Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 12F21200C10 for ; Fri, 3 Feb 2017 10:00:15 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 1195C160B55; Fri, 3 Feb 2017 09:00:15 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 9310B160B48 for ; Fri, 3 Feb 2017 10:00:13 +0100 (CET) Received: (qmail 14670 invoked by uid 500); 3 Feb 2017 09:00:12 -0000 Mailing-List: contact commits-help@hawq.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hawq.incubator.apache.org Delivered-To: mailing list commits@hawq.incubator.apache.org Received: (qmail 14657 invoked by uid 99); 3 Feb 2017 09:00:12 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Feb 2017 09:00:12 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 5E97AC1E91 for ; Fri, 3 Feb 2017 09:00:12 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -6.219 X-Spam-Level: X-Spam-Status: No, score=-6.219 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.999] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id SLfnSzsibupS for ; Fri, 3 Feb 2017 09:00:09 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id EA03860D1B for ; Fri, 3 Feb 2017 09:00:04 +0000 (UTC) Received: (qmail 12230 invoked by uid 99); 3 Feb 2017 09:00:03 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Feb 2017 09:00:03 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id D891CDFC40; Fri, 3 Feb 2017 09:00:03 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: espino@apache.org To: commits@hawq.incubator.apache.org Date: Fri, 03 Feb 2017 09:00:31 -0000 Message-Id: <97dfbd11570b443e97660121d85bf2fe@git.apache.org> In-Reply-To: <40325a477040484aa0872e11ff2aa29a@git.apache.org> References: <40325a477040484aa0872e11ff2aa29a@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [29/50] [abbrv] incubator-hawq git commit: HAWQ-1203. Ranger Plugin Service Implementation. (with contributions by Lav Jain and Leslie Chang) (close #1092) archived-at: Fri, 03 Feb 2017 09:00:15 -0000 http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerTest.java b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerTest.java new file mode 100644 index 0000000..0a439db --- /dev/null +++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerTest.java @@ -0,0 +1,325 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hawq.ranger.authorization; + +import org.apache.hawq.ranger.authorization.model.AuthorizationRequest; +import org.apache.hawq.ranger.authorization.model.AuthorizationResponse; +import org.apache.hawq.ranger.authorization.model.HawqPrivilege; +import org.apache.hawq.ranger.authorization.model.HawqResource; +import org.apache.hawq.ranger.authorization.model.ResourceAccess; +import org.apache.ranger.plugin.policyengine.RangerAccessRequest; +import org.apache.ranger.plugin.policyengine.RangerAccessResult; +import org.apache.ranger.plugin.service.RangerBasePlugin; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.ArgumentMatcher; +import org.mockito.Mock; +import org.mockito.internal.util.collections.Sets; +import org.mockito.runners.MockitoJUnitRunner; + +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import static junit.framework.TestCase.assertEquals; +import static junit.framework.TestCase.assertNotNull; +import static org.mockito.Matchers.any; +import static org.mockito.Matchers.argThat; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + + +@RunWith(MockitoJUnitRunner.class) +public class RangerHawqAuthorizerTest { + + private static final Integer TEST_REQUEST_ID = 1; + private static final String TEST_USER = "alex"; + private static final String TEST_CLIENT = "1.2.3.4"; + private static final String TEST_CONTEXT = "SELECT * FROM sales"; + private static final Set TEST_PRIVILEGES = Sets.newSet(HawqPrivilege.select, HawqPrivilege.update); + + private static final String TEST_RESOURCE_REQUEST = + "finance:us:sales>select,update#finance:emea:sales>create"; + private static final