sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kal...@apache.org
Subject [8/9] sentry git commit: SENTRY-1475: Integrate Sentry with Solr 7 authorization framework. (Hrishikesh Gadre, reviewed by Kalyan Kumar Kalvagadda)
Date Mon, 13 Nov 2017 14:38:12 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
index 7a88d90..f060b82 100644
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
@@ -18,7 +18,6 @@ package org.apache.sentry.binding.solr;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
-
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
@@ -36,15 +35,16 @@ import org.apache.commons.io.FileUtils;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.hdfs.MiniDFSCluster;
 import org.apache.hadoop.security.GroupMappingServiceProvider;
-import org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException;
 import org.apache.sentry.binding.solr.authz.SolrAuthzBinding;
 import org.apache.sentry.binding.solr.conf.SolrAuthzConf;
 import org.apache.sentry.binding.solr.conf.SolrAuthzConf.AuthzConfVars;
+import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAction;
 import org.apache.sentry.core.common.exception.SentryGroupNotFoundException;
 import org.apache.sentry.core.common.utils.PolicyFiles;
+import org.apache.sentry.core.model.solr.Collection;
+import org.apache.sentry.core.model.solr.SolrModelAction;
+import org.apache.solr.security.AuthorizationResponse;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -58,7 +58,7 @@ import com.google.common.io.Resources;
  */
 public class TestSolrAuthzBinding {
   private static final String RESOURCE_PATH = "test-authz-provider.ini";
-  private SolrAuthzConf authzConf = new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+  private SolrAuthzConf authzConf = new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
   private File baseDir;
 
   private Collection infoCollection = new Collection("info");
@@ -68,11 +68,11 @@ public class TestSolrAuthzBinding {
   private Subject sergeant1 = new Subject("sergeant1");
   private Subject general1 = new Subject("general1");
 
-  private EnumSet<SearchModelAction> querySet = EnumSet.of(SearchModelAction.QUERY);
-  private EnumSet<SearchModelAction> updateSet = EnumSet.of(SearchModelAction.UPDATE);
-  private EnumSet<SearchModelAction> allSet = EnumSet.of(SearchModelAction.ALL);
-  private EnumSet<SearchModelAction> allOfSet = EnumSet.allOf(SearchModelAction.class);
-  private EnumSet<SearchModelAction> emptySet = EnumSet.noneOf(SearchModelAction.class);
+  private EnumSet<SolrModelAction> querySet = EnumSet.of(SolrModelAction.QUERY);
+  private EnumSet<SolrModelAction> updateSet = EnumSet.of(SolrModelAction.UPDATE);
+  private EnumSet<SolrModelAction> allSet = EnumSet.of(SolrModelAction.ALL);
+  private EnumSet<SolrModelAction> allOfSet = EnumSet.allOf(SolrModelAction.class);
+  private EnumSet<SolrModelAction> emptySet = EnumSet.noneOf(SolrModelAction.class);
 
   @Before
   public void setUp() throws Exception {
@@ -103,31 +103,37 @@ public class TestSolrAuthzBinding {
   @Test
   public void testClassNotFound() throws Exception {
     SolrAuthzConf solrAuthzConf =
-      new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
     setUsableAuthzConf(solrAuthzConf);
     // verify it is usable
-    new SolrAuthzBinding(solrAuthzConf);
+    {
+      SolrAuthzBinding binding = null;
+      try {
+        binding = new SolrAuthzBinding(solrAuthzConf);
+      } finally {
+        if (binding != null) {
+          binding.close();
+        }
+      }
+    }
 
     // give a bogus provider
     solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER.getVar(), "org.apache.sentry.provider.BogusProvider");
-    try {
-      new SolrAuthzBinding(solrAuthzConf);
+    try (SolrAuthzBinding b = new SolrAuthzBinding(solrAuthzConf)) {
       Assert.fail("Expected ClassNotFoundException");
     } catch (ClassNotFoundException e) {}
 
     setUsableAuthzConf(solrAuthzConf);
     // give a bogus provider backend
     solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar(), "org.apache.sentry.provider.file.BogusProviderBackend");
-    try {
-      new SolrAuthzBinding(solrAuthzConf);
+    try (SolrAuthzBinding b = new SolrAuthzBinding(solrAuthzConf)) {
       Assert.fail("Expected ClassNotFoundException");
     } catch (ClassNotFoundException e) {}
 
     setUsableAuthzConf(solrAuthzConf);
     // give a bogus policy enine
     solrAuthzConf.set(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar(), "org.apache.sentry.provider.solr.BogusPolicyEngine");
-    try {
-      new SolrAuthzBinding(solrAuthzConf);
+    try (SolrAuthzBinding b = new SolrAuthzBinding(solrAuthzConf)) {
       Assert.fail("Expected ClassNotFoundException");
     } catch (ClassNotFoundException e) {}
   }
@@ -139,13 +145,12 @@ public class TestSolrAuthzBinding {
   @Test
   public void testResourceNotFound() throws Exception {
     SolrAuthzConf solrAuthzConf =
-      new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
     setUsableAuthzConf(solrAuthzConf);
 
     // bogus specification
     solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), new File(baseDir, "test-authz-bogus-provider.ini").getPath());
-    try {
-      new SolrAuthzBinding(solrAuthzConf);
+    try (SolrAuthzBinding b = new SolrAuthzBinding(solrAuthzConf)) {
       Assert.fail("Expected InvocationTargetException");
     } catch (InvocationTargetException e) {
       assertTrue(e.getTargetException() instanceof FileNotFoundException);
@@ -153,8 +158,7 @@ public class TestSolrAuthzBinding {
 
     // missing specification
     solrAuthzConf.unset(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar());
-    try {
-      new SolrAuthzBinding(solrAuthzConf);
+    try (SolrAuthzBinding b = new SolrAuthzBinding(solrAuthzConf)) {
       Assert.fail("Expected InvocationTargetException");
     } catch (InvocationTargetException e) {
       assertTrue(e.getTargetException() instanceof IllegalArgumentException);
@@ -167,7 +171,14 @@ public class TestSolrAuthzBinding {
    */
   @Test
   public void testAuthProviderOnlySolrAuthzConfs() throws Exception {
-    new SolrAuthzBinding(authzConf);
+    SolrAuthzBinding binding = null;
+    try {
+      binding = new SolrAuthzBinding(authzConf);
+    } finally {
+      if (binding != null) {
+        binding.close();
+      }
+    }
   }
 
   /**
@@ -176,48 +187,49 @@ public class TestSolrAuthzBinding {
   @Test
   public void testGroupMapping() throws Exception {
     SolrAuthzConf solrAuthzConf =
-      new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
     setUsableAuthzConf(solrAuthzConf);
-    SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
 
