sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [6/9] sentry git commit: SENTRY-2207 Refactor out Sentry CLI from sentry-provider-db into own module. Steve Moist, reviewed by Colm O hEigeartaigh.
Date Mon, 30 Apr 2018 16:35:42 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
deleted file mode 100644
index 0f4bb62..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSolr.java
+++ /dev/null
@@ -1,534 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.io.Files;
-import com.google.common.collect.Sets;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.PrintStream;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-public class TestSentryShellSolr extends SentryGenericServiceIntegrationBase {
-  private File confDir;
-  private File confPath;
-  private static String TEST_ROLE_NAME_1 = "testRole1";
-  private static String TEST_ROLE_NAME_2 = "testRole2";
-  private String requestorName = "";
-  private String service = "service1";
-
-  @Before
-  public void prepareForTest() throws Exception {
-    confDir = Files.createTempDir();
-    confPath = new File(confDir, "sentry-site.xml");
-    if (confPath.createNewFile()) {
-      FileOutputStream to = new FileOutputStream(confPath);
-      conf.writeXml(to);
-      to.close();
-    }
-    requestorName = clientUgi.getShortUserName();//System.getProperty("user.name", "");
-    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-    setLocalGroupMapping(requestorName, requestorUserGroupNames);
-    // add ADMIN_USER for the after() in SentryServiceIntegrationBase
-    setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames);
-    writePolicyFile();
-  }
-
-  @After
-  public void clearTestData() throws Exception {
-    FileUtils.deleteQuietly(confDir);
-  }
-
-  @Test
-  public void testCreateDropRole() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // test: create role with -cr
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-        // test: create role with --create_role
-        args = new String[] { "--create_role", "-r", TEST_ROLE_NAME_2, "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-
-        // validate the result, list roles with -lr
-        args = new String[] { "-lr", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // validate the result, list roles with --list_role
-        args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // test: drop role with -dr
-        args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-        // test: drop role with --drop_role
-        args = new String[] { "--drop_role", "-r", TEST_ROLE_NAME_2, "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-
-        // validate the result
-        Set<TSentryRole> roles = client.listAllRoles(requestorName, SOLR);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-      }
-    });
-  }
-
-  @Test
-  public void testAddDeleteRoleForGroup() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // Group names are case sensitive - mixed case names should work
-        String TEST_GROUP_1 = "testGroup1";
-        String TEST_GROUP_2 = "testGroup2";
-        String TEST_GROUP_3 = "testGroup3";
-
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
-        client.createRole(requestorName, TEST_ROLE_NAME_2, SOLR);
-        // test: add role to group with -arg
-        String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-        // test: add role to multiple groups
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
-            "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-        // test: add role to group with --add_role_group
-        args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
-            "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-
-        // validate the result list roles with -lr and -g
-        args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // list roles with --list_role and -g
-        args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        // List the groups and roles via listGroups
-        args = new String[] { "--list_group", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        Set<String> groups = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals(3, groups.size());
-        assertTrue(groups.contains("testGroup3 = testrole1"));
-        assertTrue(groups.contains("testGroup2 = testrole1"));
-        assertTrue(groups.contains("testGroup1 = testrole2, testrole1"));
-
-        // test: delete role from group with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-        // test: delete role to multiple groups
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
-            "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-        // test: delete role from group with --delete_role_group
-        args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
-            "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-
-        // validate the result
-        Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1, SOLR);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, SOLR);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, SOLR);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2, SOLR);
-      }
-    });
-  }
-
-  @Test
-  public void testCaseSensitiveGroupName() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
-        // add role to a group (lower case)
-        String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "group1", "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric.main(args);
-
-        // validate the roles when group name is same case as above
-        args = new String[] { "-lr", "-g", "group1", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        // roles should be empty when group name is different case than above
-        args = new String[] { "-lr", "-g", "GROUP1", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames);
-      }
-      });
-    }
-
-  public static String grant(boolean shortOption) {
-    return shortOption ? "-gpr" : "--grant_privilege_role";
-  }
-
-  public static String revoke(boolean shortOption) {
-    return shortOption ? "-rpr" : "--revoke_privilege_role";
-  }
-
-  public static String list(boolean shortOption) {
-    return shortOption ? "-lp" : "--list_privilege";
-  }
-
-  private void assertGrantRevokePrivilege(final boolean shortOption) throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
-        client.createRole(requestorName, TEST_ROLE_NAME_2, SOLR);
