SearchPolicyFileBackend(new Path(etc,
-        "test-authz-provider.ini").toString()));
-  }
-
-  @Override
-  protected void beforeTeardown() throws IOException {
-    fileSystem.delete(etc, true);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java
deleted file mode 100644
index 593afe7..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyEngineLocalFS.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.provider.file.PolicyFiles;
-
-public class TestSearchPolicyEngineLocalFS extends AbstractTestSearchPolicyEngine {
-
-  @Override
-  protected void  afterSetup() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
-    PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini");
-    setPolicy(new SearchPolicyFileBackend(new File(baseDir, "test-authz-provider.ini").getPath()));
-  }
-  @Override
-  protected void beforeTeardown() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    FileUtils.deleteQuietly(baseDir);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java
deleted file mode 100644
index 0993cc4..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchPolicyNegative.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.search;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Collections;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Charsets;
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public class TestSearchPolicyNegative {
-
-  @SuppressWarnings("unused")
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(TestSearchPolicyNegative.class);
-
-  private File baseDir;
-  private File globalPolicyFile;
-  private File otherPolicyFile;
-
-  @Before
-  public void setup() {
-    baseDir = Files.createTempDir();
-    globalPolicyFile = new File(baseDir, "global.ini");
-    otherPolicyFile = new File(baseDir, "other.ini");
-  }
-
-  @After
-  public void teardown() {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  private void append(String from, File to) throws IOException {
-    Files.append(from + "\n", to, Charsets.UTF_8);
-  }
-
-  @Test
-  public void testPerDbFileException() throws Exception {
-    append("[databases]", globalPolicyFile);
-    append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile);
-    append("[groups]", otherPolicyFile);
-    append("other_group = some_role", otherPolicyFile);
-    append("[roles]", otherPolicyFile);
-    append("some_role = collection=c1", otherPolicyFile);
-    SearchPolicyFileBackend policy = new SearchPolicyFileBackend(globalPolicyFile.getPath());
-    Assert.assertEquals(Collections.emptySet(),
-        policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL));
-  }
-
-  @Test
-  public void testCollectionRequiredInRole() throws Exception {
-    append("[groups]", globalPolicyFile);
-    append("group = some_role", globalPolicyFile);
-    append("[roles]", globalPolicyFile);
-    append("some_role = action=query", globalPolicyFile);
-    PolicyEngine policy = new SearchPolicyFileBackend(globalPolicyFile.getPath());
-    ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
-    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-  }
-
-  @Test
-  public void testGroupIncorrect() throws Exception {
-    append("[groups]", globalPolicyFile);
-    append("group = malicious_role", globalPolicyFile);
-    append("[roles]", globalPolicyFile);
-    append("malicious_role = collection=*", globalPolicyFile);
-    PolicyEngine policy = new SearchPolicyFileBackend(globalPolicyFile.getPath());
-    ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL);
-    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java b/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java
deleted file mode 100644
index 3cf4a39..0000000
--- a/sentry-policy/sentry-policy-search/src/test/java/org/apache/sentry/policy/search/TestSearchWildcardPrivilege.java
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.search;
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER;
-import static org.apache.sentry.policy.common.PolicyConstants.KV_SEPARATOR;
-
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.common.KeyValue;
-import org.junit.Test;
-
-public class TestSearchWildcardPrivilege extends org.junit.Assert {
-
-  private static final String ALL = SearchConstants.ALL;
-
-  @Test
-  public void testSimpleNoAction() throws Exception {
-    Privilege collection1 = create(new KeyValue("collection", "coll1"));
-    Privilege collection2 = create(new KeyValue("collection", "coll2"));
-    Privilege collection1Case = create(new KeyValue("colleCtIon", "coLl1"));
-
-    assertTrue(collection1.implies(collection1));
-    assertTrue(collection2.implies(collection2));
-    assertTrue(collection1.implies(collection1Case));
-    assertTrue(collection1Case.implies(collection1));
-
-    assertFalse(collection1.implies(collection2));
-    assertFalse(collection1Case.implies(collection2));
-    assertFalse(collection2.implies(collection1));
-    assertFalse(collection2.implies(collection1Case));
-  }
-
-  @Test
-  public void testSimpleAction() throws Exception {
-    Privilege query =
-      create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
