sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kal...@apache.org
Subject [7/9] sentry git commit: SENTRY-1475: Integrate Sentry with Solr 7 authorization framework. (Hrishikesh Gadre, reviewed by Kalyan Kumar Kalvagadda)
Date Mon, 13 Nov 2017 14:38:11 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java
new file mode 100644
index 0000000..8de54f6
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineDFS.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.junit.Assert;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.hdfs.MiniDFSCluster;
+import org.apache.sentry.core.common.utils.PolicyFiles;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+public class TestSolrPolicyEngineDFS extends AbstractTestSolrPolicyEngine {
+
+  private static MiniDFSCluster dfsCluster;
+  private static FileSystem fileSystem;
+  private static Path root;
+  private static Path etc;
+
+  @BeforeClass
+  public static void setupLocalClazz() throws IOException {
+    File baseDir = getBaseDir();
+    Assert.assertNotNull(baseDir);
+    File dfsDir = new File(baseDir, "dfs");
+    Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs());
+    Configuration conf = new Configuration();
+    conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
+    dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
+    fileSystem = dfsCluster.getFileSystem();
+    root = new Path(fileSystem.getUri().toString());
+    etc = new Path(root, "/etc");
+    fileSystem.mkdirs(etc);
+  }
+
+  @AfterClass
+  public static void teardownLocalClazz() {
+    if(dfsCluster != null) {
+      dfsCluster.shutdown();
+    }
+  }
+
+  @Override
+  protected void  afterSetup() throws IOException {
+    fileSystem.delete(etc, true);
+    fileSystem.mkdirs(etc);
+    PolicyFiles.copyToDir(fileSystem, etc, "solr-policy-test-authz-provider.ini");
+    setPolicy(SolrPolicyTestUtil.createPolicyEngineForTest(new Path(etc,
+        "solr-policy-test-authz-provider.ini").toString()));
+  }
+
+  @Override
+  protected void beforeTeardown() throws IOException {
+    fileSystem.delete(etc, true);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java
new file mode 100644
index 0000000..d138053
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyEngineLocalFS.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.junit.Assert;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.utils.PolicyFiles;
+
+public class TestSolrPolicyEngineLocalFS extends AbstractTestSolrPolicyEngine {
+
+  @Override
+  protected void  afterSetup() throws IOException {
+    File baseDir = getBaseDir();
+    Assert.assertNotNull(baseDir);
+    Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
+    PolicyFiles.copyToDir(baseDir, "solr-policy-test-authz-provider.ini");
+    setPolicy(SolrPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "solr-policy-test-authz-provider.ini").getPath()));
+  }
+  @Override
+  protected void beforeTeardown() throws IOException {
+    File baseDir = getBaseDir();
+    Assert.assertNotNull(baseDir);
+    FileUtils.deleteQuietly(baseDir);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java
new file mode 100644
index 0000000..ec72136
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrPolicyNegative.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Collections;
+
+import org.junit.Assert;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.policy.common.PolicyEngine;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Charsets;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Sets;
+import com.google.common.io.Files;
+
+public class TestSolrPolicyNegative {
+
+  @SuppressWarnings("unused")
+  private static final Logger LOGGER = LoggerFactory
+      .getLogger(TestSolrPolicyNegative.class);
+
+  private File baseDir;
+  private File globalPolicyFile;
+  private File otherPolicyFile;
+
+  @Before
+  public void setup() {
+    baseDir = Files.createTempDir();
+    globalPolicyFile = new File(baseDir, "global.ini");
+    otherPolicyFile = new File(baseDir, "other.ini");
+  }
+
+  @After
+  public void teardown() {
+    if(baseDir != null) {
+      FileUtils.deleteQuietly(baseDir);
+    }
+  }
+
+  private void append(String from, File to) throws IOException {
+    Files.append(from + "\n", to, Charsets.UTF_8);
+  }
+
+  @Test
+  public void testPerDbFileException() throws Exception {
+    append("[databases]", globalPolicyFile);
+    append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile);
+    append("[groups]", otherPolicyFile);
+    append("other_group = some_role", otherPolicyFile);
+    append("[roles]", otherPolicyFile);
+    append("some_role = collection=c1", otherPolicyFile);
+    PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
+    Assert.assertEquals(Collections.emptySet(),
+        policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL));
+  }
+
+  @Test
+  public void testCollectionRequiredInRole() throws Exception {
+    append("[groups]", globalPolicyFile);
+    append("group = some_role", globalPolicyFile);
+    append("[roles]", globalPolicyFile);
+    append("some_role = action=query", globalPolicyFile);
+    PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
+    ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
+    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
+  }
+
+  @Test
+  public void testGroupIncorrect() throws Exception {
+    append("[groups]", globalPolicyFile);
+    append("group = malicious_role", globalPolicyFile);
+    append("[roles]", globalPolicyFile);
+    append("malicious_role = collection=*", globalPolicyFile);
+    PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
+    ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL);
+    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java
deleted file mode 100644
index de6d6e0..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSearch.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.privilege.solr;
-
