sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject sentry git commit: SENTRY-1225: Improve SentryPolicyServiceClientDefaultImpl to support user section with import/export(Colin Ma, reviewed by Dapeng Sun)
Date Thu, 05 May 2016 08:47:08 GMT
Repository: sentry
Updated Branches:
  refs/heads/master d4165e423 -> c523c46ee


SENTRY-1225: Improve SentryPolicyServiceClientDefaultImpl to support user section with import/export(Colin
Ma, reviewed by Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/c523c46e
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/c523c46e
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/c523c46e

Branch: refs/heads/master
Commit: c523c46ee66fb005be47a1646b0665038b3aa9d1
Parents: d4165e4
Author: Colin Ma <colin@apache.org>
Authored: Thu May 5 17:21:07 2016 +0800
Committer: Colin Ma <colin@apache.org>
Committed: Thu May 5 17:21:07 2016 +0800

----------------------------------------------------------------------
 .../SentryPolicyServiceClientDefaultImpl.java   |  2 +
 .../thrift/TestSentryServiceImportExport.java   | 55 +++++++++++++++++---
 2 files changed, 51 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/c523c46e/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
index 0da3cfd..a52ad8f 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
@@ -940,6 +940,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
       // convert the mapping data for [group,role] from map structure to
       // TSentryMappingData.GroupRolesMap
       tSentryMappingData.setGroupRolesMap(policyFileMappingData.get(PolicyFileConstants.GROUPS));
+      tSentryMappingData.setUserRolesMap(policyFileMappingData.get(PolicyFileConstants.USERS));
       // convert the mapping data for [role,privilege] from map structure to
       // TSentryMappingData.RolePrivilegesMap
       tSentryMappingData
@@ -984,6 +985,7 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
       Status.throwIfNotOk(response.getStatus());
       TSentryMappingData tSentryMappingData = response.getMappingData();
       Map<String, Map<String, Set<String>>> resultMap = Maps.newHashMap();
+      resultMap.put(PolicyFileConstants.USERS, tSentryMappingData.getUserRolesMap());
       resultMap.put(PolicyFileConstants.GROUPS, tSentryMappingData.getGroupRolesMap());
       resultMap.put(PolicyFileConstants.ROLES,
           convertRolePrivilegesMapForPolicyFile(tSentryMappingData.getRolePrivilegesMap()));

http://git-wip-us.apache.org/repos/asf/sentry/blob/c523c46e/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceImportExport.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceImportExport.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceImportExport.java
index 865f66e..2665db1 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceImportExport.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceImportExport.java
@@ -663,23 +663,66 @@ public class TestSentryServiceImportExport extends SentryServiceIntegrationBase
     });
   }
 
+  // Befor import, database is empty.
+  // The following information is imported:
+  // group1=role1,role2,role3
+  // group2=role1,role2,role3
+  // user1=role1,role2,role3
+  // user2=role1,role2,role3
+  // role1=privilege1,privilege2,privilege3,privilege4
+  // role2=privilege1,privilege2,privilege3,privilege4
+  // role3=privilege1,privilege2,privilege3,privilege4
+  @Test
+  public void testImportExportPolicyWithUser() throws Exception {
+    runTestAsSubject(new TestOperation() {
+      @Override
+      public void runTestAsSubject() throws Exception {
+        Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap();
+        Map<String, Set<String>> groupRolesMap = Maps.newHashMap();
+        Map<String, Set<String>> userRolesMap = Maps.newHashMap();
+        Set<String> roles = Sets.newHashSet("role1", "role2", "role3");
+        groupRolesMap.put("group1", roles);
+        groupRolesMap.put("group2", roles);
+        userRolesMap.put("user1", roles);
+        userRolesMap.put("user2", roles);
+        Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap();
+        for (String roleName : roles) {
+          rolePrivilegesMap.put(roleName, Sets.newHashSet(PRIVILIEGE1,
+              PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4));
+        }
+        policyFileMappingData.put(PolicyFileConstants.USERS, userRolesMap);
+        policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap);
+        policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap);
+        client.importPolicy(policyFileMappingData, ADMIN_USER, false);
+
+        Map<String, Map<String, Set<String>>> sentryMappingData =
+            client.exportPolicy(ADMIN_USER, null);
+        // validate the [user, role] mapping
+        validateRolesMap(sentryMappingData.get(PolicyFileConstants.USERS),
+            policyFileMappingData.get(PolicyFileConstants.USERS));
+        validateSentryMappingData(sentryMappingData,
+            policyFileMappingData);
+      }
+    });
+  }
+
   // verify the mapping data
   public void validateSentryMappingData(
       Map<String, Map<String, Set<String>>> actualMappingData,
       Map<String, Map<String, Set<String>>> expectedMappingData) {
-    validateGroupRolesMap(actualMappingData.get(PolicyFileConstants.GROUPS),
+    validateRolesMap(actualMappingData.get(PolicyFileConstants.GROUPS),
         expectedMappingData.get(PolicyFileConstants.GROUPS));
     validateRolePrivilegesMap(actualMappingData.get(PolicyFileConstants.ROLES),
         expectedMappingData.get(PolicyFileConstants.ROLES));
   }
 
-  // verify the mapping data for [group,role]
-  private void validateGroupRolesMap(Map<String, Set<String>> actualMap,
+  // verify the mapping data for [group,role] and [user,role]
+  private void validateRolesMap(Map<String, Set<String>> actualMap,
       Map<String, Set<String>> expectedMap) {
     assertEquals(expectedMap.keySet().size(), actualMap.keySet().size());
-    for (String groupName : actualMap.keySet()) {
-      Set<String> actualRoles = actualMap.get(groupName);
-      Set<String> expectedRoles = expectedMap.get(groupName);
+    for (String name : actualMap.keySet()) {
+      Set<String> actualRoles = actualMap.get(name);
+      Set<String> expectedRoles = expectedMap.get(name);
       assertEquals(actualRoles.size(), expectedRoles.size());
       assertTrue(actualRoles.equals(expectedRoles));
     }


Mime
View raw message