-
-        String [] privs = {
-          "Collection=*->action=*",
-          "Collection=collection2->action=update",
-          "Collection=collection3->action=query",
-        };
-        for (int i = 0; i < privs.length; ++i) {
-          // test: grant privilege to role
-          String [] args = new String [] { grant(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
-            privs[ i ],
-            "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-          SentryShellGeneric.main(args);
-        }
-
-        // test the list privilege
-        String [] args = new String[] { list(shortOption), "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals("Incorrect number of privileges", privs.length, privilegeStrs.size());
-        for (int i = 0; i < privs.length; ++i) {
-          assertTrue("Expected privilege: " + privs[ i ], privilegeStrs.contains(privs[ i ]));
-        }
-
-        for (int i = 0; i < privs.length; ++i) {
-          args = new String[] { revoke(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
-            privs[ i ], "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-          SentryShellGeneric.main(args);
-          Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName,
-            TEST_ROLE_NAME_1, SOLR, service);
-          assertEquals("Incorrect number of privileges", privs.length - (i + 1), privileges.size());
-        }
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2, SOLR);
-      }
-    });
-  }
-
-
-  @Test
-  public void testGrantRevokePrivilegeWithShortOption() throws Exception {
-    assertGrantRevokePrivilege(true);
-  }
-
-  @Test
-  public void testGrantRevokePrivilegeWithLongOption() throws Exception {
-    assertGrantRevokePrivilege(false);
-  }
-
-
-  @Test
-  public void testNegativeCaseWithInvalidArgument() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
-        // test: create duplicate role with -cr
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for creating duplicate role");
-        } catch (SentryUserException e) {
-          // expected exception
-        }
-
-        // test: drop non-exist role with -dr
-        args = new String[] { "-dr", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for dropping non-exist role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        }
-
-        // test: add non-exist role to group with -arg
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for granting non-exist role to group");
-        } catch (SentryUserException e) {
-          // excepted exception
-        }
-
-        // test: drop group from non-exist role with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for drop group from non-exist role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        }
-
-        // test: grant privilege to role with the error privilege format
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=*",
-            "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for the error privilege format, invalid key value.");
-        } catch (IllegalArgumentException e) {
-          // excepted exception
-        }
-
-        // test: grant privilege to role with the error privilege hierarchy
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->table=tbl1->column=col2->action=insert", "-conf",
-            confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for the error privilege format, invalid key value.");
-        } catch (IllegalArgumentException e) {
-          // expected exception
-        }
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR);
-      }
-    });
-  }
-
-  @Test
-  public void testNegativeCaseWithoutRequiredArgument() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String strOptionConf = "conf";
-        client.createRole(requestorName, TEST_ROLE_NAME_1, SOLR);
-        // test: the conf is required argument
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-t", "solr" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + strOptionConf);
-
-        // test: -r is required when create role
-        args = new String[] { "-cr", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -r is required when drop role
-        args = new String[] { "-dr", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -r is required when add role to group
-        args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -g is required when add role to group
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
-        // test: -r is required when delete role from group
-        args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -g is required when delete role from group
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
-        // test: -r is required when grant privilege to role
-        args = new String[] { "-gpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -p is required when grant privilege to role
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
-        // test: action is required in privilege
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-p", "collection=collection1", "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-         try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected IllegalArgumentException");
-        } catch (IllegalArgumentException e) {
-          assertEquals("Privilege is invalid: action required but not specified.", e.getMessage());
-        }
-
-        // test: -r is required when revoke privilege from role
-        args = new String[] { "-rpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -p is required when revoke privilege from role
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "solr" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
-        // test: command option is required for shell
-        args = new String[] {"-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsgsContains(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[",
-                "-arg Add role to group",
-                "-cr Create role",
-                "-rpr Revoke privilege from role",
-                "-drg Delete role from group",
-                "-lr List role",
-                "-lp List privilege",
-                "-gpr Grant privilege to role",
-                "-dr Drop role");
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, SOLR);
-      }
-    });
-  }
-
-  // redirect the System.out to ByteArrayOutputStream, then execute the command and parse the result.