-import org.apache.sentry.core.common.Model;
-import org.apache.sentry.core.common.utils.KeyValue;
-import org.apache.sentry.core.common.utils.SentryConstants;
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.policy.common.CommonPrivilege;
-import org.apache.sentry.policy.common.Privilege;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.util.List;
-
-import static junit.framework.Assert.assertFalse;
-import static junit.framework.Assert.assertTrue;
-
-public class TestCommonPrivilegeForSearch {
-
-  private Model searchPrivilegeModel;
-
-  private static final String ALL = SearchConstants.ALL;
-
-  @Before
-  public void prepareData() {
-    searchPrivilegeModel = SearchPrivilegeModel.getInstance();
-  }
-
-  @Test
-  public void testSimpleNoAction() throws Exception {
-    CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
-    CommonPrivilege collection2 = create(new KeyValue("collection", "coll2"));
-    CommonPrivilege collection1Case = create(new KeyValue("colleCtIon", "coLl1"));
-
-    assertTrue(collection1.implies(collection1, searchPrivilegeModel));
-    assertTrue(collection2.implies(collection2, searchPrivilegeModel));
-    assertTrue(collection1.implies(collection1Case, searchPrivilegeModel));
-    assertTrue(collection1Case.implies(collection1, searchPrivilegeModel));
-
-    assertFalse(collection1.implies(collection2, searchPrivilegeModel));
-    assertFalse(collection1Case.implies(collection2, searchPrivilegeModel));
-    assertFalse(collection2.implies(collection1, searchPrivilegeModel));
-    assertFalse(collection2.implies(collection1Case, searchPrivilegeModel));
-  }
-
-  @Test
-  public void testSimpleAction() throws Exception {
-    CommonPrivilege query =
-            create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
-    CommonPrivilege update =
-            create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
-    CommonPrivilege queryCase =
-            create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy"));
-
-    assertTrue(query.implies(query, searchPrivilegeModel));
-    assertTrue(update.implies(update, searchPrivilegeModel));
-    assertTrue(query.implies(queryCase, searchPrivilegeModel));
-    assertTrue(queryCase.implies(query, searchPrivilegeModel));
-
-    assertFalse(query.implies(update, searchPrivilegeModel));
-    assertFalse(queryCase.implies(update, searchPrivilegeModel));
-    assertFalse(update.implies(query, searchPrivilegeModel));
-    assertFalse(update.implies(queryCase, searchPrivilegeModel));
-  }
-
-  @Test
-  public void testRoleShorterThanRequest() throws Exception {
-    CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
-    CommonPrivilege query =
-            create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
-    CommonPrivilege update =
-            create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
-    CommonPrivilege all =
-            create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
-
-    assertTrue(collection1.implies(query, searchPrivilegeModel));
-    assertTrue(collection1.implies(update, searchPrivilegeModel));
-    assertTrue(collection1.implies(all, searchPrivilegeModel));
-
-    assertFalse(query.implies(collection1, searchPrivilegeModel));
-    assertFalse(update.implies(collection1, searchPrivilegeModel));
-    assertTrue(all.implies(collection1, searchPrivilegeModel));
-  }
-
-  @Test
-  public void testCollectionAll() throws Exception {
-    CommonPrivilege collectionAll = create(new KeyValue("collection", ALL));
-    CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
-    assertTrue(collectionAll.implies(collection1, searchPrivilegeModel));
-    assertTrue(collection1.implies(collectionAll, searchPrivilegeModel));
-
-    CommonPrivilege allUpdate =
-            create(new KeyValue("collection", ALL), new KeyValue("action", "update"));
-    CommonPrivilege allQuery =
-            create(new KeyValue("collection", ALL), new KeyValue("action", "query"));
-    CommonPrivilege coll1Update =
-            create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
-    CommonPrivilege coll1Query =
-            create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
-    assertTrue(allUpdate.implies(coll1Update, searchPrivilegeModel));
-    assertTrue(allQuery.implies(coll1Query, searchPrivilegeModel));
-    assertTrue(coll1Update.implies(allUpdate, searchPrivilegeModel));
-    assertTrue(coll1Query.implies(allQuery, searchPrivilegeModel));
-    assertFalse(allUpdate.implies(coll1Query, searchPrivilegeModel));
-    assertFalse(coll1Update.implies(coll1Query, searchPrivilegeModel));
-    assertFalse(allQuery.implies(coll1Update, searchPrivilegeModel));
-    assertFalse(coll1Query.implies(allUpdate, searchPrivilegeModel));
-    assertFalse(allUpdate.implies(allQuery, searchPrivilegeModel));
-    assertFalse(allQuery.implies(allUpdate, searchPrivilegeModel));
-    assertFalse(coll1Update.implies(coll1Query, searchPrivilegeModel));
-    assertFalse(coll1Query.implies(coll1Update, searchPrivilegeModel));
-
-    // test different length paths
-    assertTrue(collectionAll.implies(allUpdate, searchPrivilegeModel));
-    assertTrue(collectionAll.implies(allQuery, searchPrivilegeModel));
-    assertTrue(collectionAll.implies(coll1Update, searchPrivilegeModel));
-    assertTrue(collectionAll.implies(coll1Query, searchPrivilegeModel));
-    assertFalse(allUpdate.implies(collectionAll, searchPrivilegeModel));
-    assertFalse(allQuery.implies(collectionAll, searchPrivilegeModel));
-    assertFalse(coll1Update.implies(collectionAll, searchPrivilegeModel));
-    assertFalse(coll1Query.implies(collectionAll, searchPrivilegeModel));
-  }
-
-  @Test
-  public void testActionAll() throws Exception {
-    CommonPrivilege coll1All =
-            create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
-    CommonPrivilege coll1Update =
-            create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
