public void exportPolicy() throws Exception { String requestorUserName = System.getProperty("user.name", ""); SentryPolicyServiceClient client = SentryServiceClientFactory.create(getAuthzConf()); // export the sentry mapping data from database to map structure Map<String, Map<String, Set<String>>> policyFileMappingData = client .exportPolicy(requestorUserName); // get the FileFormatter according to the configuration SentryPolicyFileFormatter sentryPolicyFileFormatter = SentryPolicyFileFormatFactory .createFileFormatter(authzConf); // write the sentry mapping data to exportPolicyFilePath with the data in map structure sentryPolicyFileFormatter.write(exportPolicyFilePath, policyFileMappingData); }
@Override public void runTestAsSubject() throws Exception { Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); Set<String> roles = Sets.newHashSet("role1", "role2"); groupRolesMap.put("group1", roles); Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap(); policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap); client.importPolicy(policyFileMappingData, ADMIN_USER, false); Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER); validateSentryMappingData(sentryMappingData, policyFileMappingData); } });
@Override public void runTestAsSubject() throws Exception { Map<String, Map<String, Set<String>>> policyFileMappingData = Maps.newHashMap(); Map<String, Set<String>> groupRolesMap = Maps.newHashMap(); Set<String> roles = Sets.newHashSet("role1", "role2", "role3"); groupRolesMap.put("group1", roles); groupRolesMap.put("group2", roles); groupRolesMap.put("group3", roles); Map<String, Set<String>> rolePrivilegesMap = Maps.newHashMap(); for (String roleName : roles) { rolePrivilegesMap.put(roleName, Sets.newHashSet(PRIVILIEGE1, PRIVILIEGE2, PRIVILIEGE3, PRIVILIEGE4, PRIVILIEGE5, PRIVILIEGE6, PRIVILIEGE7, PRIVILIEGE8)); } policyFileMappingData.put(PolicyFileConstants.GROUPS, groupRolesMap); policyFileMappingData.put(PolicyFileConstants.ROLES, rolePrivilegesMap); client.importPolicy(policyFileMappingData, ADMIN_USER, false); Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER); validateSentryMappingData(sentryMappingData, policyFileMappingData); } });
exceptedMappingData.put(PolicyFileConstants.ROLES, exceptedPrivilegesMap); Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER); validateSentryMappingData(sentryMappingData, exceptedMappingData);
Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER);
policyFileMappingData2.get(PolicyFileConstants.ROLES)); Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER); validateSentryMappingData(sentryMappingData, exceptedMappingData);
@Override public void runTestAsSubject() throws Exception { Map<String, Map<String, Set<String>>> policyFileMappingData1 = Maps.newHashMap(); Map<String, Set<String>> groupRolesMap1 = Maps.newHashMap(); Map<String, Set<String>> rolePrivilegesMap1 = Maps.newHashMap(); policyFileMappingData1.put(PolicyFileConstants.GROUPS, groupRolesMap1); policyFileMappingData1.put(PolicyFileConstants.ROLES, rolePrivilegesMap1); try { client.importPolicy(policyFileMappingData1, "no-admin-user", false); fail("non-admin can't do the import."); } catch (Exception e) { // excepted exception } try { client.exportPolicy("no-admin-user"); fail("non-admin can't do the export."); } catch (Exception e) { // excepted exception } } });
exceptedMappingData.put(PolicyFileConstants.ROLES, exceptedPrivilegesMap); Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER); validateSentryMappingData(sentryMappingData, exceptedMappingData);
exceptedMappingData.put(PolicyFileConstants.ROLES, exceptedPrivilegesMap); Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER); validateSentryMappingData(sentryMappingData, exceptedMappingData);
exceptedMappingData.put(PolicyFileConstants.ROLES, exceptedPrivilegesMap); Map<String, Map<String, Set<String>>> sentryMappingData = client.exportPolicy(ADMIN_USER); validateSentryMappingData(sentryMappingData, exceptedMappingData);