-  private Set<String> getShellResultWithOSRedirect(SentryShellGeneric sentryShell,
-      String[] args, boolean expectedExecuteResult) throws Exception {
-    PrintStream oldOut = System.out;
-    ByteArrayOutputStream outContent = new ByteArrayOutputStream();
-    System.setOut(new PrintStream(outContent));
-    assertEquals(expectedExecuteResult, sentryShell.executeShell(args));
-    Set<String> resultSet = Sets.newHashSet(outContent.toString().split("\n"));
-    System.setOut(oldOut);
-    return resultSet;
-  }
-
-  private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) {
-    if (expectedRoleNames != null && expectedRoleNames.length > 0) {
-      assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length,
-          expectedRoleNames.length, roleNames.size());
-      Set<String> lowerCaseRoles = new HashSet<String>();
-      for (String role : roleNames) {
-        lowerCaseRoles.add(role.toLowerCase());
-      }
-
-      for (String expectedRole : expectedRoleNames) {
-        assertTrue("Expected role: " + expectedRole,
-            lowerCaseRoles.contains(expectedRole.toLowerCase()));
-      }
-    }
-  }
-
-  private void validateMissingParameterMsg(SentryShellGeneric sentryShell, String[] args,
-      String expectedErrorMsg) throws Exception {
-    Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
-    assertTrue("Expected error message: " + expectedErrorMsg, errorMsgs.contains(expectedErrorMsg));
-  }
-
-  private void validateMissingParameterMsgsContains(SentryShellGeneric sentryShell, String[] args,
-      String ... expectedErrorMsgsContains) throws Exception {
-    Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
-    boolean foundAllMessages = false;
-    Iterator<String> it = errorMsgs.iterator();
-    while (it.hasNext()) {
-      String errorMessage = it.next();
-      boolean missingExpected = false;
-      for (String expectedContains : expectedErrorMsgsContains) {
-        if (!errorMessage.contains(expectedContains)) {
-          missingExpected = true;
-          break;
-        }
-      }
-      if (!missingExpected) {
-        foundAllMessages = true;
-        break;
-      }
-    }
-    assertTrue(foundAllMessages);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSqoop.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSqoop.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSqoop.java
deleted file mode 100644
index cdba442..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellSqoop.java
+++ /dev/null
@@ -1,532 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.common.AuthorizationComponent;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.PrintStream;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import static org.junit.Assert.*;
-
-public class TestSentryShellSqoop extends SentryGenericServiceIntegrationBase {
-  private File confDir;
-  private File confPath;
-  private static String TEST_ROLE_NAME_1 = "testRole1";
-  private static String TEST_ROLE_NAME_2 = "testRole2";
-  private String requestorName = "";
-  private String service = "sqoopServer1";
-
-  @Before
-  public void prepareForTest() throws Exception {
-    confDir = Files.createTempDir();
-    confPath = new File(confDir, "sentry-site.xml");
-    if (confPath.createNewFile()) {
-      FileOutputStream to = new FileOutputStream(confPath);
-      conf.writeXml(to);
-      to.close();
-    }
-    requestorName = clientUgi.getShortUserName();//.getProperty("user.name", "");
-    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-    setLocalGroupMapping(requestorName, requestorUserGroupNames);
-    // add ADMIN_USER for the after() in SentryServiceIntegrationBase
-    setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames);
-    writePolicyFile();
-  }
-
-  @After
-  public void clearTestData() throws Exception {
-    FileUtils.deleteQuietly(confDir);
-  }
-
-  @Test
-  public void testCreateDropRole() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // test: create role with -cr
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric.main(args);
-        // test: create role with --create_role
-        args = new String[] { "--create_role", "-r", TEST_ROLE_NAME_2, "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric.main(args);
-
-        // validate the result, list roles with -lr
-        args = new String[] { "-lr", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // validate the result, list roles with --list_role
-        args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // test: drop role with -dr
-        args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric.main(args);
-        // test: drop role with --drop_role
-        args = new String[] { "--drop_role", "-r", TEST_ROLE_NAME_2, "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric.main(args);
-
-        // validate the result
-        Set<TSentryRole> roles = client.listAllRoles(requestorName, AuthorizationComponent.SQOOP);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-      }
-    });
-  }
-
-  @Test
-  public void testAddDeleteRoleForGroup() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // Group names are case sensitive - mixed case names should work
-        String TEST_GROUP_1 = "testGroup1";
-        String TEST_GROUP_2 = "testGroup2";
-        String TEST_GROUP_3 = "testGroup3";
-
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP);
-        client.createRole(requestorName, TEST_ROLE_NAME_2, AuthorizationComponent.SQOOP);
-        // test: add role to group with -arg
-        String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric.main(args);
-        // test: add role to multiple groups
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
-            "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric.main(args);
-        // test: add role to group with --add_role_group
-        args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
-            "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric.main(args);
-
-        // validate the result list roles with -lr and -g
-        args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // list roles with --list_role and -g
-        args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        // List the groups and roles via listGroups
-        args = new String[] { "--list_group", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        Set<String> groups = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals(3, groups.size());
