sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject [05/44] sentry git commit: SENTRY-1287: Create sentry-service-server module(Colin Ma, reviewed by Dapeng Sun)
Date Fri, 24 Jun 2016 06:00:34 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java
new file mode 100644
index 0000000..c6177d4
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestConnectionWithTicketTimeout.java
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.hadoop.minikdc.MiniKdc;
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.apache.sentry.service.thrift.ServiceConstants;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+
+@Ignore("SENTRY-515: Not part of automated unit testing, as it takes too long. Fails until we move to a hadoop 2.6.1. See HADOOP-10786")
+public class TestConnectionWithTicketTimeout extends SentryServiceIntegrationBase {
+
+  @BeforeClass
+  public static void setup() throws Exception {
+    SentryServiceIntegrationBase.kerberos = true;
+    beforeSetup();
+    SentryServiceIntegrationBase.setupConf();
+    SentryServiceIntegrationBase.startSentryService();
+    SentryServiceIntegrationBase.afterSetup();
+  }
+
+  public static void beforeSetup() throws Exception {
+    SentryServiceIntegrationBase.kdcConfOverlay.setProperty(MiniKdc.MAX_TICKET_LIFETIME, "360001");
+    //Only UGI based client connections renew their TGT, this is not a problem in the real world
+    // as this is not configurable and always true
+    SentryServiceIntegrationBase.conf.set(ServiceConstants.ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true");
+  }
+
+  /***
+   * Test is run only when sentry.hive.test.ticket.timeout is set to "true"
+   * @throws Exception
+   */
+  @Test
+  public void testConnectionAfterTicketTimeout() throws Exception {
+    Thread.sleep(400000);
+    connectToSentryService();
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
new file mode 100644
index 0000000..6a2f48f
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestNotificationHandlerInvoker.java
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import java.util.UUID;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.provider.db.service.persistent.CommitContext;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import com.google.common.collect.Lists;
+
+public class TestNotificationHandlerInvoker {
+
+  private Configuration conf;
+  private CommitContext commitContext;
+  private NotificationHandler handler;
+  private NotificationHandlerInvoker invoker;
+
+  @Before
+  public void setup() throws Exception {
+    conf = new Configuration(false);
+    commitContext = new CommitContext(UUID.randomUUID(), 1L);
+    handler = Mockito.spy(new NotificationHandler(conf) {});
+    invoker = new NotificationHandlerInvoker(conf,
+        Lists.newArrayList(new ThrowingNotificationHandler(conf), handler));
+  }
+
+  @Test
+  public void testCreateSentryRole() throws Exception {
+    TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
+    TCreateSentryRoleResponse response = new TCreateSentryRoleResponse();
+    invoker.create_sentry_role(commitContext, request, response);
+    Mockito.verify(handler).create_sentry_role(commitContext,
+        request, response);
+  }
+
+  @Test
+  public void testDropSentryRole() throws Exception {
+    TDropSentryRoleRequest request = new TDropSentryRoleRequest();
+    TDropSentryRoleResponse response = new TDropSentryRoleResponse();
+    invoker.drop_sentry_role(commitContext, request, response);
+    Mockito.verify(handler).drop_sentry_role(commitContext,
+        request, response);
+  }
+
+
+
+  @Test
+  public void testAlterSentryRoleAddGroups() throws Exception {
+    TAlterSentryRoleAddGroupsRequest request = new TAlterSentryRoleAddGroupsRequest();
+    TAlterSentryRoleAddGroupsResponse response = new TAlterSentryRoleAddGroupsResponse();
+    invoker.alter_sentry_role_add_groups(commitContext, request, response);
+    Mockito.verify(handler).alter_sentry_role_add_groups(commitContext,
+        request, response);
+  }
+
+  @Test
+  public void testAlterSentryRoleDeleteGroups() throws Exception {
+    TAlterSentryRoleDeleteGroupsRequest request = new TAlterSentryRoleDeleteGroupsRequest();
+    TAlterSentryRoleDeleteGroupsResponse response = new TAlterSentryRoleDeleteGroupsResponse();
+    invoker.alter_sentry_role_delete_groups(commitContext, request, response);
+    Mockito.verify(handler).alter_sentry_role_delete_groups(commitContext,
+        request, response);
+  }
+
+  public static class ThrowingNotificationHandler extends NotificationHandler {
+    public ThrowingNotificationHandler(Configuration config) throws Exception {
+      super(config);
+    }
+    @Override
+    public void create_sentry_role(CommitContext args,
+                                   TCreateSentryRoleRequest request, TCreateSentryRoleResponse response) {
+      throw new RuntimeException();
+    }
+    public void drop_sentry_role(CommitContext context,
