org.apache.sentry.policy.db.TestResourceAuthorizationProviderGeneralCases.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.sentry.policy.db.TestResourceAuthorizationProviderGeneralCases.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.sentry.policy.db;

import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.List;
import java.util.Set;

import junit.framework.Assert;

import org.apache.commons.io.FileUtils;
import org.apache.sentry.core.common.Action;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.db.AccessConstants;
import org.apache.sentry.core.model.db.DBModelAction;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.core.model.db.Table;
import org.apache.sentry.provider.common.MockGroupMappingServiceProvider;
import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
import org.apache.sentry.provider.file.PolicyFiles;
import org.junit.After;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.google.common.base.Objects;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.Multimap;
import com.google.common.io.Files;

public class TestResourceAuthorizationProviderGeneralCases {

    private static final Logger LOGGER = LoggerFactory
            .getLogger(TestResourceAuthorizationProviderGeneralCases.class);

    private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap.create();

    private static final Subject SUB_ADMIN = new Subject("admin1");
    private static final Subject SUB_MANAGER = new Subject("manager1");
    private static final Subject SUB_ANALYST = new Subject("analyst1");
    private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1");

    private static final Server SVR_SERVER1 = new Server("server1");
    private static final Server SVR_ALL = new Server(AccessConstants.ALL);

    private static final Database DB_CUSTOMERS = new Database("customers");
    private static final Database DB_ANALYST = new Database("analyst1");
    private static final Database DB_JR_ANALYST = new Database("jranalyst1");

    private static final Table TBL_PURCHASES = new Table("purchases");

    private static final Set<? extends Action> ALL = EnumSet.of(DBModelAction.ALL);
    private static final Set<? extends Action> SELECT = EnumSet.of(DBModelAction.SELECT);
    private static final Set<? extends Action> INSERT = EnumSet.of(DBModelAction.INSERT);

    static {
        USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin"));
        USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager"));
        USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst"));
        USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(), Arrays.asList("jranalyst"));
    }

    private final ResourceAuthorizationProvider authzProvider;
    private File baseDir;

    public TestResourceAuthorizationProviderGeneralCases() throws IOException {
        baseDir = Files.createTempDir();
        PolicyFiles.copyToDir(baseDir, "test-authz-provider.ini", "test-authz-provider-other-group.ini");
        authzProvider = new HadoopGroupResourceAuthorizationProvider(
                new DBPolicyFileBackend("server1", new File(baseDir, "test-authz-provider.ini").getPath()),
                new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP));

    }

    @After
    public void teardown() {
        if (baseDir != null) {
            FileUtils.deleteQuietly(baseDir);
        }
    }

    private void doTestAuthorizables(Subject subject, Set<? extends Action> privileges, boolean expected,
            Authorizable... authorizables) throws Exception {
        List<Authorizable> authzHierarchy = Arrays.asList(authorizables);
        Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
        helper.add("authorizables", authzHierarchy).add("Privileges", privileges);
        LOGGER.info("Running with " + helper.toString());
        Assert.assertEquals(helper.toString(), expected,
                authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
        LOGGER.info("Passed " + helper.toString());
    }

    private void doTestResourceAuthorizationProvider(Subject subject, Server server, Database database, Table table,
            Set<? extends Action> privileges, boolean expected) throws Exception {
        List<Authorizable> authzHierarchy = Arrays.asList(new Authorizable[] { server, database, table });
        Objects.ToStringHelper helper = Objects.toStringHelper("TestParameters");
        helper.add("Subject", subject).add("Server", server).add("DB", database).add("Table", table)
                .add("Privileges", privileges).add("authzHierarchy", authzHierarchy);
        LOGGER.info("Running with " + helper.toString());
        Assert.assertEquals(helper.toString(), expected,
                authzProvider.hasAccess(subject, authzHierarchy, privileges, ActiveRoleSet.ALL));
        LOGGER.info("Passed " + helper.toString());
    }

    @Test
    public void testAdmin() throws Exception {
        doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, true);
        doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
        doTestResourceAuthorizationProvider(SUB_ADMIN, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, true);
        doTestAuthorizables(SUB_ADMIN, SELECT, true, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES);

    }

    @Test
    public void testManager() throws Exception {
        doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false);
        doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
        doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false);
        doTestResourceAuthorizationProvider(SUB_MANAGER, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
    }

    @Test
    public void testAnalyst() throws Exception {
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL, false);
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT, false);
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT, true);

        // analyst sandbox
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, ALL, true);
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, SELECT, true);
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_ANALYST, TBL_PURCHASES, INSERT, true);
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_ANALYST, TBL_PURCHASES, SELECT, true);

        // jr analyst sandbox
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, ALL, false);
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true);
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, INSERT, false);
        doTestResourceAuthorizationProvider(SUB_ANALYST, SVR_ALL, DB_JR_ANALYST, TBL_PURCHASES, SELECT, true);
    }

    @Test
    public void testJuniorAnalyst() throws Exception {
        doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, ALL,
                false);
        doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, SELECT,
                false);
        doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_CUSTOMERS, TBL_PURCHASES, INSERT,
                false);
        doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_ALL, DB_CUSTOMERS, TBL_PURCHASES, SELECT,
                false);
        // jr analyst sandbox
        doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, ALL,
                true);
        doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, SELECT,
                true);
        doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_SERVER1, DB_JR_ANALYST, TBL_PURCHASES, INSERT,
                true);
        doTestResourceAuthorizationProvider(SUB_JUNIOR_ANALYST, SVR_ALL, DB_JR_ANALYST, TBL_PURCHASES, SELECT,
                true);
    }
}