-    // check non-existant users
-    try {
-      binding.getGroups(null);
-      Assert.fail("Expected SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
-    }
-    try {
-      binding.getGroups("nonExistantUser");
-      Assert.fail("Expected SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
-    }
+    try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
+      // check non-existant users
+      try {
+        binding.getGroups(null);
+        Assert.fail("Expected SentryGroupNotFoundException");
+      } catch (SentryGroupNotFoundException e) {
+      }
+      try {
+        binding.getGroups("nonExistantUser");
+        Assert.fail("Expected SentryGroupNotFoundException");
+      } catch (SentryGroupNotFoundException e) {
+      }
 
-    // check group names don't map to user names
-    try {
-      binding.getGroups("corporal");
-      Assert.fail("Expected SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
-    }
-    try {
-      binding.getGroups("sergeant");
-      Assert.fail("Expected SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
-    }
-    try {
-      binding.getGroups("general");
-      Assert.fail("Expected SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
-    }
-    try {
-      binding.getGroups("othergeneralgroup");
-      Assert.fail("Expected SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
-    }
+      // check group names don't map to user names
+      try {
+        binding.getGroups("corporal");
+        Assert.fail("Expected SentryGroupNotFoundException");
+      } catch (SentryGroupNotFoundException e) {
+      }
+      try {
+        binding.getGroups("sergeant");
+        Assert.fail("Expected SentryGroupNotFoundException");
+      } catch (SentryGroupNotFoundException e) {
+      }
+      try {
+        binding.getGroups("general");
+        Assert.fail("Expected SentryGroupNotFoundException");
+      } catch (SentryGroupNotFoundException e) {
+      }
+      try {
+        binding.getGroups("othergeneralgroup");
+        Assert.fail("Expected SentryGroupNotFoundException");
+      } catch (SentryGroupNotFoundException e) {
+      }
 
-    // check valid group names
-    assertEquals(binding.getGroups("corporal1"), Sets.newHashSet("corporal"));
-    assertEquals(binding.getGroups("sergeant1"), Sets.newHashSet("sergeant"));
-    assertEquals(binding.getGroups("general1"), Sets.newHashSet("general", "othergeneralgroup"));
+      // check valid group names
+      assertEquals(binding.getGroups("corporal1"), Sets.newHashSet("corporal"));
+      assertEquals(binding.getGroups("sergeant1"), Sets.newHashSet("sergeant"));
+      assertEquals(binding.getGroups("general1"), Sets.newHashSet("general", "othergeneralgroup"));
+    }
   }
 
   /**
@@ -226,40 +238,49 @@ public class TestSolrAuthzBinding {
   @Test
   public void testGetRoles() throws Exception {
     SolrAuthzConf solrAuthzConf =
-      new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
     setUsableAuthzConf(solrAuthzConf);
-    SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
-    Set<String> emptySet = Collections.emptySet();
-
-    // check user with undefined group
-    assertEquals(binding.getRoles("undefinedGroupUser"), emptySet);
-    // check group with undefined role
-    assertEquals(binding.getRoles("undefinedRoleUser"), emptySet);
+    try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
+      Set<String> emptySet = Collections.emptySet();
+
+      // check user with undefined group
+      assertEquals(binding.getRoles("undefinedGroupUser"), emptySet);
+      // check group with undefined role
+      assertEquals(binding.getRoles("undefinedRoleUser"), emptySet);
+
+      // check role names don't map in the other direction
+      try {
+        binding.getRoles("corporal_role");
+        Assert.fail("Expected SentryGroupNotFoundException");
+      } catch (SentryGroupNotFoundException e) {
+      }
+      try {
+        binding.getRoles("sergeant_role");
+        Assert.fail("Expected SentryGroupNotFoundException");
+      } catch (SentryGroupNotFoundException e) {
+      }
+      try {
+        binding.getRoles("general_role");
+        Assert.fail("Expected SentryGroupNotFoundException");
+      } catch (SentryGroupNotFoundException e) {
+      }
 
-    // check role names don't map in the other direction
-    try {
-      binding.getRoles("corporal_role");
-      Assert.fail("Expected SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
+      // check valid users
+      System.out.println("---" + binding.providerBackend.toString());
+
+      assertEquals(Sets.newHashSet("corporal"), binding.getGroups("corporal1"));
+      assertEquals(Sets.newHashSet("corporal_role"),
+          binding.providerBackend.getRoles(Sets.newHashSet("corporal"), ActiveRoleSet.ALL));
+      assertEquals(Sets.newHashSet("corporal_role"), binding.getRoles("corporal1"));
+      assertEquals(Sets.newHashSet("corporal_role", "sergeant_role"),
+          binding.getRoles("sergeant1"));
+      assertEquals(Sets.newHashSet("corporal_role", "sergeant_role", "general_role"),
+          binding.getRoles("general1"));
+
+      // check user whos groups have overlapping roles
+      assertEquals(Sets.newHashSet("corporal_role", "sergeant_role", "general_role"),
+          binding.getRoles("overlappingUser"));
     }
-    try {
-      binding.getRoles("sergeant_role");
-      Assert.fail("Expected SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
-    }
-    try {
-      binding.getRoles("general_role");
-      Assert.fail("Expected SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
-    }
-
-    // check valid users
-    assertEquals(binding.getRoles("corporal1"), Sets.newHashSet("corporal_role"));
-    assertEquals(binding.getRoles("sergeant1"), Sets.newHashSet("corporal_role", "sergeant_role"));
-    assertEquals(binding.getRoles("general1"), Sets.newHashSet("corporal_role", "sergeant_role", "general_role"));
-
-    // check user whos groups have overlapping roles
-    assertEquals(binding.getRoles("overlappingUser"), Sets.newHashSet("corporal_role", "sergeant_role", "general_role"));
   }
 
   /**
@@ -267,19 +288,24 @@ public class TestSolrAuthzBinding {
    */
   @Test
   public void testSolrAuthzConfs() throws Exception {
-     SolrAuthzConf solrAuthzConf =
-       new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
-     setUsableAuthzConf(solrAuthzConf);
-     new SolrAuthzBinding(solrAuthzConf);
+    SolrAuthzConf solrAuthzConf =
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
+    setUsableAuthzConf(solrAuthzConf);
+
+    SolrAuthzBinding binding = null;
+    try {
+      binding = new SolrAuthzBinding(solrAuthzConf);
+    } finally {
+      if (binding != null) {
+        binding.close();
+      }
+    }
   }
 
   private void expectAuthException(SolrAuthzBinding binding, Subject subject,
-      Collection collection, EnumSet<SearchModelAction> action) throws Exception {
-     try {
-       binding.authorizeCollection(subject, collection, action);
-       Assert.fail("Expected SentrySolrAuthorizationException");
-     } catch(SentrySolrAuthorizationException e) {
-     }
+      Collection collection, Set<SolrModelAction> action) throws Exception {
+    assertEquals(AuthorizationResponse.FORBIDDEN,
+        binding.authorizeCollection(subject, collection, action));
   }
 
