hawq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From adenis...@apache.org
Subject [1/4] incubator-hawq git commit: HAWQ-1203. Ranger Plugin Service Implementation. (with contributions by Lav Jain and Leslie Chang) (close #1092)
Date Wed, 18 Jan 2017 18:58:44 GMT
Repository: incubator-hawq
Updated Branches:
  refs/heads/master e46f06cc9 -> 7f36b35bd


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerTest.java
b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerTest.java
new file mode 100644
index 0000000..0a439db
--- /dev/null
+++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerTest.java
@@ -0,0 +1,325 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hawq.ranger.authorization;
+
+import org.apache.hawq.ranger.authorization.model.AuthorizationRequest;
+import org.apache.hawq.ranger.authorization.model.AuthorizationResponse;
+import org.apache.hawq.ranger.authorization.model.HawqPrivilege;
+import org.apache.hawq.ranger.authorization.model.HawqResource;
+import org.apache.hawq.ranger.authorization.model.ResourceAccess;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
+import org.apache.ranger.plugin.service.RangerBasePlugin;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatcher;
+import org.mockito.Mock;
+import org.mockito.internal.util.collections.Sets;
+import org.mockito.runners.MockitoJUnitRunner;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import static junit.framework.TestCase.assertEquals;
+import static junit.framework.TestCase.assertNotNull;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.argThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+
+@RunWith(MockitoJUnitRunner.class)
+public class RangerHawqAuthorizerTest {
+
+    private static final Integer TEST_REQUEST_ID = 1;
+    private static final String TEST_USER = "alex";
+    private static final String TEST_CLIENT = "1.2.3.4";
+    private static final String TEST_CONTEXT = "SELECT * FROM sales";
+    private static final Set<HawqPrivilege> TEST_PRIVILEGES = Sets.newSet(HawqPrivilege.select,
HawqPrivilege.update);
+
+    private static final String TEST_RESOURCE_REQUEST =
+            "finance:us:sales>select,update#finance:emea:sales>create";
+    private static final String TEST_RESOURCE_RESPONSE_ALL_FALSE =
+            "finance:us:sales>select,update>false#finance:emea:sales>create>false";
+    private static final String TEST_RESOURCE_RESPONSE_ALL_TRUE =
+            "finance:us:sales>select,update>true#finance:emea:sales>create>true";
+    private static final String TEST_RESOURCE_RESPONSE_US_ALLOWED_EMEA_DENIED =
+            "finance:us:sales>select,update>true#finance:emea:sales>create>false";
+    private static final String TEST_RESOURCE_RESPONSE_UPDATE_DENIED =
+            "finance:us:sales>select,update>false#finance:emea:sales>create>true";
+
+    private static final String TEST_RESOURCE_REQUEST_CREATE_SCHEMA  = "finance>create";
+    private static final String TEST_RESOURCE_RESPONSE_CREATE_SCHEMA = "finance>create>true";
+    private static final String TEST_RESOURCE_REQUEST_USAGE_SCHEMA  = "finance:us>usage";
+    private static final String TEST_RESOURCE_RESPONSE_USAGE_SCHEMA = "finance:us>usage>true";
+
+    private RangerHawqAuthorizer authorizer;
+
+    @Mock
+    private RangerBasePlugin mockRangerPlugin;
+    @Mock
+    private RangerAccessResult mockRangerAccessResult;
+
+    @Before
+    public void setup() throws Exception {
+        authorizer = RangerHawqAuthorizer.getInstance();
+        authorizer.setRangerPlugin(mockRangerPlugin);
+    }
+
+    @Test
+    public void testAuthorize_allAllowed() throws Exception {
+        when(mockRangerPlugin.isAccessAllowed(any(RangerAccessRequest.class))).thenReturn(mockRangerAccessResult);
+        when(mockRangerAccessResult.getIsAllowed()).thenReturn(true);
+        testRequest(TEST_RESOURCE_REQUEST, TEST_RESOURCE_RESPONSE_ALL_TRUE);
+    }
+
+    @Test
+    public void testAuthorize_allDenied() throws Exception {
+        when(mockRangerPlugin.isAccessAllowed(any(RangerAccessRequest.class))).thenReturn(mockRangerAccessResult);
+        when(mockRangerAccessResult.getIsAllowed()).thenReturn(false);
+        testRequest(TEST_RESOURCE_REQUEST, TEST_RESOURCE_RESPONSE_ALL_FALSE);
