You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2023/02/21 02:52:57 UTC
[ranger] branch master updated: RANGER-4102: fixed incorrect TestPolicyACLs unit tests
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 4ef413a29 RANGER-4102: fixed incorrect TestPolicyACLs unit tests
4ef413a29 is described below
commit 4ef413a29529849c12a9543bca1f24a89bc7bd1c
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Mon Feb 20 17:25:11 2023 -0800
RANGER-4102: fixed incorrect TestPolicyACLs unit tests
---
.../org/apache/ranger/plugin/policyengine/TestPolicyACLs.java | 10 ++++++++++
.../test/resources/policyengine/test_aclprovider_default.json | 9 +++++----
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
index a7f48bb33..196755c6e 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
@@ -35,6 +35,7 @@ import com.google.gson.JsonParseException;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest.ResourceMatchingScope;
import org.apache.ranger.plugin.policyengine.RangerResourceACLs.DataMaskResult;
import org.apache.ranger.plugin.policyengine.RangerResourceACLs.RowFilterResult;
import org.apache.ranger.plugin.util.ServicePolicies;
@@ -118,11 +119,15 @@ public class TestPolicyACLs {
continue;
}
RangerAccessRequestImpl request = new RangerAccessRequestImpl(oneTest.resource, RangerPolicyEngine.ANY_ACCESS, null, null, null);
+
+ request.setResourceMatchingScope(oneTest.resourceMatchingScope);
+
RangerResourceACLs acls = policyEngine.getResourceACLs(request);
boolean userACLsMatched = true, groupACLsMatched = true, roleACLsMatched = true, rowFiltersMatched = true, dataMaskingMatched = true;
if (MapUtils.isNotEmpty(acls.getUserACLs()) && MapUtils.isNotEmpty(oneTest.userPermissions)) {
+ assertEquals("getResourceACLs() failed! " + testCase.name + ":" + oneTest.name + " - userACLsMatched", oneTest.userPermissions.size(), acls.getUserACLs().size());
for (Map.Entry<String, Map<String, RangerResourceACLs.AccessResult>> entry :
acls.getUserACLs().entrySet()) {
@@ -195,6 +200,8 @@ public class TestPolicyACLs {
}
if (MapUtils.isNotEmpty(acls.getGroupACLs()) && MapUtils.isNotEmpty(oneTest.groupPermissions)) {
+ assertEquals("getResourceACLs() failed! " + testCase.name + ":" + oneTest.name + " - groupACLsMatched", oneTest.groupPermissions.size(), acls.getGroupACLs().size());
+
for (Map.Entry<String, Map<String, RangerResourceACLs.AccessResult>> entry :
acls.getGroupACLs().entrySet()) {
String groupName = entry.getKey();
@@ -232,6 +239,8 @@ public class TestPolicyACLs {
}
if (MapUtils.isNotEmpty(acls.getRoleACLs()) && MapUtils.isNotEmpty(oneTest.rolePermissions)) {
+ assertEquals("getResourceACLs() failed! " + testCase.name + ":" + oneTest.name + " - roleACLsMatched", oneTest.rolePermissions.size(), acls.getRoleACLs().size());
+
for (Map.Entry<String, Map<String, RangerResourceACLs.AccessResult>> entry :
acls.getRoleACLs().entrySet()) {
String roleName = entry.getKey();
@@ -287,6 +296,7 @@ public class TestPolicyACLs {
class OneTest {
String name;
RangerAccessResource resource;
+ ResourceMatchingScope resourceMatchingScope;
Map<String, Map<String, RangerResourceACLs.AccessResult>> userPermissions;
Map<String, Map<String, RangerResourceACLs.AccessResult>> groupPermissions;
Map<String, Map<String, RangerResourceACLs.AccessResult>> rolePermissions;
diff --git a/agents-common/src/test/resources/policyengine/test_aclprovider_default.json b/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
index 8b799acff..5434fd28c 100644
--- a/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
+++ b/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
@@ -626,6 +626,7 @@
{
"name": "conditional-tag-only-test-descendant",
"resource": {"elements":{"database":"finance", "table":"sales"}},
+ "resourceMatchingScope": "SELF_OR_DESCENDANTS",
"userPermissions": {"hive":{"select":{"result":-1, "isFinal":true},"create":{"result":1, "isFinal":true}, "drop":{"result":-1, "isFinal":true}}, "admin":{"select":{"result":-1, "isFinal":true}} },
"groupPermissions": {"public": {"index":{"result":2, "isFinal":true}}}
},
@@ -638,14 +639,14 @@
{
"name": "public-allow-test",
"resource": {"elements":{"database":"finance", "table":"accounts", "column": "status" }},
- "userPermissions": {"john":{"select":{"result":2, "isFinal":true}, "update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "mary":{"update":{"result":-1, "isFinal":true}}},
- "groupPermissions": {"public": {"select":{"result":2, "isFinal":true}}, "accounting": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "admin": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "interns":{"update":{"result":-1, "isFinal":true}}, "housekeeping":{"select":{"result":-1, "isFinal":true}}}
+ "userPermissions": {"john":{"select":{"result":2, "isFinal":true}, "update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}},
+ "groupPermissions": {"public": {"select":{"result":2, "isFinal":true}}, "accounting": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "admin": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "housekeeping":{"select":{"result":-1, "isFinal":true}}}
},
{
"name": "public-allow-test-next",
"resource": {"elements":{"database":"finance", "table":"accounts", "column": "amount" }},
- "userPermissions": {"john":{"select":{"result":2, "isFinal":true}, "update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "mary":{"update":{"result":-1, "isFinal":true}}},
- "groupPermissions": {"public": {"select":{"result":2, "isFinal":true}}, "accounting": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "admin": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "interns":{"update":{"result":-1, "isFinal":true}}, "housekeeping":{"drop":{"result":-1, "isFinal":true}}}
+ "userPermissions": {"john":{"select":{"result":2, "isFinal":true}, "update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}},
+ "groupPermissions": {"public": {"select":{"result":2, "isFinal":true}}, "accounting": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "admin": {"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}}, "housekeeping":{"drop":{"result":-1, "isFinal":true}}}
},
{
"name": "conditions-in-exceptions-test",