   /**
@@ -288,11 +314,10 @@ public class TestSolrAuthzBinding {
    */
   @Test
   public void testNoUser() throws Exception {
-     SolrAuthzConf solrAuthzConf =
-       new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
-     setUsableAuthzConf(solrAuthzConf);
-     SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
-    try {
+    SolrAuthzConf solrAuthzConf =
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
+    setUsableAuthzConf(solrAuthzConf);
+    try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
       binding.authorizeCollection(new Subject("bogus"), infoCollection, querySet);
       Assert.fail("Expected SentryGroupNotFoundException");
     } catch (SentryGroupNotFoundException e) {
@@ -304,11 +329,11 @@ public class TestSolrAuthzBinding {
    */
   @Test
   public void testNoCollection() throws Exception {
-     SolrAuthzConf solrAuthzConf =
-       new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
-     setUsableAuthzConf(solrAuthzConf);
-     SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
-     expectAuthException(binding, corporal1, new Collection("bogus"), querySet);
+    SolrAuthzConf solrAuthzConf =
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
+    setUsableAuthzConf(solrAuthzConf);
+    SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
+    expectAuthException(binding, corporal1, new Collection("bogus"), querySet);
   }
 
   /**
@@ -317,10 +342,9 @@ public class TestSolrAuthzBinding {
   @Test
   public void testNoAction() throws Exception {
     SolrAuthzConf solrAuthzConf =
-      new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
     setUsableAuthzConf(solrAuthzConf);
-    SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
-    try {
+    try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
       binding.authorizeCollection(corporal1, infoCollection, emptySet);
       Assert.fail("Expected IllegalArgumentException");
     } catch (IllegalArgumentException e) {
@@ -333,18 +357,19 @@ public class TestSolrAuthzBinding {
   @Test
   public void testAuthException() throws Exception {
     SolrAuthzConf solrAuthzConf =
-       new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
-     setUsableAuthzConf(solrAuthzConf);
-     SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
-     expectAuthException(binding, corporal1, infoCollection, updateSet);
-     expectAuthException(binding, corporal1, infoCollection, allSet);
-     expectAuthException(binding, corporal1, generalInfoCollection, querySet);
-     expectAuthException(binding, corporal1, generalInfoCollection, updateSet);
-     expectAuthException(binding, corporal1, generalInfoCollection, allSet);
-     expectAuthException(binding, sergeant1, infoCollection, allSet);
-     expectAuthException(binding, sergeant1, generalInfoCollection, querySet);
-     expectAuthException(binding, sergeant1, generalInfoCollection, updateSet);
-     expectAuthException(binding, sergeant1, generalInfoCollection, allSet);
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
+    setUsableAuthzConf(solrAuthzConf);
+    try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
+      expectAuthException(binding, corporal1, infoCollection, updateSet);
+      expectAuthException(binding, corporal1, infoCollection, allSet);
+      expectAuthException(binding, corporal1, generalInfoCollection, querySet);
+      expectAuthException(binding, corporal1, generalInfoCollection, updateSet);
+      expectAuthException(binding, corporal1, generalInfoCollection, allSet);
+      expectAuthException(binding, sergeant1, infoCollection, allSet);
+      expectAuthException(binding, sergeant1, generalInfoCollection, querySet);
+      expectAuthException(binding, sergeant1, generalInfoCollection, updateSet);
+      expectAuthException(binding, sergeant1, generalInfoCollection, allSet);
+    }
   }
 
   /**
@@ -352,21 +377,22 @@ public class TestSolrAuthzBinding {
    */
   @Test
   public void testAuthAllowed() throws Exception {
-     SolrAuthzConf solrAuthzConf =
-       new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
-     setUsableAuthzConf(solrAuthzConf);
-     SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
-     binding.authorizeCollection(corporal1, infoCollection, querySet);
-     binding.authorizeCollection(sergeant1, infoCollection, querySet);
-     binding.authorizeCollection(sergeant1, infoCollection, updateSet);
-     binding.authorizeCollection(general1, infoCollection, querySet);
-     binding.authorizeCollection(general1, infoCollection, updateSet);
-     binding.authorizeCollection(general1, infoCollection, allSet);
-     binding.authorizeCollection(general1, infoCollection, allOfSet);
-     binding.authorizeCollection(general1, generalInfoCollection, querySet);
-     binding.authorizeCollection(general1, generalInfoCollection, updateSet);
-     binding.authorizeCollection(general1, generalInfoCollection, allSet);
-     binding.authorizeCollection(general1, generalInfoCollection, allOfSet);
+    SolrAuthzConf solrAuthzConf =
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
+    setUsableAuthzConf(solrAuthzConf);
+    try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
+      binding.authorizeCollection(corporal1, infoCollection, querySet);
+      binding.authorizeCollection(sergeant1, infoCollection, querySet);
+      binding.authorizeCollection(sergeant1, infoCollection, updateSet);
+      binding.authorizeCollection(general1, infoCollection, querySet);
+      binding.authorizeCollection(general1, infoCollection, updateSet);
+      binding.authorizeCollection(general1, infoCollection, allSet);
+      binding.authorizeCollection(general1, infoCollection, allOfSet);
+      binding.authorizeCollection(general1, generalInfoCollection, querySet);
+      binding.authorizeCollection(general1, generalInfoCollection, updateSet);
+      binding.authorizeCollection(general1, generalInfoCollection, allSet);
+      binding.authorizeCollection(general1, generalInfoCollection, allOfSet);
+    }
   }
 
   /**
@@ -376,13 +402,14 @@ public class TestSolrAuthzBinding {
   @Test
   public void testResourceWithSchemeNotSet() throws Exception {
     SolrAuthzConf solrAuthzConf =
-        new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
     setUsableAuthzConf(solrAuthzConf);
 
     MiniDFSCluster dfsCluster =  HdfsTestUtil.setupClass(new File(Files.createTempDir(),
-      TestSolrAuthzBinding.class.getName() + "_"
-        + System.currentTimeMillis()).getAbsolutePath());
+        TestSolrAuthzBinding.class.getName() + "_"
+            + System.currentTimeMillis()).getAbsolutePath());
     String resourceOnHDFS = "/hdfs" + File.separator + UUID.randomUUID() + File.separator + "test-authz-provider.ini";
+    SolrAuthzBinding binding = null;
     try {
       // Copy resource to HDFSS
       dfsCluster.getFileSystem().copyFromLocalFile(false,
@@ -391,26 +418,31 @@ public class TestSolrAuthzBinding {
       solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), resourceOnHDFS);
       // set HDFS as the defaultFS so the resource will be found
       solrAuthzConf.set("fs.defaultFS", dfsCluster.getFileSystem().getConf().get("fs.defaultFS"));
-      new SolrAuthzBinding(solrAuthzConf);
+      binding = new SolrAuthzBinding(solrAuthzConf);
     } finally {
+      if (binding != null) {
+        binding.close();
+      }
       if (dfsCluster != null) {
         HdfsTestUtil.teardownClass(dfsCluster);
       }
     }
   }
 