-        assertTrue(groups.contains("testGroup3 = testrole1"));
-        assertTrue(groups.contains("testGroup2 = testrole1"));
-        assertTrue(groups.contains("testGroup1 = testrole2, testrole1"));
-
-        // test: delete role from group with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric.main(args);
-        // test: delete role to multiple groups
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
-            "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric.main(args);
-        // test: delete role from group with --delete_role_group
-        args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
-            "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric.main(args);
-
-        // validate the result
-        Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1, AuthorizationComponent.SQOOP);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, AuthorizationComponent.SQOOP);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, AuthorizationComponent.SQOOP);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2, AuthorizationComponent.SQOOP);
-      }
-    });
-  }
-
-  @Test
-  public void testCaseSensitiveGroupName() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP);
-        // add role to a group (lower case)
-        String[] args = {"-arg", "-r", TEST_ROLE_NAME_1, "-g", "group1", "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop"};
-        SentryShellGeneric.main(args);
-
-        // validate the roles when group name is same case as above
-        args = new String[]{"-lr", "-g", "group1", "-conf", confPath.getAbsolutePath(), "-t", "sqoop"};
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        // roles should be empty when group name is different case than above
-        args = new String[]{"-lr", "-g", "GROUP1", "-conf", confPath.getAbsolutePath(), "-t", "sqoop"};
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames);
-      }
-    });
-  }
-
-  public static String grant(boolean shortOption) {
-    return shortOption ? "-gpr" : "--grant_privilege_role";
-  }
-
-  public static String revoke(boolean shortOption) {
-    return shortOption ? "-rpr" : "--revoke_privilege_role";
-  }
-
-  public static String list(boolean shortOption) {
-    return shortOption ? "-lp" : "--list_privilege";
-  }
-
-  private void assertGrantRevokePrivilege(final boolean shortOption) throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP);
-        client.createRole(requestorName, TEST_ROLE_NAME_2, AuthorizationComponent.SQOOP);
-
-        String [] privs = {
-            "SERVER=sqoopserver1->CONNECTOR=c1->action=read",
-            "SERVER=sqoopserver1->JOB=j1->action=write",
-            "SERVER=sqoopserver1->LINK=l1->action=read",
-        };
-        for (int i = 0; i < privs.length; ++i) {
-          // test: grant privilege to role
-          String [] args = new String [] { grant(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
-            privs[ i ],
-            "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-          SentryShellGeneric.main(args);
-        }
-
-        // test the list privilege
-        String [] args = new String[] { list(shortOption), "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true);
-
-        assertEquals("Incorrect number of privileges", privs.length, privilegeStrs.size());
-        for (int i = 0; i < privs.length; ++i) {
-          assertTrue("Expected privilege: " + privs[i] + " in " + Arrays.toString(privilegeStrs.toArray()), privilegeStrs.contains(privs[i]));
-        }
-
-        for (int i = 0; i < privs.length; ++i) {
-          args = new String[] { revoke(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
-            privs[ i ], "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-          SentryShellGeneric.main(args);
-          Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName,
-            TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP, service);
-          assertEquals("Incorrect number of privileges. Received privileges: " + Arrays.toString(privileges.toArray()), privs.length - (i + 1), privileges.size());
-        }
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2, AuthorizationComponent.SQOOP);
-      }
-    });
-  }
-
-
-  @Test
-  public void testGrantRevokePrivilegeWithShortOption() throws Exception {
-    assertGrantRevokePrivilege(true);
-  }
-
-  @Test
-  public void testGrantRevokePrivilegeWithLongOption() throws Exception {
-    assertGrantRevokePrivilege(false);
-  }
-
-  @Test
-  public void testNegativeCaseWithInvalidArgument() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        client.createRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP);
-        // test: create duplicate role with -cr
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for creating duplicate role");
-        } catch (SentryUserException e) {
-          // expected exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // test: drop non-exist role with -dr
-        args = new String[] { "-dr", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for dropping non-exist role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // test: add non-exist role to group with -arg
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for granting non-exist role to group");
-        } catch (SentryUserException e) {
-          // excepted exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // test: drop group from non-exist role with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for drop group from non-exist role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // test: grant privilege to role with the error privilege format
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=all",
-            "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for the error privilege format, invalid key value.");
-        } catch (IllegalArgumentException e) {
-          // excepted exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP);
-      }
-    });
-  }
-
-  @Test
-  public void testNegativeCaseWithoutRequiredArgument() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String strOptionConf = "conf";
-        client.createRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP);
-        // test: the conf is required argument
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-t", "sqoop" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + strOptionConf);
