You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2020/12/07 17:35:10 UTC
[ranger] branch master updated: RANGER-3106: Add unit test cases
for TrieNode.undoSetup()
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 81b82d8 RANGER-3106: Add unit test cases for TrieNode.undoSetup()
81b82d8 is described below
commit 81b82d839b8ea4867d68785cc4b82d3d27de669d
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Mon Dec 7 09:34:52 2020 -0800
RANGER-3106: Add unit test cases for TrieNode.undoSetup()
---
.../policyengine/RangerPolicyRepository.java | 5 +-
.../plugin/policyengine/RangerResourceTrie.java | 23 +++---
.../plugin/policyengine/TestPolicyEngine.java | 7 ++
.../test_policyengine_hdfs_incremental_update.json | 83 ++++++++++++++++++++++
4 files changed, 106 insertions(+), 12 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index 0d6074f..ffbd908 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -1404,7 +1404,10 @@ public class RangerPolicyRepository {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerPolicyRepository.deletePolicyEvaluator(" + evaluator.getPolicy() + ")");
}
- int policyType = evaluator.getPolicy().getPolicyType();
+ Integer policyType = evaluator.getPolicy().getPolicyType();
+ if (policyType == null) {
+ policyType = RangerPolicy.POLICY_TYPE_ACCESS;
+ }
List<RangerPolicyEvaluator> evaluators = null;
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
index 0ca5896..4428503 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
@@ -947,19 +947,20 @@ public class RangerResourceTrie<T extends RangerPolicyResourceEvaluator> {
if (CollectionUtils.isEmpty(evaluators)) {
evaluators = null;
}
+ }
+ }
+ }
+ if (wildcardEvaluators != null) {
+ if (isSharingParentWildcardEvaluators) {
+ wildcardEvaluators = null;
+ } else {
+ Set<U> parentWildcardEvaluators = getParent() == null ? null : getParent().getWildcardEvaluators();
- if (isSharingParentWildcardEvaluators) {
- wildcardEvaluators = null;
- } else {
- Set<U> parentWildcardEvaluators = getParent() == null ? null : getParent().getWildcardEvaluators();
-
- if (parentWildcardEvaluators != null) {
- wildcardEvaluators.removeAll(parentWildcardEvaluators);
+ if (parentWildcardEvaluators != null) {
+ wildcardEvaluators.removeAll(parentWildcardEvaluators);
- if (CollectionUtils.isEmpty(wildcardEvaluators)) {
- wildcardEvaluators = null;
- }
- }
+ if (CollectionUtils.isEmpty(wildcardEvaluators)) {
+ wildcardEvaluators = null;
}
}
}
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
index 046e15f..dbb5b4a 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -266,6 +266,13 @@ public class TestPolicyEngine {
}
@Test
+ public void testPolicyEngine_hdfs_incremental_update() {
+ String[] hdfsTestResourceFiles = {"/policyengine/test_policyengine_hdfs_incremental_update.json"};
+
+ runTestsFromResourceFiles(hdfsTestResourceFiles);
+ }
+
+ @Test
public void testPolicyEngine_hiveForTag() {
String[] hiveTestResourceFiles = { "/policyengine/test_policyengine_tag_hive.json" };
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hdfs_incremental_update.json b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs_incremental_update.json
new file mode 100644
index 0000000..2672425
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs_incremental_update.json
@@ -0,0 +1,83 @@
+{
+ "serviceName":"hdfsdev",
+
+ "serviceDef":{
+ "name":"hdfs",
+ "id":1,
+ "resources":[
+ {"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"recursiveSupported": true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Resource Path","description":"HDFS file or directory path"}
+ ],
+ "accessTypes":[
+ {"name":"read","label":"Read"},
+ {"name":"write","label":"Write"},
+ {"name":"execute","label":"Execute"}
+ ],
+ "contextEnrichers": [],
+ "policyConditions": []
+ },
+
+ "policies":[
+ {"id":10,"name":"allow-read-to-user1 /a/b*","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"path":{"values":["/a/b*"],"isRecursive":false}},
+ "policyItems":[
+ {"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
+ ]
+ }
+ ,
+ {"id":20,"name":"allow-read-to-user1 /a/bc*","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"path":{"values":["/a/bc*"],"isRecursive":false}},
+ "policyItems":[
+ {"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
+ ]
+ }
+ ],
+
+ "tests":[
+ {"name":"ALLOW 'read /a/bcd' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/a/bcd"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read /a/bcd"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":10}
+ }
+ ,
+ {"name":"ALLOW 'read /a/bd' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/a/bd"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read /a/bd"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":10}
+ }
+ ],
+ "updatedPolicies": {
+ "policyDeltas": [
+ {
+ "changeType": 1,
+ "policy": {
+ "id": 10, "version": 2, "name": "path=/a/b", "isEnabled": true, "isAuditEnabled": true, "serviceType": "hdfs", "policyType": 0,
+ "resources":{"path":{"values":["/a/b"],"isRecursive":false}},
+ "policyItems": [
+ {"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
+ ]
+ }
+ }
+ ]
+ },
+ "updatedTests": [
+ {"name":"ALLOW 'read /a/bcd' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/a/bcd"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read /a/bcd"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":20}
+ }
+ ,
+ {"name":"DENY 'read /a/bd' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/a/bd"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read /a/bd"
+ },
+ "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+ }
+ ]
+}
\ No newline at end of file