-    CommonPrivilege coll1Query =
-            create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
-    assertTrue(coll1All.implies(coll1All, searchPrivilegeModel));
-    assertTrue(coll1All.implies(coll1Update, searchPrivilegeModel));
-    assertTrue(coll1All.implies(coll1Query, searchPrivilegeModel));
-    assertFalse(coll1Update.implies(coll1All, searchPrivilegeModel));
-    assertFalse(coll1Query.implies(coll1All, searchPrivilegeModel));
-
-    // test different lengths
-    CommonPrivilege coll1 =
-            create(new KeyValue("collection", "coll1"));
-    assertTrue(coll1All.implies(coll1, searchPrivilegeModel));
-    assertTrue(coll1.implies(coll1All, searchPrivilegeModel));
-  }
-
-  @Test
-  public void testUnexpected() throws Exception {
-    Privilege p = new Privilege() {
-      @Override
-      public boolean implies(Privilege p, Model m) {
-        return false;
-      }
-
-      @Override
-      public List<KeyValue> getAuthorizable() {
-        return null;
-      }
-    };
-    Privilege collection1 = create(new KeyValue("collection", "coll1"));
-    assertFalse(collection1.implies(null, searchPrivilegeModel));
-    assertFalse(collection1.implies(p, searchPrivilegeModel));
-    assertFalse(collection1.equals(null));
-    assertFalse(collection1.equals(p));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testNullString() throws Exception {
-    System.out.println(create((String)null));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyString() throws Exception {
-    System.out.println(create(""));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyKey() throws Exception {
-    System.out.println(create(SentryConstants.KV_JOINER.join("collection", "")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyValue() throws Exception {
-    System.out.println(create(SentryConstants.KV_JOINER.join("", "coll1")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyPart() throws Exception {
-    System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
-            join(SentryConstants.KV_JOINER.join("collection1", "coll1"), "")));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testOnlySeperators() throws Exception {
-    System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
-            join(SentryConstants.KV_SEPARATOR, SentryConstants.KV_SEPARATOR,
-            SentryConstants.KV_SEPARATOR)));
-  }
-
-  static CommonPrivilege create(KeyValue... keyValues) {
-    return create(SentryConstants.AUTHORIZABLE_JOINER.join(keyValues));
-  }
-
-  static CommonPrivilege create(String s) {
-    return new CommonPrivilege(s);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java
new file mode 100644
index 0000000..6782089
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java
@@ -0,0 +1,293 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.privilege.solr;
+
+import org.apache.sentry.core.common.Model;
+import org.apache.sentry.core.common.utils.KeyValue;
+import org.apache.sentry.core.common.utils.SentryConstants;
+import org.apache.sentry.core.model.solr.SolrConstants;
+import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
+import org.apache.sentry.policy.common.CommonPrivilege;
+import org.apache.sentry.policy.common.Privilege;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.List;
+
+import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertTrue;
+
+/**
+ * This class implements a set of unit tests designed to verify {@linkplain SolrPrivilegeModel}
+ */
+public class TestCommonPrivilegeForSolr {
+
+  private Model solrPrivilegeModel;
+
+  private static final String ALL = SolrConstants.ALL;
+
+  @Before
+  public void prepareData() {
+    solrPrivilegeModel = SolrPrivilegeModel.getInstance();
+  }
+
+  @Test
+  public void testSimpleNoAction() throws Exception {
+    CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
+    CommonPrivilege collection2 = create(new KeyValue("collection", "coll2"));
+    CommonPrivilege collection1Case = create(new KeyValue("colleCtIon", "coLl1"));
+
+    assertTrue(collection1.implies(collection1, solrPrivilegeModel));
+    assertTrue(collection2.implies(collection2, solrPrivilegeModel));
+    assertTrue(collection1.implies(collection1Case, solrPrivilegeModel));
+    assertTrue(collection1Case.implies(collection1, solrPrivilegeModel));
+
+    assertFalse(collection1.implies(collection2, solrPrivilegeModel));
+    assertFalse(collection1Case.implies(collection2, solrPrivilegeModel));
+    assertFalse(collection2.implies(collection1, solrPrivilegeModel));
+    assertFalse(collection2.implies(collection1Case, solrPrivilegeModel));
+  }
+
+  @Test
+  public void testAdminNoAction() throws Exception {
+    CommonPrivilege globalAdmin = create(new KeyValue("admin", SolrConstants.ALL));
+    CommonPrivilege coreAdmin = create(new KeyValue("admin", "core"));
+    CommonPrivilege collectionAdmin = create(new KeyValue("admin", "collection"));
+    CommonPrivilege securityAdmin = create(new KeyValue("admin", "security"));
+
+    assertTrue(coreAdmin.implies(coreAdmin, solrPrivilegeModel));
+    assertFalse(coreAdmin.implies(collectionAdmin, solrPrivilegeModel));
+    assertFalse(coreAdmin.implies(securityAdmin, solrPrivilegeModel));
+    // TODO - Check if this is a bug ?
+    // assertFalse(coreAdmin.implies(globalAdmin, solrPrivilegeModel));
+
+    assertTrue(collectionAdmin.implies(collectionAdmin, solrPrivilegeModel));
+    assertFalse(collectionAdmin.implies(coreAdmin, solrPrivilegeModel));
+    assertFalse(collectionAdmin.implies(securityAdmin, solrPrivilegeModel));
+    // TODO - Check if this is a bug ?
+    // assertFalse(collectionAdmin.implies(globalAdmin, solrPrivilegeModel));
+
+    assertTrue(securityAdmin.implies(securityAdmin, solrPrivilegeModel));
+    assertFalse(securityAdmin.implies(collectionAdmin, solrPrivilegeModel));
+    assertFalse(securityAdmin.implies(coreAdmin, solrPrivilegeModel));
+    // TODO - Check if this is a bug ?
