sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [7/9] sentry git commit: SENTRY-2207 Refactor out Sentry CLI from sentry-provider-db into own module. Steve Moist, reviewed by Colm O hEigeartaigh.
Date Mon, 30 Apr 2018 16:35:43 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolIndexer.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolIndexer.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolIndexer.java
deleted file mode 100644
index 4dddf78..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolIndexer.java
+++ /dev/null
@@ -1,263 +0,0 @@
- /**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
- import com.google.common.collect.Sets;
- import com.google.common.io.Files;
- import org.apache.commons.io.FileUtils;
- import org.apache.sentry.core.common.exception.SentryConfigurationException;
- import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase;
- import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
- import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
- import org.apache.sentry.service.thrift.ServiceConstants;
- import org.junit.After;
- import org.junit.Before;
- import org.junit.Test;
-
- import java.io.File;
- import java.io.FileOutputStream;
- import java.util.HashMap;
- import java.util.HashSet;
- import java.util.Map;
- import java.util.Set;
-
- import static org.apache.sentry.provider.common.AuthorizationComponent.HBASE_INDEXER;
- import static org.junit.Assert.assertEquals;
- import static org.junit.Assert.assertTrue;
- import static org.junit.Assert.fail;
-
- public class TestSentryConfigToolIndexer extends SentryGenericServiceIntegrationBase {
-   private static String RESOURCES_DIR = "target" + File.separator + "test-classes" + File.separator;
-   private static String VALID_POLICY_INI = RESOURCES_DIR + "indexer_config_import_tool.ini";
-   private static String INVALID_POLICY_INI = RESOURCES_DIR + "indexer_invalid.ini";
-   private static String CASE_POLICY_INI = RESOURCES_DIR + "indexer_case.ini";
-   private File confDir;
-   private File confPath;
-   private String requestorName = "";
-   private String service = "service1";
-
-   @Before
-   public void prepareForTest() throws Exception {
-     confDir = Files.createTempDir();
-     confPath = new File(confDir, "sentry-site.xml");
-     conf.set(ServiceConstants.ClientConfig.SERVICE_NAME, service);
-     if (confPath.createNewFile()) {
-       FileOutputStream to = new FileOutputStream(confPath);
-       conf.writeXml(to);
-       to.close();
-     }
-     requestorName = clientUgi.getShortUserName();//System.getProperty("user.name", "");
-     Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-     setLocalGroupMapping(requestorName, requestorUserGroupNames);
-     // add ADMIN_USER for the after() in SentryServiceIntegrationBase
-     setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames);
-     writePolicyFile();
-   }
-
-   @After
-   public void clearTestData() throws Exception {
-     FileUtils.deleteQuietly(confDir);
-
-     // clear roles and privileges
-     Set<TSentryRole> tRoles = client.listAllRoles(requestorName, HBASE_INDEXER);
-     for (TSentryRole tRole : tRoles) {
-       String role = tRole.getRoleName();
-       Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(
-           requestorName, role, HBASE_INDEXER, service);
-       for (TSentryPrivilege privilege : privileges) {
-         client.revokePrivilege(requestorName, role, HBASE_INDEXER, privilege);
-       }
-       client.dropRole(requestorName, role, HBASE_INDEXER);
-     }
-   }
-
-   @Test
-   public void testConvertIni() throws Exception {
-     runTestAsSubject(new TestOperation() {
-       @Override
-       public void runTestAsSubject() throws Exception {
-         String[] args = {"-mgr", "-f", VALID_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-v", "-i"};
-         SentryShellIndexer sentryTool = new SentryShellIndexer();
-         sentryTool.executeShell(args);
-
-         Map<String, Set<String>> groupMapping = new HashMap<String, Set<String>>();
-         groupMapping.put("corporal_role", Sets.newHashSet("corporal", "sergeant", "general", "commander_in_chief"));
-         groupMapping.put("sergeant_role", Sets.newHashSet("sergeant", "general", "commander_in_chief"));
-         groupMapping.put("general_role", Sets.newHashSet("general", "commander_in_chief"));
-         groupMapping.put("commander_in_chief_role", Sets.newHashSet("commander_in_chief"));
-
-
-         Map<String, Set<String>> privilegeMapping = new HashMap<String, Set<String>>();
-         privilegeMapping.put("corporal_role",
-             Sets.newHashSet("Indexer=info->action=read", "Indexer=info->action=write"));
-         privilegeMapping.put("sergeant_role",
-             Sets.newHashSet("Indexer=info->action=write"));
-         privilegeMapping.put("general_role",
-             Sets.newHashSet("Indexer=info->action=*"));
-         privilegeMapping.put("commander_in_chief_role",
-             Sets.newHashSet("Indexer=*->action=*"));
-
-         // check roles
-         Set<TSentryRole> tRoles = client.listAllRoles(requestorName, HBASE_INDEXER);
-         assertEquals("Unexpected number of roles", groupMapping.keySet().size(), tRoles.size());
-         Set<String> roles = new HashSet<String>();
-         for (TSentryRole tRole : tRoles) {
-           roles.add(tRole.getRoleName());
-         }
-
-         for (String expectedRole : groupMapping.keySet()) {
-           assertTrue("Didn't find expected role: " + expectedRole, roles.contains(expectedRole));
-         }
-
-         // check groups
-         for (TSentryRole tRole : tRoles) {
-           Set<String> expectedGroups = groupMapping.get(tRole.getRoleName());
-           assertEquals("Group size doesn't match for role: " + tRole.getRoleName(),
-               expectedGroups.size(), tRole.getGroups().size());
-           assertTrue("Group does not contain all expected members for role: " + tRole.getRoleName(),
-               tRole.getGroups().containsAll(expectedGroups));
-         }
-
-         // check privileges
-         GenericPrivilegeConverter convert = new GenericPrivilegeConverter(HBASE_INDEXER, service);
-         for (String role : roles) {
-           Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(
-               requestorName, role, HBASE_INDEXER, service);
-           Set<String> expectedPrivileges = privilegeMapping.get(role);
-           assertEquals("Privilege set size doesn't match for role: " + role,
-               expectedPrivileges.size(), privileges.size());
-
-           Set<String> privilegeStrs = new HashSet<String>();
-           for (TSentryPrivilege privilege : privileges) {
-             privilegeStrs.add(convert.toString(privilege));
-           }
-
-           for (String expectedPrivilege : expectedPrivileges) {
-             assertTrue("Did not find expected privilege: " + expectedPrivilege,