+                                 TDropSentryRoleRequest request,
+                                 TDropSentryRoleResponse response) {
+      throw new RuntimeException();
+    }
+    @Override
+    public void alter_sentry_role_add_groups(CommitContext args,
+        TAlterSentryRoleAddGroupsRequest request,
+        TAlterSentryRoleAddGroupsResponse response) {
+      throw new RuntimeException();
+    }
+    @Override
+    public void alter_sentry_role_delete_groups(
+      CommitContext args, TAlterSentryRoleDeleteGroupsRequest request,
+      TAlterSentryRoleDeleteGroupsResponse response) {
+      throw new RuntimeException();
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java
new file mode 100644
index 0000000..04d92dd
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryPolicyStoreProcessor.java
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
+import org.junit.Assert;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.core.common.exception.SentryThriftAPIMismatchException;
+import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants.PolicyStoreServerConfig;
+import org.apache.sentry.service.thrift.ServiceConstants;
+import org.junit.Before;
+import org.junit.Test;
+
+public class TestSentryPolicyStoreProcessor {
+
+  private Configuration conf;
+
+  @Before
+  public void setup() {
+    conf = new Configuration(false);
+  }
+  @Test(expected=SentrySiteConfigurationException.class)
+  public void testConfigNotNotificationHandler() throws Exception {
+    conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, Object.class.getName());
+    SentryPolicyStoreProcessor.createHandlers(conf);
+  }
+  @Test(expected=SentrySiteConfigurationException.class)
+  public void testConfigCannotCreateNotificationHandler() throws Exception {
+    conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS,
+        ExceptionInConstructorNotificationHandler.class.getName());
+    SentryPolicyStoreProcessor.createHandlers(conf);
+  }
+  @Test(expected=SentrySiteConfigurationException.class)
+  public void testConfigNotAClassNotificationHandler() throws Exception {
+    conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS, "junk");
+    SentryPolicyStoreProcessor.createHandlers(conf);
+  }
+  @Test
+  public void testConfigMultipleNotificationHandlers() throws Exception {
+    conf.set(PolicyStoreServerConfig.NOTIFICATION_HANDLERS,
+        NoopNotificationHandler.class.getName() + "," +
+            NoopNotificationHandler.class.getName() + " " +
+            NoopNotificationHandler.class.getName());
+    Assert.assertEquals(3, SentryPolicyStoreProcessor.createHandlers(conf).size());
+  }
+  public static class ExceptionInConstructorNotificationHandler extends NotificationHandler {
+    public ExceptionInConstructorNotificationHandler(Configuration config) throws Exception {
+      super(config);
+      throw new Exception();
+    }
+  }
+  public static class NoopNotificationHandler extends NotificationHandler {
+    public NoopNotificationHandler(Configuration config) throws Exception {
+      super(config);
+    }
+  }
+  @Test(expected=SentryThriftAPIMismatchException.class)
+  public void testSentryThriftAPIMismatch() throws Exception {
+    SentryPolicyStoreProcessor.validateClientVersion(ServiceConstants.ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT -1);
+  }
+  @Test
+  public void testSentryThriftAPIMatchVersion() throws Exception {
+    SentryPolicyStoreProcessor.validateClientVersion(ServiceConstants.ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java
new file mode 100644
index 0000000..d5cc1b9
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java
@@ -0,0 +1,219 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless createRequired by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+import static org.junit.Assert.assertEquals;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.core.model.db.Server;
+import org.apache.sentry.core.model.db.Table;
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
+
+public class TestSentryServerForHaWithoutKerberos extends SentryServiceIntegrationBase {
+
+  @BeforeClass
+  public static void setup() throws Exception {
+    SentryServiceIntegrationBase.kerberos = false;
+    SentryServiceIntegrationBase.haEnabled = true;
+    SentryServiceIntegrationBase.beforeSetup();
+    SentryServiceIntegrationBase.setupConf();
+    SentryServiceIntegrationBase.startSentryService();
+    SentryServiceIntegrationBase.afterSetup();
+  }
+
+  @Test
+  public void testCreateRole() throws Exception {
+    String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+    String roleName = "admin_r";
+    client.dropRoleIfExists(requestorUserName, roleName);
+    client.createRole(requestorUserName, roleName);
+    client.dropRole(requestorUserName, roleName);
+  }
+
+  @Test
+  public void testQueryPushDown() throws Exception {
+    String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+
+    String roleName1 = "admin_r1";