+    // assertFalse(securityAdmin.implies(globalAdmin, solrPrivilegeModel));
+
+    assertTrue(globalAdmin.implies(globalAdmin, solrPrivilegeModel));
+    assertTrue(globalAdmin.implies(collectionAdmin, solrPrivilegeModel));
+    assertTrue(globalAdmin.implies(coreAdmin, solrPrivilegeModel));
+    assertTrue(globalAdmin.implies(securityAdmin, solrPrivilegeModel));
+  }
+
+  @Test
+  public void testSimpleAction() throws Exception {
+    CommonPrivilege query =
+        create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+    CommonPrivilege update =
+        create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+    CommonPrivilege queryCase =
+        create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy"));
+
+    assertTrue(query.implies(query, solrPrivilegeModel));
+    assertTrue(update.implies(update, solrPrivilegeModel));
+    assertTrue(query.implies(queryCase, solrPrivilegeModel));
+    assertTrue(queryCase.implies(query, solrPrivilegeModel));
+
+    assertFalse(query.implies(update, solrPrivilegeModel));
+    assertFalse(queryCase.implies(update, solrPrivilegeModel));
+    assertFalse(update.implies(query, solrPrivilegeModel));
+    assertFalse(update.implies(queryCase, solrPrivilegeModel));
+  }
+
+  @Test
+  public void testAdminAction() throws Exception {
+    CommonPrivilege query =
+        create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("action", "query"));
+    CommonPrivilege update =
+        create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("action", "update"));
+    CommonPrivilege queryCase =
+        create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("AcTiOn", "QuERy"));
+
+    assertTrue(query.implies(query, solrPrivilegeModel));
+    assertTrue(update.implies(update, solrPrivilegeModel));
+    assertTrue(query.implies(queryCase, solrPrivilegeModel));
+    assertTrue(queryCase.implies(query, solrPrivilegeModel));
+
+    assertFalse(query.implies(update, solrPrivilegeModel));
+    assertFalse(queryCase.implies(update, solrPrivilegeModel));
+    assertFalse(update.implies(query, solrPrivilegeModel));
+    assertFalse(update.implies(queryCase, solrPrivilegeModel));
+  }
+
+  @Test
+  public void testRoleShorterThanRequest() throws Exception {
+    CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
+    CommonPrivilege query =
+        create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+    CommonPrivilege update =
+        create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+    CommonPrivilege all =
+        create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
+
+    assertTrue(collection1.implies(query, solrPrivilegeModel));
+    assertTrue(collection1.implies(update, solrPrivilegeModel));
+    assertTrue(collection1.implies(all, solrPrivilegeModel));
+
+    assertFalse(query.implies(collection1, solrPrivilegeModel));
+    assertFalse(update.implies(collection1, solrPrivilegeModel));
+    assertTrue(all.implies(collection1, solrPrivilegeModel));
+  }
+
+  @Test
+  public void testAdminRoleShorterThanRequest() throws Exception {
+    CommonPrivilege globalAdmin = create(new KeyValue("admin", "*"));
+    CommonPrivilege query =
+        create(new KeyValue("admin", "core"), new KeyValue("action", "query"));
+    CommonPrivilege update =
+        create(new KeyValue("admin", "core"), new KeyValue("action", "update"));
+    CommonPrivilege all = create(new KeyValue("admin", "*"), new KeyValue("action", ALL));
+
+    assertTrue(globalAdmin.implies(query, solrPrivilegeModel));
+    assertTrue(globalAdmin.implies(update, solrPrivilegeModel));
+    assertTrue(globalAdmin.implies(all, solrPrivilegeModel));
+
+    assertFalse(query.implies(globalAdmin, solrPrivilegeModel));
+    assertFalse(update.implies(globalAdmin, solrPrivilegeModel));
+    assertTrue(all.implies(globalAdmin, solrPrivilegeModel));
+  }
+
+  @Test
+  public void testCollectionAll() throws Exception {
+    CommonPrivilege collectionAll = create(new KeyValue("collection", ALL));
+    CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
+    assertTrue(collectionAll.implies(collection1, solrPrivilegeModel));
+    assertTrue(collection1.implies(collectionAll, solrPrivilegeModel));
+
+    CommonPrivilege allUpdate =
+        create(new KeyValue("collection", ALL), new KeyValue("action", "update"));
+    CommonPrivilege allQuery =
+        create(new KeyValue("collection", ALL), new KeyValue("action", "query"));
+    CommonPrivilege coll1Update =
+        create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+    CommonPrivilege coll1Query =
+        create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+    assertTrue(allUpdate.implies(coll1Update, solrPrivilegeModel));
+    assertTrue(allQuery.implies(coll1Query, solrPrivilegeModel));
+    assertTrue(coll1Update.implies(allUpdate, solrPrivilegeModel));
+    assertTrue(coll1Query.implies(allQuery, solrPrivilegeModel));
+    assertFalse(allUpdate.implies(coll1Query, solrPrivilegeModel));
+    assertFalse(coll1Update.implies(coll1Query, solrPrivilegeModel));
+    assertFalse(allQuery.implies(coll1Update, solrPrivilegeModel));
+    assertFalse(coll1Query.implies(allUpdate, solrPrivilegeModel));
+    assertFalse(allUpdate.implies(allQuery, solrPrivilegeModel));
+    assertFalse(allQuery.implies(allUpdate, solrPrivilegeModel));
+    assertFalse(coll1Update.implies(coll1Query, solrPrivilegeModel));
+    assertFalse(coll1Query.implies(coll1Update, solrPrivilegeModel));
+
+    // test different length paths
+    assertTrue(collectionAll.implies(allUpdate, solrPrivilegeModel));
+    assertTrue(collectionAll.implies(allQuery, solrPrivilegeModel));
+    assertTrue(collectionAll.implies(coll1Update, solrPrivilegeModel));
+    assertTrue(collectionAll.implies(coll1Query, solrPrivilegeModel));
+    assertFalse(allUpdate.implies(collectionAll, solrPrivilegeModel));
+    assertFalse(allQuery.implies(collectionAll, solrPrivilegeModel));
+    assertFalse(coll1Update.implies(collectionAll, solrPrivilegeModel));
+    assertFalse(coll1Query.implies(collectionAll, solrPrivilegeModel));
+  }
+
+  @Test
+  public void testActionAll() throws Exception {
+    CommonPrivilege coll1All =
+        create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
+    CommonPrivilege coll1Update =
+        create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
+    CommonPrivilege coll1Query =
+        create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
+    assertTrue(coll1All.implies(coll1All, solrPrivilegeModel));
+    assertTrue(coll1All.implies(coll1Update, solrPrivilegeModel));
+    assertTrue(coll1All.implies(coll1Query, solrPrivilegeModel));
+    assertFalse(coll1Update.implies(coll1All, solrPrivilegeModel));
+    assertFalse(coll1Query.implies(coll1All, solrPrivilegeModel));
+
+    // test different lengths
+    CommonPrivilege coll1 =
+        create(new KeyValue("collection", "coll1"));
+    assertTrue(coll1All.implies(coll1, solrPrivilegeModel));
+    assertTrue(coll1.implies(coll1All, solrPrivilegeModel));
+  }
+
+  @Test
+  public void testUnexpected() throws Exception {
+    Privilege p = new Privilege() {
+      @Override
+      public boolean implies(Privilege p, Model m) {
+        return false;
+      }
+
+      @Override
+      public List<KeyValue> getAuthorizable() {
+        return null;
+      }
+    };
+    Privilege collection1 = create(new KeyValue("collection", "coll1"));
+    assertFalse(collection1.implies(null, solrPrivilegeModel));
+    assertFalse(collection1.implies(p, solrPrivilegeModel));
+    assertFalse(collection1.equals(null));
+    assertFalse(collection1.equals(p));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testNullString() throws Exception {
+    System.out.println(create((String)null));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testEmptyString() throws Exception {
+    System.out.println(create(""));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testEmptyKey() throws Exception {
+    System.out.println(create(SentryConstants.KV_JOINER.join("collection", "")));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testEmptyValue() throws Exception {