-                 privilegeStrs.contains(expectedPrivilege));
-           }
-         }
-       }
-     });
-   }
-
-   @Test
-   public void testNoPolicyFile() throws Exception {
-     runTestAsSubject(new TestOperation() {
-       @Override
-       public void runTestAsSubject() throws Exception {
-         String[] args = { "-mgr", "-f", INVALID_POLICY_INI + "Foobar", "-conf", confPath.getAbsolutePath(), "-v", "-i"};
-         SentryShellIndexer sentryTool = new SentryShellIndexer();
-         try {
-           sentryTool.executeShell(args);
-           fail("Exception should be thrown for nonexistant ini");
-         } catch (SentryConfigurationException e) {
-           // expected exception
-         }
-       }
-     });
-   }
-
-   @Test
-   public void testNoValidateNorImport() throws Exception {
-     runTestAsSubject(new TestOperation() {
-       @Override
-       public void runTestAsSubject() throws Exception {
-         String[] args = { "-mgr", "-f", INVALID_POLICY_INI, "-conf", confPath.getAbsolutePath()};
-         SentryShellIndexer sentryTool = new SentryShellIndexer();
-         try {
-           sentryTool.executeShell(args);
-           fail("Exception should be thrown for validating invalid ini");
-         } catch (IllegalArgumentException e) {
-           // expected exception
-         }
-       }
-     });
-   }
-
-   @Test
-   public void testConvertInvalidIni() throws Exception {
-     runTestAsSubject(new TestOperation() {
-       @Override
-       public void runTestAsSubject() throws Exception {
-         // test: validate an invalid ini
-         String[] args = { "-mgr", "-f", INVALID_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-v", "-i"};
-         SentryShellIndexer sentryTool = new SentryShellIndexer();
-         try {
-           sentryTool.executeShell(args);
-           fail("Exception should be thrown for validating invalid ini");
-         } catch (SentryConfigurationException e) {
-           // expected exception
-         }
-
-         // test without validating, should not error
-         args = new String[] { "-mgr", "-f", INVALID_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-i"};
-         sentryTool = new SentryShellIndexer();
-         sentryTool.executeShell(args);
-       }
-     });
-   }
-
-   @Test
-   public void testCompatCheck() throws Exception {
-     runTestAsSubject(new TestOperation() {
-       @Override
-       public void runTestAsSubject() throws Exception {
-         // test: validate an invalid ini
-         String[] args = { "-mgr", "-f", CASE_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-v", "-i", "-c"};
-         SentryShellIndexer sentryTool = new SentryShellIndexer();
-         try {
-           sentryTool.executeShell(args);
-           fail("Exception should be thrown for validating invalid ini");
-         } catch (SentryConfigurationException e) {
-           assertEquals("Expected error", 1, e.getConfigErrors().size());
-           String error = e.getConfigErrors().get(0);
-           assertCasedRoleNamesInMessage(error, "RoLe1", "rOlE1");
-           String warning = e.getConfigWarnings().get(0);
-           assertCasedRoleNamesInMessage(warning, "ROLE2", "RoLe1", "rOlE1");
-           assertEquals("Expected warning", 1, e.getConfigWarnings().size());
-         }
-
-         // test without compat checking
-         args = new String[] { "-mgr", "-f", CASE_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-i", "-v"};
-         sentryTool = new SentryShellIndexer();
-         sentryTool.executeShell(args);
-       }
-     });
-   }
-
-   // Test that a valid compat check doesn't throw an exception
-   @Test
-   public void testCompatCheckValid() throws Exception {
-     runTestAsSubject(new TestOperation() {
-       @Override
-       public void runTestAsSubject() throws Exception {
-         String[] args = { "-mgr", "-f", VALID_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-v", "-i", "-c"};
-         SentryShellIndexer sentryTool = new SentryShellIndexer();
-         sentryTool.executeShell(args);
-       }
-     });
-   }
-
-   private void assertCasedRoleNamesInMessage(String message, String ... casedRoleNames) {
-     for (String casedRoleName : casedRoleNames) {
-       assertTrue("Expected cased role name: " + casedRoleName, message.contains(casedRoleName));
-     }
-   }
- }

http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java
deleted file mode 100644
index 9e6ff42..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryConfigToolSolr.java
+++ /dev/null
@@ -1,261 +0,0 @@
- /**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.io.Files;
-import com.google.common.collect.Sets;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.core.common.exception.SentryConfigurationException;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-public class TestSentryConfigToolSolr extends SentryGenericServiceIntegrationBase {
-  private static String RESOURCES_DIR = "target" + File.separator + "test-classes" + File.separator;
-  private static String VALID_POLICY_INI = RESOURCES_DIR + "solr_config_import_tool.ini";
-  private static String INVALID_POLICY_INI = RESOURCES_DIR + "solr_invalid.ini";
-  private static String CASE_POLICY_INI = RESOURCES_DIR + "solr_case.ini";
-  private File confDir;
-  private File confPath;
-  private String requestorName = "";
-  private String service = "service1";
-
-  @Before
-  public void prepareForTest() throws Exception {
-    confDir = Files.createTempDir();
-    confPath = new File(confDir, "sentry-site.xml");
-    if (confPath.createNewFile()) {
-      FileOutputStream to = new FileOutputStream(confPath);
-      conf.writeXml(to);
-      to.close();
-    }
-    requestorName = clientUgi.getShortUserName();//System.getProperty("user.name", "");
-    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-    setLocalGroupMapping(requestorName, requestorUserGroupNames);
-    // add ADMIN_USER for the after() in SentryServiceIntegrationBase
-    setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames);
-    writePolicyFile();
-  }
-
-  @After
-  public void clearTestData() throws Exception {
-    FileUtils.deleteQuietly(confDir);
-
-    // clear roles and privileges
-    Set<TSentryRole> tRoles = client.listAllRoles(requestorName, SOLR);
-    for (TSentryRole tRole : tRoles) {
-      String role = tRole.getRoleName();
-      Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(
-          requestorName, role, SOLR, service);
-      for (TSentryPrivilege privilege : privileges) {
-        client.revokePrivilege(requestorName, role, SOLR, privilege);
-      }
-      client.dropRole(requestorName, role, SOLR);
-    }
-  }
-
-  @Test
-  public void testConvertIni() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String[] args = { "-p", VALID_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-v", "-i"};
