You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2018/09/26 15:42:47 UTC

[5/9] ranger git commit: RANGER-1580 - Update Kafka tests to work with 0.10.1.1

RANGER-1580 - Update Kafka tests to work with 0.10.1.1

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
(cherry picked from commit fd931f20270d4db8187b885b9e7f95c8261fdd82)


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/73b8c6ee
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/73b8c6ee
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/73b8c6ee

Branch: refs/heads/ranger-0.7
Commit: 73b8c6eee1d96dee91193035043a389784bcd34b
Parents: fdf8551
Author: Vishal Suvagia <vi...@apache.org>
Authored: Wed Sep 26 18:21:36 2018 +0530
Committer: Pradeep <pr...@apache.org>
Committed: Wed Sep 26 20:55:25 2018 +0530

----------------------------------------------------------------------
 plugin-kafka/pom.xml                            |  7 ++++-
 .../KafkaRangerAuthorizerSASLSSLTest.java       |  3 +-
 .../authorizer/KafkaRangerAuthorizerTest.java   | 22 ++++++--------
 .../src/test/resources/kafka-policies.json      | 30 ++++++++++++++++++--
 4 files changed, 45 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/73b8c6ee/plugin-kafka/pom.xml
----------------------------------------------------------------------
diff --git a/plugin-kafka/pom.xml b/plugin-kafka/pom.xml
index fb0be18..61bdfd5 100644
--- a/plugin-kafka/pom.xml
+++ b/plugin-kafka/pom.xml
@@ -84,7 +84,12 @@
             <version>${bouncycastle.version}</version>
             <scope>test</scope>
         </dependency>
-
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <testResources>

http://git-wip-us.apache.org/repos/asf/ranger/blob/73b8c6ee/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
index 277474f..22dce3a 100644
--- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
+++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
@@ -56,7 +56,8 @@ import kafka.utils.ZkUtils;
  * CustomAuthorizer that enforces some authorization rules:
  * 
  *  - The "IT" group can do anything
- *  - The "public" group can only "read/describe" on the "test" topic, not "write".
+ *  - The "public" group can "read/describe/write" on the "test" topic.
+ *  - The "public" group can only "read/describe" on the "dev" topic, but not write.
  * 
  * Policies available from admin via:
  * 

http://git-wip-us.apache.org/repos/asf/ranger/blob/73b8c6ee/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
index 898c785..abc03fa 100644
--- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
+++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
@@ -58,7 +58,8 @@ import kafka.utils.ZkUtils;
  * CustomAuthorizer that enforces some authorization rules:
  * 
  *  - The "IT" group can do anything
- *  - The "public" group can only "read/describe" on the "test" topic, not "write".
+ *  - The "public" group can "read/describe/write" on the "test" topic.
+ *  - The "public" group can only "read/describe" on the "dev" topic, but not write.
  * 
  * Policies available from admin via:
  * 
@@ -259,8 +260,8 @@ public class KafkaRangerAuthorizerTest {
 
         producer.close();
     }
-    
-    // The "public" group can't write to "test" or "dev"
+
+    // The "public" group can write to "test" but not "dev"
     @Test
     public void testUnauthorizedWrite() throws Exception {
         // Create the Producer
@@ -280,18 +281,13 @@ public class KafkaRangerAuthorizerTest {
         final Producer<String, String> producer = new KafkaProducer<>(producerProps);
         
         // Send a message
-        try {
-            Future<RecordMetadata> record = 
-                producer.send(new ProducerRecord<String, String>("test", "somekey", "somevalue"));
-            producer.flush();
-            record.get();
-            Assert.fail("Authorization failure expected");
-        } catch (Exception ex) {
-            Assert.assertTrue(ex.getMessage().contains("Not authorized to access topics"));
-        }
+        Future<RecordMetadata> record =
+            producer.send(new ProducerRecord<String, String>("test", "somekey", "somevalue"));
+        producer.flush();
+        record.get();
         
         try {
-            Future<RecordMetadata> record = 
+            record =
                 producer.send(new ProducerRecord<String, String>("dev", "somekey", "somevalue"));
             producer.flush();
             record.get();

http://git-wip-us.apache.org/repos/asf/ranger/blob/73b8c6ee/plugin-kafka/src/test/resources/kafka-policies.json
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/resources/kafka-policies.json b/plugin-kafka/src/test/resources/kafka-policies.json
index cc1c927..dd9b802 100644
--- a/plugin-kafka/src/test/resources/kafka-policies.json
+++ b/plugin-kafka/src/test/resources/kafka-policies.json
@@ -124,11 +124,37 @@
           ],
           "users": [],
           "groups": [
-            "IT"
+            "public"
           ],
           "conditions": [],
           "delegateAdmin": false
-        },
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "id": 19,
+      "isEnabled": true,
+      "version": 1
+    },
+    {
+      "service": "cl1_kafka",
+      "name": "DevPolicy",
+      "policyType": 0,
+      "description": "",
+      "isAuditEnabled": true,
+      "resources": {
+        "topic": {
+          "values": [
+            "dev"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
         {
           "accesses": [
             {