sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [19/32] sentry git commit: SENTRY-1475: Integrate Sentry with Solr 7 authorization framework. (Hrishikesh Gadre, reviewed by Kalyan Kumar Kalvagadda)
Date Thu, 16 Nov 2017 09:56:56 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java
deleted file mode 100644
index 2b246b5..0000000
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e.solr;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.junit.Test;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-
-import org.apache.solr.update.processor.DistributedUpdateProcessor.DistribPhase;
-import org.apache.solr.client.solrj.impl.CloudSolrServer;
-import org.apache.solr.common.cloud.ClusterState;
-import org.apache.solr.common.cloud.Slice;
-
-import java.io.File;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-import org.apache.solr.common.SolrInputDocument;
-
-public class TestUpdateOperations extends AbstractSolrSentryTestBase {
-
-  private static final Logger LOG = LoggerFactory
-      .getLogger(TestUpdateOperations.class);
-  private static final String COLLECTION_NAME = "sentryCollection";
-  private static final List<Boolean> BOOLEAN_VALUES = Arrays.asList(new Boolean[]{true, false});
-  private static final String DEFAULT_COLLECTION = "collection1";
-
-  @Test
-  public void testUpdateOperations() throws Exception {
-    // Upload configs to ZK
-    uploadConfigDirToZk(RESOURCES_DIR + File.separator + DEFAULT_COLLECTION
-        + File.separator + "conf");
-    setupCollection(COLLECTION_NAME);
-    ArrayList<String> testFailures = new ArrayList<String>();
-
-    for (boolean query : BOOLEAN_VALUES) {
-      for (boolean update : BOOLEAN_VALUES) {
-        for (boolean all : BOOLEAN_VALUES) {
-          String test_user = getUsernameForPermissions(COLLECTION_NAME, query, update, all);
-          LOG.info("TEST_USER: " + test_user);
-
-          try {
-            if (all || update) {
-              cleanSolrCollection(COLLECTION_NAME);
-              SolrInputDocument solrInputDoc = createSolrTestDoc();
-              verifyUpdatePass(test_user, COLLECTION_NAME, solrInputDoc);
-
-              cleanSolrCollection(COLLECTION_NAME);
-              uploadSolrDoc(COLLECTION_NAME, null);
-              verifyDeletedocsPass(test_user, COLLECTION_NAME, false);
-            } else {
-              cleanSolrCollection(COLLECTION_NAME);
-              SolrInputDocument solrInputDoc = createSolrTestDoc();
-              verifyUpdateFail(test_user, COLLECTION_NAME, solrInputDoc);
-
-              cleanSolrCollection(COLLECTION_NAME);
-              uploadSolrDoc(COLLECTION_NAME, null);
-              verifyDeletedocsFail(test_user, COLLECTION_NAME, false);
-            }
-          } catch (Throwable testException) {
-            StringWriter stringWriter = new StringWriter();
-            PrintWriter printWriter = new PrintWriter(stringWriter);
-            testException.printStackTrace(printWriter);
-            testFailures.add("\n\nTestFailure: User -> " + test_user + "\n"
-                + stringWriter.toString());
-          }
-        }
-      }
-    }
-
-    assertEquals("Total test failures: " + testFailures.size() + " \n\n"
-        + testFailures.toString() + "\n\n\n", 0, testFailures.size());
-  }
-
-  @Test
-  public void testInvariantProcessor() throws Exception {
-    String collectionName = "testInvariantCollection";
-    // Upload configs to ZK
-    uploadConfigDirToZk(RESOURCES_DIR + File.separator + DEFAULT_COLLECTION
-        + File.separator + "conf");
-    setupCollection(collectionName);
-
-    // Send a update request and try to set the update.chain to skip the
-    // index-authorization checks
-    setAuthenticationUser("junit");
-    CloudSolrServer server = getCloudSolrServer(collectionName);
-    try {
-      String path = "/" + collectionName + "/update?update.chain=skipUpdateIndexAuthorization&commit=true";
-      String body = "<add><doc><field name=\"id\">testInvariantDoc</field></doc></add>";
-      String ret = makeHttpRequest(server, "POST", path, body.getBytes("UTF-8"), "text/xml");
-      assertTrue("Expected sentry exception", ret.contains("SentrySolrAuthorizationException: User junit"
-        + " does not have privileges for testInvariantCollection"));
-    } finally {
-      server.shutdown();
-    }
-  }
-
-  private void checkUpdateDistribPhase(CloudSolrServer server, String collectionName,
-      String userName, DistribPhase distribPhase) throws Exception {
-    String path = "/" + collectionName + "/update?commit=true";
-    String updateDistribParam="";
-    if (distribPhase != null) {
-      updateDistribParam = distribPhase.toString();
-      path += "&update.distrib="+updateDistribParam;
-    }
-    String docId = "testUpdateDistribDoc"+updateDistribParam;
-    String body = "<add><doc><field name=\"id\">"+docId+"</field></doc></add>";
-
-    String node = null;
-    ClusterState clusterState = server.getZkStateReader().getClusterState();
-    for (Slice slice : clusterState.getActiveSlices(collectionName)) {
-      if(slice.getRange().includes(docId.hashCode())) {
-        node = slice.getLeader().getNodeName().replace("_solr", "/solr");
-      }
-    }
-    assertNotNull("Expected to find leader node for document", node);
-
-    String ret = makeHttpRequest(server, node, "POST", path, body.getBytes("UTF-8"), "text/xml");
-    assertTrue("Expected sentry exception",
-      ret.contains("SentrySolrAuthorizationException: " +
-        "User " + userName + " does not have privileges for " + collectionName));
-  }
-
-  @Test
-  public void testUpdateDistribPhase() throws Exception {
-    final String collectionName = "testUpdateDistribPhase";
-    final String userName = "junit";
-    // Upload configs to ZK
-    uploadConfigDirToZk(RESOURCES_DIR + File.separator + DEFAULT_COLLECTION
-        + File.separator + "conf");
-    setupCollection(collectionName);
-
-    setAuthenticationUser(userName);
-    CloudSolrServer server = getCloudSolrServer(collectionName);
-    try {
-      // ensure user can't update collection
-      checkUpdateDistribPhase(server, collectionName, userName, null);
-
-      // now, try to update collection, setting update.distrib to possible values
-      for ( DistribPhase phase : DistribPhase.values() ) {
-        checkUpdateDistribPhase(server, collectionName, userName, phase);
-      }
-    } finally {
-      server.shutdown();
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java
deleted file mode 100644
index 71c3cb6..0000000
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/AbstractSolrSentryTestWithDbProvider.java
+++ /dev/null
@@ -1,324 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.tests.e2e.solr.db.integration;
-
-
-import static org.apache.sentry.core.model.search.SearchModelAuthorizable.AuthorizableType.Collection;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.util.Comparator;
-import java.util.List;
-import java.util.TreeMap;
-import java.util.UUID;
-import java.util.concurrent.TimeoutException;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.CommonConfigurationKeys;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.binding.solr.HdfsTestUtil;
-import org.apache.sentry.binding.solr.conf.SolrAuthzConf.AuthzConfVars;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.sentry.provider.db.generic.SentryGenericProviderBackend;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
-import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.service.thrift.SentryService;
-import org.apache.sentry.service.thrift.SentryServiceFactory;
-import org.apache.sentry.service.thrift.ServiceConstants.ClientConfig;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.apache.sentry.tests.e2e.solr.AbstractSolrSentryTestBase;
-import org.apache.sentry.tests.e2e.solr.ModifiableUserAuthenticationFilter;
-import org.apache.solr.cloud.MiniSolrCloudCluster;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
-
-/**
- * This class used to test the Solr integration with DB store.