-        SentryConfigToolSolr sentryTool = new SentryConfigToolSolr();
-        sentryTool.executeConfigTool(args);
-
-        Map<String, Set<String>> groupMapping = new HashMap<String, Set<String>>();
-        groupMapping.put("corporal_role", Sets.newHashSet("corporal", "sergeant", "general", "commander_in_chief"));
-        groupMapping.put("sergeant_role", Sets.newHashSet("sergeant", "general", "commander_in_chief"));
-        groupMapping.put("general_role", Sets.newHashSet("general", "commander_in_chief"));
-        groupMapping.put("commander_in_chief_role", Sets.newHashSet("commander_in_chief"));
-
-        Map<String, Set<String>> privilegeMapping = new HashMap<String, Set<String>>();
-        privilegeMapping.put("corporal_role",
-            Sets.newHashSet("Collection=info->action=query", "Collection=info->action=update"));
-        privilegeMapping.put("sergeant_role",
-            Sets.newHashSet("Collection=info->action=update"));
-        privilegeMapping.put("general_role",
-            Sets.newHashSet("Collection=info->action=*"));
-        privilegeMapping.put("commander_in_chief_role",
-            Sets.newHashSet("Collection=*->action=*"));
-
-        // check roles
-        Set<TSentryRole> tRoles = client.listAllRoles(requestorName, SOLR);
-        assertEquals("Unexpected number of roles", groupMapping.keySet().size(), tRoles.size());
-        Set<String> roles = new HashSet<String>();
-        for (TSentryRole tRole : tRoles) {
-          roles.add(tRole.getRoleName());
-        }
-
-        for (String expectedRole : groupMapping.keySet()) {
-          assertTrue("Didn't find expected role: " + expectedRole, roles.contains(expectedRole));
-        }
-
-        // check groups
-        for (TSentryRole tRole : tRoles) {
-          Set<String> expectedGroups = groupMapping.get(tRole.getRoleName());
-          assertEquals("Group size doesn't match for role: " + tRole.getRoleName(),
-              expectedGroups.size(), tRole.getGroups().size());
-          assertTrue("Group does not contain all expected members for role: " + tRole.getRoleName(),
-              tRole.getGroups().containsAll(expectedGroups));
-        }
-
-        // check privileges
-        GenericPrivilegeConverter convert = new GenericPrivilegeConverter(SOLR, service);
-        for (String role : roles) {
-          Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(
-              requestorName, role, SOLR, service);
-          Set<String> expectedPrivileges = privilegeMapping.get(role);
-          assertEquals("Privilege set size doesn't match for role: " + role,
-              expectedPrivileges.size(), privileges.size());
-
-          Set<String> privilegeStrs = new HashSet<String>();
-          for (TSentryPrivilege privilege : privileges) {
-            privilegeStrs.add(convert.toString(privilege));
-          }
-
-          for (String expectedPrivilege : expectedPrivileges) {
-            assertTrue("Did not find expected privilege: " + expectedPrivilege + " in " + privilegeStrs,
-                privilegeStrs.contains(expectedPrivilege));
-          }
-        }
-      }
-    });
-  }
-
-  @Test
-  public void testNoPolicyFile() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String[] args = { "-p", INVALID_POLICY_INI + "Foobar", "-conf", confPath.getAbsolutePath(), "-v", "-i"};
-        SentryConfigToolSolr sentryTool = new SentryConfigToolSolr();
-        try {
-          sentryTool.executeConfigTool(args);
-          fail("Exception should be thrown for nonexistant ini");
-        } catch (SentryConfigurationException e) {
-          // expected exception
-        }
-      }
-    });
-  }
-
-  @Test
-  public void testNoValidateNorImport() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String[] args = { "-p", INVALID_POLICY_INI, "-conf", confPath.getAbsolutePath()};
-        SentryConfigToolSolr sentryTool = new SentryConfigToolSolr();
-        try {
-          sentryTool.executeConfigTool(args);
-          fail("Exception should be thrown for validating invalid ini");
-        } catch (IllegalArgumentException e) {
-          // expected exception
-        }
-      }
-    });
-  }
-
-  @Test
-  public void testConvertInvalidIni() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // test: validate an invalid ini
-        String[] args = { "-p", INVALID_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-v", "-i"};
-        SentryConfigToolSolr sentryTool = new SentryConfigToolSolr();
-        try {
-          sentryTool.executeConfigTool(args);
-          fail("Exception should be thrown for validating invalid ini");
-        } catch (SentryConfigurationException e) {
-          // expected exception
-        }
-
-        // test without validating, should not error
-        args = new String[] { "-p", INVALID_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-i"};
-        sentryTool = new SentryConfigToolSolr();
-        sentryTool.executeConfigTool(args);
-      }
-    });
-  }
-
-  @Test
-  public void testCompatCheck() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // test: validate an invalid ini
-        String[] args = { "-p", CASE_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-v", "-i", "-c"};
-        SentryConfigToolSolr sentryTool = new SentryConfigToolSolr();
-        try {
-          sentryTool.executeConfigTool(args);
-          fail("Exception should be thrown for validating invalid ini");
-        } catch (SentryConfigurationException e) {
-          assertEquals("Expected error", 1, e.getConfigErrors().size());
-          String error = e.getConfigErrors().get(0);
-          assertCasedRoleNamesInMessage(error, "RoLe1", "rOlE1");
-          String warning = e.getConfigWarnings().get(0);
-          assertCasedRoleNamesInMessage(warning, "ROLE2", "RoLe1", "rOlE1");
-          assertEquals("Expected warning", 1, e.getConfigWarnings().size());
-        }
-
-        // test without compat checking
-        args = new String[] { "-p", CASE_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-i", "-v"};
-        sentryTool = new SentryConfigToolSolr();
-        sentryTool.executeConfigTool(args);
-      }
-    });
-  }
-
-  // Test that a valid compat check doesn't throw an exception
-  @Test
-  public void testCompatCheckValid() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String[] args = { "-p", VALID_POLICY_INI, "-conf", confPath.getAbsolutePath(), "-v", "-i", "-c"};
-        SentryConfigToolSolr sentryTool = new SentryConfigToolSolr();
-        sentryTool.executeConfigTool(args);
-      }
-    });
-  }
-
-  private void assertCasedRoleNamesInMessage(String message, String ... casedRoleNames) {
-    for (String casedRoleName : casedRoleNames) {
-      assertTrue("Expected cased role name: " + casedRoleName, message.contains(casedRoleName));