+    System.out.println(create(SentryConstants.KV_JOINER.join("", "coll1")));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testEmptyPart() throws Exception {
+    System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
+        join(SentryConstants.KV_JOINER.join("collection1", "coll1"), "")));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testOnlySeperators() throws Exception {
+    System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
+        join(SentryConstants.KV_SEPARATOR, SentryConstants.KV_SEPARATOR,
+            SentryConstants.KV_SEPARATOR)));
+  }
+
+  static CommonPrivilege create(KeyValue... keyValues) {
+    return create(SentryConstants.AUTHORIZABLE_JOINER.join(keyValues));
+  }
+
+  static CommonPrivilege create(String s) {
+    return new CommonPrivilege(s);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini b/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini
index 56317db..88b6f14 100644
--- a/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini
+++ b/sentry-binding/sentry-binding-solr/src/test/resources/test-authz-provider.ini
@@ -22,9 +22,7 @@ general = corporal_role, sergeant_role, general_role
 undefinedRoleGroup = undefinedRole
 
 [roles]
-#test that specification of a bogus action doesn't affect further specifications
-corporal_role = collection=info->action=FOOBAR, \
-  collection=info->action=query
+corporal_role = collection=info->action=query
 sergeant_role = collection=info->action=update
 general_role = collection=*->action=*
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-core/pom.xml b/sentry-core/pom.xml
index 6b91767..b6256b7 100644
--- a/sentry-core/pom.xml
+++ b/sentry-core/pom.xml
@@ -32,7 +32,7 @@ limitations under the License.
     <module>sentry-core-common</module>
     <module>sentry-core-model-db</module>
     <module>sentry-core-model-indexer</module>
-    <module>sentry-core-model-search</module>
+    <module>sentry-core-model-solr</module>
     <module>sentry-core-model-sqoop</module>
     <module>sentry-core-model-kafka</module>
   </modules>

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/pom.xml b/sentry-core/sentry-core-model-search/pom.xml
deleted file mode 100644
index 5917a63..0000000
--- a/sentry-core/sentry-core-model-search/pom.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements.  See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License.  You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <modelVersion>4.0.0</modelVersion>
-  <parent>
-    <groupId>org.apache.sentry</groupId>
-    <artifactId>sentry-core</artifactId>
-    <version>2.0.0-SNAPSHOT</version>
-  </parent>
-
-  <artifactId>sentry-core-model-search</artifactId>
-  <name>Sentry Core Model Search</name>
-
-  <dependencies>
-    <dependency>
-      <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-core-common</artifactId>
-    </dependency>
-
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <scope>test</scope>
-    </dependency>
-  </dependencies>
-
-</project>

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java
deleted file mode 100644
index 26ea287..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Collection.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-public class Collection implements SearchModelAuthorizable {
-
-  /**
-   * Represents all tables
-   */
-  public static final Collection ALL = new Collection(SearchConstants.ALL);
-
-  private final String name;
-
-  public Collection(String name) {
-    this.name = name;
-  }
-
-  @Override
-  public String getName() {
-    return name;
-  }
-
-  @Override
-  public String toString() {
-    return "Collection [name=" + name + "]";
-  }
-
-  @Override
-  public AuthorizableType getAuthzType() {
-    return AuthorizableType.Collection;
-  }
-
-  @Override
-  public String getTypeName() {
-    return getAuthzType().name();
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java
deleted file mode 100644
index 2dd9065..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/Field.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-/**
- * Represents the field authorizable in the solr model
- */
-public class Field implements SearchModelAuthorizable{
-
-  private final String name;
-  /**
-   * Represents all fields
-   */
-  public static final Field ALL = new Field(SearchConstants.ALL);
-
-  public Field(String name) {
-    this.name = name;
-  }
-
-  @Override
-  public AuthorizableType getAuthzType() {
-    return AuthorizableType.Field;
-  }
-
-  @Override
-  public String toString() {
-    return "Field [name=" + name + "]";
-  }
-
-  @Override
-  public String getTypeName() {
-    return getAuthzType().name();
-  }
-
-  @Override
-  public String getName() {
-    return name;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java
deleted file mode 100644
index 3f10726..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchActionFactory.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-import java.util.List;
-
-import org.apache.sentry.core.common.BitFieldAction;
-import org.apache.sentry.core.common.BitFieldActionFactory;
-
-import com.google.common.collect.Lists;
-
-public class SearchActionFactory extends BitFieldActionFactory {
-  public enum SearchAction {
-    UPDATE(SearchConstants.UPDATE, 0x0001),
-    QUERY(SearchConstants.QUERY, 0x0002),
-    ALL(SearchConstants.ALL, 0x0001|0x0002);
-
-    private String name;
-    private int code;
-    private SearchAction(String name, int code) {
-      this.name = name;
-      this.code = code;
-    }
-    public String getName() {
-      return name;
-    }
-    public int getCode() {
-      return code;
-    }
-  }
-
-  public static class SearchBitFieldAction extends BitFieldAction {
-    public SearchBitFieldAction(SearchAction action) {
-      super(action.getName(), action.getCode());
-    }
-  }
-
-  private final static SearchAction[] AllActions = SearchAction.values();
-  /**
-   * One bit set action array, includes UPDATE and QUERY
-   */
-  private final static SearchAction[] OneBitActions = new SearchAction[]{SearchAction.UPDATE, SearchAction.QUERY};
-
-  @Override
-  public List<? extends BitFieldAction> getActionsByCode(int actionCode) {
-    List<SearchBitFieldAction> actions = Lists.newArrayList();
-    for (SearchAction action : OneBitActions) {
-      if ((action.code & actionCode) == action.code) {
-        actions.add(new SearchBitFieldAction(action));
-      }
-    }
-    return actions;
-  }
-
-  @Override
-  public BitFieldAction getActionByName(String name) {
-    SearchBitFieldAction val = null;
-    for (SearchAction action : AllActions) {
-      if (action.name.equalsIgnoreCase(name)) {
-        return new SearchBitFieldAction(action);
-      }
-    }
-    return val;
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java
deleted file mode 100644
index a2b17fc..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchConstants.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-public final class SearchConstants {
-
-  public static final String ALL = "*";
-  public static final String QUERY = "query";
-  public static final String UPDATE = "update";
-  /**
-   * The property of sentry.search.service is used to distinguish itself from multiple search services. For example, there are two
-   * search services: service1 and service2 implemented authorization via sentry, and it must set the value of
-   * sentry.search.service=service1 or service2 to communicate with sentry service for authorization
-   */
-  public static final String SENTRY_SEARCH_SERVICE_KEY = "sentry.search.service";
-  public static final String SENTRY_SEARCH_SERVICE_DEFAULT = "service1";
-
-  private SearchConstants() {
-    // Make constructor private to avoid instantiation
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java
deleted file mode 100644
index 48ac267..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAction.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-import org.apache.sentry.core.common.Action;
-
-/**
- * Represents actions in the Search model.