+    }
+
+    @Test
+    public void testAuthorize_usAllowedEmeaDenied() throws Exception {
+        RangerAccessResult mockRangerAccessResultUS = mock(RangerAccessResult.class);
+        RangerAccessResult mockRangerAccessResultEMEA = mock(RangerAccessResult.class);
+
+        when(mockRangerPlugin.isAccessAllowed(argThat(new SchemaMatcher("us")))).thenReturn(mockRangerAccessResultUS);
+        when(mockRangerPlugin.isAccessAllowed(argThat(new SchemaMatcher("emea")))).thenReturn(mockRangerAccessResultEMEA);
+        when(mockRangerAccessResultUS.getIsAllowed()).thenReturn(true);
+        when(mockRangerAccessResultEMEA.getIsAllowed()).thenReturn(false);
+        testRequest(TEST_RESOURCE_REQUEST, TEST_RESOURCE_RESPONSE_US_ALLOWED_EMEA_DENIED);
+    }
+
+    @Test
+    public void testAuthorize_partialPrivilegeUpdateDenied() throws Exception {
+        RangerAccessResult mockRangerAccessResultCreateSelect = mock(RangerAccessResult.class);
+        RangerAccessResult mockRangerAccessResultUpdate = mock(RangerAccessResult.class);
+
+        when(mockRangerPlugin.isAccessAllowed(argThat(new PrivilegeMatcher("create", "select")))).thenReturn(mockRangerAccessResultCreateSelect);
+        when(mockRangerPlugin.isAccessAllowed(argThat(new PrivilegeMatcher("update")))).thenReturn(mockRangerAccessResultUpdate);
+        when(mockRangerAccessResultCreateSelect.getIsAllowed()).thenReturn(true);
+        when(mockRangerAccessResultUpdate.getIsAllowed()).thenReturn(false);
+        testRequest(TEST_RESOURCE_REQUEST, TEST_RESOURCE_RESPONSE_UPDATE_DENIED);
+    }
+
+    @Test
+    public void testAuthorize_createSchemaAllowed() throws Exception {
+        RangerAccessResult mockRangerAccessResultCreate = mock(RangerAccessResult.class);
+
+        when(mockRangerPlugin.isAccessAllowed(argThat(new PrivilegeMatcher("create-schema")))).thenReturn(mockRangerAccessResultCreate);
+        when(mockRangerAccessResultCreate.getIsAllowed()).thenReturn(true);
+        testRequest(TEST_RESOURCE_REQUEST_CREATE_SCHEMA, TEST_RESOURCE_RESPONSE_CREATE_SCHEMA);
+    }
+
+    @Test
+    public void testAuthorize_usageSchemaAllowed() throws Exception {
+        RangerAccessResult mockRangerAccessResultUsage = mock(RangerAccessResult.class);
+
+        when(mockRangerPlugin.isAccessAllowed(argThat(new PrivilegeMatcher("usage-schema")))).thenReturn(mockRangerAccessResultUsage);
+        when(mockRangerAccessResultUsage.getIsAllowed()).thenReturn(true);
+        testRequest(TEST_RESOURCE_REQUEST_USAGE_SCHEMA, TEST_RESOURCE_RESPONSE_USAGE_SCHEMA);
+    }
+
+    /* ----- VALIDATION TESTS ----- */
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testAuthorize_validationFailure_requestId() {
+        AuthorizationRequest request = prepareRequest(null, TEST_USER, TEST_CLIENT, TEST_CONTEXT,
TEST_RESOURCE_REQUEST);
+        authorizer.isAccessAllowed(request);
+    }
+    @Test(expected=IllegalArgumentException.class)
+    public void testAuthorize_validationFailure_user() {
+        AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, "", TEST_CLIENT, TEST_CONTEXT,
TEST_RESOURCE_REQUEST);
+        authorizer.isAccessAllowed(request);
+    }
+    @Test(expected=IllegalArgumentException.class)
+    public void testAuthorize_validationFailure_client() {
+        AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, "", TEST_CONTEXT,
TEST_RESOURCE_REQUEST);
+        authorizer.isAccessAllowed(request);
+    }
+    @Test(expected=IllegalArgumentException.class)
+    public void testAuthorize_validationFailure_context() {
+        AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT,
"", TEST_RESOURCE_REQUEST);
+        authorizer.isAccessAllowed(request);
+    }
+    @Test(expected=IllegalArgumentException.class)
+    public void testAuthorize_validationFailure_emptyAccessSet() {
+        AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT,
TEST_CONTEXT, new HashSet<ResourceAccess>());
+        authorizer.isAccessAllowed(request);
+    }
+    @Test(expected=IllegalArgumentException.class)
+    public void testAuthorize_validationFailure_emptyResource() {
+        ResourceAccess resourceAccess = new ResourceAccess();
+        resourceAccess.setResource(new HashMap<HawqResource, String>());