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellIndexer.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellIndexer.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellIndexer.java
deleted file mode 100644
index f66eb85..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellIndexer.java
+++ /dev/null
@@ -1,526 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-import org.apache.sentry.service.thrift.ServiceConstants;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.PrintStream;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import static junit.framework.Assert.assertEquals;
-import static org.apache.sentry.provider.common.AuthorizationComponent.HBASE_INDEXER;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-public class TestSentryShellIndexer extends SentryGenericServiceIntegrationBase {
-  private File confDir;
-  private File confPath;
-  private static String TEST_ROLE_NAME_1 = "testRole1";
-  private static String TEST_ROLE_NAME_2 = "testRole2";
-  private String requestorName = "";
-  private String service = "service1";
-
-  @Before
-  public void prepareForTest() throws Exception {
-    confDir = Files.createTempDir();
-    confPath = new File(confDir, "sentry-site.xml");
-    conf.set(ServiceConstants.ClientConfig.SERVICE_NAME, service);
-    if (confPath.createNewFile()) {
-      FileOutputStream to = new FileOutputStream(confPath);
-      conf.writeXml(to);
-      to.close();
-    }
-    requestorName = clientUgi.getShortUserName();
-    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-    setLocalGroupMapping(requestorName, requestorUserGroupNames);
-    // add ADMIN_USER for the after() in SentryServiceIntegrationBase
-    setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames);
-    writePolicyFile();
-  }
-
-  @After
-  public void clearTestData() throws Exception {
-    FileUtils.deleteQuietly(confDir);
-  }
-
-  @Test
-  public void testCreateDropRole() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // test: create role with -cr
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-        // test: create role with --create_role
-        args = new String[] { "--create_role", "-r", TEST_ROLE_NAME_2, "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-
-        // validate the result, list roles with -lr
-        args = new String[] { "-lr", "-conf", confPath.getAbsolutePath() };
-        SentryShellIndexer sentryShell = new SentryShellIndexer();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // validate the result, list roles with --list_role
-        args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // test: drop role with -dr
-        args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-        // test: drop role with --drop_role
-        args = new String[] { "--drop_role", "-r", TEST_ROLE_NAME_2, "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-
-        // validate the result
-        Set<TSentryRole> roles = client.listAllRoles(requestorName, HBASE_INDEXER);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-      }
-    });
-  }
-
-  @Test
-  public void testAddDeleteRoleForGroup() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // Group names are case sensitive - mixed case names should work
-        String TEST_GROUP_1 = "testGroup1";
-        String TEST_GROUP_2 = "testGroup2";
-        String TEST_GROUP_3 = "testGroup3";
-
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, HBASE_INDEXER);
-        client.createRole(requestorName, TEST_ROLE_NAME_2, HBASE_INDEXER);
-        // test: add role to group with -arg
-        String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-        // test: add role to multiple groups
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
-            "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-        // test: add role to group with --add_role_group
-        args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
-            "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-
-        // validate the result list roles with -lr and -g
-        args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath() };
-        SentryShellIndexer sentryShell = new SentryShellIndexer();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // list roles with --list_role and -g
-        args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf",
-            confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf",
-            confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        // test: delete role from group with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-        // test: delete role to multiple groups
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
-            "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-        // test: delete role from group with --delete_role_group
-        args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
-            "-conf", confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-
-        // validate the result
-        Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1, HBASE_INDEXER);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, HBASE_INDEXER);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, HBASE_INDEXER);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, HBASE_INDEXER);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2, HBASE_INDEXER);
-      }
-    });
-  }
-
-  @Test
-  public void testCaseSensitiveGroupName() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, HBASE_INDEXER);
-        // add role to a group (lower case)
-        String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", "group1", "-conf",
-            confPath.getAbsolutePath() };
-        SentryShellIndexer.main(args);
-
-        // validate the roles when group name is same case as above
-        args = new String[] { "-lr", "-g", "group1", "-conf", confPath.getAbsolutePath() };
-        SentryShellIndexer sentryShell = new SentryShellIndexer();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        // roles should be empty when group name is different case than above
-        args = new String[] { "-lr", "-g", "GROUP1", "-conf", confPath.getAbsolutePath() };
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames);
-      }
-      });
-    }
-
-  public static String grant(boolean shortOption) {
-    return shortOption ? "-gpr" : "--grant_privilege_role";
-  }
-
-  public static String revoke(boolean shortOption) {
-    return shortOption ? "-rpr" : "--revoke_privilege_role";
-  }
-
-  public static String list(boolean shortOption) {
-    return shortOption ? "-lp" : "--list_privilege";
-  }
-
-  private void assertGrantRevokePrivilege(final boolean shortOption) throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, HBASE_INDEXER);
-        client.createRole(requestorName, TEST_ROLE_NAME_2, HBASE_INDEXER);
-
-        String [] privs = {