- */
-public enum SearchModelAction implements Action {
-
-  UPDATE(SearchConstants.UPDATE),
-  QUERY(SearchConstants.QUERY),
-  ALL(SearchConstants.ALL);
-
-  private final String value;
-  private SearchModelAction(String value) {
-    this.value = value;
-  }
-
-  @Override
-  public String getValue() {
-    return value;
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java
deleted file mode 100644
index 5a55963..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizable.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-import org.apache.sentry.core.common.Authorizable;
-
-public interface SearchModelAuthorizable extends Authorizable {
-
-  public enum AuthorizableType {
-    Collection,
-    Field
-  };
-
-  AuthorizableType getAuthzType();
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java
deleted file mode 100644
index 2b190e5..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchModelAuthorizables.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-import org.apache.sentry.core.model.search.SearchModelAuthorizable.AuthorizableType;
-import org.apache.sentry.core.common.utils.KeyValue;
-
-public class SearchModelAuthorizables {
-
-  private SearchModelAuthorizables() {
-    // Make constructor private to avoid instantiation
-  }
-
-  public static SearchModelAuthorizable from(KeyValue keyValue) {
-    String prefix = keyValue.getKey().toLowerCase();
-    String name = keyValue.getValue().toLowerCase();
-    for(AuthorizableType type : AuthorizableType.values()) {
-      if(prefix.equalsIgnoreCase(type.name())) {
-        return from(type, name);
-      }
-    }
-    return null;
-  }
-  public static SearchModelAuthorizable from(String s) {
-    return from(new KeyValue(s));
-  }
-
-  private static SearchModelAuthorizable from(AuthorizableType type, String name) {
-    switch (type) {
-    case Collection:
-      return new Collection(name);
-    default:
-      return null;
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
deleted file mode 100644
index 9429a25..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/SearchPrivilegeModel.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search;
-
-import com.google.common.collect.ImmutableList;
-import org.apache.sentry.core.common.BitFieldActionFactory;
-import org.apache.sentry.core.common.ImplyMethodType;
-import org.apache.sentry.core.common.Model;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
-import org.apache.sentry.core.model.search.validator.CollectionRequiredInPrivilege;
-
-import java.util.HashMap;
-import java.util.Map;
-
-public class SearchPrivilegeModel implements Model {
-
-  private Map<String, ImplyMethodType> implyMethodMap;
-  private BitFieldActionFactory bitFieldActionFactory;
-  private static SearchPrivilegeModel searchPrivilegeModel = new SearchPrivilegeModel();
-
-  private SearchPrivilegeModel() {
-    implyMethodMap = new HashMap<String, ImplyMethodType>();
-    bitFieldActionFactory = new SearchActionFactory();
-
-    implyMethodMap.put(SearchModelAuthorizable.AuthorizableType.Collection.name().toLowerCase(), ImplyMethodType.STRING);
-    implyMethodMap.put(SearchModelAuthorizable.AuthorizableType.Field.name().toLowerCase(), ImplyMethodType.STRING);
-  }
-
-  @Override
-  public Map<String, ImplyMethodType> getImplyMethodMap() {
-    return implyMethodMap;
-  }
-
-  @Override
-  public BitFieldActionFactory getBitFieldActionFactory() {
-    return bitFieldActionFactory;
-  }
-
-  public static SearchPrivilegeModel getInstance() {
-    return searchPrivilegeModel;
-  }
-
-  public ImmutableList<PrivilegeValidator> getPrivilegeValidators() {
-    return ImmutableList.<PrivilegeValidator>of(new CollectionRequiredInPrivilege());
-  }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java
deleted file mode 100644
index c06131c..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/AbstractSearchPrivilegeValidator.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search.validator;
-
-import static org.apache.sentry.core.common.utils.SentryConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.core.common.utils.SentryConstants.PRIVILEGE_PREFIX;
-
-import java.util.List;
-
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.core.common.validator.PrivilegeValidator;
-import org.apache.sentry.core.model.search.SearchModelAuthorizables;
-import org.apache.shiro.config.ConfigurationException;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.Lists;
-
-public abstract class AbstractSearchPrivilegeValidator implements PrivilegeValidator {
-
-  @VisibleForTesting
-  public static Iterable<SearchModelAuthorizable> parsePrivilege(String string) {
-    List<SearchModelAuthorizable> result = Lists.newArrayList();
-    System.err.println("privilege = " + string);
-    for(String section : AUTHORIZABLE_SPLITTER.split(string)) {
-      // XXX this ugly hack is because action is not an authorizable
-      if(!section.toLowerCase().startsWith(PRIVILEGE_PREFIX)) {
-        SearchModelAuthorizable authorizable = SearchModelAuthorizables.from(section);
-        if(authorizable == null) {
-          String msg = "No authorizable found for " + section;
-          throw new ConfigurationException(msg);
-        }
-        result.add(authorizable);
-      }
-    }
-    return result;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java b/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java
deleted file mode 100644
index 93b3861..0000000
--- a/sentry-core/sentry-core-model-search/src/main/java/org/apache/sentry/core/model/search/validator/CollectionRequiredInPrivilege.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.model.search.validator;
-
-import org.apache.sentry.core.common.exception.SentryConfigurationException;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizable;
-import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
-
-public class CollectionRequiredInPrivilege extends AbstractSearchPrivilegeValidator {