+  @SuppressWarnings("deprecation")
   @Test
   public void testCustomGroupMapping() throws Exception {
     SolrAuthzConf solrAuthzConf =
-      new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
+        new SolrAuthzConf(Collections.singletonList(Resources.getResource("sentry-site.xml")));
     setUsableAuthzConf(solrAuthzConf);
     solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER.getVar(), "org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider");
     solrAuthzConf.set("hadoop.security.group.mapping",
-      FoobarGroupMappingServiceProvider.class.getName());
-    SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
-    final String user = "userTestSolrAuthzBinding";
-    assertEquals(1, binding.getGroups(user).size());
-    assertTrue(binding.getGroups(user).contains("foobar"));
+        FoobarGroupMappingServiceProvider.class.getName());
+    try (SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf)) {
+      final String user = "userTestSolrAuthzBinding";
+      assertEquals(1, binding.getGroups(user).size());
+      assertTrue(binding.getGroups(user).contains("foobar"));
+    }
   }
 
   /**

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java
deleted file mode 100644
index 3df6ecf..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSearchPolicyEngine.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Set;
-import java.util.TreeSet;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public abstract class AbstractTestSearchPolicyEngine {
-  private static final String ANALYST_PURCHASES_UPDATE = "collection=purchases->action=update";
-  private static final String ANALYST_ANALYST1_ALL = "collection=analyst1";
-  private static final String ANALYST_JRANALYST1_ACTION_ALL = "collection=jranalyst1->action=*";
-  private static final String ANALYST_TMPCOLLECTION_UPDATE = "collection=tmpcollection->action=update";
-  private static final String ANALYST_TMPCOLLECTION_QUERY = "collection=tmpcollection->action=query";
-  private static final String JRANALYST_JRANALYST1_ALL = "collection=jranalyst1";
-  private static final String JRANALYST_PURCHASES_PARTIAL_QUERY = "collection=purchases_partial->action=query";
-  private static final String ADMIN_COLLECTION_ALL = "collection=*";
-
-  private PolicyEngine policy;
-  private static File baseDir;
-
-  @BeforeClass
-  public static void setupClazz() throws IOException {
-    baseDir = Files.createTempDir();
-  }
-
-  @AfterClass
-  public static void teardownClazz() throws IOException {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  protected void setPolicy(PolicyEngine policy) {
-    this.policy = policy;
-  }
-  protected static File getBaseDir() {
-    return baseDir;
-  }
-  @Before
-  public void setup() throws IOException {
-    afterSetup();
-  }
-  @After
-  public void teardown() throws IOException {
-    beforeTeardown();
-  }
-  protected void afterSetup() throws IOException {
-
-  }
-
-  protected void beforeTeardown() throws IOException {
-
-  }
-
-  @Test
-  public void testManager() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
-        ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
-        ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
-        ANALYST_TMPCOLLECTION_QUERY, JRANALYST_JRANALYST1_ALL,
-        JRANALYST_PURCHASES_PARTIAL_QUERY));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("manager"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  @Test
-  public void testAnalyst() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
-        ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
-        ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
-        ANALYST_TMPCOLLECTION_QUERY));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  @Test
-  public void testJuniorAnalyst() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets
-        .newHashSet(JRANALYST_JRANALYST1_ALL,
-            JRANALYST_PURCHASES_PARTIAL_QUERY));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  @Test
-  public void testAdmin() throws Exception {
-    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ADMIN_COLLECTION_ALL));
-    Assert.assertEquals(expected.toString(),
-        new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL))
-        .toString());
-  }
-
-  private static Set<String> set(String... values) {
-    return Sets.newHashSet(values);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java
new file mode 100644
index 0000000..d4f6ec2
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/AbstractTestSolrPolicyEngine.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Set;
+import java.util.TreeSet;
+
+import org.junit.Assert;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.policy.common.PolicyEngine;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.google.common.collect.Sets;
+import com.google.common.io.Files;
+
+public abstract class AbstractTestSolrPolicyEngine {
+  private static final String ANALYST_PURCHASES_UPDATE = "collection=purchases->action=update";
+  private static final String ANALYST_ANALYST1_ALL = "collection=analyst1";
+  private static final String ANALYST_JRANALYST1_ACTION_ALL = "collection=jranalyst1->action=*";
+  private static final String ANALYST_TMPCOLLECTION_UPDATE = "collection=tmpcollection->action=update";
+  private static final String ANALYST_TMPCOLLECTION_QUERY = "collection=tmpcollection->action=query";
+  private static final String JRANALYST_JRANALYST1_ALL = "collection=jranalyst1";
+  private static final String JRANALYST_PURCHASES_PARTIAL_QUERY = "collection=purchases_partial->action=query";
+  private static final String ADMIN_COLLECTION_ALL = "collection=*";
+
+  private PolicyEngine policy;
+  private static File baseDir;
+
+  @BeforeClass
+  public static void setupClazz() throws IOException {
+    baseDir = Files.createTempDir();
+  }
+
+  @AfterClass
+  public static void teardownClazz() throws IOException {
+    if(baseDir != null) {
+      FileUtils.deleteQuietly(baseDir);
+    }
+  }
+
+  protected void setPolicy(PolicyEngine policy) {
+    this.policy = policy;
+  }
+  protected static File getBaseDir() {
+    return baseDir;
+  }
+  @Before
+  public void setup() throws IOException {
+    afterSetup();
+  }
+  @After
+  public void teardown() throws IOException {
+    beforeTeardown();
+  }
+  protected void afterSetup() throws IOException {
+
+  }
+
+  protected void beforeTeardown() throws IOException {
+
+  }
+
+  @Test
+  public void testManager() throws Exception {
+    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
+        ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
+        ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
+        ANALYST_TMPCOLLECTION_QUERY, JRANALYST_JRANALYST1_ALL,
+        JRANALYST_PURCHASES_PARTIAL_QUERY));
+    Assert.assertEquals(expected.toString(),
+        new TreeSet<String>(policy.getPrivileges(set("manager"), ActiveRoleSet.ALL))
+        .toString());
+  }
+
+  @Test
+  public void testAnalyst() throws Exception {
+    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(
+        ANALYST_PURCHASES_UPDATE, ANALYST_ANALYST1_ALL,
+        ANALYST_JRANALYST1_ACTION_ALL, ANALYST_TMPCOLLECTION_UPDATE,
+        ANALYST_TMPCOLLECTION_QUERY));
+    Assert.assertEquals(expected.toString(),
+        new TreeSet<String>(policy.getPrivileges(set("analyst"), ActiveRoleSet.ALL))
+        .toString());
+  }
+
+  @Test
+  public void testJuniorAnalyst() throws Exception {
+    Set<String> expected = Sets.newTreeSet(Sets
+        .newHashSet(JRANALYST_JRANALYST1_ALL,
+            JRANALYST_PURCHASES_PARTIAL_QUERY));
+    Assert.assertEquals(expected.toString(),
+        new TreeSet<String>(policy.getPrivileges(set("jranalyst"), ActiveRoleSet.ALL))
+        .toString());
+  }
+
+  @Test
+  public void testAdmin() throws Exception {
+    Set<String> expected = Sets.newTreeSet(Sets.newHashSet(ADMIN_COLLECTION_ALL));