-          "Indexer=*->action=*",
-          "Indexer=indexer1->action=read",
-          "Indexer=indexer2->action=write"
-        };
-        for (int i = 0; i < privs.length; ++i) {
-          // test: grant privilege to role
-          String [] args = new String [] { grant(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
-            privs[ i ],
-            "-conf", confPath.getAbsolutePath() };
-          SentryShellIndexer.main(args);
-        }
-
-        // test the list privilege
-        String [] args = new String[] { list(shortOption), "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        SentryShellIndexer sentryShell = new SentryShellIndexer();
-        Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals("Incorrect number of privileges", privs.length, privilegeStrs.size());
-        for (int i = 0; i < privs.length; ++i) {
-          assertTrue("Expected privilege: " + privs[ i ], privilegeStrs.contains(privs[ i ]));
-        }
-
-        for (int i = 0; i < privs.length; ++i) {
-          args = new String[] { revoke(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
-            privs[ i ], "-conf",
-            confPath.getAbsolutePath() };
-          SentryShellIndexer.main(args);
-          Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName,
-            TEST_ROLE_NAME_1, HBASE_INDEXER, service);
-          assertEquals("Incorrect number of privileges", privs.length - (i + 1), privileges.size());
-        }
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, HBASE_INDEXER);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2, HBASE_INDEXER);
-      }
-    });
-  }
-
-
-  @Test
-  public void testGrantRevokePrivilegeWithShortOption() throws Exception {
-    assertGrantRevokePrivilege(true);
-  }
-
-  @Test
-  public void testGrantRevokePrivilegeWithLongOption() throws Exception {
-    assertGrantRevokePrivilege(false);
-  }
-
-  @Test
-  public void testNegativeCaseWithInvalidArgument() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        client.createRole(requestorName, TEST_ROLE_NAME_1, HBASE_INDEXER);
-        // test: create duplicate role with -cr
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        SentryShellIndexer sentryShell = new SentryShellIndexer();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for creating duplicate role");
-        } catch (SentryUserException e) {
-          // expected exception
-        }
-
-        // test: drop non-exist role with -dr
-        args = new String[] { "-dr", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for dropping non-exist role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        }
-
-        // test: add non-exist role to group with -arg
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for granting non-exist role to group");
-        } catch (SentryUserException e) {
-          // excepted exception
-        }
-
-        // test: drop group from non-exist role with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for drop group from non-exist role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        }
-
-        // test: grant privilege to role with the error privilege format
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=*",
-            "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for the error privilege format, invalid key value.");
-        } catch (IllegalArgumentException e) {
-          // excepted exception
-        }
-
-        // test: grant privilege to role with the error privilege hierarchy
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "server=server1->table=tbl1->column=col2->action=insert", "-conf",
-            confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for the error privilege format, invalid key value.");
-        } catch (IllegalArgumentException e) {
-          // expected exception
-        }
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, HBASE_INDEXER);
-      }
-    });
-  }
-
-  @Test
-  public void testNegativeCaseWithoutRequiredArgument() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String strOptionConf = "conf";
-        client.createRole(requestorName, TEST_ROLE_NAME_1, HBASE_INDEXER);
-        // test: the conf is required argument
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1 };
-        SentryShellIndexer sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + strOptionConf);
-
-        // test: -r is required when create role
-        args = new String[] { "-cr", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -r is required when drop role
-        args = new String[] { "-dr", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -r is required when add role to group
-        args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -g is required when add role to group
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
-        // test: -r is required when delete role from group
-        args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -g is required when delete role from group
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
-        // test: -r is required when grant privilege to role
-        args = new String[] { "-gpr", "-p", "indexer=Indexer1", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -p is required when grant privilege to role
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
-        // test: action is required in privilege
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-p", "indexer=Indexer1" };
-        sentryShell = new SentryShellIndexer();
-         try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected IllegalArgumentException");
-        } catch (IllegalArgumentException e) {
-          assert("Privilege is invalid: action required but not specified.".equals(e.getMessage()));
-        }
-
-        // test: -r is required when revoke privilege from role
-        args = new String[] { "-rpr", "-p", "indexer=Indexer1", "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -p is required when revoke privilege from role
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
-        // test: command option is required for shell
-        args = new String[] {"-conf", confPath.getAbsolutePath() };
-        sentryShell = new SentryShellIndexer();
-        validateMissingParameterMsgsContains(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[",
-                "-arg Add role to group",
-                "-cr Create role",
-                "-rpr Revoke privilege from role",
-                "-drg Delete role from group",
-                "-lr List role",
-                "-lp List privilege",
-                "-gpr Grant privilege to role",
-                "-dr Drop role");
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, HBASE_INDEXER);
-      }
-    });
-  }
-
-  // redirect the System.out to ByteArrayOutputStream, then execute the command and parse the result.