-    Privilege update =
-      create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
-    Privilege queryCase =
-      create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy"));
-
-    assertTrue(query.implies(query));
-    assertTrue(update.implies(update));
-    assertTrue(query.implies(queryCase));
-    assertTrue(queryCase.implies(query));
-
-    assertFalse(query.implies(update));
-    assertFalse(queryCase.implies(update));
-    assertFalse(update.implies(query));
-    assertFalse(update.implies(queryCase));
-  }
-
-  @Test
-  public void testRoleShorterThanRequest() throws Exception {
-    Privilege collection1 = create(new KeyValue("collection", "coll1"));
-    Privilege query =
-      create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
-    Privilege update =
-      create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
-    Privilege all =
-      create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
-
-    assertTrue(collection1.implies(query));
-    assertTrue(collection1.implies(update));
-    assertTrue(collection1.implies(all));
-
-    assertFalse(query.implies(collection1));
-    assertFalse(update.implies(collection1));
-    assertTrue(all.implies(collection1));
-  }
-
-  @Test
-  public void testCollectionAll() throws Exception {
-    Privilege collectionAll = create(new KeyValue("collection", ALL));
-    Privilege collection1 = create(new KeyValue("collection", "coll1"));
-    assertTrue(collectionAll.implies(collection1));
-    assertTrue(collection1.implies(collectionAll));
-
-    Privilege allUpdate =
-      create(new KeyValue("collection", ALL), new KeyValue("action", "update"));
-    Privilege allQuery =
-      create(new KeyValue("collection", ALL), new KeyValue("action", "query"));
-    Privilege coll1Update =
-      create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
-    Privilege coll1Query =
-      create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
-    assertTrue(allUpdate.implies(coll1Update));
-    assertTrue(allQuery.implies(coll1Query));
-    assertTrue(coll1Update.implies(allUpdate));
-    assertTrue(coll1Query.implies(allQuery));
-    assertFalse(allUpdate.implies(coll1Query));
-    assertFalse(coll1Update.implies(coll1Query));
-    assertFalse(allQuery.implies(coll1Update));
-    assertFalse(coll1Query.implies(allUpdate));
-    assertFalse(allUpdate.implies(allQuery));
-    assertFalse(allQuery.implies(allUpdate));
-    assertFalse(coll1Update.implies(coll1Query));
-    assertFalse(coll1Query.implies(coll1Update));
-
-    // test different length paths
-    assertTrue(collectionAll.implies(allUpdate));
-    assertTrue(collectionAll.implies(allQuery));
-    assertTrue(collectionAll.implies(coll1Update));
-    assertTrue(collectionAll.implies(coll1Query));
-    assertFalse(allUpdate.implies(collectionAll));
-    assertFalse(allQuery.implies(collectionAll));
-    assertFalse(coll1Update.implies(collectionAll));
-    assertFalse(coll1Query.implies(collectionAll));
-  }
-
-  @Test
-  public void testActionAll() throws Exception {
-    Privilege coll1All =
-       create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
-    Privilege coll1Update =
-      create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
-    Privilege coll1Query =
-      create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
-    assertTrue(coll1All.implies(coll1All));
-    assertTrue(coll1All.implies(coll1Update));
-    assertTrue(coll1All.implies(coll1Query));
-    assertFalse(coll1Update.implies(coll1All));
-    assertFalse(coll1Query.implies(coll1All));
-
-    // test different lengths
-    Privilege coll1 =
-       create(new KeyValue("collection", "coll1"));
-    assertTrue(coll1All.implies(coll1));
-    assertTrue(coll1.implies(coll1All));
-  }
-
-  @Test
-  public void testUnexpected() throws Exception {
-    Privilege p = new Privilege() {
-      @Override
-      public boolean implies(Privilege p) {
-        return false;
-      }
-    };
-    Privilege collection1 = create(new KeyValue("collection", "coll1"));
-    assertFalse(collection1.implies(null));
-    assertFalse(collection1.implies(p));
-    assertFalse(collection1.equals(null));
-    assertFalse(collection1.equals(p));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testNullString() throws Exception {
-    System.out.println(create((String)null));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyString() throws Exception {
-    System.out.println(create(""));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyKey() throws Exception {
-    System.out.println(create(KV_JOINER.join("collection", "")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyValue() throws Exception {
-    System.out.println(create(KV_JOINER.join("", "coll1")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyPart() throws Exception {
-    System.out.println(create(AUTHORIZABLE_JOINER.
-        join(KV_JOINER.join("collection1", "coll1"), "")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testOnlySeperators() throws Exception {
-    System.out.println(create(AUTHORIZABLE_JOINER.