+        resourceAccess.setPrivileges(TEST_PRIVILEGES);
+        AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT,
TEST_CONTEXT, resourceAccess);
+        authorizer.isAccessAllowed(request);
+    }
+    @Test(expected=IllegalArgumentException.class)
+    public void testAuthorize_validationFailure_emptyResourceValue() {
+        ResourceAccess resourceAccess = new ResourceAccess();
+        HashMap<HawqResource, String> resource = new HashMap<>();
+        resource.put(HawqResource.database, "");
+        resourceAccess.setResource(resource);
+        resourceAccess.setPrivileges(TEST_PRIVILEGES);
+        AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT,
TEST_CONTEXT, resourceAccess);
+        authorizer.isAccessAllowed(request);
+    }
+    @Test(expected=IllegalArgumentException.class)
+    public void testAuthorize_validationFailure_emptyPrivileges() {
+        ResourceAccess resourceAccess = new ResourceAccess();
+        HashMap<HawqResource, String> resource = new HashMap<>();
+        resource.put(HawqResource.database, "abc");
+        resourceAccess.setResource(resource);
+        resourceAccess.setPrivileges(new HashSet<HawqPrivilege>());
+        AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT,
TEST_CONTEXT, resourceAccess);
+        authorizer.isAccessAllowed(request);
+    }
+
+    /* ----- HELPER METHODS ----- */
+
+    private void testRequest(String request, String expectedResponse) {
+        AuthorizationRequest authRequest = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT,
TEST_CONTEXT, request);
+        AuthorizationResponse authResponse = authorizer.isAccessAllowed(authRequest);
+        validateResponse(authResponse, expectedResponse);
+    }
+
+    private AuthorizationRequest prepareRequest(
+            Integer requestId, String user, String clientIp, String context, Set<ResourceAccess>
access) {
+
+        AuthorizationRequest request = new AuthorizationRequest();
+        request.setRequestId(requestId);
+        request.setUser(user);
+        request.setClientIp(clientIp);
+        request.setContext(context);
+        request.setAccess(access);
+
+        return request;
+    }
+
+    private AuthorizationRequest prepareRequest(
+            Integer requestId, String user, String clientIp, String context, ResourceAccess
resourceAccess) {
+
+        Set<ResourceAccess> access = new HashSet<>();
+        access.add(resourceAccess);
+        return prepareRequest(requestId, user, clientIp, context, access);
+    }
+
+    private AuthorizationRequest prepareRequest(
+            Integer requestId, String user, String clientIp, String context, String resources)
{
+
+        Set<ResourceAccess> access = new HashSet<>();
+        // resource string is like "db:schema:table>select,update#db:schema:table>create"
+        for (String resourceStr : resources.split("#")) {
+            String[] parts = resourceStr.split(">");
+            String[] resource = parts[0].split(":");
+            String[] privs = parts[1].split(",");
+
+            Map<HawqResource, String> tableResource = new HashMap<>();
+            tableResource.put(HawqResource.database, resource[0]);
+            if (resource.length > 1) {
+                tableResource.put(HawqResource.schema, resource[1]);
+            }
+            if (resource.length > 2) {
+                tableResource.put(HawqResource.table, resource[2]);
+            }
+            ResourceAccess tableAccess = new ResourceAccess();
+            tableAccess.setResource(tableResource);
+
+            Set<HawqPrivilege> privSet = new HashSet<>();
+            for (String priv : privs) {
+                privSet.add(HawqPrivilege.valueOf(priv));
+            }
+            tableAccess.setPrivileges(privSet);
+            access.add(tableAccess);
+        }
+
+        return prepareRequest(requestId, user, clientIp, context, access);
+    }
+
+    private void validateResponse(AuthorizationResponse response, String resources) {
+
+        assertNotNull(response);
+
+        Set<ResourceAccess> actual = response.getAccess();
+        Set<ResourceAccess> expected = new HashSet<>();
+