-  private Set<String> getShellResultWithOSRedirect(SentryShellIndexer sentryShell,
-      String[] args, boolean expectedExecuteResult) throws Exception {
-    PrintStream oldOut = System.out;
-    ByteArrayOutputStream outContent = new ByteArrayOutputStream();
-    System.setOut(new PrintStream(outContent));
-    assertEquals(expectedExecuteResult, sentryShell.executeShell(args));
-    String outContentStr = outContent.toString();
-    Set<String> resultSet = outContentStr.length() > 0 ? Sets.<String>newHashSet(outContentStr.split("\n")) : Sets.<String>newHashSet();
-    System.setOut(oldOut);
-    return resultSet;
-  }
-
-  private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) {
-    if (expectedRoleNames != null && expectedRoleNames.length > 0) {
-      assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length,
-          expectedRoleNames.length, roleNames.size());
-      Set<String> lowerCaseRoles = new HashSet<String>();
-      for (String role : roleNames) {
-        lowerCaseRoles.add(role.toLowerCase());
-      }
-
-      for (String expectedRole : expectedRoleNames) {
-        assertTrue("Expected role: " + expectedRole,
-            lowerCaseRoles.contains(expectedRole.toLowerCase()));
-      }
-    }
-  }
-
-  private void validateMissingParameterMsg(SentryShellIndexer sentryShell, String[] args,
-      String expectedErrorMsg) throws Exception {
-    Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
-    assertTrue("Expected error message: " + expectedErrorMsg, errorMsgs.contains(expectedErrorMsg));
-  }
-
-  private void validateMissingParameterMsgsContains(SentryShellIndexer sentryShell, String[] args,
-      String ... expectedErrorMsgsContains) throws Exception {
-    Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
-    boolean foundAllMessages = false;
-    Iterator<String> it = errorMsgs.iterator();
-    while (it.hasNext()) {
-      String errorMessage = it.next();
-      boolean missingExpected = false;
-      for (String expectedContains : expectedErrorMsgsContains) {
-        if (!errorMessage.contains(expectedContains)) {
-          missingExpected = true;
-          break;
-        }
-      }
-      if (!missingExpected) {
-        foundAllMessages = true;
-        break;
-      }
-    }
-    assertTrue(foundAllMessages);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6752f14a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
deleted file mode 100644
index a9234fa..0000000
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/tools/TestSentryShellKafka.java
+++ /dev/null
@@ -1,550 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.sentry.provider.db.generic.tools;
-
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-import org.apache.commons.io.FileUtils;
-import org.apache.sentry.core.common.exception.SentryUserException;
-import org.apache.sentry.core.model.kafka.validator.KafkaPrivilegeValidator;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.PrintStream;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import static org.junit.Assert.*;
-
-public class TestSentryShellKafka extends SentryGenericServiceIntegrationBase {
-  private File confDir;
-  private File confPath;
-  private static String TEST_ROLE_NAME_1 = "testRole1";
-  private static String TEST_ROLE_NAME_2 = "testRole2";
-  private static String KAFKA = "kafka";
-  private String requestorName = "";
-  private String service = "kafka";
-
-  @Before
-  public void prepareForTest() throws Exception {
-    confDir = Files.createTempDir();
-    confPath = new File(confDir, "sentry-site.xml");
-    if (confPath.createNewFile()) {
-      FileOutputStream to = new FileOutputStream(confPath);
-      conf.writeXml(to);
-      to.close();
-    }
-    requestorName = clientUgi.getShortUserName();//.getProperty("user.name", "");
-    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
-    setLocalGroupMapping(requestorName, requestorUserGroupNames);
-    // add ADMIN_USER for the after() in SentryServiceIntegrationBase
-    setLocalGroupMapping(ADMIN_USER, requestorUserGroupNames);
-    writePolicyFile();
-  }
-
-  @After
-  public void clearTestData() throws Exception {
-    FileUtils.deleteQuietly(confDir);
-  }
-
-  @Test
-  public void testCreateDropRole() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // test: create role with -cr
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric.main(args);
-        // test: create role with --create_role
-        args = new String[] { "--create_role", "-r", TEST_ROLE_NAME_2, "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric.main(args);
-
-        // validate the result, list roles with -lr
-        args = new String[] { "-lr", "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // validate the result, list roles with --list_role
-        args = new String[] { "--list_role", "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // test: drop role with -dr
-        args = new String[] { "-dr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric.main(args);
-        // test: drop role with --drop_role
-        args = new String[] { "--drop_role", "-r", TEST_ROLE_NAME_2, "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric.main(args);
-
-        // validate the result
-        Set<TSentryRole> roles = client.listAllRoles(requestorName, KAFKA);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-      }
-    });
-  }
-
-  @Test
-  public void testAddDeleteRoleForGroup() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // Group names are case sensitive - mixed case names should work
-        String TEST_GROUP_1 = "testGroup1";
-        String TEST_GROUP_2 = "testGroup2";
-        String TEST_GROUP_3 = "testGroup3";
-
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
-        client.createRole(requestorName, TEST_ROLE_NAME_2, KAFKA);
-        // test: add role to group with -arg
-        String[] args = { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric.main(args);
-        // test: add role to multiple groups
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
-            "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric.main(args);
-        // test: add role to group with --add_role_group
-        args = new String[] { "--add_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
-            "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric.main(args);
-
-        // validate the result list roles with -lr and -g
-        args = new String[] { "-lr", "-g", TEST_GROUP_1, "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1, TEST_ROLE_NAME_2);
-
-        // list roles with --list_role and -g
-        args = new String[] { "--list_role", "-g", TEST_GROUP_2, "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        args = new String[] { "--list_role", "-g", TEST_GROUP_3, "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        // List the groups and roles via listGroups