+    Assert.assertEquals(expected.toString(),
+        new TreeSet<String>(policy.getPrivileges(set("admin"), ActiveRoleSet.ALL))
+        .toString());
+  }
+
+  private static Set<String> set(String... values) {
+    return Sets.newHashSet(values);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java
deleted file mode 100644
index e198b5c..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SearchPolicyTestUtil.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.policy.engine.common.CommonPolicyEngine;
-import org.apache.sentry.provider.common.ProviderBackend;
-import org.apache.sentry.provider.common.ProviderBackendContext;
-import org.apache.sentry.provider.file.SimpleFileProviderBackend;
-
-import java.io.IOException;
-
-public class SearchPolicyTestUtil {
-
-  public static PolicyEngine createPolicyEngineForTest(String resource) throws IOException {
-
-    ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource);
-
-    // create backendContext
-    ProviderBackendContext context = new ProviderBackendContext();
-    context.setAllowPerDatabase(false);
-    context.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators());
-    // initialize the backend with the context
-    providerBackend.initialize(context);
-
-
-    return new CommonPolicyEngine(providerBackend);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java
new file mode 100644
index 0000000..c219a97
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/SolrPolicyTestUtil.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
+import org.apache.sentry.policy.common.PolicyEngine;
+import org.apache.sentry.policy.engine.common.CommonPolicyEngine;
+import org.apache.sentry.provider.common.ProviderBackend;
+import org.apache.sentry.provider.common.ProviderBackendContext;
+import org.apache.sentry.provider.file.SimpleFileProviderBackend;
+
+import java.io.IOException;
+
+public class SolrPolicyTestUtil {
+
+  public static PolicyEngine createPolicyEngineForTest(String resource) throws IOException {
+
+    ProviderBackend providerBackend = new SimpleFileProviderBackend(new Configuration(), resource);
+
+    // create backendContext
+    ProviderBackendContext context = new ProviderBackendContext();
+    context.setAllowPerDatabase(false);
+    context.setValidators(SolrPrivilegeModel.getInstance().getPrivilegeValidators());
+    // initialize the backend with the context
+    providerBackend.initialize(context);
+
+
+    return new CommonPolicyEngine(providerBackend);
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java
deleted file mode 100644
index 76211dd..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestCollectionRequiredInRole.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import org.junit.Assert;
-
-import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
-import org.apache.sentry.core.model.search.validator.CollectionRequiredInPrivilege;
-import org.apache.shiro.config.ConfigurationException;
-import org.junit.Test;
-
-public class TestCollectionRequiredInRole {
-
-  @Test
-  public void testEmptyRole() throws Exception {
-    CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
-
-    // check no db
-    try {
-      collRequiredInRole.validate(new PrivilegeValidatorContext("index=index1"));
-      Assert.fail("Expected ConfigurationException");
-    } catch (ConfigurationException e) {
-      // expected
-    }
-
-    // check with db
-    try {
-      collRequiredInRole.validate(new PrivilegeValidatorContext("db1","index=index2"));
-      Assert.fail("Expected ConfigurationException");
-    } catch (ConfigurationException e) {
-      // expected
-    }
-  }
-
-  @Test
-  public void testCollectionWithoutAction() throws Exception {
-    CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
-    collRequiredInRole.validate(new PrivilegeValidatorContext("collection=nodb"));
-    collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db"));
-  }
-
-  @Test
-  public void testCollectionWithAction() throws Exception {
-    CollectionRequiredInPrivilege collRequiredInRole = new CollectionRequiredInPrivilege();
-    collRequiredInRole.validate(new PrivilegeValidatorContext(null,"collection=nodb->action=query"));
-    collRequiredInRole.validate(new PrivilegeValidatorContext("db2","collection=db->action=update"));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
deleted file mode 100644
index b4aa684..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.java
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.EnumSet;
-import java.util.List;
-import java.util.Set;
-
-import com.google.common.collect.Sets;
-import junit.framework.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAction;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.provider.common.GroupMappingService;
-import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
-import org.apache.sentry.core.common.utils.PolicyFiles;
-import org.junit.After;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Objects;
-import com.google.common.collect.HashMultimap;
-import com.google.common.collect.Multimap;
-import com.google.common.io.Files;
-
-
-public class TestSearchAuthorizationProviderGeneralCases {
-
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(TestSearchAuthorizationProviderGeneralCases.class);
-
-  private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap
-      .create();
-
-  private static final Subject SUB_ADMIN = new Subject("admin1");
-  private static final Subject SUB_MANAGER = new Subject("manager1");
-  private static final Subject SUB_ANALYST = new Subject("analyst1");
-  private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1");
-
-  private static final Collection COLL_PURCHASES = new Collection("purchases");
-  private static final Collection COLL_ANALYST1 = new Collection("analyst1");
-  private static final Collection COLL_JRANALYST1 = new Collection("jranalyst1");
-  private static final Collection COLL_TMP = new Collection("tmpcollection");
-  private static final Collection COLL_PURCHASES_PARTIAL = new Collection("purchases_partial");
-
-  private static final SearchModelAction QUERY = SearchModelAction.QUERY;
-  private static final SearchModelAction UPDATE = SearchModelAction.UPDATE;
-
-  static {
-    USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin"));
-    USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager"));
-    USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst"));
-    USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(),
-        Arrays.asList("jranalyst"));
-  }
-
-  private final ResourceAuthorizationProvider authzProvider;
-  private File baseDir;
-
-  public TestSearchAuthorizationProviderGeneralCases() throws IOException {
-    baseDir = Files.createTempDir();
-    PolicyFiles.copyToDir(baseDir, "solr-policy-test-authz-provider.ini");
-    authzProvider = new HadoopGroupResourceAuthorizationProvider(
-            SearchPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "solr-policy-test-authz-provider.ini").getPath()),
-        new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP), SearchPrivilegeModel.getInstance());
-
-  }
-
-  @After
-  public void teardown() {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  private void doTestAuthProviderOnCollection(Subject subject,
-      Collection collection, Set<? extends Action> expectedPass) throws Exception {
-    Set<SearchModelAction> allActions = EnumSet.of(SearchModelAction.ALL, SearchModelAction.QUERY, SearchModelAction.UPDATE);
-    for(SearchModelAction action : allActions) {
-      doTestResourceAuthorizationProvider(subject, collection,
-        EnumSet.of(action), expectedPass.contains(action));
-    }
-  }
-
-  private void doTestResourceAuthorizationProvider(Subject subject,
-      Collection collection,
-      Set<? extends Action> privileges, boolean expected) throws Exception {
-    List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] {
