"jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); server = SentryServiceFactory.create(conf); conf.set(ApiConstants.ClientConfig.SERVER_RPC_ADDRESS, server.getAddress().getHostName()); conf.set(ApiConstants.ClientConfig.SERVER_RPC_PORT, String.valueOf(server.getAddress().getPort()));
"jdbc:derby:;databaseName=" + dbDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); server = new SentryServiceFactory().create(conf); conf.set(ClientConfig.SERVER_RPC_ADDRESS, server.getAddress().getHostName()); conf.set(ClientConfig.SERVER_RPC_PORT, String.valueOf(server.getAddress().getPort()));
@Override public void runTestAsSubject() throws Exception { String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName, "solr"); client.createRole(requestorUserName, roleName, "solr"); stopSentryService(); SentryServiceIntegrationBase.server = SentryServiceFactory.create(SentryServiceIntegrationBase.conf); SentryServiceIntegrationBase.startSentryService(); client.dropRole(requestorUserName, roleName, "solr"); } });
@Override public void runTestAsSubject() throws Exception { Configuration confWithSmallMaxMsgSize = new Configuration(SentryServiceIntegrationBase.conf); confWithSmallMaxMsgSize.setLong(ServiceConstants.ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE, 50); stopSentryService(); // create a server with a small max thrift message size SentryServiceIntegrationBase.server = SentryServiceFactory.create(confWithSmallMaxMsgSize); SentryServiceIntegrationBase.startSentryService(); setLocalGroupMapping(SentryServiceIntegrationBase.ADMIN_USER, REQUESTER_USER_GROUP_NAMES); writePolicyFile(); // client can talk with server when message size is smaller. client.listAllRoles(SentryServiceIntegrationBase.ADMIN_USER); client.createRole(SentryServiceIntegrationBase.ADMIN_USER, ROLE_NAME); boolean exceptionThrown = false; try { // client throws exception when message size is larger than the server's thrift max message size. client.grantServerPrivilege(SentryServiceIntegrationBase.ADMIN_USER, ROLE_NAME, "server", false); } catch (SentryUserException e) { exceptionThrown = true; Assert.assertTrue(e.getCause().getMessage().contains("org.apache.thrift.transport.TTransportException")); } finally { Assert.assertEquals(true, exceptionThrown); } // client can still talk with sentry server when message size is smaller. Set<TSentryRole> roles = client.listAllRoles(SentryServiceIntegrationBase.ADMIN_USER); Assert.assertTrue(roles.size() == 1); Assert.assertEquals(ROLE_NAME, roles.iterator().next().getRoleName()); } });
@Override public void runTestAsSubject() throws Exception { String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); client.listAllRoles(requestorUserName); stopSentryService(); SentryServiceIntegrationBase.server = SentryServiceFactory.create(SentryServiceIntegrationBase.conf); SentryServiceIntegrationBase.startSentryService(); client.listAllRoles(requestorUserName); client.dropRole(requestorUserName, roleName); } });
@Override public void runTestAsSubject() throws Exception { String requestorUserName = SentryServiceIntegrationBase.ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(SentryServiceIntegrationBase.ADMIN_GROUP); String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); client.listAllRoles(requestorUserName); stopSentryService(); SentryServiceIntegrationBase.server = SentryServiceFactory.create(SentryServiceIntegrationBase.conf); SentryServiceIntegrationBase.startSentryService(); client.listAllRoles(requestorUserName); client.dropRole(requestorUserName, roleName); } });
@Override public void runTestAsSubject() throws Exception { Configuration confWithSmallMaxMsgSize = new Configuration(conf); confWithSmallMaxMsgSize.setLong(ServiceConstants.ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE, 50); stopSentryService(); // create a server with a small max thrift message size server = new SentryServiceFactory().create(confWithSmallMaxMsgSize); startSentryService(); setLocalGroupMapping(ADMIN_USER, REQUESTER_USER_GROUP_NAMES); writePolicyFile(); // client can talk with server when message size is smaller. client.listRoles(ADMIN_USER); client.createRole(ADMIN_USER, ROLE_NAME); boolean exceptionThrown = false; try { // client throws exception when message size is larger than the server's thrift max message size. client.grantServerPrivilege(ADMIN_USER, ROLE_NAME, "server", false); } catch (SentryUserException e) { exceptionThrown = true; Assert.assertTrue(e.getMessage().contains("org.apache.thrift.transport.TTransportException")); } finally { Assert.assertEquals(true, exceptionThrown); } // client can still talk with sentry server when message size is smaller. Set<TSentryRole> roles = client.listRoles(ADMIN_USER); Assert.assertTrue(roles.size() == 1); Assert.assertEquals(ROLE_NAME, roles.iterator().next().getRoleName()); } });
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_r"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); client.listRoles(requestorUserName); stopSentryService(); server = new SentryServiceFactory().create(conf); startSentryService(); client.listRoles(requestorUserName); client.dropRole(requestorUserName, roleName); } });