- * It will set up a miniSolrCloud, miniHDFS and Sentry service in a JVM process.
- */
-public class AbstractSolrSentryTestWithDbProvider extends AbstractSolrSentryTestBase{
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(AbstractSolrSentryTestWithDbProvider.class);
-
-  protected static final String SERVER_HOST = NetUtils
-      .createSocketAddr("localhost:80").getAddress().getCanonicalHostName();
-  protected static final int PORT = 8038;
-  protected static final String ADMIN_GROUP = "admin_group";
-  protected static final String ADMIN_ROLE  = "admin_role";
-  protected static final String ADMIN_COLLECTION_NAME = "admin";
-  protected static final String COMPONENT_SOLR = "solr";
-  protected static final String SERVICE_NAME = SearchConstants.SENTRY_SEARCH_SERVICE_DEFAULT;
-
-  protected static final Configuration conf = new Configuration(false);
-
-  protected static SentryService server;
-  protected static SentryGenericServiceClient client;
-
-  protected static File baseDir;
-  protected static File hdfsDir;
-  protected static File dbDir;
-  protected static File policyFilePath;
-  protected static File sentrySitePath;
-
-  protected static PolicyFile policyFile;
-
-  /**
-   * Overwrite the method from super class AbstractSolrSentryTestBase
-   * take over the management of miniSolrCloudCluster and dfsCluster
-   */
-  @BeforeClass
-  public static void beforeTestSimpleSolrEndToEnd() throws Exception {
-    setupConf();
-    startHDFS();
-    startSolrWithDbProvider();
-    startSentryService();
-    connectToSentryService();
-    setGroupsAndRoles();
-  }
-
-  @AfterClass
-  public static void teardownClass() throws Exception {
-    stopAllService();
-    FileUtils.deleteDirectory(baseDir);
-    unsetSystemProperties();
-  }
-
-  public static void setupConf() throws Exception {
-    baseDir = createTempDir();
-    hdfsDir = new File(baseDir, "hdfs");
-    dbDir = new File(baseDir, "sentry_policy_db");
-    policyFilePath = new File(baseDir, "local_policy_file.ini");
-    sentrySitePath = new File(baseDir, "sentry-site.xml");
-    policyFile = new PolicyFile();
-
-    conf.set(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_NONE);
-    conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false");
-    conf.set(ServerConfig.ADMIN_GROUPS, ADMIN_GROUP + ",solr");
-    conf.set(ServerConfig.RPC_ADDRESS, SERVER_HOST);
-    conf.set(ServerConfig.RPC_PORT, String.valueOf(PORT));
-    conf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
-        "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true");
-    conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy");
-    conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE,
-        policyFilePath.getPath());
-    server = SentryServiceFactory.create(conf);
-
-    conf.set(ClientConfig.SERVER_RPC_ADDRESS, server.getAddress().getHostName());
-    conf.set(ClientConfig.SERVER_RPC_PORT, String.valueOf(server.getAddress().getPort()));
-    conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING,
-        ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING);
-    conf.set(AuthzConfVars.AUTHZ_PROVIDER.getVar(),
-        LocalGroupResourceAuthorizationProvider.class.getName());
-    conf.set(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar(),
-        SentryGenericProviderBackend.class.getName());
-    conf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), policyFilePath.getPath());
-  }
-
-  public static File createTempDir() {
-    File baseDir = new File(System.getProperty("java.io.tmpdir"));
-    String baseName = "solr-integration-db-";
-    File tempDir = new File(baseDir, baseName + UUID.randomUUID().toString());
-    if (tempDir.mkdir()) {
-        return tempDir;
-    }
-    throw new IllegalStateException("Failed to create temp directory");
-  }
-
-  public static void configureWithSolr() throws Exception {
-    conf.set(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true");
-    //save configuration to sentry-site.xml
-    conf.writeXml(new FileOutputStream(sentrySitePath));
-    setSystemProperties();
-    extraRequestFilters = new TreeMap<Class, String>(new Comparator<Class>() {
-      // There's only one class, make this as simple as possible
-      @Override
-      public int compare(Class o1, Class o2) {
-        return 0;
-      }
-      @Override
-      public boolean equals(Object obj) {
-        return true;
-      }
-
-      @Override
-      public int hashCode() {
-        return 17;
-      }
-    });
-    extraRequestFilters.put(ModifiableUserAuthenticationFilter.class, "*");
-
-    //set the solr for the loginUser and belongs to solr group
-    addGroupsToUser("solr", "solr");
-    UserGroupInformation.setLoginUser(UserGroupInformation.createUserForTesting("solr", new String[]{"solr"}));
-  }
-
-  public static void startHDFS() throws Exception {
-    dfsCluster = HdfsTestUtil.setupClass(hdfsDir.getPath());
-    conf.set(
-        CommonConfigurationKeys.FS_DEFAULT_NAME_KEY,
-        dfsCluster.getFileSystem().getConf()
-        .get(CommonConfigurationKeys.FS_DEFAULT_NAME_KEY));
-  }
-
-  public static void startSolrWithDbProvider() throws Exception {
-    LOGGER.info("starting Solr authorization via Sentry Service");
-    configureWithSolr();
-    miniSolrCloudCluster = new MiniSolrCloudCluster(NUM_SERVERS, null,
-        new File(RESOURCES_DIR, "solr-no-core.xml"), null, extraRequestFilters);
-  }
-
-  public static void startSentryService() throws Exception {
-    server.start();
-    final long start = System.currentTimeMillis();
-    while(!server.isRunning()) {
-      Thread.sleep(1000);
-      if(System.currentTimeMillis() - start > 60000L) {
-        throw new TimeoutException("Server did not start after 60 seconds");
-      }
-    }
-  }
-
-  public static void connectToSentryService() throws Exception {
-    client = SentryGenericServiceClientFactory.create(conf);
-  }
-
-  public static void stopAllService() throws Exception {
-    if (miniSolrCloudCluster != null) {
-      miniSolrCloudCluster.shutdown();
-      miniSolrCloudCluster = null;
-    }
-    if (dfsCluster != null) {
-      HdfsTestUtil.teardownClass(dfsCluster);
-      dfsCluster = null;
-    }
-    if (client != null) {
-      client.close();
-      client = null;
-    }
-    if (server != null) {
-      server.stop();