+        // resources string is like "db:schema:table>select,update>true#db:schema:table>create>false"
+        for (String resourceStr : resources.split("#")) {
+            String[] parts = resourceStr.split(">");
+            String[] resource = parts[0].split(":");
+            String[] privs = parts[1].split(",");
+            Boolean allowed = Boolean.valueOf(parts[2]);
+
+            Map<HawqResource, String> tableResource = new HashMap<>();
+            tableResource.put(HawqResource.database, resource[0]);
+            if (resource.length > 1) {
+                tableResource.put(HawqResource.schema, resource[1]);
+            }
+            if (resource.length > 2) {
+                tableResource.put(HawqResource.table, resource[2]);
+            }
+            ResourceAccess tableAccess = new ResourceAccess();
+            tableAccess.setResource(tableResource);
+
+            Set<HawqPrivilege> privSet = new HashSet<>();
+            for (String priv : privs) {
+                privSet.add(HawqPrivilege.fromString(priv));
+            }
+            tableAccess.setPrivileges(privSet);
+            tableAccess.setAllowed(allowed);
+
+            expected.add(tableAccess);
+        }
+
+        assertEquals(expected.size(), actual.size());
+        assertEquals(expected, actual);
+    }
+
+    /* ----- Argument Matchers ----- */
+
+    private class SchemaMatcher extends ArgumentMatcher<RangerAccessRequest> {
+        private String schema;
+        public SchemaMatcher(String schema) {
+            this.schema = schema;
+        }
+        @Override
+        public boolean matches(Object request) {
+            return request == null ? false :
+                    schema.equals(((RangerAccessRequest) request).getResource().getAsMap().get("schema"));
+        }
+    };
+
+    private class PrivilegeMatcher extends ArgumentMatcher<RangerAccessRequest> {
+        private Set<String> privileges;
+        public PrivilegeMatcher(String... privileges) {
+            this.privileges = Sets.newSet(privileges);
+        }
+        @Override
+        public boolean matches(Object request) {
+            return request == null ? false :
+                    privileges.contains(((RangerAccessRequest) request).getAccessType());
+        }
+    };
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResourceTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResourceTest.java
b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResourceTest.java
new file mode 100644
index 0000000..40c2217
--- /dev/null
+++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResourceTest.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hawq.ranger.authorization;
+
+import org.apache.hawq.ranger.authorization.model.AuthorizationRequest;
+import org.apache.hawq.ranger.authorization.model.AuthorizationResponse;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+import static junit.framework.TestCase.*;
+import static org.junit.Assert.fail;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.when;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(RangerHawqAuthorizer.class)
+public class RangerHawqPluginResourceTest {
+
+    private RangerHawqPluginResource resource;
+
+    @Mock
+    private RangerHawqAuthorizer mockAuthorizer;
+    @Mock
+    private AuthorizationResponse mockResponse;
+    @Mock
+    private RuntimeException mockException;
+
+    @Before
+    public void setup() throws Exception {
+        PowerMockito.mockStatic(RangerHawqAuthorizer.class);
+        when(RangerHawqAuthorizer.getInstance()).thenReturn(mockAuthorizer);
+        resource = new RangerHawqPluginResource();
+    }
+
+    @Test
+    public void testGetVersion() {
+        String version = (String) resource.version().getEntity();
+        assertEquals("{\"version\":\"version-test\"}", version);
+    }
+
+    @Test
+    public void testAuthorizeSuccess() {
+        when(mockAuthorizer.isAccessAllowed(any(AuthorizationRequest.class))).thenReturn(mockResponse);
+        AuthorizationResponse response = resource.authorize(new AuthorizationRequest());
+        assertNotNull(response);
+        assertEquals(mockResponse, response);
+    }
+
+    @Test
+    public void testAuthorizeException() {
