You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/04/17 07:54:48 UTC
incubator-ranger git commit: RANGER-278: Re-enable policy validation
code and tests
Repository: incubator-ranger
Updated Branches:
refs/heads/master b3e31fadd -> c7727f571
RANGER-278: Re-enable policy validation code and tests
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c7727f57
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c7727f57
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c7727f57
Branch: refs/heads/master
Commit: c7727f571fc36b8aaf9c7a2054f23856f456d4f5
Parents: b3e31fa
Author: Alok Lal <al...@hortonworks.com>
Authored: Mon Apr 13 17:24:21 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Apr 16 22:37:59 2015 -0700
----------------------------------------------------------------------
.../org/apache/ranger/rest/ServiceREST.java | 23 ++--
.../rest/TestServiceRESTForValidation.java | 120 +++++++++++--------
.../src/test/resources/log4j.properties | 36 ++++++
3 files changed, 116 insertions(+), 63 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c7727f57/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index a9ade43..01f2b7c 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -59,16 +59,17 @@ import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.validation.RangerPolicyValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceValidator;
-import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngineCache;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
+import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngineCache;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
import org.apache.ranger.plugin.service.ResourceLookupContext;
@@ -863,8 +864,8 @@ public class ServiceREST {
RangerPolicy ret = null;
try {
- // RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
- // validator.validate(policy, Action.CREATE, bizUtil.isAdmin());
+ RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
+ validator.validate(policy, Action.CREATE, bizUtil.isAdmin());
ensureAdminAccess(policy.getService(), policy.getResources());
@@ -897,8 +898,8 @@ public class ServiceREST {
RangerPolicy ret = null;
try {
- // RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
- // validator.validate(policy, Action.UPDATE, bizUtil.isAdmin());
+ RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
+ validator.validate(policy, Action.UPDATE, bizUtil.isAdmin());
ensureAdminAccess(policy.getService(), policy.getResources());
@@ -925,8 +926,8 @@ public class ServiceREST {
}
try {
- // RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
- // validator.validate(id, Action.DELETE);
+ RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
+ validator.validate(id, Action.DELETE);
RangerPolicy policy = svcStore.getPolicy(id);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c7727f57/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
index f4534a1..1003213 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
@@ -34,6 +34,7 @@ import javax.ws.rs.WebApplicationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.plugin.model.RangerPolicy;
@@ -42,9 +43,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.validation.RangerPolicyValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceValidator;
-import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
-import org.apache.ranger.rest.ServiceREST;
+import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
@@ -59,6 +59,8 @@ public class TestServiceRESTForValidation {
// inject out store in it
_store = mock(ServiceDBStore.class);
_serviceRest.svcStore = _store;
+ _bizUtils = mock(RangerBizUtil.class);
+ _serviceRest.bizUtil = _bizUtils;
// and our validator factory
_factory = mock(RangerValidatorFactory.class);
@@ -202,15 +204,17 @@ public class TestServiceRESTForValidation {
@Test
public void testPolicy_happyPath() {
+ setupBizUtils();
+
try {
-// _serviceRest.updatePolicy(_policy);
-// verify(_policyValidator).validate(_policy, Action.UPDATE);
+ _serviceRest.updatePolicy(_policy);
+ verify(_policyValidator).validate(_policy, Action.UPDATE, true);
_serviceRest.deletePolicy(3L);
verify(_policyValidator).validate(3L, Action.DELETE);
-// _serviceRest.createPolicy(_policy);
-// verify(_policyValidator).validate(_policy, Action.CREATE);
+ _serviceRest.createPolicy(_policy);
+ verify(_policyValidator).validate(_policy, Action.CREATE, true);
} catch (Exception e) {
LOG.debug(e);
fail("unexpected exception");
@@ -219,30 +223,33 @@ public class TestServiceRESTForValidation {
@Test
public void testPolicy_validatorFailure() throws Exception {
+
+ // let's have bizutil return true everytime
+ setupBizUtils();
-// doThrow(_exception).when(_policyValidator).validate(_policy, Action.CREATE);
-// try {
-// _serviceRest.createPolicy(_policy);
-// fail("Should have thrown exception!");
-// } catch (WebApplicationException t) {