-      server = null;
-    }
-  }
-
-  public static void addGroupsToUser(String user, String... groupNames) {
-    policyFile.addGroupsToUser(user, groupNames);
-  }
-
-  public static void writePolicyFile() throws Exception {
-    policyFile.write(policyFilePath);
-    FileSystem clusterFs = dfsCluster.getFileSystem();
-    clusterFs.copyFromLocalFile(false,
-        new Path(policyFilePath.getPath()),
-        new Path(policyFilePath.getPath()));
-  }
-
-  public static void setSystemProperties() throws Exception {
-    System.setProperty("solr.xml.persist", "true");
-    // Disable the block cache because we can run out of memory
-    // on a MiniCluster.
-    System.setProperty("solr.hdfs.blockcache.enabled", "false");
-    System.setProperty("solr.hdfs.home", dfsCluster.getURI().toString() + "/solr");
-    System.setProperty("solr.authorization.sentry.site", sentrySitePath.toURI().toURL().toString().substring("file:".length()));
-  }
-
-  public static void unsetSystemProperties() {
-    System.clearProperty("solr.xml.persist");
-    System.clearProperty("solr.hdfs.blockcache.enabled");
-    System.clearProperty("solr.hdfs.home");
-    System.clearProperty("solr.authorization.sentry.site");
-  }
-
-  public static void setGroupsAndRoles() throws Exception {
-    /**set local group mapping
-     * user0->group0->role0
-     * user1->group1->role1
-     * user2->group2->role2
-     * user3->group3->role3
-     */
-    String[] users = {"user0","user1","user2","user3"};
-    String[] groups = {"group0","group1","group2","group3"};
-    String[] roles = {"role0","role1","role2","role3"};
-
-    for (int i = 0; i < users.length; i++) {
-      addGroupsToUser(users[i], groups[i]);
-    }
-    addGroupsToUser(ADMIN_USER, ADMIN_GROUP);
-    writePolicyFile();
-
-    for (int i = 0; i < roles.length; i++) {
-      client.createRole(ADMIN_USER, roles[i], COMPONENT_SOLR);
-      client.grantRoleToGroups(ADMIN_USER, roles[i], COMPONENT_SOLR, Sets.newHashSet(groups[i]));
-    }
-
-    /**
-     * user[admin]->group[admin]->role[admin]
-     * grant ALL privilege on collection ALL to role admin
-     */
-    client.createRole(ADMIN_USER, ADMIN_ROLE, COMPONENT_SOLR);
-    client.grantRoleToGroups(ADMIN_USER, ADMIN_ROLE, COMPONENT_SOLR, Sets.newHashSet(ADMIN_GROUP));
-    grantCollectionPrivilege(SearchConstants.ALL, ADMIN_USER, ADMIN_ROLE, SearchConstants.ALL);
-  }
-
-  protected static void grantCollectionPrivilege(String collection, String requestor,
-      String roleName, String action) throws SentryUserException {
-    TSentryPrivilege tPrivilege = toTSentryPrivilege(collection, action);
-    client.grantPrivilege(requestor, roleName, COMPONENT_SOLR, tPrivilege);
-  }
-
-  protected static void revokeCollectionPrivilege(String collection, String requestor,
-      String roleName, String action) throws SentryUserException {
-    TSentryPrivilege tPrivilege = toTSentryPrivilege(collection, action);
-    client.revokePrivilege(requestor, roleName, COMPONENT_SOLR, tPrivilege);
-  }
-
-  protected static void dropCollectionPrivilege(String collection, String requestor)
-      throws SentryUserException {
-    final TSentryPrivilege tPrivilege = toTSentryPrivilege(collection, Action.ALL);
-    client.dropPrivilege(requestor, COMPONENT_SOLR, tPrivilege);
-  }
-
-  private static TSentryPrivilege toTSentryPrivilege(String collection, String action) {
-    TSentryPrivilege tPrivilege = new TSentryPrivilege();
-    tPrivilege.setComponent(COMPONENT_SOLR);
-    tPrivilege.setServiceName(SERVICE_NAME);
-    tPrivilege.setAction(action);
-    tPrivilege.setGrantOption(TSentryGrantOption.FALSE);
-
-    List<TAuthorizable> authorizables = Lists.newArrayList(new TAuthorizable(Collection.name(),
-        collection));
-    tPrivilege.setAuthorizables(authorizables);
-    return tPrivilege;
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java
deleted file mode 100644
index c07b3b8..0000000
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrAdminOperations.java
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e.solr.db.integration;
-
-
-import static org.junit.Assert.assertTrue;
-
-import java.io.File;
-import java.util.Arrays;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.solr.common.params.CollectionParams.CollectionAction;
-import org.junit.Test;
-
-public class TestSolrAdminOperations extends AbstractSolrSentryTestWithDbProvider {
-  private static final String TEST_COLLECTION_NAME1 = "collection1";
-  private static final String COLLECTION_CONFIG_DIR = RESOURCES_DIR + File.separator + "collection1" + File.separator + "conf";
-
-  @Test
-  public void testAdminOperations() throws Exception {
-    /**
-     * Upload configs to ZK for create collection
-     */
-    uploadConfigDirToZk(COLLECTION_CONFIG_DIR);
-
-    /**
-     * verify admin user has all privileges
-     */
-    verifyCollectionAdminOpPass(ADMIN_USER, CollectionAction.CREATE, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(ADMIN_USER, CollectionAction.DELETE, TEST_COLLECTION_NAME1);
-
-    String grantor = "user0";
-    /**
-     * user0->group0->role0
-     * grant ALL privilege on collection admin and collection1 to role0
-     */
-    grantCollectionPrivilege(ADMIN_COLLECTION_NAME, ADMIN_USER, "role0", SearchConstants.ALL);
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role0", SearchConstants.ALL);
-
-    verifyCollectionAdminOpPass(grantor, CollectionAction.CREATE, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.RELOAD, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.CREATEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.DELETEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.DELETE, TEST_COLLECTION_NAME1);
-
-    //revoke UPDATE privilege on collection collection1 from role1, create collection1 will be failed
-    revokeCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role0", SearchConstants.UPDATE);
-
-    verifyCollectionAdminOpFail(grantor, CollectionAction.CREATE, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.RELOAD, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.CREATEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.DELETEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.DELETE, TEST_COLLECTION_NAME1);
-
-    /**
-     * user1->group1->role1
-     * grant UPDATE privilege on collection admin and collection1 to role1