+        when(mockAuthorizer.isAccessAllowed(any(AuthorizationRequest.class))).thenThrow(mockException);
+        try {
+            resource.authorize(new AuthorizationRequest());
+            fail("should've thrown exception");
+        } catch (Exception e) {
+            assertSame(mockException, e);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapperTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapperTest.java
b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapperTest.java
new file mode 100644
index 0000000..e81b76c
--- /dev/null
+++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapperTest.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hawq.ranger.authorization;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.runners.MockitoJUnitRunner;
+
+import javax.ws.rs.core.Response;
+
+import static org.junit.Assert.assertEquals;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ServiceExceptionMapperTest {
+
+    private ServiceExceptionMapper mapper;
+
+    @Before
+    public void setup() {
+        mapper = new ServiceExceptionMapper();
+    }
+
+    @Test
+    public void testIllegalArgumentException() {
+
+        Response response = mapper.toResponse(new IllegalArgumentException("reason"));
+        ServiceExceptionMapper.ErrorPayload entity = (ServiceExceptionMapper.ErrorPayload)
response.getEntity();
+
+        assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+        assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), entity.getStatus());
+        assertEquals("reason", entity.getMessage());
+    }
+
+    @Test
+    public void testOtherException() {
+
+        Response response = mapper.toResponse(new Exception("reason"));
+        ServiceExceptionMapper.ErrorPayload entity = (ServiceExceptionMapper.ErrorPayload)
response.getEntity();
+
+        assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
+        assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), entity.getStatus());
+        assertEquals("reason", entity.getMessage());
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java
b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java
new file mode 100644
index 0000000..bf62785
--- /dev/null
+++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization;
+
+import org.junit.Test;
+
+import static org.apache.hawq.ranger.authorization.Utils.APP_ID_PROPERTY;
+import static org.junit.Assert.assertEquals;
+
+/**
+ * This test class uses values from rps.properties file in test/resources directory.
+ */
+public class UtilsTest {
+
+    @Test
+    public void testCustomAppId_SystemEnv() throws Exception {
+        System.setProperty(APP_ID_PROPERTY, "app-id");
+        assertEquals("app-id", Utils.getAppId());
+        System.clearProperty(APP_ID_PROPERTY);
+    }
+
+    @Test
+    public void testCustomAppId_PropertyFile() throws Exception {
+        assertEquals("instance-test", Utils.getAppId());
+    }
+
+    @Test
+    public void testGetVersion() throws Exception {
+        assertEquals("version-test", Utils.getVersion());
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqPrivilegeTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqPrivilegeTest.java
b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqPrivilegeTest.java
new file mode 100644
index 0000000..39dd3cc
--- /dev/null
+++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqPrivilegeTest.java
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization.model;
+
+import org.codehaus.jackson.map.ObjectMapper;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+
+public class HawqPrivilegeTest {
+
+    @Test
+    public void testSerialization() throws IOException {
+        assertEquals("create", HawqPrivilege.create.toValue());
+        assertEquals("create-schema", HawqPrivilege.create_schema.toValue());
+        assertEquals("usage-schema", HawqPrivilege.usage_schema.toValue());
+
+        ObjectMapper mapper = new ObjectMapper();
+        assertEquals("{\"value\":\"create\"}", mapper.writeValueAsString(new PrivilegeHolder(HawqPrivilege.create)));
+        assertEquals("{\"value\":\"create-schema\"}", mapper.writeValueAsString(new PrivilegeHolder(HawqPrivilege.create_schema)));