-
-        // test: -r is required when create role
-        args = new String[] { "-cr", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -r is required when drop role
-        args = new String[] { "-dr", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -r is required when add role to group
-        args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -g is required when add role to group
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
-        // test: -r is required when delete role from group
-        args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -g is required when delete role from group
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
-        // test: -r is required when grant privilege to role
-        args = new String[] { "-gpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -p is required when grant privilege to role
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
-        // test: action is required in privilege
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-p", "Server=sqoopServer1->Connector", "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-         try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected IllegalArgumentException");
-        } catch (IllegalArgumentException e) {
-           // expected
-        } catch (Exception e) {
-           fail ("Unexpected exception received. " + e);
-         }
-
-        // test: -r is required when revoke privilege from role
-        args = new String[] { "-rpr", "-p", "Server=sqoopServer1->Connector->action=*", "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -p is required when revoke privilege from role
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
-        // test: command option is required for shell
-        args = new String[] {"-conf", confPath.getAbsolutePath(), "-t", "sqoop" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsgsContains(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[",
-                "-arg Add role to group",
-                "-cr Create role",
-                "-rpr Revoke privilege from role",
-                "-drg Delete role from group",
-                "-lr List role",
-                "-lp List privilege",
-                "-gpr Grant privilege to role",
-                "-dr Drop role");
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, AuthorizationComponent.SQOOP);
-      }
-    });
-  }
-
-  // redirect the System.out to ByteArrayOutputStream, then execute the command and parse the result.
-  private Set<String> getShellResultWithOSRedirect(SentryShellGeneric sentryShell,
-      String[] args, boolean expectedExecuteResult) throws Exception {
-    PrintStream oldOut = System.out;
-    ByteArrayOutputStream outContent = new ByteArrayOutputStream();
-    System.setOut(new PrintStream(outContent));
-    assertEquals(expectedExecuteResult, sentryShell.executeShell(args));
-    Set<String> resultSet = Sets.newHashSet(outContent.toString().split("\n"));
-    System.setOut(oldOut);
-    return resultSet;
-  }
-
-  private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) {
-    if (expectedRoleNames != null && expectedRoleNames.length > 0) {
-      assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length,
-          expectedRoleNames.length, roleNames.size());
-      Set<String> lowerCaseRoles = new HashSet<String>();
-      for (String role : roleNames) {
-        lowerCaseRoles.add(role.toLowerCase());
-      }
-
-      for (String expectedRole : expectedRoleNames) {
-        assertTrue("Expected role: " + expectedRole,
-            lowerCaseRoles.contains(expectedRole.toLowerCase()));
-      }
-    }
-  }
-
-  private void validateMissingParameterMsg(SentryShellGeneric sentryShell, String[] args,
-      String expectedErrorMsg) throws Exception {
-    Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
-    assertTrue("Expected error message: " + expectedErrorMsg, errorMsgs.contains(expectedErrorMsg));
-  }
-
-  private void validateMissingParameterMsgsContains(SentryShellGeneric sentryShell, String[] args,
-      String ... expectedErrorMsgsContains) throws Exception {
-    Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
-    boolean foundAllMessages = false;
-    Iterator<String> it = errorMsgs.iterator();
-    while (it.hasNext()) {
-      String errorMessage = it.next();
-      boolean missingExpected = false;
-      for (String expectedContains : expectedErrorMsgsContains) {
-        if (!errorMessage.contains(expectedContains)) {
-          missingExpected = true;
-          break;
-        }
-      }
-      if (!missingExpected) {
-        foundAllMessages = true;
-        break;
-      }
-    }
-    assertTrue(foundAllMessages);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java
deleted file mode 100644
index 68abf27..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentrySchemaTool.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.tools;
-
-import java.io.File;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.persistent.SentryStoreSchemaInfo;
-import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.io.Files;
-
-public class TestSentrySchemaTool {
-  private Configuration sentryConf;
-  private SentrySchemaTool schemaTool;
-
-  private static final String OLDEST_INIT_VERSION = "1.4.0";
-
-  @Before
-  public void defaultSetup() throws Exception {
-    sentryConf = new Configuration();
-    File dbDir = new File(Files.createTempDir(), "sentry_policy_db");
-    sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
-        "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true");
-    sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy");
-    schemaTool = new SentrySchemaTool("./src/main/resources", sentryConf,
-        "derby");
-  }
-
-  private void nonDefaultsetup() throws Exception {
-    sentryConf = new Configuration();
-    File dbDir = new File(Files.createTempDir(), "sentry_policy_db");
-    sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
-        "jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true");
-    sentryConf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy");
-    schemaTool = new SentrySchemaTool("./src/main/resources", sentryConf,
-        "derby");
-  }
-
-  @Test
-  public void testInitNonDefault() throws Exception {
-    nonDefaultsetup();
-    schemaTool.doInit();