-     */
-    grantor = "user1";
-    grantCollectionPrivilege(ADMIN_COLLECTION_NAME, ADMIN_USER, "role1", SearchConstants.UPDATE);
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role1", SearchConstants.UPDATE);
-
-    verifyCollectionAdminOpPass(grantor, CollectionAction.CREATE, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.RELOAD, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.CREATEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.DELETEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.DELETE, TEST_COLLECTION_NAME1);
-
-    //revoke UPDATE privilege on collection admin from role1, create collection1 will be failed
-    revokeCollectionPrivilege(ADMIN_COLLECTION_NAME, ADMIN_USER, "role1", SearchConstants.UPDATE);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.CREATE, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.RELOAD, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.CREATEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.DELETEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.DELETE, TEST_COLLECTION_NAME1);
-
-
-    /**
-     * user2->group2->role2
-     * grant QUERY privilege on collection admin and collection1 to role2
-     */
-    grantor = "user2";
-    grantCollectionPrivilege(ADMIN_COLLECTION_NAME, ADMIN_USER, "role2", SearchConstants.QUERY);
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role2", SearchConstants.QUERY);
-
-    verifyCollectionAdminOpFail(grantor, CollectionAction.CREATE, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.RELOAD, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.CREATEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.DELETEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.DELETE, TEST_COLLECTION_NAME1);
-
-    //grant UPDATE privilege on collection collection1 to role2, create collection1 will be failed
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role2", SearchConstants.UPDATE);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.CREATE, TEST_COLLECTION_NAME1);
-
-    //grant UPDATE privilege on collection admin to role2, create collection1 will be successful.
-    grantCollectionPrivilege(ADMIN_COLLECTION_NAME, ADMIN_USER, "role2", SearchConstants.UPDATE);
-
-    verifyCollectionAdminOpPass(grantor, CollectionAction.CREATE, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.RELOAD, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.CREATEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.DELETEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.DELETE, TEST_COLLECTION_NAME1);
-
-    grantor = "user3";
-
-    verifyCollectionAdminOpFail(grantor, CollectionAction.CREATE, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.RELOAD, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.CREATEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.DELETEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpFail(grantor, CollectionAction.DELETE, TEST_COLLECTION_NAME1);
-
-    /**
-     * user3->group3->role3
-     * grant UPDATE privilege on collection admin to role3
-     * grant QUERY privilege on collection collection1 to role3
-     */
-    grantCollectionPrivilege(ADMIN_COLLECTION_NAME, ADMIN_USER, "role3", SearchConstants.ALL);
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role3", SearchConstants.ALL);
-
-    verifyCollectionAdminOpPass(grantor, CollectionAction.CREATE, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.RELOAD, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.CREATEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.DELETEALIAS, TEST_COLLECTION_NAME1);
-    verifyCollectionAdminOpPass(grantor, CollectionAction.DELETE, TEST_COLLECTION_NAME1);
-  }
-
-  /**
-   * Test when the collection has been deleted, the privileges in the sentry service also should be deleted
-   * @throws Exception
-   */
-  @Test
-  public void testSyncPrivilegesWithDeleteCollection() throws Exception {
-    /**
-     * Upload configs to ZK for create collection
-     */
-    uploadConfigDirToZk(COLLECTION_CONFIG_DIR);
-    /**
-     * user0->group0->role0
-     * Grant ALL privilege on collection collection1 to role0
-     * Grant ALL privilege on collection admin to role0
-     * user0 can execute create & delete collection1 operation
-     */
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role0", SearchConstants.ALL);
-    grantCollectionPrivilege(ADMIN_COLLECTION_NAME, ADMIN_USER, "role0", SearchConstants.ALL);
-
-    assertTrue("user0 has one privilege on collection admin",
-        client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, SERVICE_NAME,
-            Arrays.asList(new Collection(ADMIN_COLLECTION_NAME))).size() == 1);
-
-    assertTrue("user0 has one privilege on collection collection1",
-        client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, SERVICE_NAME,
-            Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 1);
-
-    /**
-     * user1->group1->role1
-     * grant QUERY privilege on collection collection1 to role1
-     */
-
-    client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, SERVICE_NAME, null);
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role1", SearchConstants.ALL);
-    assertTrue("user1 has one privilege record",
-        client.listPrivilegesByRoleName("user1", "role1", COMPONENT_SOLR, SERVICE_NAME,
-            Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 1);
-
-    /**
-     * create collection collection1
-     */
-    setupCollection(TEST_COLLECTION_NAME1);
-    /**
-     * delete the collection1
-     */
-    deleteCollection(TEST_COLLECTION_NAME1);
-
-    //check the user0
-    assertTrue("user0 has one privilege on collection admin",
-        client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, SERVICE_NAME,
-            Arrays.asList(new Collection(ADMIN_COLLECTION_NAME))).size() == 1);
-
-    assertTrue("user0 has no privilege on collection collection1",
-        client.listPrivilegesByRoleName("user0", "role0", COMPONENT_SOLR, SERVICE_NAME,
-            Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 0);
-
-    //check the user1
-    assertTrue("user1 has no privilege on collection collection1",
-        client.listPrivilegesByRoleName("user1", "role1", COMPONENT_SOLR, SERVICE_NAME,
-            Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 0);
-