+    String roleName2 = "admin_r2";
+
+    String group1 = "g1";
+    String group2 = "g2";
+
+    client.dropRoleIfExists(requestorUserName, roleName1);
+    client.createRole(requestorUserName, roleName1);
+    client.grantRoleToGroup(requestorUserName, group1, roleName1);
+
+    client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL");
+
+
+    client.dropRoleIfExists(requestorUserName, roleName2);
+    client.createRole(requestorUserName, roleName2);
+    client.grantRoleToGroup(requestorUserName, group1, roleName2);
+    client.grantRoleToGroup(requestorUserName, group2, roleName2);
+
+    client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName2, "server", "db3", "table5", "ALL");
+
+    Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1")));
+    assertEquals("Privilege not assigned to role2 !!", 2, listPrivilegesByRoleName.size());
+
+    listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db2"), new Table("table1")));
+    assertEquals("Privilege not assigned to role2 !!", 0, listPrivilegesByRoleName.size());
+
+    listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"), new Table("table1")));
+    assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size());
+
+    listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db3")));
+    assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size());
+
+    Set<String> listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, ActiveRoleSet.ALL, new Server("server"), new Database("db2"));
+    assertEquals("Privilege not correctly assigned to roles !!",
+        Sets.newHashSet("server=server->db=db2->table=table4->action=all", "server=server->db=db2->table=table3->action=all"),
+        listPrivilegesForProvider);
+
+    listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, ActiveRoleSet.ALL, new Server("server"), new Database("db3"));
+    assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider);
+
+    listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3"));
+    assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider);
+
+    listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1"));
+    assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider);
+  }
+
+
+
+  /**
+   * Create role, add privileges and grant it to a group drop the role and
+   * verify the privileges are no longer visible recreate the role with same
+   * name and verify the privileges again.
+   * @throws Exception
+   */
+  @Test
+  public void testDropRole() throws Exception {
+    String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+    String roleName = "admin_r";
+
+    // create role and add privileges
+    client.dropRoleIfExists(requestorUserName, roleName);
+    client.createRole(requestorUserName, roleName);
+    client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName);
+    client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL);
+    client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL");
+    assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+
+    // drop role and verify privileges
+    client.dropRole(requestorUserName, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+
+    // recreate the role
+    client.createRole(requestorUserName, roleName);
+    client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+
+    // grant different privileges and verify
+    client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL);
+    assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+    client.dropRole(requestorUserName, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+  }
+
+  @Test
+  public void testDropRoleOnUser() throws Exception {
+    String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+    Set<String> requestorUserNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_USER);
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+    String roleName = "admin_r";
+
+    // create role and add privileges
+    client.dropRoleIfExists(requestorUserName, roleName);
+    client.createRole(requestorUserName, roleName);
+    client.grantRoleToUser(requestorUserName, SentryServiceIntegrationBase.ADMIN_USER, roleName);
+    client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL);
+    client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL");
+    assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+
+    // drop role and verify privileges
+    client.dropRole(requestorUserName, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+
+    // recreate the role
+    client.createRole(requestorUserName, roleName);
+    client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+
+    // grant different privileges and verify
+    client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL);
+    assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+    client.dropRole(requestorUserName, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+  }
+
+  /**
+   * Test that we are correctly substituting "_HOST" if/when needed.