-        collection
-    });
-    Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
-    helper.add("Subject", subject).add("Collection", collection)
-      .add("Privileges", privileges).add("authzHierarchy", authzHierarchy);
-    LOGGER.info("Running with " + helper.toString());
-    Assert.assertEquals(helper.toString(), expected,
-        authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
-    LOGGER.info("Passed " + helper.toString());
-  }
-
-  @Test
-  public void testAdmin() throws Exception {
-    Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
-    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES, allActions);
-    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_ANALYST1, allActions);
-    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_JRANALYST1, allActions);
-    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_TMP, allActions);
-    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES_PARTIAL, allActions);
-  }
-
-  @Test
-  public void testManager() throws Exception {
-    Set<SearchModelAction> updateOnly = EnumSet.of(SearchModelAction.UPDATE);
-    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES, updateOnly);
-
-    Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
-    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_ANALYST1, allActions);
-    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_JRANALYST1, allActions);
-
-    Set<SearchModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
-    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_TMP, queryUpdateOnly);
-
-    Set<SearchModelAction> queryOnly = EnumSet.of(SearchModelAction.QUERY);
-    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES_PARTIAL, queryOnly);
-  }
-
-  @Test
-  public void testAnalyst() throws Exception {
-    Set<SearchModelAction> updateOnly = EnumSet.of(SearchModelAction.UPDATE);
-    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES, updateOnly);
-
-    Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
-    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_ANALYST1, allActions);
-    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_JRANALYST1, allActions);
-
-    Set<SearchModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
-    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_TMP, queryUpdateOnly);
-
-    Set<SearchModelAction> noActions = EnumSet.noneOf(SearchModelAction.class);
-    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES_PARTIAL, noActions);
-  }
-
-  @Test
-  public void testJuniorAnalyst() throws Exception {
-     Set<SearchModelAction> allActions = EnumSet.allOf(SearchModelAction.class);
-     doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_JRANALYST1, allActions);
-
-    Set<SearchModelAction> queryOnly = EnumSet.of(SearchModelAction.QUERY);
-    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES_PARTIAL, queryOnly);
-
-    Set<SearchModelAction> noActions = EnumSet.noneOf(SearchModelAction.class);
-    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES, noActions);
-    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_ANALYST1, noActions);
-    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_TMP, noActions);
-  }
-
-  public class MockGroupMappingServiceProvider implements GroupMappingService {
-    private final Multimap<String, String> userToGroupMap;
-
-    public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) {
-      this.userToGroupMap = userToGroupMap;
-    }
-
-    @Override
-    public Set<String> getGroups(String user) {
-      return Sets.newHashSet(userToGroupMap.get(user));
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java
deleted file mode 100644
index 371f361..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchAuthorizationProviderSpecialCases.java
+++ /dev/null
@@ -1,84 +0,0 @@
- /*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.EnumSet;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.Action;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.core.common.Authorizable;
-import org.apache.sentry.core.common.Subject;
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAction;
-import org.apache.sentry.core.model.search.SearchPrivilegeModel;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.apache.sentry.provider.common.AuthorizationProvider;
-import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.io.Files;
-
-public class TestSearchAuthorizationProviderSpecialCases {
-  private AuthorizationProvider authzProvider;
-  private PolicyFile policyFile;
-  private File baseDir;
-  private File iniFile;
-  private String initResource;
-  @Before
-  public void setup() throws IOException {
-    baseDir = Files.createTempDir();
-    iniFile = new File(baseDir, "policy.ini");
-    initResource = "file://" + iniFile.getPath();
-    policyFile = new PolicyFile();
-  }
-
-  @After
-  public void teardown() throws IOException {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  @Test
-  public void testDuplicateEntries() throws Exception {
-    Subject user1 = new Subject("user1");
-    Collection collection1 = new Collection("collection1");
-    Set<? extends Action> actions = EnumSet.allOf(SearchModelAction.class);
-    policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
-      .addRolesToGroup("group1",  true, "role1", "role1")
-      .addPermissionsToRole("role1", true, "collection=" + collection1.getName(),
-          "collection=" + collection1.getName());
-    policyFile.write(iniFile);
-    PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(initResource);
-    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy, SearchPrivilegeModel.getInstance());
-    List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(collection1);
-    Assert.assertTrue(authorizableHierarchy.toString(),
-        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java
deleted file mode 100644
index e7da13a..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchModelAuthorizables.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sentry.policy.solr;
-import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.assertNull;
-
-import org.apache.sentry.core.model.search.Collection;
-import org.apache.sentry.core.model.search.SearchModelAuthorizables;
-import org.junit.Test;
-
-public class TestSearchModelAuthorizables {
-
-  @Test
-  public void testCollection() throws Exception {
-    Collection coll = (Collection) SearchModelAuthorizables.from("CoLleCtiOn=collection1");
-    assertEquals("collection1", coll.getName());
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testNoKV() throws Exception {
-    System.out.println(SearchModelAuthorizables.from("nonsense"));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyKey() throws Exception {
-    System.out.println(SearchModelAuthorizables.from("=v"));
-  }
-
-  @Test(expected=IllegalArgumentException.class)
-  public void testEmptyValue() throws Exception {
-    System.out.println(SearchModelAuthorizables.from("k="));
-  }
-
-  @Test
-  public void testNotAuthorizable() throws Exception {
-    assertNull(SearchModelAuthorizables.from("k=v"));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java
deleted file mode 100644
index 59283ea..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineDFS.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hdfs.MiniDFSCluster;
-import org.apache.sentry.core.common.utils.PolicyFiles;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-
-public class TestSearchPolicyEngineDFS extends AbstractTestSearchPolicyEngine {
-
-  private static MiniDFSCluster dfsCluster;
-  private static FileSystem fileSystem;
-  private static Path root;
-  private static Path etc;
-
-  @BeforeClass
-  public static void setupLocalClazz() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    File dfsDir = new File(baseDir, "dfs");
-    Assert.assertTrue(dfsDir.isDirectory() || dfsDir.mkdirs());
-    Configuration conf = new Configuration();