-    /**
-     * user2->group2->role2
-     * Grant UPDATE privilege on collection collection1 to role2
-     */
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role2", SearchConstants.UPDATE);
-
-    assertTrue("user2 has one privilege on collection collection1",
-        client.listPrivilegesByRoleName("user2", "role2", COMPONENT_SOLR, SERVICE_NAME,
-            Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 1);
-
-    /**
-     * user3->group3->role3
-     * grant QUERY privilege on collection collection1 to role3
-     */
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role3", SearchConstants.QUERY);
-    assertTrue("user1 has one privilege record",
-        client.listPrivilegesByRoleName("user3", "role3", COMPONENT_SOLR, SERVICE_NAME,
-            Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 1);
-
-    /**
-     * create collection collection1
-     */
-    setupCollection(TEST_COLLECTION_NAME1);
-    /**
-     * delete the collection1
-     */
-    deleteCollection(TEST_COLLECTION_NAME1);
-
-    //check the user2
-    assertTrue("user2 has no privilege on collection collection1",
-        client.listPrivilegesByRoleName("user2", "role2", COMPONENT_SOLR, SERVICE_NAME,
-            Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 0);
-
-    //check the user3
-    assertTrue("user3 has no privilege on collection collection1",
-        client.listPrivilegesByRoleName("user3", "role3", COMPONENT_SOLR, SERVICE_NAME,
-            Arrays.asList(new Collection(TEST_COLLECTION_NAME1))).size() == 0);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java
deleted file mode 100644
index 7f1fdfd..0000000
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrDocLevelOperations.java
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e.solr.db.integration;
-
-import static org.junit.Assert.assertEquals;
-
-import java.io.File;
-import java.util.ArrayList;
-
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.solr.client.solrj.SolrQuery;
-import org.apache.solr.client.solrj.impl.CloudSolrServer;
-import org.apache.solr.client.solrj.response.QueryResponse;
-import org.apache.solr.common.SolrDocumentList;
-import org.apache.solr.common.SolrInputDocument;
-import org.junit.Test;
-
-public class TestSolrDocLevelOperations extends AbstractSolrSentryTestWithDbProvider {
-  private static final String TEST_COLLECTION_NAME1 = "collection1";
-  private static final String AUTH_FIELD = "sentry_auth";
-  private static final int NUM_DOCS = 100;
-
-  private void setupCollectionWithDocSecurity(String name) throws Exception {
-    String configDir = RESOURCES_DIR + File.separator + "collection1"
-        + File.separator + "conf";
-    uploadConfigDirToZk(configDir);
-    // replace solrconfig.xml with solrconfig-doc-level.xml
-    uploadConfigFileToZk(configDir + File.separator + "solrconfig-doclevel.xml",
-        "solrconfig.xml");
-    setupCollection(name);
-  }
-
-  @Test
-  public void testDocLevelOperations() throws Exception {
-    setupCollectionWithDocSecurity(TEST_COLLECTION_NAME1);
-
-    createDocument(TEST_COLLECTION_NAME1);
-
-    CloudSolrServer server = getCloudSolrServer(TEST_COLLECTION_NAME1);
-    try {
-      // queries
-      SolrQuery query = new SolrQuery();
-      query.setQuery("*:*");
-
-      // as admin
-      setAuthenticationUser(ADMIN_USER);
-      QueryResponse  rsp = server.query(query);
-      SolrDocumentList docList = rsp.getResults();
-      assertEquals(NUM_DOCS, docList.getNumFound());
-
-      // as user0
-      setAuthenticationUser("user0");
-      grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role0", SearchConstants.QUERY);
-      rsp = server.query(query);
-      docList = rsp.getResults();
-      assertEquals(NUM_DOCS/4, rsp.getResults().getNumFound());
-
-      //as user1
-      setAuthenticationUser("user1");
-      grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role1", SearchConstants.QUERY);
-      rsp = server.query(query);
-      docList = rsp.getResults();
-      assertEquals(NUM_DOCS/4, rsp.getResults().getNumFound());  docList = rsp.getResults();
-      assertEquals(NUM_DOCS/4, rsp.getResults().getNumFound());
-
-      //as user2
-      setAuthenticationUser("user2");
-      grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role2", SearchConstants.QUERY);
-      rsp = server.query(query);
-      docList = rsp.getResults();
-      assertEquals(NUM_DOCS/4, rsp.getResults().getNumFound());
-
-      //as user3
-      setAuthenticationUser("user3");
-      grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role3", SearchConstants.QUERY);
-      rsp = server.query(query);
-      docList = rsp.getResults();
-      assertEquals(NUM_DOCS/4, rsp.getResults().getNumFound());
-    } finally {
-      server.shutdown();
-    }
-
-    deleteCollection(TEST_COLLECTION_NAME1);
-  }
-
-  @Test
-  public void updateDocsTest() throws Exception {
-    setupCollectionWithDocSecurity(TEST_COLLECTION_NAME1);
-
-    createDocument(TEST_COLLECTION_NAME1);
-
-    CloudSolrServer server = getCloudSolrServer(TEST_COLLECTION_NAME1);
-    try {
-      setAuthenticationUser("user0");
-      grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role0", SearchConstants.QUERY);
-      String docIdStr = Long.toString(1);
-
-      // verify we can't view one of the odd documents
-      SolrQuery query = new SolrQuery();
-      query.setQuery("id:"+docIdStr);
-      QueryResponse rsp = server.query(query);
-      assertEquals(0, rsp.getResults().getNumFound());
-
-      // overwrite the document that we can't see
-      setAuthenticationUser(ADMIN_USER);
-      ArrayList<SolrInputDocument> docs = new ArrayList<SolrInputDocument>();
-      SolrInputDocument doc = new SolrInputDocument();
-      doc.addField("id", docIdStr);
-      doc.addField("description", "description" + docIdStr);
-      doc.addField(AUTH_FIELD, "role0");
-      docs.add(doc);
-      server.add(docs);
-      server.commit();
-
-      // verify we can now view the document
-      setAuthenticationUser("user0");
-      rsp = server.query(query);
-      assertEquals(1, rsp.getResults().getNumFound());
-    } finally {
-      server.shutdown();
-    }
-
-    deleteCollection(TEST_COLLECTION_NAME1);
-  }
-
-  /**
-   * Test to validate doc level security on collections without perm for Index level auth.