+   *
+   * @throws Exception
+   */
+  @Test
+  public void testHostSubstitution() throws Exception {
+    // We just need to ensure that we are able to correct connect to the server
+    connectToSentryService();
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolHAWithoutKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolHAWithoutKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolHAWithoutKerberos.java
new file mode 100644
index 0000000..9ba7d23
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolHAWithoutKerberos.java
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless createRequired by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.junit.BeforeClass;
+
+public class TestSentryServerForPoolHAWithoutKerberos extends TestSentryServerForHaWithoutKerberos {
+
+  @BeforeClass
+  public static void setup() throws Exception {
+    kerberos = false;
+    haEnabled = true;
+    pooled = true;
+    beforeSetup();
+    setupConf();
+    startSentryService();
+    afterSetup();
+  }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolWithoutKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolWithoutKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolWithoutKerberos.java
new file mode 100644
index 0000000..121fc4d
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForPoolWithoutKerberos.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless createRequired by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.BeforeClass;
+
+public class TestSentryServerForPoolWithoutKerberos extends TestSentryServerWithoutKerberos {
+
+  @BeforeClass
+  public static void setup() throws Exception {
+    SentryServiceIntegrationBase.kerberos = false;
+    SentryServiceIntegrationBase.haEnabled = false;
+    SentryServiceIntegrationBase.pooled = true;
+    SentryServiceIntegrationBase.beforeSetup();
+    SentryServiceIntegrationBase.setupConf();
+    SentryServiceIntegrationBase.startSentryService();
+    SentryServiceIntegrationBase.afterSetup();
+  }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
new file mode 100644
index 0000000..86cf9da
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerWithoutKerberos.java
@@ -0,0 +1,214 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless createRequired by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+import static org.junit.Assert.assertEquals;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.core.model.db.Server;
+import org.apache.sentry.core.model.db.Table;
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
+
+public class TestSentryServerWithoutKerberos extends SentryServiceIntegrationBase {
+
+  @BeforeClass
+  public static void setup() throws Exception {
+    SentryServiceIntegrationBase.kerberos = false;
+    SentryServiceIntegrationBase.beforeSetup();
+    SentryServiceIntegrationBase.setupConf();
+    SentryServiceIntegrationBase.startSentryService();
+    SentryServiceIntegrationBase.afterSetup();
+  }
+
+  @Test
+  public void testCreateRole() throws Exception {
+    String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+    String roleName = "admin_r";
+    client.dropRoleIfExists(requestorUserName, roleName);
+    client.createRole(requestorUserName, roleName);
+    client.dropRole(requestorUserName, roleName);
+  }
+
+  @Test
+  public void testQueryPushDown() throws Exception {
+    String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+
+    String roleName1 = "admin_r1";
+    String roleName2 = "admin_r2";
+
+    String group1 = "g1";
+    String group2 = "g2";
+
+    client.dropRoleIfExists(requestorUserName, roleName1);
+    client.createRole(requestorUserName, roleName1);
+    client.grantRoleToGroup(requestorUserName, group1, roleName1);
+
+    client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL");
+
+    client.dropRoleIfExists(requestorUserName, roleName2);
+    client.createRole(requestorUserName, roleName2);
+    client.grantRoleToGroup(requestorUserName, group1, roleName2);
+    client.grantRoleToGroup(requestorUserName, group2, roleName2);
+
+    client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL");
+    client.grantTablePrivilege(requestorUserName, roleName2, "server", "db3", "table5", "ALL");
+
+    Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, null);
+    assertEquals("Privilege not assigned to role2 !!", 5, listPrivilegesByRoleName.size());
+
+    listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, new ArrayList<Authorizable>());
+    assertEquals("Privilege not assigned to role2 !!", 5, listPrivilegesByRoleName.size());
+
+    listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1")));
+    assertEquals("Privilege not assigned to role2 !!", 2, listPrivilegesByRoleName.size());
+
+    listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db2"), new Table("table1")));
+    assertEquals("Privilege not assigned to role2 !!", 0, listPrivilegesByRoleName.size());
+
+    listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db1"), new Table("table1")));
+    assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size());
+
+    listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, roleName2, Lists.newArrayList(new Server("server"), new Database("db3")));
+    assertEquals("Privilege not assigned to role2 !!", 1, listPrivilegesByRoleName.size());
+
+    Set<String> listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, ActiveRoleSet.ALL, new Server("server"), new Database("db2"));
+    assertEquals("Privilege not correctly assigned to roles !!",
+        Sets.newHashSet("server=server->db=db2->table=table4->action=all", "server=server->db=db2->table=table3->action=all"),
+        listPrivilegesForProvider);
+
+    listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, ActiveRoleSet.ALL, new Server("server"), new Database("db3"));
+    assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider);
+
+    listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3"));
+    assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider);
+
+    listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1"));
+    assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider);
+  }
+
+
+
+  /**
+   * Create role, add privileges and grant it to a group drop the role and
+   * verify the privileges are no longer visible recreate the role with same
+   * name and verify the privileges again.