+        assertEquals("{\"value\":\"usage-schema\"}", mapper.writeValueAsString(new PrivilegeHolder(HawqPrivilege.usage_schema)));
+    }
+
+    @Test
+    public void testDeserialization() throws IOException {
+        assertNull(HawqPrivilege.fromString(null));
+        assertSame(HawqPrivilege.create, HawqPrivilege.fromString("create"));
+        assertSame(HawqPrivilege.create, HawqPrivilege.fromString("CREATE"));
+        assertSame(HawqPrivilege.create, HawqPrivilege.fromString("CreATe"));
+        assertSame(HawqPrivilege.create_schema, HawqPrivilege.fromString("CreATe-schema"));
+        assertSame(HawqPrivilege.usage_schema, HawqPrivilege.fromString("USage-schema"));
+
+
+        ObjectMapper mapper = new ObjectMapper();
+        assertSame(HawqPrivilege.create, mapper.readValue("{\"value\": \"create\"}", PrivilegeHolder.class).value);
+        assertSame(HawqPrivilege.create, mapper.readValue("{\"value\": \"CREATE\"}", PrivilegeHolder.class).value);
+        assertSame(HawqPrivilege.create, mapper.readValue("{\"value\": \"creATe\"}", PrivilegeHolder.class).value);
+        assertSame(HawqPrivilege.create_schema, mapper.readValue("{\"value\": \"CreATe-schema\"}",
PrivilegeHolder.class).value);
+        assertSame(HawqPrivilege.usage_schema, mapper.readValue("{\"value\": \"USage-schema\"}",
PrivilegeHolder.class).value);
+    }
+
+    public static class PrivilegeHolder {
+        public HawqPrivilege value;
+        PrivilegeHolder () {
+        }
+        PrivilegeHolder(HawqPrivilege value) {
+            this.value = value;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqResourceTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqResourceTest.java
b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqResourceTest.java
new file mode 100644
index 0000000..f59a600
--- /dev/null
+++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqResourceTest.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization.model;
+
+import org.codehaus.jackson.map.ObjectMapper;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+
+public class HawqResourceTest {
+
+    @Test
+    public void testCaseInsensitiveDeserialization() throws IOException {
+        assertNull(HawqResource.fromString(null));
+        assertSame(HawqResource.database, HawqResource.fromString("database"));
+        assertSame(HawqResource.database, HawqResource.fromString("DATABASE"));
+        assertSame(HawqResource.database, HawqResource.fromString("datABAse"));
+
+        ObjectMapper mapper = new ObjectMapper();
+        assertSame(HawqResource.database, mapper.readValue("{\"value\": \"database\"}", ResourceHolder.class).value);
+        assertSame(HawqResource.database, mapper.readValue("{\"value\": \"DATABASE\"}", ResourceHolder.class).value);
+        assertSame(HawqResource.database, mapper.readValue("{\"value\": \"datABAse\"}", ResourceHolder.class).value);
+    }
+
+    public static class ResourceHolder {
+        public HawqResource value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/resources/log4j.properties b/ranger-plugin/service/src/test/resources/log4j.properties
new file mode 100644
index 0000000..b9888df
--- /dev/null
+++ b/ranger-plugin/service/src/test/resources/log4j.properties
@@ -0,0 +1,42 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# see debug messages during unit tests
+#project.root.logger=DEBUG,console
+
+# suppress all logging output during unit tests
+project.root.logger=FATAL,devnull
+
+#
+# Loggers
+#
+log4j.rootLogger=${project.root.logger}
+
+# ignore most errors from the Apache Ranger and Hadoop for unit tests
+log4j.logger.org.apache.ranger=FATAL
+log4j.logger.org.apache.hadoop=FATAL
+
+#
+# Appenders
+#
+
+# nothing
+log4j.appender.devnull=org.apache.log4j.varia.NullAppender
+
+# console
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/resources/rps.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/resources/rps.properties b/ranger-plugin/service/src/test/resources/rps.properties
new file mode 100644
index 0000000..1fd50e5
--- /dev/null
+++ b/ranger-plugin/service/src/test/resources/rps.properties
@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ranger.hawq.instance=instance-test
+version=version-test
\ No newline at end of file


Mime
View raw message