-// verify(_policyValidator).validate(_policy, Action.CREATE);
-// verify(_store, never()).createPolicy(_policy);
-// } catch (Throwable t) {
-// LOG.debug(t);
-// fail("Unexpected exception!");
-// }
-//
-// doThrow(_exception).when(_policyValidator).validate(_policy, Action.UPDATE);
-// try {
-// _serviceRest.updatePolicy(_policy);
-// fail("Should have thrown exception!");
-// } catch (WebApplicationException t) {
-// verify(_policyValidator).validate(_policy, Action.UPDATE);
-// verify(_store, never()).updatePolicy(_policy);
-// } catch (Throwable t) {
-// LOG.debug(t);
-// fail("Unexpected exception!");
-// }
+ doThrow(_exception).when(_policyValidator).validate(_policy, Action.CREATE, true);
+ try {
+ _serviceRest.createPolicy(_policy);
+ fail("Should have thrown exception!");
+ } catch (WebApplicationException t) {
+ verify(_policyValidator).validate(_policy, Action.CREATE, true);
+ verify(_store, never()).createPolicy(_policy);
+ } catch (Throwable t) {
+ LOG.debug(t);
+ fail("Unexpected exception!");
+ }
+
+ doThrow(_exception).when(_policyValidator).validate(_policy, Action.UPDATE, true);
+ try {
+ _serviceRest.updatePolicy(_policy);
+ fail("Should have thrown exception!");
+ } catch (WebApplicationException t) {
+ verify(_policyValidator).validate(_policy, Action.UPDATE, true);
+ verify(_store, never()).updatePolicy(_policy);
+ } catch (Throwable t) {
+ LOG.debug(t);
+ fail("Unexpected exception!");
+ }
doThrow(_exception).when(_policyValidator).validate(4L, Action.DELETE);
try {
@@ -259,29 +266,33 @@ public class TestServiceRESTForValidation {
@Test
public void testPolicy_storeFailure() throws Exception {
-// doThrow(_exception).when(_store).createPolicy(_policy);
-// try {
-// _serviceRest.createPolicy(_policy);
-// fail("Should have thrown exception!");
-// } catch (WebApplicationException e) {
-// verify(_policyValidator).validate(_policy, Action.CREATE);
-// verify(_store).createPolicy(_policy);
-// } catch (Throwable t) {
-// LOG.debug(t);
-// fail("Unexpected exception!");
-// }
-//
-// doThrow(_exception).when(_store).updatePolicy(_policy);
-// try {
-// _serviceRest.updatePolicy(_policy);
-// fail("Should have thrown exception!");
-// } catch (WebApplicationException e) {
-// verify(_policyValidator).validate(_policy, Action.UPDATE);
-// verify(_store).updatePolicy(_policy);
-// } catch (Throwable t) {
-// LOG.debug(t);
-// fail("Unexpected exception!");
-// }
+
+ // let's have bizutils return true for now
+ setupBizUtils();
+
+ doThrow(_exception).when(_store).createPolicy(_policy);
+ try {
+ _serviceRest.createPolicy(_policy);
+ fail("Should have thrown exception!");
+ } catch (WebApplicationException e) {
+ verify(_policyValidator).validate(_policy, Action.CREATE, true);
+ verify(_store).createPolicy(_policy);
+ } catch (Throwable t) {
+ LOG.debug(t);
+ fail("Unexpected exception!");
+ }
+
+ doThrow(_exception).when(_store).updatePolicy(_policy);
+ try {
+ _serviceRest.updatePolicy(_policy);
+ fail("Should have thrown exception!");
+ } catch (WebApplicationException e) {
+ verify(_policyValidator).validate(_policy, Action.UPDATE, true);
+ verify(_store).updatePolicy(_policy);
+ } catch (Throwable t) {
+ LOG.debug(t);
+ fail("Unexpected exception!");
+ }
doThrow(_exception).when(_store).deletePolicy(5L);
try {
@@ -401,6 +412,10 @@ public class TestServiceRESTForValidation {
}
}
+ void setupBizUtils() {
+ when(_bizUtils.isAdmin()).thenReturn(true);
+ }
+
private RangerValidatorFactory _factory;
private RangerServiceValidator _serviceValidator;
private RangerPolicyValidator _policyValidator;
@@ -410,6 +425,7 @@ public class TestServiceRESTForValidation {
private ServiceREST _serviceRest;
private Exception _exception;
private RESTErrorUtil _restErrorUtil;
+ private RangerBizUtil _bizUtils;
private RangerService _service;
private RangerPolicy _policy;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c7727f57/security-admin/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/test/resources/log4j.properties b/security-admin/src/test/resources/log4j.properties
new file mode 100644
index 0000000..bd8197d
--- /dev/null
+++ b/security-admin/src/test/resources/log4j.properties
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+##-- To prevent junits from cluttering the build run by default all test runs send output to null appender
+log4j.appender.devnull=org.apache.log4j.varia.NullAppender
+log4j.rootLogger=FATAL, devnull
+
+##-- uncomment the following line during during development/debugging so see debug messages during test run to be emitted to console
+# ranger.root.logger=DEBUG,console
+
+# Define the root logger to the system property "hbase.root.logger".
+log4j.rootLogger=${ranger.root.logger}
+
+# Logging Threshold
+log4j.threshold=ALL
+
+#
+# console
+# Add "console" to rootlogger above if you want to use this
+#
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n