-        args = new String[] { "--list_group", "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        Set<String> groups = getShellResultWithOSRedirect(sentryShell, args, true);
-        assertEquals(3, groups.size());
-        assertTrue(groups.contains("testGroup3 = testrole1"));
-        assertTrue(groups.contains("testGroup2 = testrole1"));
-        assertTrue(groups.contains("testGroup1 = testrole2, testrole1"));
-
-        // test: delete role from group with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_1, "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric.main(args);
-        // test: delete role to multiple groups
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_1, "-g", TEST_GROUP_2 + "," + TEST_GROUP_3,
-            "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric.main(args);
-        // test: delete role from group with --delete_role_group
-        args = new String[] { "--delete_role_group", "-r", TEST_ROLE_NAME_2, "-g", TEST_GROUP_1,
-            "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric.main(args);
-
-        // validate the result
-        Set<TSentryRole> roles = client.listRolesByGroupName(requestorName, TEST_GROUP_1, KAFKA);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        roles = client.listRolesByGroupName(requestorName, TEST_GROUP_2, KAFKA);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        roles = client.listRolesByGroupName(requestorName, TEST_GROUP_3, KAFKA);
-        assertEquals("Incorrect number of roles", 0, roles.size());
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2, KAFKA);
-      }
-    });
-  }
-
-  @Test
-  public void testCaseSensitiveGroupName() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
-        // add role to a group (lower case)
-        String[] args = {"-arg", "-r", TEST_ROLE_NAME_1, "-g", "group1", "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka"};
-        SentryShellGeneric.main(args);
-
-        // validate the roles when group name is same case as above
-        args = new String[]{"-lr", "-g", "group1", "-conf", confPath.getAbsolutePath(), "-t", "kafka"};
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames, TEST_ROLE_NAME_1);
-
-        // roles should be empty when group name is different case than above
-        args = new String[]{"-lr", "-g", "GROUP1", "-conf", confPath.getAbsolutePath(), "-t", "kafka"};
-        roleNames = getShellResultWithOSRedirect(sentryShell, args, true);
-        validateRoleNames(roleNames);
-      }
-    });
-  }
-
-  public static String grant(boolean shortOption) {
-    return shortOption ? "-gpr" : "--grant_privilege_role";
-  }
-
-  public static String revoke(boolean shortOption) {
-    return shortOption ? "-rpr" : "--revoke_privilege_role";
-  }
-
-  public static String list(boolean shortOption) {
-    return shortOption ? "-lp" : "--list_privilege";
-  }
-
-  private void assertGrantRevokePrivilege(final boolean shortOption) throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        // create the role for test
-        client.createRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
-        client.createRole(requestorName, TEST_ROLE_NAME_2, KAFKA);
-
-        String [] privs = {
-            "HOST=*->CLUSTER=kafka-cluster->action=read",
-            "HOST=h1->TOPIC=t1->action=write",
-            "HOST=*->CONSUMERGROUP=cg1->action=read",
-            "CLUSTER=kafka-cluster->action=write",
-            "CONSUMERGROUP=cg2->action=write"
-        };
-        for (int i = 0; i < privs.length; ++i) {
-          // test: grant privilege to role
-          String [] args = new String [] { grant(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
-            privs[ i ],
-            "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-          SentryShellGeneric.main(args);
-        }
-
-        // test the list privilege
-        String [] args = new String[] { list(shortOption), "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        Set<String> privilegeStrs = getShellResultWithOSRedirect(sentryShell, args, true);
-
-        assertEquals("Incorrect number of privileges", privs.length, privilegeStrs.size());
-        for (int i = 0; i < privs.length; ++i) {
-          assertTrue("Expected privilege: " + privs[i] + " in " + Arrays.toString(privilegeStrs.toArray()), privilegeStrs.contains(privs[i].startsWith("HOST=") ? privs[i] : "HOST=*->" + privs[i]));
-        }
-
-        for (int i = 0; i < privs.length; ++i) {
-          args = new String[] { revoke(shortOption), "-r", TEST_ROLE_NAME_1, "-p",
-            privs[ i ], "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-          SentryShellGeneric.main(args);
-          Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorName,
-            TEST_ROLE_NAME_1, KAFKA, service);
-          assertEquals("Incorrect number of privileges. Received privileges: " + Arrays.toString(privileges.toArray()), privs.length - (i + 1), privileges.size());
-        }
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
-        client.dropRole(requestorName, TEST_ROLE_NAME_2, KAFKA);
-      }
-    });
-  }
-
-
-  @Test
-  public void testGrantRevokePrivilegeWithShortOption() throws Exception {
-    assertGrantRevokePrivilege(true);
-  }
-
-  @Test
-  public void testGrantRevokePrivilegeWithLongOption() throws Exception {
-    assertGrantRevokePrivilege(false);
-  }
-
-
-  @Test
-  public void testNegativeCaseWithInvalidArgument() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        client.createRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
-        // test: create duplicate role with -cr
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for creating duplicate role");
-        } catch (SentryUserException e) {
-          // expected exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // test: drop non-exist role with -dr
-        args = new String[] { "-dr", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for dropping non-exist role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // test: add non-exist role to group with -arg
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for granting non-exist role to group");
-        } catch (SentryUserException e) {
-          // excepted exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // test: drop group from non-exist role with -drg
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-g", "testGroup1", "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for drop group from non-exist role");
-        } catch (SentryUserException e) {
-          // excepted exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // test: grant privilege to role with the error privilege format
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p", "serverserver1->action=all",