+   * @throws Exception
+   */
+  @Test
+  public void testDropRole() throws Exception {
+    String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+    String roleName = "admin_r";
+
+    // create role and add privileges
+    client.dropRoleIfExists(requestorUserName, roleName);
+    client.createRole(requestorUserName, roleName);
+    client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName);
+    client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL);
+    client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL");
+    assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+
+    // drop role and verify privileges
+    client.dropRole(requestorUserName, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+
+    // recreate the role
+    client.createRole(requestorUserName, roleName);
+    client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+
+    // grant different privileges and verify
+    client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL);
+    assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+    client.dropRole(requestorUserName, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, null,
+        ActiveRoleSet.ALL).size());
+  }
+
+  @Test
+  public void testDropRoleOnUser() throws Exception {
+    String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+    Set<String> requestorUserNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_USER);
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+    String roleName = "admin_r";
+
+    // create role and add privileges
+    client.dropRoleIfExists(requestorUserName, roleName);
+    client.createRole(requestorUserName, roleName);
+    client.grantRoleToUser(requestorUserName, SentryServiceIntegrationBase.ADMIN_USER, roleName);
+    client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL);
+    client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL");
+    assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+
+    // drop role and verify privileges
+    client.dropRole(requestorUserName, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+
+    // recreate the role
+    client.createRole(requestorUserName, roleName);
+    client.grantRoleToGroup(requestorUserName, SentryServiceIntegrationBase.ADMIN_GROUP, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+
+    // grant different privileges and verify
+    client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL);
+    assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+    client.dropRole(requestorUserName, roleName);
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+    assertEquals(0, client.listPrivilegesForProvider(requestorUserGroupNames, requestorUserNames,
+        ActiveRoleSet.ALL).size());
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceClientPool.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceClientPool.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceClientPool.java
new file mode 100644
index 0000000..87eb41b
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceClientPool.java
@@ -0,0 +1,111 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import static org.junit.Assert.assertTrue;
+
+import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.FutureTask;
+
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.service.thrift.SentryServiceFactory;
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.Test;
+
+import com.google.common.collect.Sets;
+
+public class TestSentryServiceClientPool extends SentryServiceIntegrationBase {
+
+  @Test
+  public void testConnectionWhenReconnect() throws Exception {
+    runTestAsSubject(new TestOperation() {
+      @Override
+      public void runTestAsSubject() throws Exception {
+        String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+        Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+        String roleName = "admin_r";
+        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+        writePolicyFile();
+
+        client.dropRoleIfExists(requestorUserName, roleName);
+        client.createRole(requestorUserName, roleName);
+        client.listRoles(requestorUserName);
+        stopSentryService();
+        SentryServiceIntegrationBase.server = new SentryServiceFactory().create(SentryServiceIntegrationBase.conf);
+        SentryServiceIntegrationBase.startSentryService();
+        client.listRoles(requestorUserName);
+        client.dropRole(requestorUserName, roleName);
+      }
+    });
+  }
+
+  @Test
+  public void testConnectionWithMultipleRetries() throws Exception {
+    runTestAsSubject(new TestOperation() {
+      @Override
+      public void runTestAsSubject() throws Exception {
+        List<Future<Boolean>> tasks = new ArrayList<Future<Boolean>>();
+        String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+        Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+        String roleName = "admin_r";
+        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+        writePolicyFile();
+
+        client.dropRoleIfExists(requestorUserName, roleName);
+        client.createRole(requestorUserName, roleName);
+
+        ExecutorService executorService = Executors.newFixedThreadPool(20);
+
+        Callable<Boolean> func = new Callable<Boolean>() {
+          public Boolean call() throws Exception {
+            return SentryServiceIntegrationBase.clientUgi.doAs(new PrivilegedExceptionAction<Boolean>() {
+              @Override
+              public Boolean run() throws Exception {
+                try {
+                  client.listRoles(SentryServiceIntegrationBase.ADMIN_USER);
+                  return true;
+                } catch (SentryUserException sue) {
+                  return false;
+                }
+              }
+            });
+          }
+        };
+
+        for (int i = 0; i < 30; i++) {
+          FutureTask<Boolean> task = new FutureTask<Boolean>(func);
+          tasks.add(task);