-   * @throws Exception
-   */
-  @Test
-  public void indexDocAuthTests() throws Exception {
-    setupCollectionWithDocSecurity(TEST_COLLECTION_NAME1);
-    try {
-      createDocument(TEST_COLLECTION_NAME1);
-      // test query for "*:*" fails as user0 (user0 doesn't have index level permissions but has doc level permissions set)
-      verifyQueryFail("user0", TEST_COLLECTION_NAME1, ALL_DOCS);
-      verifyQueryFail("user1", TEST_COLLECTION_NAME1, ALL_DOCS);
-      verifyQueryFail("user2", TEST_COLLECTION_NAME1, ALL_DOCS);
-      verifyQueryFail("user3", TEST_COLLECTION_NAME1, ALL_DOCS);
-
-    } finally {
-      deleteCollection(TEST_COLLECTION_NAME1);
-    }
-  }
-
-  /**
-   * Creates docs as follows and verifies queries work as expected:
-   * - creates NUM_DOCS documents, where the document id equals the order
-   *   it was created in, starting at 0
-   * - when id % 4 == 0, documents get "role0" auth token
-   * - when id % 4 == 1, documents get "role1" auth token
-   * - when id % 4 == 2, documents get "role2" auth token
-   * - when id % 4 == 3, documents get "role3" auth token
-   * - all documents get a admin role
-   */
-  private void createDocument(String collectionName) throws Exception {
-    // ensure no current documents
-    verifyDeletedocsPass(ADMIN_USER, collectionName, true);
-
-    // create documents
-    ArrayList<SolrInputDocument> docs = new ArrayList<SolrInputDocument>();
-    for (int i = 0; i < NUM_DOCS; ++i) {
-      SolrInputDocument doc = new SolrInputDocument();
-      String iStr = Long.toString(i);
-      doc.addField("id", iStr);
-      doc.addField("description", "description" + iStr);
-
-      if (i % 4 == 0) {
-        doc.addField(AUTH_FIELD, "role0");
-      } else if (i % 4 ==1) {
-        doc.addField(AUTH_FIELD, "role1");
-      } else if (i % 4 ==2) {
-        doc.addField(AUTH_FIELD, "role2");
-      } else {
-        doc.addField(AUTH_FIELD, "role3");
-      }
-      doc.addField(AUTH_FIELD, ADMIN_ROLE);
-      docs.add(doc);
-    }
-
-    setAuthenticationUser(ADMIN_USER);
-    CloudSolrServer server = getCloudSolrServer(collectionName);
-    try {
-      server.add(docs);
-      server.commit(true, true);
-    } finally {
-      server.shutdown();
-    }
-  }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java
deleted file mode 100644
index 3eb6c0f..0000000
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrQueryOperations.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e.solr.db.integration;
-
-import java.io.File;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.solr.common.SolrInputDocument;
-import org.junit.Test;
-
-import com.google.common.collect.Lists;
-
-public class TestSolrQueryOperations extends AbstractSolrSentryTestWithDbProvider {
-  private static final String TEST_COLLECTION_NAME1 = "collection1";
-  private static final String COLLECTION_CONFIG_DIR = RESOURCES_DIR + File.separator + "collection1" + File.separator + "conf";
-
-  @Test
-  public void testQueryOperations() throws Exception {
-    /**
-     * Upload configs to ZK for create collection
-     */
-    uploadConfigDirToZk(COLLECTION_CONFIG_DIR);
-    /**
-     * create collection collection1 as admin user
-     * and clean all document in the collection1
-     */
-    setupCollection(TEST_COLLECTION_NAME1);
-    cleanSolrCollection(TEST_COLLECTION_NAME1);
-    /**
-     * add a new document into collection1 for testing
-     */
-    SolrInputDocument solrInputDoc = createSolrTestDoc();
-    uploadSolrDoc(TEST_COLLECTION_NAME1, solrInputDoc);
-
-    /**
-     * user0->group0->role0
-     * grant ALL privilege on collection collection1 to role0
-     */
-    String grantor = "user0";
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role0", SearchConstants.ALL);
-    verifyQueryPass(grantor, TEST_COLLECTION_NAME1, ALL_DOCS);
-
-    revokeCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role0", SearchConstants.UPDATE);
-    verifyQueryPass(grantor, TEST_COLLECTION_NAME1, ALL_DOCS);
-
-    revokeCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role0", SearchConstants.QUERY);
-    verifyQueryFail(grantor, TEST_COLLECTION_NAME1, ALL_DOCS);
-
-    /**
-     * user1->group1->role1
-     * grant QUERY privilege on collection collection1 to role1
-     */
-    grantor = "user1";
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role1", SearchConstants.QUERY);
-    verifyQueryPass(grantor, TEST_COLLECTION_NAME1, ALL_DOCS);
-
-    revokeCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role1", SearchConstants.QUERY);
-    verifyQueryFail(grantor, TEST_COLLECTION_NAME1, ALL_DOCS);
-
-    /**
-     * user2->group2->role2
-     * grant UPDATE privilege on collection collection1 to role2
-     */
-    grantor = "user2";
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role2", SearchConstants.UPDATE);
-    verifyQueryFail(grantor, TEST_COLLECTION_NAME1, ALL_DOCS);
-
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role2", SearchConstants.QUERY);
-    verifyQueryPass(grantor, TEST_COLLECTION_NAME1, ALL_DOCS);
-
-    client.renamePrivilege(ADMIN_USER, COMPONENT_SOLR, SERVICE_NAME,
-        Lists.newArrayList(new Collection(TEST_COLLECTION_NAME1)),
-        Lists.newArrayList(new Collection("new_" + TEST_COLLECTION_NAME1)));
-    verifyQueryFail(grantor, TEST_COLLECTION_NAME1, ALL_DOCS);
-
-    grantor = "user3";
-    verifyQueryFail(grantor, TEST_COLLECTION_NAME1, ALL_DOCS);
-
-    deleteCollection(TEST_COLLECTION_NAME1);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java b/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java
deleted file mode 100644
index 9412325..0000000
--- a/sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/db/integration/TestSolrUpdateOperations.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.tests.e2e.solr.db.integration;
-
-import java.io.File;
-
-import org.apache.sentry.core.model.search.SearchConstants;