-    schemaTool.verifySchemaVersion();
-  }
-
-  @Test
-  public void testInit() throws Exception {
-    schemaTool.doInit();
-    schemaTool.verifySchemaVersion();
-  }
-
-  @Test
-  public void testInitTo() throws Exception {
-    schemaTool.doInit(SentryStoreSchemaInfo.getSentryVersion());
-    schemaTool.verifySchemaVersion();
-  }
-
-  @Test(expected = SentryUserException.class)
-  public void testDryRun() throws Exception {
-    schemaTool.setDryRun(true);
-    schemaTool.doInit();
-    schemaTool.setDryRun(false);
-    // verification should fail since dryRun didn't create the actual schema
-    schemaTool.verifySchemaVersion();
-  }
-
-  @Test
-  public void testUpgrade() throws Exception {
-    schemaTool.doInit(OLDEST_INIT_VERSION);
-    schemaTool.doUpgrade();
-    schemaTool.verifySchemaVersion();
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
deleted file mode 100644
index de8f043..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/tools/TestSentryShellHive.java
+++ /dev/null
@@ -1,613 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.tools;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.PrintStream;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.service.thrift.TSentryRole;
-import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
-public class TestSentryShellHive extends SentryServiceIntegrationBase {
-
-  private File confDir;
-  private File confPath;
-  private static String TEST_ROLE_NAME_1 = "testRole1";
-  private static String TEST_ROLE_NAME_2 = "testRole2";
-  private String requestorName = "";
-
-  @Before
-  public void prepareForTest() throws Exception {
-    confDir = Files.createTempDir();
-    confPath = new File(confDir, "sentry-site.xml");
-    if (confPath.createNewFile()) {
-      FileOutputStream to = new FileOutputStream(confPath);
-      conf.writeXml(to);
-      to.close();
-    }
-    requestorName = clientUgi.getShortUserName();
-    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-    setLocalGroupMapping(requestorName, requestorUserGroupNames);
-    // add ADMIN_USER for the after() in SentryServiceIntegrationBase
-    setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames);
-    writePolicyFile();
-  }
-
-  @After
-  public void clearTestData() throws Exception {
-    FileUtils.deleteQuietly(confDir);
-  }
-
-  @Test
-  public void testCreateDropRole() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // test: create role with -cr
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        // test: create role with --create_role
-        args = new String[] { "--create_role", "-r", TEST_ROLE_NAME_2, "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-
-        // validate the result, list roles with -lr
-        args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive sentryShell = new SentryShellHive();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // validate the result, list roles with --list_role
-        args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // test: drop role with -dr
-        args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        // test: drop role with --drop_role
-        args = new String[] { "--drop_role", "-r", TEST_ROLE_NAME_2, "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-
-        // validate the result
-        Set<TSentryRole> roles = client.listAllRoles(requestorName);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-      }
-    });
-  }
-
-  @Test
-  public void testAddDeleteRoleForGroup() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1);
-        client.createRole(requestorName, TEST_ROLE_NAME_2);
-        // test: add role to group with -arg
-        String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        // test: add role to multiple groups
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup2,testGroup3",
-            "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        // test: add role to group with --add_role_group
-        args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1",
-            "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-
-        // validate the result list roles with -lr and -g
-        args = new String[] { "-lr", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive sentryShell = new SentryShellHive();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-
-        // list roles with --list_role and -g
-        args = new String[] { "--list_role", "-g", "testGroup2", "-conf",
-            confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        args = new String[] { "--list_role", "-g", "testGroup3", "-conf",
-            confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        // List the groups and roles via listGroups
-        args = new String[] { "--list_group", "-conf", confPath.getAbsolutePath()};
-        sentryShell = new SentryShellHive();
-        Set<String> groups = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals(3, groups.size());
-        assertTrue(groups.contains("testGroup3 = testrole1"));
-        assertTrue(groups.contains("testGroup2 = testrole1"));
-        assertTrue(groups.contains("testGroup1 = testrole2, testrole1"));
-
-        // test: delete role from group with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        // test: delete role to multiple groups
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", "testGroup2,testGroup3",
-            "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        // test: delete role from group with --delete_role_group
-        args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1",
-            "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-
-        // validate the result
-        Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, "testGroup1");
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        roles = client.listRolesByGroupName(requestorName, "testGroup2");
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        roles = client.listRolesByGroupName(requestorName, "testGroup3");
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2);
-      }
-    });
-  }
-
-  @Test
-  public void testGrantRevokePrivilegeWithShortOption() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1);
-        client.createRole(requestorName, TEST_ROLE_NAME_2);
-
-        // test: grant privilege to role with -gpr
-        String[] args = { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->action=*",