-        join(KV_SEPARATOR, KV_SEPARATOR, KV_SEPARATOR)));
-  }
-
-  static SearchWildcardPrivilege create(KeyValue... keyValues) {
-    return create(AUTHORIZABLE_JOINER.join(keyValues));
-
-  }
-  static SearchWildcardPrivilege create(String s) {
-    return new SearchWildcardPrivilege(s);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties b/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties
deleted file mode 100644
index c41373c..0000000
--- a/sentry-policy/sentry-policy-search/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-# Define some default values that can be overridden by system properties.
-#
-# For testing, it may also be convenient to specify
-
-log4j.rootLogger=DEBUG,console
-
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.target=System.err
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d (%t) [%p - %l] %m%n
-
-log4j.logger.org.apache.hadoop.conf.Configuration=INFO

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini b/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini
deleted file mode 100644
index 8af8162..0000000
--- a/sentry-policy/sentry-policy-search/src/test/resources/test-authz-provider.ini
+++ /dev/null
@@ -1,31 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-[groups]
-manager = analyst_role, junior_analyst_role
-analyst = analyst_role
-jranalyst = junior_analyst_role
-admin = admin
-
-[roles]
-analyst_role = collection=purchases->action=update, \
-  collection=analyst1, \
-  collection=jranalyst1->action=*, \
-  collection=tmpcollection->action=update, \
-  collection=tmpcollection->action=query
-junior_analyst_role = collection=jranalyst1, collection=purchases_partial->action=query
-admin = collection=*

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/pom.xml b/sentry-policy/sentry-policy-sqoop/pom.xml
deleted file mode 100644
index 84d031a..0000000
--- a/sentry-policy/sentry-policy-sqoop/pom.xml
+++ /dev/null
@@ -1,80 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements.  See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License.  You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <parent>
-    <groupId>org.apache.sentry</groupId>
-    <artifactId>sentry-policy</artifactId>
-    <version>1.8.0-SNAPSHOT</version>
-  </parent>
-
-  <artifactId>sentry-policy-sqoop</artifactId>
-  <name>Sentry Policy for Sqoop</name>
-
-  <dependencies>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.hadoop</groupId>
-      <artifactId>hadoop-common</artifactId>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.hadoop</groupId>
-      <artifactId>hadoop-minicluster</artifactId>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>log4j</groupId>
-      <artifactId>log4j</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.shiro</groupId>
-      <artifactId>shiro-core</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.google.guava</groupId>
-      <artifactId>guava</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-log4j12</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-core-model-sqoop</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-provider-common</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-provider-file</artifactId>
-    </dependency>
-  </dependencies>
-
-</project>

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java
deleted file mode 100644
index ef1c88b..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/ServerNameRequiredMatch.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.policy.common.PolicyConstants.PRIVILEGE_PREFIX;
-
-import java.util.List;
-
-import org.apache.sentry.core.model.sqoop.Server;
-import org.apache.sentry.core.model.sqoop.SqoopAuthorizable;
-import org.apache.sentry.policy.common.PrivilegeValidatorContext;
-import org.apache.sentry.policy.common.PrivilegeValidator;
-import org.apache.shiro.config.ConfigurationException;
-
-import com.google.common.collect.Lists;
-
-public class ServerNameRequiredMatch implements PrivilegeValidator {
-  private final String sqoopServerName;
-  public ServerNameRequiredMatch(String sqoopServerName) {
-    this.sqoopServerName = sqoopServerName;
-  }
-  @Override
-  public void validate(PrivilegeValidatorContext context)
-      throws ConfigurationException {
-    Iterable<SqoopAuthorizable> authorizables = parsePrivilege(context.getPrivilege());
-    boolean match = false;
-    for (SqoopAuthorizable authorizable : authorizables) {
-      if (authorizable instanceof Server && authorizable.getName().equalsIgnoreCase(sqoopServerName)) {
-        match = true;
-        break;
-      }
-    }
-    if (!match) {
-      String msg = "server=[name] in " + context.getPrivilege()
-          + " is required. The name is expected " + sqoopServerName;
-      throw new ConfigurationException(msg);
-    }
-  }
-
-  private Iterable<SqoopAuthorizable> parsePrivilege(String string) {
-    List<SqoopAuthorizable> result = Lists.newArrayList();
-    for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
-      if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