-import org.apache.solr.common.SolrInputDocument;
-import org.junit.Test;
-
-public class TestSolrUpdateOperations extends AbstractSolrSentryTestWithDbProvider {
-  private static final String TEST_COLLECTION_NAME1 = "collection1";
-  private static final String COLLECTION_CONFIG_DIR = RESOURCES_DIR + File.separator + "collection1" + File.separator + "conf";
-
-  @Test
-  public void testUpdateOperations() throws Exception {
-    /**
-     * Upload configs to ZK for create collection
-     */
-    uploadConfigDirToZk(COLLECTION_CONFIG_DIR);
-    /**
-     * create collection collection1 as admin user
-     * and clean all document in the collection1
-     */
-    setupCollection(TEST_COLLECTION_NAME1);
-    cleanSolrCollection(TEST_COLLECTION_NAME1);
-
-    SolrInputDocument solrInputDoc = createSolrTestDoc();
-
-    /**
-     * user0->group0->role0
-     * grant ALL privilege on collection collection1 to role0
-     */
-    String grantor = "user0";
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role0", SearchConstants.ALL);
-    cleanSolrCollection(TEST_COLLECTION_NAME1);
-    verifyUpdatePass(grantor, TEST_COLLECTION_NAME1, solrInputDoc);
-    verifyDeletedocsPass(grantor, TEST_COLLECTION_NAME1, false);
-
-    //drop privilege
-    dropCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER);
-    verifyUpdateFail(grantor, TEST_COLLECTION_NAME1, solrInputDoc);
-    uploadSolrDoc(TEST_COLLECTION_NAME1, solrInputDoc);
-    verifyDeletedocsFail(grantor, TEST_COLLECTION_NAME1, false);
-
-    /**
-     * user1->group1->role1
-     * grant UPDATE privilege on collection collection1 to role1
-     */
-    grantor = "user1";
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role1", SearchConstants.UPDATE);
-    cleanSolrCollection(TEST_COLLECTION_NAME1);
-    verifyUpdatePass(grantor, TEST_COLLECTION_NAME1, solrInputDoc);
-    verifyDeletedocsPass(grantor, TEST_COLLECTION_NAME1, false);
-
-    //revoke privilege
-    revokeCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role1", SearchConstants.ALL);
-    verifyUpdateFail(grantor, TEST_COLLECTION_NAME1, solrInputDoc);
-    uploadSolrDoc(TEST_COLLECTION_NAME1, solrInputDoc);
-    verifyDeletedocsFail(grantor, TEST_COLLECTION_NAME1, false);
-
-    /**
-     * user2->group2->role2
-     * grant QUERY privilege on collection collection1 to role2
-     */
-    grantor = "user2";
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role2", SearchConstants.QUERY);
-    cleanSolrCollection(TEST_COLLECTION_NAME1);
-    verifyUpdateFail(grantor, TEST_COLLECTION_NAME1, solrInputDoc);
-    uploadSolrDoc(TEST_COLLECTION_NAME1, solrInputDoc);
-    verifyDeletedocsFail(grantor, TEST_COLLECTION_NAME1, false);
-
-    grantCollectionPrivilege(TEST_COLLECTION_NAME1, ADMIN_USER, "role2", SearchConstants.ALL);
-    cleanSolrCollection(TEST_COLLECTION_NAME1);
-    verifyUpdatePass(grantor, TEST_COLLECTION_NAME1, solrInputDoc);
-    verifyDeletedocsPass(grantor, TEST_COLLECTION_NAME1, false);
-
-    grantor = "user3";
-    cleanSolrCollection(TEST_COLLECTION_NAME1);
-    verifyUpdateFail(grantor, TEST_COLLECTION_NAME1, solrInputDoc);
-    uploadSolrDoc(TEST_COLLECTION_NAME1, solrInputDoc);
-    verifyDeletedocsFail(grantor, TEST_COLLECTION_NAME1, false);
-
-    deleteCollection(TEST_COLLECTION_NAME1);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema
new file mode 100644
index 0000000..1d97a2a
--- /dev/null
+++ b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/managed-schema
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<schema name="minimal" version="1.1">
+  <fieldType name="string" class="solr.StrField"/>
+  <fieldType name="int" class="solr.TrieIntField" precisionStep="0" omitNorms="true" positionIncrementGap="0"/>
+  <fieldType name="long" class="solr.TrieLongField" precisionStep="0" omitNorms="true" positionIncrementGap="0"/>
+  <!-- for versioning -->
+  <field name="_version_" type="long" indexed="true" stored="true"/>
+  <field name="_root_" type="string" indexed="true" stored="true" multiValued="false" required="false"/>
+  <field name="id" type="string" indexed="true" stored="true"/>
+  <uniqueKey>id</uniqueKey>
+</schema>

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml
new file mode 100644
index 0000000..f1395b1
--- /dev/null
+++ b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-managed/conf/solrconfig.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" ?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- Minimal solrconfig.xml with /select, /admin and /update only -->
+
+<config>
+
+  <dataDir>${solr.data.dir:}</dataDir>
+
+  <directoryFactory name="DirectoryFactory"
+                    class="${solr.directoryFactory:solr.NRTCachingDirectoryFactory}"/>
+
+  <schemaFactory class="ManagedIndexSchemaFactory">
+    <bool name="mutable">true</bool>
+    <str name="managedSchemaResourceName">managed-schema</str>
+  </schemaFactory>
+
+  <luceneMatchVersion>${tests.luceneMatchVersion:LATEST}</luceneMatchVersion>
+
+  <updateHandler class="solr.DirectUpdateHandler2">
+    <commitWithin>
+      <softCommit>${solr.commitwithin.softcommit:true}</softCommit>
+    </commitWithin>
+    <updateLog></updateLog>
+  </updateHandler>
+
+  <requestHandler name="/select" class="solr.SearchHandler">
+    <lst name="defaults">
+      <str name="echoParams">explicit</str>
+      <str name="indent">true</str>
+      <str name="df">text</str>
+    </lst>
+
+  </requestHandler>
+</config>

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml
new file mode 100644
index 0000000..7b8b690
--- /dev/null
+++ b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/schema.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<schema name="minimal" version="1.1">
+  <fieldType name="string" class="solr.StrField"/>
+  <fieldType name="int" class="solr.TrieIntField" precisionStep="0" omitNorms="true" positionIncrementGap="0"/>
+  <fieldType name="long" class="solr.TrieLongField" precisionStep="0" omitNorms="true" positionIncrementGap="0"/>