-            "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->action=select", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->action=insert", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->column=col1->action=insert", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true",
-            "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-
-        // test the list privilege with -lp
-        args = new String[] { "-lp", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        SentryShellHive sentryShell = new SentryShellHive();
-        Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true);
-        // validate the result for -lp
-        assertEquals("Incorrect number of privileges", 6, privilegeStrs.size());
-        assertTrue(privilegeStrs.contains("server=server1->action=*"));
-        assertTrue(privilegeStrs.contains("server=server1->db=db1->action=select"));
-        assertTrue(privilegeStrs.contains("server=server1->db=db1->table=tbl1->action=insert"));
-        assertTrue(privilegeStrs
-            .contains("server=server1->db=db1->table=tbl1->column=col1->action=insert"));
-        assertTrue(privilegeStrs
-            .contains("server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true"));
-        assertTrue(privilegeStrs.contains("server=server1->uri=hdfs://path/testuri->action=*"));
-
-        // test: revoke privilege from role with -rpr
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->column=col1->action=insert", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName,
-            TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 5, privileges.size());
-
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true",
-            "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 4, privileges.size());
-
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 3, privileges.size());
-
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->action=insert", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 2, privileges.size());
-
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->action=select", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 1, privileges.size());
-
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-p", "server=server1->action=*",
-            "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 0, privileges.size());
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2);
-      }
-    });
-  }
-
-  @Test
-  public void testGrantRevokePrivilegeWithLongOption() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1);
-        client.createRole(requestorName, TEST_ROLE_NAME_2);
-
-        // test: grant privilege to role with -gpr
-        String[] args = { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->action=*", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->action=select", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->action=insert", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->column=col1->action=insert", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true",
-            "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        args = new String[] { "--grant_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-
-        // test the list privilege with -lp
-        args = new String[] { "--list_privilege", "-r", TEST_ROLE_NAME_1, "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive sentryShell = new SentryShellHive();
-        Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true);
-        // validate the result for -lp
-        assertEquals("Incorrect number of privileges", 6, privilegeStrs.size());
-        assertTrue(privilegeStrs.contains("server=server1->action=*"));
-        assertTrue(privilegeStrs.contains("server=server1->db=db1->action=select"));
-        assertTrue(privilegeStrs.contains("server=server1->db=db1->table=tbl1->action=insert"));
-        assertTrue(privilegeStrs
-            .contains("server=server1->db=db1->table=tbl1->column=col1->action=insert"));
-        assertTrue(privilegeStrs
-            .contains("server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true"));
-        assertTrue(privilegeStrs.contains("server=server1->uri=hdfs://path/testuri->action=*"));
-
-        // test: revoke privilege from role with -rpr
-        args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->column=col1->action=insert", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName,
-            TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 5, privileges.size());
-
-        args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->column=col2->action=insert->grantoption=true",
-            "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 4, privileges.size());
-
-        args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->uri=hdfs://path/testuri->action=*", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 3, privileges.size());
-
-        args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->table=tbl1->action=insert", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 2, privileges.size());
-
-        args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->db=db1->action=select", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 1, privileges.size());
-
-        args = new String[] { "--revoke_privilege_role", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->action=*", "-conf", confPath.getAbsolutePath() };
-        SentryShellHive.main(args);
-        privileges = client.listAllPrivilegesByRoleName(requestorName, TEST_ROLE_NAME_1);
-        assertEquals("Incorrect number of privileges", 0, privileges.size());
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2);
-      }
-    });
-  }
-
-  @Test
-  public void testNegativeCaseWithInvalidArgument() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        client.createRole(requestorName, TEST_ROLE_NAME_1);
-        // test: create duplicate role with -cr
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        SentryShellHive sentryShell = new SentryShellHive();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for creating duplicate role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        }
-
-        // test: drop non-exist role with -dr
-        args = new String[] { "-dr", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for dropping non-exist role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        }
