Examples of org.apache.sentry.provider.file.PolicyFile

• org.apache.sentry.provider.file.PolicyFile
  PolicyFile creator. Written specifically to be used with tests. Specifically due to the fact that methods that would typically return true or false to indicate success or failure these methods throw an unchecked exception. This is because in a test if you mean to remove a user from the policy file, the user should absolutely be there. If not, the test is mis-behaving.

  /**
   * Tests that users in two groups work correctly
   **/
  @Test
  public void testAdmin5() throws Exception {
    policyFile = new PolicyFile();
    policyFile
        .addRolesToGroup("admin_group1", ADMINGROUP)
        .addRolesToGroup("admin_group2", ADMINGROUP)
        .addPermissionsToRole(ADMINGROUP, "server=server1")
        .addGroupsToUser("admin1", "admin_group1", "admin_group2")

  /**
   * Tests that user with two roles the most powerful role takes effect
   **/
  @Test
  public void testGroup2() throws Exception {
    policyFile = new PolicyFile();
    policyFile
        .addRolesToGroup("group1", ADMINGROUP, "analytics")
        .addPermissionsToRole(ADMINGROUP, "server=server1")
        .addPermissionsToRole("analytics", "server=server1->db=" + dbName)
        .addGroupsToUser("user1", "group1")

  /**
   * Tests that user names with special characters are handled correctly
   **/
  @Test
  public void testGroup7() throws Exception {
    policyFile = new PolicyFile();
    policyFile
        .addRolesToGroup("group1", ADMINGROUP)
        .addPermissionsToRole(ADMINGROUP, "server=server1")
        .addGroupsToUser("user1~!@#$%^&*()+-", "group1")
        .addGroupsToUser("user2", "group1")

  }
  @Test
  public void testPerDbFileCannotContainUsersOrDatabases() throws Exception {
    PolicyEngine policy;
    ImmutableSet<String> permissions;
    PolicyFile policyFile;
    // test sanity
    policyFile = PolicyFile.setAdminOnServer1("admin");
    policyFile.addGroupsToUser("admin1", "admin");
    policyFile.write(globalPolicyFile);
    policyFile.write(otherPolicyFile);
    policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1")
    }), Lists.newArrayList("admin")).get("admin");
    Assert.assertEquals(permissions.toString(), "[server=server1]");
    // test to ensure [users] fails parsing of per-db file
    policyFile.addDatabase("other", otherPolicyFile.getPath());
    policyFile.write(globalPolicyFile);
    policyFile.write(otherPolicyFile);
    policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1")
    }), Lists.newArrayList("admin")).get("admin");
    Assert.assertEquals(permissions.toString(), "[server=server1]");
    // test to ensure [databases] fails parsing of per-db file
    // by removing the user mapping from the per-db policy file
    policyFile.removeGroupsFromUser("admin1", "admin")
      .write(otherPolicyFile);
    policy = new DBPolicyFileBackend(globalPolicyFile.getPath(), "server1");
    permissions = policy.getPermissions(
        Arrays.asList(new Authorizable[] {
            new Server("server1")

  public void testMultiFSPolicy() throws Exception {
    File globalPolicyFile = new File(Files.createTempDir(), "global-policy.ini");
    File dbPolicyFile = new File(Files.createTempDir(), "db11-policy.ini");

    // Create global policy file
    PolicyFile dbPolicy = new PolicyFile()
      .addPermissionsToRole("db11_role", "server=server1->db=db11")
      .addRolesToGroup("group1", "db11_role");

    dbPolicy.write(dbPolicyFile);
    Path dbPolicyPath = new Path(etc, "db11-policy.ini");

    // create per-db policy file
    PolicyFile globalPolicy = new PolicyFile()
      .addPermissionsToRole("admin_role", "server=server1")
      .addRolesToGroup("admin_group", "admin_role")
      .addGroupsToUser("db", "admin_group");
    globalPolicy.addDatabase("db11", dbPolicyPath.toUri().toString());
    globalPolicy.write(globalPolicyFile);


    PolicyFiles.copyFilesToDir(fileSystem, etc, globalPolicyFile);
    PolicyFiles.copyFilesToDir(fileSystem, etc, dbPolicyFile);
    DBPolicyFileBackend multiFSEngine =

    }
  }

  @Test
  public void testPerDB() throws Exception {
    PolicyFile db2PolicyFile = new PolicyFile();
    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
    db2PolicyFile
        .addRolesToGroup(USERGROUP2, "select_tbl2")
        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
        .write(db2PolicyFileHandle);

    policyFile

    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
    File db3PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB3_POLICY_FILE);
    File db4PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB4_POLICY_FILE);

    PolicyFile db2PolicyFile = new PolicyFile();
    PolicyFile db3PolicyFile = new PolicyFile();
    PolicyFile db4PolicyFile = new PolicyFile();
    db2PolicyFile
        .addRolesToGroup(USERGROUP2, "select_tbl2")
        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
        .write(db2PolicyFileHandle);
    db3PolicyFile
        .addRolesToGroup(USERGROUP3, "select_tbl3_BAD")
        .addPermissionsToRole("select_tbl3_BAD", "server=server1->db=db3------>table->action=select")
        .write(db3PolicyFileHandle);
    db4PolicyFile
        .addRolesToGroup(USERGROUP4, "select_tbl4")
        .addPermissionsToRole("select_tbl4", "server=server1->db=db4->table=tbl4->action=select")
        .write(db4PolicyFileHandle);
    policyFile
        .addRolesToGroup(USERGROUP1, "select_tbl1")

        .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
        .addDatabase("db2", prefix + db2PolicyFileHandle.getName())
        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
        .write(context.getPolicyFile());

    PolicyFile db2PolicyFile = new PolicyFile();
    db2PolicyFile
        .addRolesToGroup(USERGROUP2, "select_tbl2", "data_read", "insert_tbl2")
        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
        .addPermissionsToRole("insert_tbl2", "server=server1->db=db2->table=tbl2->action=insert")
        .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile)
        .write(db2PolicyFileHandle);

        .addDatabase("db2", prefix + db2PolicyFileHandle.getName())
        .addDatabase("default", prefix + defaultPolicyFileHandle.getName())
        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
        .write(context.getPolicyFile());

    PolicyFile db2PolicyFile = new PolicyFile();
    db2PolicyFile
        .addRolesToGroup(USERGROUP2, "select_tbl2")
        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
        .write(db2PolicyFileHandle);

    PolicyFile defaultPolicyFile = new PolicyFile();
    defaultPolicyFile
        .addRolesToGroup(USERGROUP2, "select_def")
        .addPermissionsToRole("select_def", "server=server1->db=default->table=dtab->action=select")
        .write(defaultPolicyFileHandle);

    // setup db objects needed by the test

    statement.close();
    connection.close();

    File specificPolicyFileFile = new File(baseDir, "db2-policy.ini");

    PolicyFile specificPolicyFile = new PolicyFile()
    .addPermissionsToRole("db1_role", grant)
    .addRolesToGroup("group1", "db1_role");
    specificPolicyFile.write(specificPolicyFileFile);

    policyFile.addDatabase("db2", specificPolicyFileFile.getPath());
    policyFile.write(context.getPolicyFile());