-    conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, dfsDir.getPath());
-    dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
-    fileSystem = dfsCluster.getFileSystem();
-    root = new Path(fileSystem.getUri().toString());
-    etc = new Path(root, "/etc");
-    fileSystem.mkdirs(etc);
-  }
-
-  @AfterClass
-  public static void teardownLocalClazz() {
-    if(dfsCluster != null) {
-      dfsCluster.shutdown();
-    }
-  }
-
-  @Override
-  protected void  afterSetup() throws IOException {
-    fileSystem.delete(etc, true);
-    fileSystem.mkdirs(etc);
-    PolicyFiles.copyToDir(fileSystem, etc, "solr-policy-test-authz-provider.ini");
-    setPolicy(SearchPolicyTestUtil.createPolicyEngineForTest(new Path(etc,
-        "solr-policy-test-authz-provider.ini").toString()));
-  }
-
-  @Override
-  protected void beforeTeardown() throws IOException {
-    fileSystem.delete(etc, true);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java
deleted file mode 100644
index 0ff4502..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyEngineLocalFS.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.utils.PolicyFiles;
-
-public class TestSearchPolicyEngineLocalFS extends AbstractTestSearchPolicyEngine {
-
-  @Override
-  protected void  afterSetup() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    Assert.assertTrue(baseDir.isDirectory() || baseDir.mkdirs());
-    PolicyFiles.copyToDir(baseDir, "solr-policy-test-authz-provider.ini");
-    setPolicy(SearchPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "solr-policy-test-authz-provider.ini").getPath()));
-  }
-  @Override
-  protected void beforeTeardown() throws IOException {
-    File baseDir = getBaseDir();
-    Assert.assertNotNull(baseDir);
-    FileUtils.deleteQuietly(baseDir);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java
deleted file mode 100644
index 20fee76..0000000
--- a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSearchPolicyNegative.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.policy.solr;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Collections;
-
-import org.junit.Assert;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.ActiveRoleSet;
-import org.apache.sentry.policy.common.PolicyEngine;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Charsets;
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public class TestSearchPolicyNegative {
-
-  @SuppressWarnings("unused")
-  private static final Logger LOGGER = LoggerFactory
-      .getLogger(TestSearchPolicyNegative.class);
-
-  private File baseDir;
-  private File globalPolicyFile;
-  private File otherPolicyFile;
-
-  @Before
-  public void setup() {
-    baseDir = Files.createTempDir();
-    globalPolicyFile = new File(baseDir, "global.ini");
-    otherPolicyFile = new File(baseDir, "other.ini");
-  }
-
-  @After
-  public void teardown() {
-    if(baseDir != null) {
-      FileUtils.deleteQuietly(baseDir);
-    }
-  }
-
-  private void append(String from, File to) throws IOException {
-    Files.append(from + "\n", to, Charsets.UTF_8);
-  }
-
-  @Test
-  public void testPerDbFileException() throws Exception {
-    append("[databases]", globalPolicyFile);
-    append("other_group_db = " + otherPolicyFile.getPath(), globalPolicyFile);
-    append("[groups]", otherPolicyFile);
-    append("other_group = some_role", otherPolicyFile);
-    append("[roles]", otherPolicyFile);
-    append("some_role = collection=c1", otherPolicyFile);
-    PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
-    Assert.assertEquals(Collections.emptySet(),
-        policy.getPrivileges(Sets.newHashSet("other_group"), ActiveRoleSet.ALL));
-  }
-
-  @Test
-  public void testCollectionRequiredInRole() throws Exception {
-    append("[groups]", globalPolicyFile);
-    append("group = some_role", globalPolicyFile);
-    append("[roles]", globalPolicyFile);
-    append("some_role = action=query", globalPolicyFile);
-    PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
-    ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("group"), ActiveRoleSet.ALL);
-    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-  }
-
-  @Test
-  public void testGroupIncorrect() throws Exception {
-    append("[groups]", globalPolicyFile);
-    append("group = malicious_role", globalPolicyFile);
-    append("[roles]", globalPolicyFile);
-    append("malicious_role = collection=*", globalPolicyFile);
-    PolicyEngine policy = SearchPolicyTestUtil.createPolicyEngineForTest(globalPolicyFile.getPath());
-    ImmutableSet<String> permissions = policy.getPrivileges(Sets.newHashSet("incorrectGroup"), ActiveRoleSet.ALL);
-    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java
new file mode 100644
index 0000000..a8b0453
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderGeneralCases.java
@@ -0,0 +1,196 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Set;
+
+import com.google.common.collect.Sets;
+import junit.framework.Assert;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.model.solr.Collection;
+import org.apache.sentry.core.model.solr.SolrModelAction;
+import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
+import org.apache.sentry.provider.common.GroupMappingService;
+import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
+import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
+import org.apache.sentry.core.common.utils.PolicyFiles;
+import org.junit.After;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Objects;
+import com.google.common.collect.HashMultimap;
+import com.google.common.collect.Multimap;
+import com.google.common.io.Files;
+
+
+public class TestSolrAuthorizationProviderGeneralCases {
+
+  private static final Logger LOGGER = LoggerFactory
+      .getLogger(TestSolrAuthorizationProviderGeneralCases.class);
+
+  private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap
+      .create();
+
+  private static final Subject SUB_ADMIN = new Subject("admin1");
+  private static final Subject SUB_MANAGER = new Subject("manager1");
+  private static final Subject SUB_ANALYST = new Subject("analyst1");
+  private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1");
+
+  private static final Collection COLL_PURCHASES = new Collection("purchases");
+  private static final Collection COLL_ANALYST1 = new Collection("analyst1");
+  private static final Collection COLL_JRANALYST1 = new Collection("jranalyst1");
+  private static final Collection COLL_TMP = new Collection("tmpcollection");
+  private static final Collection COLL_PURCHASES_PARTIAL = new Collection("purchases_partial");
+
+  private static final SolrModelAction QUERY = SolrModelAction.QUERY;
+  private static final SolrModelAction UPDATE = SolrModelAction.UPDATE;
+
+  static {
+    USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin"));
+    USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager"));
+    USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst"));
+    USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(),
+        Arrays.asList("jranalyst"));
+  }
+
+  private final ResourceAuthorizationProvider authzProvider;
+  private File baseDir;
+
+  public TestSolrAuthorizationProviderGeneralCases() throws IOException {
+    baseDir = Files.createTempDir();
+    PolicyFiles.copyToDir(baseDir, "solr-policy-test-authz-provider.ini");
+    authzProvider = new HadoopGroupResourceAuthorizationProvider(
+        SolrPolicyTestUtil.createPolicyEngineForTest(new File(baseDir, "solr-policy-test-authz-provider.ini").getPath()),
+        new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP), SolrPrivilegeModel.getInstance());
+
+  }
+
+  @After
+  public void teardown() {
+    if(baseDir != null) {
+      FileUtils.deleteQuietly(baseDir);
+    }
+  }
+
+  private void doTestAuthProviderOnCollection(Subject subject,
+      Collection collection, Set<? extends Action> expectedPass) throws Exception {
