Examples of org.apache.sentry.core.model.db.Server

• org.apache.sentry.core.model.db.Server

    append("[roles]", otherPolicyFile);
    append("malicious_role = server=server1->db=customers->table=purchases->action=select", otherPolicyFile);
    PolicyEngine policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    ImmutableSet<String> permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1"),
            new Database("other_group_db")
    }), Lists.newArrayList("other_group")).get("other_group");
    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
  }

    policyFile.write(globalPolicyFile);
    policyFile.write(otherPolicyFile);
    policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1")
    }), Lists.newArrayList("admin")).get("admin");
    Assert.assertEquals(permissions.toString(), "[server=server1]");
    // test to ensure [users] fails parsing of per-db file
    policyFile.addDatabase("other", otherPolicyFile.getPath());
    policyFile.write(globalPolicyFile);
    policyFile.write(otherPolicyFile);
    policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1")
    }), Lists.newArrayList("admin")).get("admin");
    Assert.assertEquals(permissions.toString(), "[server=server1]");
    // test to ensure [databases] fails parsing of per-db file
    // by removing the user mapping from the per-db policy file
    policyFile.removeGroupsFromUser("admin1", "admin")
      .write(otherPolicyFile);
    policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1")
    }), Lists.newArrayList("admin")).get("admin");
    Assert.assertEquals(permissions.toString(), "[server=server1]");
  }

    append("[roles]", otherPolicyFile);
    append("malicious_role = server=server1", otherPolicyFile);
    PolicyEngine policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    ImmutableSet<String> permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1"),
            new Database("other_group_db")
    }), Lists.newArrayList("other_group")).get("other_group");
    Assert.assertTrue(permissions.toString(), permissions.isEmpty());
  }

    PolicyEngine policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");

    // verify that the db1 rule is empty
    ImmutableSet<String> permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1"),
            new Database("db1")
    }), Lists.newArrayList("db1_group")).get("db1_group");
    Assert.assertTrue(permissions.toString(), permissions.isEmpty());

    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1"),
            new Database("db2")
    }), Lists.newArrayList("db2_group")).get("db2_group");
    Assert.assertEquals(permissions.toString(), 1, permissions.size());

    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1"),
            new Database("db2")
    }), Lists.newArrayList("db2_group")).get("db2_group");
    Assert.assertEquals(permissions.toString(), 1, permissions.size());

  }

public class TestDBModelAuthorizables {

  @Test
  public void testServer() throws Exception {
    Server server = (Server)DBModelAuthorizables.from("SeRvEr=server1");
    assertEquals("server1", server.getName());
  }

    PolicyFiles.copyFilesToDir(fileSystem, etc, dbPolicyFile);
    DBPolicyFileBackend multiFSEngine =
        new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");

    List<Authorizable> dbAuthorizables = Lists.newArrayList();
    dbAuthorizables.add(new Server("server1"));
    dbAuthorizables.add(new Database("db11"));
    List<String> dbGroups = Lists.newArrayList();
    dbGroups.add("group1");
    ImmutableSetMultimap <String, String> dbPerms =
        multiFSEngine.getPermissions(dbAuthorizables, dbGroups);

  }

  @Test
  public void testDuplicateEntries() throws Exception {
    Subject user1 = new Subject("user1");
    Server server1 = new Server("server1");
    AccessURI uri = new AccessURI("file:///path/to/");
    Set<? extends Action> actions = EnumSet.of(DBModelAction.ALL, DBModelAction.SELECT, DBModelAction.INSERT);
    policyFile.addGroupsToUser(user1.getName(), true, "group1", "group1")
      .addRolesToGroup("group1",  true, "role1", "role1")
      .addPermissionsToRole("role1", true, "server=" + server1.getName() + "->uri=" + uri.getName(),
          "server=" + server1.getName() + "->uri=" + uri.getName());
    policyFile.write(iniFile);
    DBPolicyFileBackend policy = new DBPolicyFileBackend(initResource, server1.getName());
    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
    List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri);
    Assert.assertTrue(authorizableHierarchy.toString(),
        authzProvider.hasAccess(user1, authorizableHierarchy, actions));
  }

        authzProvider.hasAccess(user1, authorizableHierarchy, actions));
  }
  @Test
  public void testNonAbolutePath() throws Exception {
    Subject user1 = new Subject("user1");
    Server server1 = new Server("server1");
    AccessURI uri = new AccessURI("file:///path/to/");
    Set<? extends Action> actions = EnumSet.of(DBModelAction.ALL, DBModelAction.SELECT, DBModelAction.INSERT);
    policyFile.addGroupsToUser(user1.getName(), "group1")
      .addRolesToGroup("group1", "role1")
      .addPermissionsToRole("role1", "server=" + server1.getName() + "->uri=" + uri.getName());
    policyFile.write(iniFile);
    DBPolicyFileBackend policy = new DBPolicyFileBackend(initResource, server1.getName());
    authzProvider = new LocalGroupResourceAuthorizationProvider(initResource, policy);
    // positive test
    List<? extends Authorizable> authorizableHierarchy = ImmutableList.of(server1, uri);
    Assert.assertTrue(authorizableHierarchy.toString(),
        authzProvider.hasAccess(user1, authorizableHierarchy, actions));

  }

  private static DBModelAuthorizable from(AuthorizableType type, String name) {
    switch (type) {
    case Server:
      return new Server(name);
    case Db:
      return new Database(name);
    case Table:
      return new Table(name);
    case View:

   */
  @Test
  public void testValidateCreateFunctionForAdmin() throws Exception {
    inputTabHierarcyList.add(buildObjectHierarchy(SERVER1, null, null));
    inputTabHierarcyList.add(Arrays.asList(new DBModelAuthorizable[] {
        new Server(SERVER1), new AccessURI("file:///some/path/to/a/jar")
    }));
    testAuth.authorize(HiveOperation.CREATEFUNCTION, createFuncPrivileges, ADMIN_SUBJECT,
        inputTabHierarcyList, outputTabHierarcyList);
  }