-
-        // test: add non-exist role to group with -arg
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for granting non-exist role to group");
-        } catch (SentryUserException e) {
-          // excepted exception
-        }
-
-        // test: drop group from non-exist role with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for drop group from non-exist role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        }
-
-        // test: grant privilege to role with the error privilege format
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=*",
-            "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for the error privilege format, invalid key value.");
-        } catch (IllegalArgumentException e) {
-          // excepted exception
-        }
-
-        // test: grant privilege to role with the error privilege hierarchy
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->table=tbl1->column=col2->action=insert", "-conf",
-            confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for the error privilege format, invalid key value.");
-        } catch (IllegalArgumentException e) {
-          // excepted exception
-        }
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1);
-      }
-    });
-  }
-
-  @Test
-  public void testNegativeCaseWithoutRequiredArgument() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String strOptionConf = "conf";
-        client.createRole(requestorName, TEST_ROLE_NAME_1);
-        // test: the conf is required argument
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1 };
-        SentryShellHive sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + strOptionConf);
-
-        // test: -r is required when create role
-        args = new String[] { "-cr", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -r is required when drop role
-        args = new String[] { "-dr", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -r is required when add role to group
-        args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -g is required when add role to group
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
-        // test: -r is required when delete role from group
-        args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -g is required when delete role from group
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
-        // test: -r is required when grant privilege to role
-        args = new String[] { "-gpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -p is required when grant privilege to role
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
-        // test: -r is required when revoke privilege from role
-        args = new String[] { "-rpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -p is required when revoke privilege from role
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
-        // test: command option is required for shell
-        args = new String[] {"-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellHive();
-        validateMissingParameterMsgsContains(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[",
-                "-arg Add role to group",
-                "-cr Create role",
-                "-rpr Revoke privilege from role",
-                "-drg Delete role from group",
-                "-lr List role",
-                "-lp List privilege",
-                "-gpr Grant privilege to role",
-                "-dr Drop role");
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1);
-      }
-    });
-  }
-
-  // redirect the System.out to ByteArrayOutputStream, then execute the command and parse the result.
-  private Set<String> getShellResultWithOSRedirect(SentryShellHive sentryShell,
-      String[] args, boolean exceptedExecuteResult) throws Exception {
-    PrintStream oldOut = System.out;
-    ByteArrayOutputStream outContent = new ByteArrayOutputStream();
-    System.setOut(new PrintStream(outContent));
-    assertEquals(exceptedExecuteResult, sentryShell.executeShell(args));
-    Set<String> resultSet = Sets.newHashSet(outContent.toString().split("\n"));
-    System.setOut(oldOut);
-    return resultSet;
-  }
-
-  private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) {
-    if (expectedRoleNames != null && expectedRoleNames.length > 0) {
-      assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length,
-          expectedRoleNames.length, roleNames.size());
-      Set<String> lowerCaseRoles = new HashSet<String>();
-      for (String role : roleNames) {
-        lowerCaseRoles.add(role.toLowerCase());
-      }
-
-      for (String expectedRole : expectedRoleNames) {
-        assertTrue("Expected role: " + expectedRole,
-            lowerCaseRoles.contains(expectedRole.toLowerCase()));
-      }
-    }
-  }
-
-  private void validateMissingParameterMsg(SentryShellHive sentryShell, String[] args,
-      String exceptedErrorMsg) throws Exception {
-    Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
-    assertTrue(errorMsgs.contains(exceptedErrorMsg));
-  }
-
-  private void validateMissingParameterMsgsContains(SentryShellHive sentryShell, String[] args,
-      String ... expectedErrorMsgsContains) throws Exception {
-    Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
-    boolean foundAllMessages = false;
-    Iterator<String> it = errorMsgs.iterator();
-    while (it.hasNext()) {
-      String errorMessage = it.next();
-      boolean missingExpected = false;
-      for (String expectedContains : expectedErrorMsgsContains) {
-        if (!errorMessage.contains(expectedContains)) {
-          missingExpected = true;
-          break;
-        }
-      }
-      if (!missingExpected) {
-        foundAllMessages = true;
-        break;
-      }
-    }
-    assertTrue(foundAllMessages);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/resources/indexer_case.ini
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/resources/indexer_case.ini b/sentry-provider/sentry-provider-db/src/test/resources/indexer_case.ini
deleted file mode 100644
index f1afe1f..0000000
--- a/sentry-provider/sentry-provider-db/src/test/resources/indexer_case.ini
+++ /dev/null
@@ -1,26 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#  http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-[groups]
-groupa = RoLe1
-groupb = rOlE1
-groupc = ROLE2
-
-[roles]
-RoLe1 = indexer=*
-rOlE1 = indexer=*
-ROLE2 = indexer=*


Mime
View raw message