+    Set<SolrModelAction> allActions =
+        EnumSet.of(SolrModelAction.ALL, SolrModelAction.QUERY, SolrModelAction.UPDATE);
+    for (SolrModelAction action : allActions) {
+      doTestResourceAuthorizationProvider(subject, collection,
+          EnumSet.of(action), expectedPass.contains(action));
+    }
+  }
+
+  private void doTestResourceAuthorizationProvider(Subject subject,
+      Collection collection,
+      Set<? extends Action> privileges, boolean expected) throws Exception {
+    List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] {
+        collection
+    });
+    Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
+    helper.add("Subject", subject)
+          .add("Collection", collection)
+          .add("Privileges", privileges)
+          .add("authzHierarchy", authzHierarchy);
+    LOGGER.info("Running with " + helper.toString());
+    Assert.assertEquals(helper.toString(), expected,
+        authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
+    LOGGER.info("Passed " + helper.toString());
+  }
+
+  @Test
+  public void testAdmin() throws Exception {
+    Set<SolrModelAction> allActions = EnumSet.allOf(SolrModelAction.class);
+    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES, allActions);
+    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_ANALYST1, allActions);
+    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_JRANALYST1, allActions);
+    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_TMP, allActions);
+    doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES_PARTIAL, allActions);
+  }
+
+  @Test
+  public void testManager() throws Exception {
+    Set<SolrModelAction> updateOnly = EnumSet.of(SolrModelAction.UPDATE);
+    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES, updateOnly);
+
+    Set<SolrModelAction> allActions = EnumSet.allOf(SolrModelAction.class);
+    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_ANALYST1, allActions);
+    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_JRANALYST1, allActions);
+
+    Set<SolrModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
+    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_TMP, queryUpdateOnly);
+
+    Set<SolrModelAction> queryOnly = EnumSet.of(SolrModelAction.QUERY);
+    doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES_PARTIAL, queryOnly);
+  }
+
+  @Test
+  public void testAnalyst() throws Exception {
+    Set<SolrModelAction> updateOnly = EnumSet.of(SolrModelAction.UPDATE);
+    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES, updateOnly);
+
+    Set<SolrModelAction> allActions = EnumSet.allOf(SolrModelAction.class);
+    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_ANALYST1, allActions);
+    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_JRANALYST1, allActions);
+
+    Set<SolrModelAction> queryUpdateOnly = EnumSet.of(QUERY, UPDATE);
+    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_TMP, queryUpdateOnly);
+
+    Set<SolrModelAction> noActions = EnumSet.noneOf(SolrModelAction.class);
+    doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES_PARTIAL, noActions);
+  }
+
+  @Test
+  public void testJuniorAnalyst() throws Exception {
+    Set<SolrModelAction> allActions = EnumSet.allOf(SolrModelAction.class);
+    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_JRANALYST1, allActions);
+
+    Set<SolrModelAction> queryOnly = EnumSet.of(SolrModelAction.QUERY);
+    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES_PARTIAL, queryOnly);
+
+    Set<SolrModelAction> noActions = EnumSet.noneOf(SolrModelAction.class);
+    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES, noActions);
+    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_ANALYST1, noActions);
+    doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_TMP, noActions);
+  }
+
+  public class MockGroupMappingServiceProvider implements GroupMappingService {
+    private final Multimap<String, String> userToGroupMap;
+
+    public MockGroupMappingServiceProvider(Multimap<String, String> userToGroupMap) {
+      this.userToGroupMap = userToGroupMap;
+    }
+
+    @Override
+    public Set<String> getGroups(String user) {
+      return Sets.newHashSet(userToGroupMap.get(user));
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java
new file mode 100644
index 0000000..1329a68
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrAuthorizationProviderSpecialCases.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.policy.solr;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Set;
+
+import org.junit.Assert;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.policy.common.PolicyEngine;
+import org.apache.sentry.provider.common.AuthorizationProvider;
+import org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider;
+import org.apache.sentry.provider.file.PolicyFile;
+import org.apache.sentry.core.model.solr.Collection;
+import org.apache.sentry.core.model.solr.SolrModelAction;
+import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.io.Files;
+
+public class TestSolrAuthorizationProviderSpecialCases {
+  private AuthorizationProvider authzProvider;
+  private PolicyFile policyFile;
+  private File baseDir;
+  private File iniFile;
+  private String initResource;
+  @Before
+  public void setup() throws IOException {
+    baseDir = Files.createTempDir();
+    iniFile = new File(baseDir, "policy.ini");
+    initResource = "file://" + iniFile.getPath();
+    policyFile = new PolicyFile();
+  }
+
+  @After
+  public void teardown() throws IOException {
+    if(baseDir != null) {
+      FileUtils.deleteQuietly(baseDir);
+    }
+  }
+
+  @Test
+  public void testDuplicateEntries() throws Exception {
+    Subject user1 = new Subject("user1");
+    Collection collection1 = new Collection("collection1");
+    Set<? extends Action> actions = EnumSet.allOf(SolrModelAction.class);
+    policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
+    .addRolesToGroup("group1",  true, "role1", "role1")
+    .addPermissionsToRole("role1", true, "collection=" + collection1.getName(),
+        "collection=" + collection1.getName());
+    policyFile.write(iniFile);
+    PolicyEngine policy = SolrPolicyTestUtil.createPolicyEngineForTest(initResource);
+    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy, SolrPrivilegeModel.getInstance());
+    List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(collection1);
+    Assert.assertTrue(authorizableHierarchy.toString(),
+        authzProvider.hasAccess(user1, authorizableHierarchy, actions, ActiveRoleSet.ALL));
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java
new file mode 100644
index 0000000..425937e
--- /dev/null
+++ b/sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/policy/solr/TestSolrModelAuthorizables.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sentry.policy.solr;
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertNull;
+
+import org.apache.sentry.core.model.solr.Collection;
+import org.apache.sentry.core.model.solr.SolrModelAuthorizables;
+import org.junit.Test;
+
+public class TestSolrModelAuthorizables {
+
+  @Test
+  public void testCollection() throws Exception {
+    Collection coll = (Collection) SolrModelAuthorizables.from("CoLleCtiOn=collection1");
+    assertEquals("collection1", coll.getName());
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testNoKV() throws Exception {
+    System.out.println(SolrModelAuthorizables.from("nonsense"));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testEmptyKey() throws Exception {
+    System.out.println(SolrModelAuthorizables.from("=v"));
+  }
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testEmptyValue() throws Exception {
+    System.out.println(SolrModelAuthorizables.from("k="));
+  }
+
+  @Test
+  public void testNotAuthorizable() throws Exception {
+    assertNull(SolrModelAuthorizables.from("k=v"));
+  }
+}


Mime
View raw message