+          executorService.submit(task);
+        }
+
+        for (Future<Boolean> task : tasks) {
+          Boolean result = task.get();
+          assertTrue("Some tasks are failed.", result);
+        }
+      }
+    });
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java
new file mode 100644
index 0000000..e44c7ca
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceFailureCase.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Strings;
+
+public class TestSentryServiceFailureCase extends SentryServiceIntegrationBase {
+  private static final Logger LOGGER = LoggerFactory.getLogger(TestSentryServiceFailureCase.class);
+  private static final String PEER_CALLBACK_FAILURE = "Peer indicated failure: Problem with callback handler";
+
+  @BeforeClass
+  public static void setup() throws Exception {
+    SentryServiceIntegrationBase.kerberos = true;
+    SentryServiceIntegrationBase.beforeSetup();
+    SentryServiceIntegrationBase.setupConf();
+    SentryServiceIntegrationBase.conf.set(ServerConfig.ALLOW_CONNECT, "");
+    SentryServiceIntegrationBase.startSentryService();
+    SentryServiceIntegrationBase.afterSetup();
+  }
+
+  @Override
+  @Before
+  public void before() throws Exception {
+  }
+
+  @Override
+  @After
+  public void after() {
+  }
+
+  @Test
+  public void testClientServerConnectionFailure()  throws Exception {
+    try {
+      connectToSentryService();
+      Assert.fail("Failed to receive Exception");
+    } catch(Exception e) {
+      LOGGER.info("Excepted exception", e);
+      Throwable cause = e.getCause();
+      if (cause == null) {
+        throw e;
+      }
+      String msg = "Exception message: " + cause.getMessage() + " to contain " +
+          PEER_CALLBACK_FAILURE;
+      Assert.assertTrue(msg, Strings.nullToEmpty(cause.getMessage())
+          .contains(PEER_CALLBACK_FAILURE));
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java
new file mode 100644
index 0000000..f6cd8a0
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+
+import java.io.File;
+import java.util.Set;
+
+import org.apache.sentry.core.common.utils.PolicyFile;
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.google.common.collect.Sets;
+
+/**
+ * Test various kerberos related stuff on the SentryService side
+ */
+public class TestSentryServiceForHAWithKerberos extends SentryServiceIntegrationBase {
+
+  @BeforeClass
+  public static void setup() throws Exception {
+    SentryServiceIntegrationBase.kerberos = true;
+    SentryServiceIntegrationBase.haEnabled = true;
+    SentryServiceIntegrationBase.SERVER_KERBEROS_NAME = "sentry/_HOST@" + SentryServiceIntegrationBase.REALM;
+    SentryServiceIntegrationBase.beforeSetup();
+    SentryServiceIntegrationBase.setupConf();
+    SentryServiceIntegrationBase.startSentryService();
+    SentryServiceIntegrationBase.afterSetup();
+  }
+
+  @Override
+  @Before
+  public void before() throws Exception {
+    policyFilePath = new File(SentryServiceIntegrationBase.dbDir, "local_policy_file.ini");
+    SentryServiceIntegrationBase.conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE,
+      policyFilePath.getPath());
+    policyFile = new PolicyFile();
+    connectToSentryService();
+  }
+
+  @Test
+  public void testCreateRole() throws Exception {
+    runTestAsSubject(new TestOperation(){
+      @Override
+      public void runTestAsSubject() throws Exception {
+        String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER;
+        Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP);
+        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+        writePolicyFile();
+        String roleName = "admin_r";
+        client.dropRoleIfExists(requestorUserName, roleName);
+        client.createRole(requestorUserName, roleName);
+        client.dropRole(requestorUserName, roleName);
+      }
+    });
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolHAWithKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolHAWithKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolHAWithKerberos.java
new file mode 100644
index 0000000..d453e92
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolHAWithKerberos.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless createRequired by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.BeforeClass;
+
+public class
+
+    TestSentryServiceForPoolHAWithKerberos extends TestSentryServiceWithKerberos {
+
+  @BeforeClass
+  public static void setup() throws Exception {
+    SentryServiceIntegrationBase.kerberos = true;
+    SentryServiceIntegrationBase.haEnabled = true;
+    SentryServiceIntegrationBase.pooled = true;
+    SentryServiceIntegrationBase.beforeSetup();
+    SentryServiceIntegrationBase.setupConf();
+    SentryServiceIntegrationBase.startSentryService();
+    SentryServiceIntegrationBase.afterSetup();
+  }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sentry/blob/e72e6eac/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolWithKerberos.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolWithKerberos.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolWithKerberos.java
new file mode 100644
index 0000000..f3eb648
--- /dev/null
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForPoolWithKerberos.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless createRequired by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
+import org.junit.BeforeClass;
+
+public class TestSentryServiceForPoolWithKerberos extends TestSentryServiceWithKerberos {
+
+  @BeforeClass
+  public static void setup() throws Exception {
+    SentryServiceIntegrationBase.kerberos = true;
+    SentryServiceIntegrationBase.haEnabled = false;
+    SentryServiceIntegrationBase.pooled = true;
+    SentryServiceIntegrationBase.beforeSetup();
+    SentryServiceIntegrationBase.setupConf();
+    SentryServiceIntegrationBase.startSentryService();
+    SentryServiceIntegrationBase.afterSetup();
+  }
+
+}
\ No newline at end of file


Mime
View raw message