-
-  @Override
-  public void validate(PrivilegeValidatorContext context) throws SentryConfigurationException {
-    String privilege = context.getPrivilege();
-    Iterable<SearchModelAuthorizable> authorizables = parsePrivilege(privilege);
-    boolean foundCollectionInAuthorizables = false;
-
-    for(SearchModelAuthorizable authorizable : authorizables) {
-      if(authorizable instanceof Collection) {
-        foundCollectionInAuthorizables = true;
-        break;
-      }
-    }
-    if(!foundCollectionInAuthorizables) {
-      String msg = "Missing collection object in " + privilege;
-      throw new SentryConfigurationException(msg);
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java b/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java
deleted file mode 100644
index 2311401..0000000
--- a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestCollection.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package org.apache.sentry.core.search;
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.junit.Assert;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.junit.Test;
-
-public class TestCollection {
-
-  @Test
-  public void testSimple() {
-    String name = "simple";
-    Collection simple = new Collection(name);
-    Assert.assertEquals(simple.getName(), name);
-  }
-
-  @Test
-  public void testCollectionAuthzType() {
-    Collection collection1 = new Collection("collection1");
-    Collection collection2 = new Collection("collection2");
-    Assert.assertEquals(collection1.getAuthzType(), collection2.getAuthzType());
-    Assert.assertEquals(collection1.getTypeName(), collection2.getTypeName());
-  }
-
-  // just test it doesn't throw NPE
-  @Test
-  public void testNullCollection() {
-    Collection nullCollection = new Collection(null);
-    nullCollection.getName();
-    nullCollection.toString();
-    nullCollection.getAuthzType();
-    nullCollection.getTypeName();
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java b/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java
deleted file mode 100644
index 0056f40..0000000
--- a/sentry-core/sentry-core-model-search/src/test/java/org/apache/sentry/core/search/TestSearchBitFieldAction.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core.search;
-
-import org.apache.sentry.core.model.search.SearchActionFactory;
-import org.apache.sentry.core.model.search.SearchActionFactory.SearchAction;
-import org.apache.sentry.core.model.search.SearchActionFactory.SearchBitFieldAction;
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.junit.Test;
-
-import com.google.common.collect.Lists;
-
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertEquals;
-
-public class TestSearchBitFieldAction {
-  SearchActionFactory actionFactory = new SearchActionFactory();
-
-  @Test
-  public void testImpliesAction() {
-    SearchBitFieldAction updateAction = new SearchBitFieldAction(SearchAction.UPDATE);
-    SearchBitFieldAction queryAction = new SearchBitFieldAction(SearchAction.QUERY);
-    SearchBitFieldAction allAction = new SearchBitFieldAction(SearchAction.ALL);
-
-    assertTrue(allAction.implies(queryAction));
-    assertTrue(allAction.implies(updateAction));
-    assertTrue(allAction.implies(allAction));
-    assertTrue(updateAction.implies(updateAction));
-    assertTrue(queryAction.implies(queryAction));
-
-    assertFalse(queryAction.implies(updateAction));
-    assertFalse(queryAction.implies(allAction));
-    assertFalse(updateAction.implies(queryAction));
-    assertFalse(updateAction.implies(allAction));
-  }
-
-  @Test
-  public void testGetActionByName() throws Exception {
-    SearchBitFieldAction updateAction = (SearchBitFieldAction)actionFactory.getActionByName(SearchConstants.UPDATE);
-    SearchBitFieldAction queryAction = (SearchBitFieldAction)actionFactory.getActionByName(SearchConstants.QUERY);
-    SearchBitFieldAction allAction = (SearchBitFieldAction)actionFactory.getActionByName(SearchConstants.ALL);
-
-    assertTrue(updateAction.equals(new SearchBitFieldAction(SearchAction.UPDATE)));
-    assertTrue(queryAction.equals(new SearchBitFieldAction(SearchAction.QUERY)));
-    assertTrue(allAction.equals(new SearchBitFieldAction(SearchAction.ALL)));
-  }
-
-  @Test
-  public void testGetActionsByCode() throws Exception {
-    SearchBitFieldAction updateAction = new SearchBitFieldAction(SearchAction.UPDATE);
-    SearchBitFieldAction queryAction = new SearchBitFieldAction(SearchAction.QUERY);
-
-    assertEquals(Lists.newArrayList(updateAction, queryAction), actionFactory.getActionsByCode(SearchAction.ALL.getCode()));
-    assertEquals(Lists.newArrayList(updateAction), actionFactory.getActionsByCode(SearchAction.UPDATE.getCode()));
-    assertEquals(Lists.newArrayList(queryAction), actionFactory.getActionsByCode(SearchAction.QUERY.getCode()));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/pom.xml b/sentry-core/sentry-core-model-solr/pom.xml
new file mode 100644
index 0000000..58ae2a7
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/pom.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.apache.sentry</groupId>
+    <artifactId>sentry-core</artifactId>
+    <version>2.0.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>sentry-core-model-solr</artifactId>
+  <name>Sentry Core Model Solr</name>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-core-common</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+</project>

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java
new file mode 100644
index 0000000..c054b7d
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/AdminOperation.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+import java.util.Arrays;
+import java.util.Collection;
+
+/**
+ * This class represents Solr admin operations which includes,
+ * - Collection admin operations
+ * - Core admin operations
+ * - Security configuration management.
