You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2018/09/26 15:42:47 UTC
[5/9] ranger git commit: RANGER-1580 - Update Kafka tests to work
with 0.10.1.1
RANGER-1580 - Update Kafka tests to work with 0.10.1.1
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
(cherry picked from commit fd931f20270d4db8187b885b9e7f95c8261fdd82)
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/73b8c6ee
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/73b8c6ee
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/73b8c6ee
Branch: refs/heads/ranger-0.7
Commit: 73b8c6eee1d96dee91193035043a389784bcd34b
Parents: fdf8551
Author: Vishal Suvagia <vi...@apache.org>
Authored: Wed Sep 26 18:21:36 2018 +0530
Committer: Pradeep <pr...@apache.org>
Committed: Wed Sep 26 20:55:25 2018 +0530
----------------------------------------------------------------------
plugin-kafka/pom.xml | 7 ++++-
.../KafkaRangerAuthorizerSASLSSLTest.java | 3 +-
.../authorizer/KafkaRangerAuthorizerTest.java | 22 ++++++--------
.../src/test/resources/kafka-policies.json | 30 ++++++++++++++++++--
4 files changed, 45 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/73b8c6ee/plugin-kafka/pom.xml
----------------------------------------------------------------------
diff --git a/plugin-kafka/pom.xml b/plugin-kafka/pom.xml
index fb0be18..61bdfd5 100644
--- a/plugin-kafka/pom.xml
+++ b/plugin-kafka/pom.xml
@@ -84,7 +84,12 @@
<version>${bouncycastle.version}</version>
<scope>test</scope>
</dependency>
-
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
<testResources>
http://git-wip-us.apache.org/repos/asf/ranger/blob/73b8c6ee/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
index 277474f..22dce3a 100644
--- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
+++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
@@ -56,7 +56,8 @@ import kafka.utils.ZkUtils;
* CustomAuthorizer that enforces some authorization rules:
*
* - The "IT" group can do anything
- * - The "public" group can only "read/describe" on the "test" topic, not "write".
+ * - The "public" group can "read/describe/write" on the "test" topic.
+ * - The "public" group can only "read/describe" on the "dev" topic, but not write.
*
* Policies available from admin via:
*
http://git-wip-us.apache.org/repos/asf/ranger/blob/73b8c6ee/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
index 898c785..abc03fa 100644
--- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
+++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
@@ -58,7 +58,8 @@ import kafka.utils.ZkUtils;
* CustomAuthorizer that enforces some authorization rules:
*
* - The "IT" group can do anything
- * - The "public" group can only "read/describe" on the "test" topic, not "write".
+ * - The "public" group can "read/describe/write" on the "test" topic.
+ * - The "public" group can only "read/describe" on the "dev" topic, but not write.
*
* Policies available from admin via:
*
@@ -259,8 +260,8 @@ public class KafkaRangerAuthorizerTest {
producer.close();
}
-
- // The "public" group can't write to "test" or "dev"
+
+ // The "public" group can write to "test" but not "dev"
@Test
public void testUnauthorizedWrite() throws Exception {
// Create the Producer
@@ -280,18 +281,13 @@ public class KafkaRangerAuthorizerTest {
final Producer<String, String> producer = new KafkaProducer<>(producerProps);
// Send a message
- try {
- Future<RecordMetadata> record =
- producer.send(new ProducerRecord<String, String>("test", "somekey", "somevalue"));
- producer.flush();
- record.get();
- Assert.fail("Authorization failure expected");
- } catch (Exception ex) {
- Assert.assertTrue(ex.getMessage().contains("Not authorized to access topics"));
- }
+ Future<RecordMetadata> record =
+ producer.send(new ProducerRecord<String, String>("test", "somekey", "somevalue"));
+ producer.flush();
+ record.get();
try {
- Future<RecordMetadata> record =
+ record =
producer.send(new ProducerRecord<String, String>("dev", "somekey", "somevalue"));
producer.flush();
record.get();
http://git-wip-us.apache.org/repos/asf/ranger/blob/73b8c6ee/plugin-kafka/src/test/resources/kafka-policies.json
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/resources/kafka-policies.json b/plugin-kafka/src/test/resources/kafka-policies.json
index cc1c927..dd9b802 100644
--- a/plugin-kafka/src/test/resources/kafka-policies.json
+++ b/plugin-kafka/src/test/resources/kafka-policies.json
@@ -124,11 +124,37 @@
],
"users": [],
"groups": [
- "IT"
+ "public"
],
"conditions": [],
"delegateAdmin": false
- },
+ }
+ ],
+ "denyPolicyItems": [],
+ "allowExceptions": [],
+ "denyExceptions": [],
+ "dataMaskPolicyItems": [],
+ "rowFilterPolicyItems": [],
+ "id": 19,
+ "isEnabled": true,
+ "version": 1
+ },
+ {
+ "service": "cl1_kafka",
+ "name": "DevPolicy",
+ "policyType": 0,
+ "description": "",
+ "isAuditEnabled": true,
+ "resources": {
+ "topic": {
+ "values": [
+ "dev"
+ ],
+ "isExcludes": false,
+ "isRecursive": false
+ }
+ },
+ "policyItems": [
{
"accesses": [
{