-            "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for the error privilege format, invalid key value.");
-        } catch (IllegalArgumentException e) {
-          // excepted exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // test: grant privilege to role with the error privilege hierarchy
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-p",
-            "consumergroup=cg1->host=h1->action=create", "-conf",
-            confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        try {
-          sentryShell.executeShell(args);
-          fail("Exception should be thrown for the error privilege format, invalid key value.");
-        } catch (IllegalArgumentException e) {
-          // expected exception
-        } catch (Exception e) {
-          fail ("Unexpected exception received. " + e);
-        }
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
-      }
-    });
-  }
-
-  @Test
-  public void testNegativeCaseWithoutRequiredArgument() throws Exception {
-    runTestAsSubject(new TestOperation() {
-      @Override
-      public void runTestAsSubject() throws Exception {
-        String strOptionConf = "conf";
-        client.createRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
-        // test: the conf is required argument
-        String[] args = { "-cr", "-r", TEST_ROLE_NAME_1, "-t", "kafka" };
-        SentryShellGeneric sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + strOptionConf);
-
-        // test: -r is required when create role
-        args = new String[] { "-cr", "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -r is required when drop role
-        args = new String[] { "-dr", "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -r is required when add role to group
-        args = new String[] { "-arg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -g is required when add role to group
-        args = new String[] { "-arg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
-        // test: -r is required when delete role from group
-        args = new String[] { "-drg", "-g", "testGroup1", "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -g is required when delete role from group
-        args = new String[] { "-drg", "-r", TEST_ROLE_NAME_2, "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_GROUP_NAME);
-
-        // test: -r is required when grant privilege to role
-        args = new String[] { "-gpr", "-p", "server=server1", "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -p is required when grant privilege to role
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
-        // test: action is required in privilege
-        args = new String[] { "-gpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-p", "host=*->topic=t1", "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-         try {
-          getShellResultWithOSRedirect(sentryShell, args, false);
-          fail("Expected IllegalArgumentException");
-        } catch (IllegalArgumentException e) {
-           assert(("Kafka privilege must end with a valid action.\n" + KafkaPrivilegeValidator.KafkaPrivilegeHelpMsg).equals(e.getCause().getMessage()));
-        } catch (Exception e) {
-           fail ("Unexpected exception received. " + e);
-         }
-
-        // test: -r is required when revoke privilege from role
-        args = new String[] { "-rpr", "-p", "host=h1", "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_ROLE_NAME);
-
-        // test: -p is required when revoke privilege from role
-        args = new String[] { "-rpr", "-r", TEST_ROLE_NAME_1, "-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsg(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + SentryShellCommon.OPTION_DESC_PRIVILEGE);
-
-        // test: command option is required for shell
-        args = new String[] {"-conf", confPath.getAbsolutePath(), "-t", "kafka" };
-        sentryShell = new SentryShellGeneric();
-        validateMissingParameterMsgsContains(sentryShell, args,
-                SentryShellCommon.PREFIX_MESSAGE_MISSING_OPTION + "[",
-                "-arg Add role to group",
-                "-cr Create role",
-                "-rpr Revoke privilege from role",
-                "-drg Delete role from group",
-                "-lr List role",
-                "-lp List privilege",
-                "-gpr Grant privilege to role",
-                "-dr Drop role");
-
-        // clear the test data
-        client.dropRole(requestorName, TEST_ROLE_NAME_1, KAFKA);
-      }
-    });
-  }
-
-  // redirect the System.out to ByteArrayOutputStream, then execute the command and parse the result.
-  private Set<String> getShellResultWithOSRedirect(SentryShellGeneric sentryShell,
-      String[] args, boolean expectedExecuteResult) throws Exception {
-    PrintStream oldOut = System.out;
-    ByteArrayOutputStream outContent = new ByteArrayOutputStream();
-    System.setOut(new PrintStream(outContent));
-    assertEquals(expectedExecuteResult, sentryShell.executeShell(args));
-    Set<String> resultSet = Sets.newHashSet(outContent.toString().split("\n"));
-    System.setOut(oldOut);
-    return resultSet;
-  }
-
-  private void validateRoleNames(Set<String> roleNames, String ... expectedRoleNames) {
-    if (expectedRoleNames != null && expectedRoleNames.length > 0) {
-      assertEquals("Found: " + roleNames.size() + " roles, expected: " + expectedRoleNames.length,
-          expectedRoleNames.length, roleNames.size());
-      Set<String> lowerCaseRoles = new HashSet<String>();
-      for (String role : roleNames) {
-        lowerCaseRoles.add(role.toLowerCase());
-      }
-
-      for (String expectedRole : expectedRoleNames) {
-        assertTrue("Expected role: " + expectedRole,
-            lowerCaseRoles.contains(expectedRole.toLowerCase()));
-      }
-    }
-  }
-
-  private void validateMissingParameterMsg(SentryShellGeneric sentryShell, String[] args,
-      String expectedErrorMsg) throws Exception {
-    Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
-    assertTrue("Expected error message: " + expectedErrorMsg, errorMsgs.contains(expectedErrorMsg));
-  }
-
-  private void validateMissingParameterMsgsContains(SentryShellGeneric sentryShell, String[] args,
-      String ... expectedErrorMsgsContains) throws Exception {
-    Set<String> errorMsgs = getShellResultWithOSRedirect(sentryShell, args, false);
-    boolean foundAllMessages = false;
-    Iterator<String> it = errorMsgs.iterator();
-    while (it.hasNext()) {
-      String errorMessage = it.next();
-      boolean missingExpected = false;
-      for (String expectedContains : expectedErrorMsgsContains) {
-        if (!errorMessage.contains(expectedContains)) {
-          missingExpected = true;
-          break;
-        }
-      }
-      if (!missingExpected) {
-        foundAllMessages = true;
-        break;
-      }
-    }
-    assertTrue(foundAllMessages);
-  }
-}


Mime
View raw message