+ * - Reading Solr metrics
+ * - Solr auto-scaling operations
+ */
+public class AdminOperation extends SolrModelAuthorizable {
+  public static Collection<String> ENTITY_NAMES =
+      Arrays.asList(SolrConstants.ALL, "collections", "cores", "security", "metrics", "autoscaling");
+
+  public static AdminOperation ALL = new AdminOperation(SolrConstants.ALL);
+  public static AdminOperation COLLECTIONS = new AdminOperation("collections");
+  public static AdminOperation CORES = new AdminOperation("cores");
+  public static AdminOperation SECURITY = new AdminOperation("security");
+  public static AdminOperation METRICS = new AdminOperation("metrics");
+  public static AdminOperation AUTOSCALING = new AdminOperation("autoscaling");
+
+  public AdminOperation (String name) {
+    super (AuthorizableType.Admin, name);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java
new file mode 100644
index 0000000..0232ec0
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Collection.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+public class Collection extends SolrModelAuthorizable {
+
+  /**
+   * Represents all tables
+   */
+  public static final Collection ALL = new Collection(SolrConstants.ALL);
+
+  public Collection(String name) {
+    super (AuthorizableType.Collection, name);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java
new file mode 100644
index 0000000..208211e
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Config.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+/**
+ * This class represents a Solr config-set.
+ */
+public class Config extends SolrModelAuthorizable {
+
+  public static final Config ALL = new Config(SolrConstants.ALL);
+
+  public Config(String name) {
+    super (AuthorizableType.Config, name);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java
new file mode 100644
index 0000000..554fa08
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Field.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+/**
+ * Represents the field authorizable in the solr model
+ */
+public class Field extends SolrModelAuthorizable {
+
+  /**
+   * Represents all fields
+   */
+  public static final Field ALL = new Field(SolrConstants.ALL);
+
+  public Field(String name) {
+    super (AuthorizableType.Field, name);
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java
new file mode 100644
index 0000000..b5ab6a1
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/Schema.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+/**
+ * This class represents Solr collection/core schema
+ */
+public class Schema extends SolrModelAuthorizable {
+
+  public static final Schema ALL = new Schema(SolrConstants.ALL);
+
+  public Schema(String name) {
+    super (AuthorizableType.Schema, name);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java
new file mode 100644
index 0000000..567708a
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrActionFactory.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+import java.util.List;
+
+import org.apache.sentry.core.common.BitFieldAction;
+import org.apache.sentry.core.common.BitFieldActionFactory;
+
+import com.google.common.collect.Lists;
+
+public class SolrActionFactory extends BitFieldActionFactory {
+  public enum SolrAction {
+    UPDATE(SolrConstants.UPDATE, 0x0001),
+    QUERY(SolrConstants.QUERY, 0x0002),
+    ALL(SolrConstants.ALL, 0x0001|0x0002);
+
+    private String name;
+    private int code;
+    private SolrAction(String name, int code) {
+      this.name = name;
+      this.code = code;
+    }
+    public String getName() {
+      return name;
+    }
+    public int getCode() {
+      return code;
+    }
+  }
+
+  public static class SolrBitFieldAction extends BitFieldAction {
+    public SolrBitFieldAction(SolrAction action) {
+      super(action.getName(), action.getCode());
+    }
+  }
+
+  private final static SolrAction[] AllActions = SolrAction.values();
+  /**
+   * One bit set action array, includes UPDATE and QUERY
+   */
+  private final static SolrAction[] OneBitActions = new SolrAction[]{SolrAction.UPDATE, SolrAction.QUERY};
+
+  @Override
+  public List<? extends BitFieldAction> getActionsByCode(int actionCode) {
+    List<SolrBitFieldAction> actions = Lists.newArrayList();
+    for (SolrAction action : OneBitActions) {
+      if ((action.code & actionCode) == action.code) {
+        actions.add(new SolrBitFieldAction(action));
+      }
+    }
+    return actions;
+  }
+
+  @Override
+  public BitFieldAction getActionByName(String name) {
+    SolrBitFieldAction val = null;
+    for (SolrAction action : AllActions) {
+      if (action.name.equalsIgnoreCase(name)) {
+        return new SolrBitFieldAction(action);
+      }
+    }
+    return val;
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java
new file mode 100644
index 0000000..91dc41e
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrConstants.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+public final class SolrConstants {
+
+  public static final String ALL = "*";
+  public static final String QUERY = "query";
+  public static final String UPDATE = "update";
+  /**
+   * The property of sentry.solr.service is used to distinguish itself from multiple solr services. For example, there are two
+   * solr services: service1 and service2 implemented authorization via sentry, and it must set the value of
+   * sentry.solr.service=service1 or service2 to communicate with sentry service for authorization
+   */
+  public static final String SENTRY_SOLR_SERVICE_KEY = "sentry.solr.service";
+  public static final String SENTRY_SOLR_SERVICE_DEFAULT = "service1";
+
+  public static final String CORE_ADMIN = "core";
+  public static final String COLLECTION_ADMIN = "collection";
+  public static final String SECURITY_ADMIN = "security";
+
+  private SolrConstants() {
+    // Make constructor private to avoid instantiation
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java
new file mode 100644
index 0000000..333ea10
--- /dev/null
+++ b/sentry-core/sentry-core-model-solr/src/main/java/org/apache/sentry/core/model/solr/SolrModelAction.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.solr;
+
+import org.apache.sentry.core.common.Action;
+
+/**
+ * Represents actions in the Solr model.
+ */
+public enum SolrModelAction implements Action {
+
+  UPDATE(SolrConstants.UPDATE),
+  QUERY(SolrConstants.QUERY),
+  ALL(SolrConstants.ALL);
+
+  private final String value;
+  private SolrModelAction(String value) {
+    this.value = value;
+  }
+
+  @Override
+  public String getValue() {
+    return value;
+  }
+}


Mime
View raw message