-        SqoopAuthorizable authorizable = SqoopModelAuthorizables.from(section);
-        if(authorizable == null) {
-          String msg = "No authorizable found for " + section;
-          throw new ConfigurationException(msg);
-        }
-        result.add(authorizable);
-      }
-    }
-    return result;
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
deleted file mode 100644
index 13f78c6..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SimpleSqoopPolicyEngine.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import java.util.Set;
-
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.SentryConfigurationException;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.policy.common.PrivilegeValidator;
-import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.ProviderBackendContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableSet;
-
-public class SimpleSqoopPolicyEngine implements PolicyEngine {
-  private static final Logger LOGGER = LoggerFactory.getLogger(SimpleSqoopPolicyEngine.class);
-  private final ProviderBackend providerBackend;
-
-  public SimpleSqoopPolicyEngine(String sqoopServerName, ProviderBackend providerBackend) {
-    this.providerBackend = providerBackend;
-    ProviderBackendContext context = new ProviderBackendContext();
-    context.setAllowPerDatabase(false);
-    context.setValidators(ImmutableList.<PrivilegeValidator>of(new ServerNameRequiredMatch(sqoopServerName)));
-    this.providerBackend.initialize(context);
-  }
-  @Override
-  public PrivilegeFactory getPrivilegeFactory() {
-    return new SqoopWildcardPrivilege.Factory();
-  }
-
-  @Override
-  public ImmutableSet<String> getAllPrivileges(Set<String> groups,
-      ActiveRoleSet roleSet) throws SentryConfigurationException {
-    return getPrivileges(groups, roleSet);
-  }
-
-  @Override
-  public ImmutableSet<String> getPrivileges(Set<String> groups,
-      ActiveRoleSet roleSet, Authorizable... authorizableHierarchy)
-      throws SentryConfigurationException {
-    if(LOGGER.isDebugEnabled()) {
-      LOGGER.debug("Getting permissions for {}", groups);
-    }
-    ImmutableSet<String> result = providerBackend.getPrivileges(groups, roleSet);
-    if(LOGGER.isDebugEnabled()) {
-      LOGGER.debug("result = " + result);
-    }
-    return result;
-  }
-
-  @Override
-  public ImmutableSet<String> getAllPrivileges(Set<String> groups, Set<String> users,
-      ActiveRoleSet roleSet) throws SentryConfigurationException {
-    return getPrivileges(groups, users, roleSet);
-  }
-
-  @Override
-  public ImmutableSet<String> getPrivileges(Set<String> groups, Set<String> users,
-      ActiveRoleSet roleSet, Authorizable... authorizationHierarchy) {
-    if(LOGGER.isDebugEnabled()) {
-      LOGGER.debug("Getting permissions for groups: {}, users: {}", groups, users);
-    }
-    ImmutableSet<String> result = providerBackend.getPrivileges(groups, users, roleSet);
-    if(LOGGER.isDebugEnabled()) {
-      LOGGER.debug("result = " + result);
-    }
-    return result;
-  }
-
-  @Override
-  public void close() {
-    if (providerBackend != null) {
-      providerBackend.close();
-    }
-  }
-
-  @Override
-  public void validatePolicy(boolean strictValidation)
-      throws SentryConfigurationException {
-    if (providerBackend != null) {
-      providerBackend.validatePolicy(strictValidation);
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/d94e900a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopModelAuthorizables.java b/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopModelAuthorizables.java
deleted file mode 100644
index b03b4dc..0000000
--- a/sentry-policy/sentry-policy-sqoop/src/main/java/org/apache/sentry/policy/sqoop/SqoopModelAuthorizables.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.sqoop;
-
-import org.apache.sentry.core.model.sqoop.Connector;
-import org.apache.sentry.core.model.sqoop.Job;
-import org.apache.sentry.core.model.sqoop.Link;
-import org.apache.sentry.core.model.sqoop.Server;
-import org.apache.sentry.core.model.sqoop.SqoopAuthorizable;
-import org.apache.sentry.core.model.sqoop.SqoopAuthorizable.AuthorizableType;
-import org.apache.sentry.policy.common.KeyValue;
-
-public class SqoopModelAuthorizables {
-  public static SqoopAuthorizable from(KeyValue keyValue) {
-    String prefix = keyValue.getKey().toLowerCase();
-    String name = keyValue.getValue().toLowerCase();
-    for (AuthorizableType type : AuthorizableType.values()) {
-      if(prefix.equalsIgnoreCase(type.name())) {
-        return from(type, name);
-      }
-    }
-    return null;
-  }
-
-  public static SqoopAuthorizable from(String keyValue) {
-    return from(new KeyValue(keyValue));
-  }
-
-  public static SqoopAuthorizable from(AuthorizableType type, String name) {
-    switch(type) {
-    case SERVER:
-      return new Server(name);
-    case JOB:
-      return new Job(name);
-    case CONNECTOR:
-      return new Connector(name);
-    case LINK:
-      return new Link(name);
-    default:
-      return null;
-    }
-  }
-}


Mime
View raw message