+  <dynamicField name="*" type="string" indexed="true" stored="true"/>
+  <!-- for versioning -->
+  <field name="_version_" type="long" indexed="true" stored="true"/>
+  <field name="_root_" type="string" indexed="true" stored="true" multiValued="false" required="false"/>
+  <field name="id" type="string" indexed="true" stored="true"/>
+  <uniqueKey>id</uniqueKey>
+</schema>

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml
new file mode 100644
index 0000000..52bd098
--- /dev/null
+++ b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal/conf/solrconfig.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" ?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- Minimal solrconfig.xml with /select, /admin and /update only -->
+
+<config>
+
+  <dataDir>${solr.data.dir:}</dataDir>
+
+  <directoryFactory name="DirectoryFactory"
+                    class="${solr.directoryFactory:solr.NRTCachingDirectoryFactory}"/>
+  <schemaFactory class="ClassicIndexSchemaFactory"/>
+
+  <luceneMatchVersion>${tests.luceneMatchVersion:LATEST}</luceneMatchVersion>
+
+  <updateHandler class="solr.DirectUpdateHandler2">
+    <commitWithin>
+      <softCommit>${solr.commitwithin.softcommit:true}</softCommit>
+    </commitWithin>
+    <updateLog></updateLog>
+  </updateHandler>
+
+  <requestHandler name="/select" class="solr.SearchHandler">
+    <lst name="defaults">
+      <str name="echoParams">explicit</str>
+      <str name="indent">true</str>
+      <str name="df">text</str>
+    </lst>
+
+  </requestHandler>
+</config>

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml
new file mode 100644
index 0000000..98a8c72
--- /dev/null
+++ b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/schema.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<schema name="minimal" version="1.1">
+  <fieldType name="string" class="solr.StrField"/>
+  <fieldType name="int" class="solr.TrieIntField" precisionStep="0" omitNorms="true" positionIncrementGap="0"/>
+  <fieldType name="long" class="solr.TrieLongField" precisionStep="0" omitNorms="true" positionIncrementGap="0"/>
+  <dynamicField name="*" type="string" indexed="true" stored="true"/>
+  <!-- for versioning -->
+  <field name="_version_" type="long" indexed="true" stored="true"/>
+  <field name="_root_" type="string" indexed="true" stored="true" multiValued="false" required="false"/>
+  <field name="id" type="string" indexed="true" stored="true"/>
+  <field name="sentry_auth" type="string" indexed="true" stored="false" multiValued="true"/>
+  <uniqueKey>id</uniqueKey>
+</schema>

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml
new file mode 100644
index 0000000..584a456
--- /dev/null
+++ b/sentry-tests/sentry-tests-solr/src/test/resources/solr/configsets/cloud-minimal_doc_level_security/conf/solrconfig.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" ?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- Minimal solrconfig.xml with /select, /admin and /update only -->
+
+<config>
+
+  <dataDir>${solr.data.dir:}</dataDir>
+
+  <directoryFactory name="DirectoryFactory"
+                    class="${solr.directoryFactory:solr.NRTCachingDirectoryFactory}"/>
+  <schemaFactory class="ClassicIndexSchemaFactory"/>
+
+  <luceneMatchVersion>${tests.luceneMatchVersion:LATEST}</luceneMatchVersion>
+
+  <updateHandler class="solr.DirectUpdateHandler2">
+    <commitWithin>
+      <softCommit>${solr.commitwithin.softcommit:true}</softCommit>
+    </commitWithin>
+    <updateLog></updateLog>
+  </updateHandler>
+
+   <requestDispatcher handleSelect="false" >
+     <requestParsers enableRemoteStreaming="true"
+                     multipartUploadLimitInKB="2048000"
+                     formdataUploadLimitInKB="2048"
+                     addHttpRequestToContext="true"/>
+
+    <httpCaching never304="true" />
+  </requestDispatcher>
+
+  <requestHandler name="/select" class="solr.SearchHandler">
+    <lst name="defaults">
+      <str name="echoParams">explicit</str>
+      <str name="indent">true</str>
+      <str name="df">text</str>
+    </lst>
+    <arr name="first-components">
+      <str>queryDocAuthorization</str>
+    </arr>
+  </requestHandler>
+
+  <requestHandler name="/get" class="solr.RealTimeGetHandler">
+     <lst name="defaults">
+       <str name="omitHeader">true</str>
+       <str name="wt">json</str>
+       <str name="indent">true</str>
+     </lst>
+     <arr name="first-components">
+       <str>queryDocAuthorization</str>
+     </arr>
+  </requestHandler>
+
+  <searchComponent name="queryDocAuthorization" class="org.apache.solr.handler.component.QueryDocAuthorizationComponent" >
+    <!-- Set to true to enabled document-level authorization -->
+    <bool name="enabled">true</bool>
+
+    <!-- Field where the auth tokens are stored in the document -->
+    <str name="sentryAuthField">sentry_auth</str>
+
+    <!-- Auth token defined to allow any role to access the document.
+         Uncomment to enable. -->
+    <str name="allRolesToken">OR</str>
+  </searchComponent>
+
+</config>

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json b/sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json
new file mode 100644
index 0000000..ebc9bbd
--- /dev/null
+++ b/sentry-tests/sentry-tests-solr/src/test/resources/solr/security/security.json
@@ -0,0 +1,18 @@
+{
+    "authentication": {
+        "class": "org.apache.sentry.tests.e2e.solr.DummyAuthPluginImpl"
+    },
+    "authorization": {
+        "class": "org.apache.sentry.binding.solr.authz.SentrySolrPluginImpl",
+        "sysPropPrefix": "solr.",
+        "authConfigs": [
+            "authorization.sentry.site",
+            "authorization.superuser",
+            "authorization.enable.auditlog"
+        ],
+        "defaultConfigs": {
+          "authorization.superuser" : "solr",
+          "authorization.enable.auditlog" : "true"
+        }
+    }
+}


Mime
View raw message