String TEST_RESOURCE_RESPONSE_ALL_FALSE = + "finance:us:sales>select,update>false#finance:emea:sales>create>false"; + private static final String TEST_RESOURCE_RESPONSE_ALL_TRUE = + "finance:us:sales>select,update>true#finance:emea:sales>create>true"; + private static final String TEST_RESOURCE_RESPONSE_US_ALLOWED_EMEA_DENIED = + "finance:us:sales>select,update>true#finance:emea:sales>create>false"; + private static final String TEST_RESOURCE_RESPONSE_UPDATE_DENIED = + "finance:us:sales>select,update>false#finance:emea:sales>create>true"; + + private static final String TEST_RESOURCE_REQUEST_CREATE_SCHEMA = "finance>create"; + private static final String TEST_RESOURCE_RESPONSE_CREATE_SCHEMA = "finance>create>true"; + private static final String TEST_RESOURCE_REQUEST_USAGE_SCHEMA = "finance:us>usage"; + private static final String TEST_RESOURCE_RESPONSE_USAGE_SCHEMA = "finance:us>usage>true"; + + private RangerHawqAuthorizer authorizer; + + @Mock + private RangerBasePlugin mockRangerPlugin; + @Mock + private RangerAccessResult mockRangerAccessResult; + + @Before + public void setup() throws Exception { + authorizer = RangerHawqAuthorizer.getInstance(); + authorizer.setRangerPlugin(mockRangerPlugin); + } + + @Test + public void testAuthorize_allAllowed() throws Exception { + when(mockRangerPlugin.isAccessAllowed(any(RangerAccessRequest.class))).thenReturn(mockRangerAccessResult); + when(mockRangerAccessResult.getIsAllowed()).thenReturn(true); + testRequest(TEST_RESOURCE_REQUEST, TEST_RESOURCE_RESPONSE_ALL_TRUE); + } + + @Test + public void testAuthorize_allDenied() throws Exception { + when(mockRangerPlugin.isAccessAllowed(any(RangerAccessRequest.class))).thenReturn(mockRangerAccessResult); + when(mockRangerAccessResult.getIsAllowed()).thenReturn(false); + testRequest(TEST_RESOURCE_REQUEST, TEST_RESOURCE_RESPONSE_ALL_FALSE); + } + + @Test + public void testAuthorize_usAllowedEmeaDenied() throws Exception { + RangerAccessResult mockRangerAccessResultUS = mock(RangerAccessResult.class); + RangerAccessResult mockRangerAccessResultEMEA = mock(RangerAccessResult.class); + + when(mockRangerPlugin.isAccessAllowed(argThat(new SchemaMatcher("us")))).thenReturn(mockRangerAccessResultUS); + when(mockRangerPlugin.isAccessAllowed(argThat(new SchemaMatcher("emea")))).thenReturn(mockRangerAccessResultEMEA); + when(mockRangerAccessResultUS.getIsAllowed()).thenReturn(true); + when(mockRangerAccessResultEMEA.getIsAllowed()).thenReturn(false); + testRequest(TEST_RESOURCE_REQUEST, TEST_RESOURCE_RESPONSE_US_ALLOWED_EMEA_DENIED); + } + + @Test + public void testAuthorize_partialPrivilegeUpdateDenied() throws Exception { + RangerAccessResult mockRangerAccessResultCreateSelect = mock(RangerAccessResult.class); + RangerAccessResult mockRangerAccessResultUpdate = mock(RangerAccessResult.class); + + when(mockRangerPlugin.isAccessAllowed(argThat(new PrivilegeMatcher("create", "select")))).thenReturn(mockRangerAccessResultCreateSelect); + when(mockRangerPlugin.isAccessAllowed(argThat(new PrivilegeMatcher("update")))).thenReturn(mockRangerAccessResultUpdate); + when(mockRangerAccessResultCreateSelect.getIsAllowed()).thenReturn(true); + when(mockRangerAccessResultUpdate.getIsAllowed()).thenReturn(false); + testRequest(TEST_RESOURCE_REQUEST, TEST_RESOURCE_RESPONSE_UPDATE_DENIED); + } + + @Test + public void testAuthorize_createSchemaAllowed() throws Exception { + RangerAccessResult mockRangerAccessResultCreate = mock(RangerAccessResult.class); + + when(mockRangerPlugin.isAccessAllowed(argThat(new PrivilegeMatcher("create-schema")))).thenReturn(mockRangerAccessResultCreate); + when(mockRangerAccessResultCreate.getIsAllowed()).thenReturn(true); + testRequest(TEST_RESOURCE_REQUEST_CREATE_SCHEMA, TEST_RESOURCE_RESPONSE_CREATE_SCHEMA); + } + + @Test + public void testAuthorize_usageSchemaAllowed() throws Exception { + RangerAccessResult mockRangerAccessResultUsage = mock(RangerAccessResult.class); + + when(mockRangerPlugin.isAccessAllowed(argThat(new PrivilegeMatcher("usage-schema")))).thenReturn(mockRangerAccessResultUsage); + when(mockRangerAccessResultUsage.getIsAllowed()).thenReturn(true); + testRequest(TEST_RESOURCE_REQUEST_USAGE_SCHEMA, TEST_RESOURCE_RESPONSE_USAGE_SCHEMA); + } + + /* ----- VALIDATION TESTS ----- */ + + @Test(expected=IllegalArgumentException.class) + public void testAuthorize_validationFailure_requestId() { + AuthorizationRequest request = prepareRequest(null, TEST_USER, TEST_CLIENT, TEST_CONTEXT, TEST_RESOURCE_REQUEST); + authorizer.isAccessAllowed(request); + } + @Test(expected=IllegalArgumentException.class) + public void testAuthorize_validationFailure_user() { + AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, "", TEST_CLIENT, TEST_CONTEXT, TEST_RESOURCE_REQUEST); + authorizer.isAccessAllowed(request); + } + @Test(expected=IllegalArgumentException.class) + public void testAuthorize_validationFailure_client() { + AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, "", TEST_CONTEXT, TEST_RESOURCE_REQUEST); + authorizer.isAccessAllowed(request); + } + @Test(expected=IllegalArgumentException.class) + public void testAuthorize_validationFailure_context() { + AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT, "", TEST_RESOURCE_REQUEST); + authorizer.isAccessAllowed(request); + } + @Test(expected=IllegalArgumentException.class) + public void testAuthorize_validationFailure_emptyAccessSet() { + AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT, TEST_CONTEXT, new HashSet()); + authorizer.isAccessAllowed(request); + } + @Test(expected=IllegalArgumentException.class) + public void testAuthorize_validationFailure_emptyResource() { + ResourceAccess resourceAccess = new ResourceAccess(); + resourceAccess.setResource(new HashMap()); + resourceAccess.setPrivileges(TEST_PRIVILEGES); + AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT, TEST_CONTEXT, resourceAccess); + authorizer.isAccessAllowed(request); + } + @Test(expected=IllegalArgumentException.class) + public void testAuthorize_validationFailure_emptyResourceValue() { + ResourceAccess resourceAccess = new ResourceAccess(); + HashMap resource = new HashMap<>(); + resource.put(HawqResource.database, ""); + resourceAccess.setResource(resource); + resourceAccess.setPrivileges(TEST_PRIVILEGES); + AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT, TEST_CONTEXT, resourceAccess); + authorizer.isAccessAllowed(request); + } + @Test(expected=IllegalArgumentException.class) + public void testAuthorize_validationFailure_emptyPrivileges() { + ResourceAccess resourceAccess = new ResourceAccess(); + HashMap resource = new HashMap<>(); + resource.put(HawqResource.database, "abc"); + resourceAccess.setResource(resource); + resourceAccess.setPrivileges(new HashSet()); + AuthorizationRequest request = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT, TEST_CONTEXT, resourceAccess); + authorizer.isAccessAllowed(request); + } + + /* ----- HELPER METHODS ----- */ + + private void testRequest(String request, String expectedResponse) { + AuthorizationRequest authRequest = prepareRequest(TEST_REQUEST_ID, TEST_USER, TEST_CLIENT, TEST_CONTEXT, request); + AuthorizationResponse authResponse = authorizer.isAccessAllowed(authRequest); + validateResponse(authResponse, expectedResponse); + } + + private AuthorizationRequest prepareRequest( + Integer requestId, String user, String clientIp, String context, Set access) { + + AuthorizationRequest request = new AuthorizationRequest(); + request.setRequestId(requestId); + request.setUser(user); + request.setClientIp(clientIp); + request.setContext(context); + request.setAccess(access); + + return request; + } + + private AuthorizationRequest prepareRequest( + Integer requestId, String user, String clientIp, String context, ResourceAccess resourceAccess) { + + Set access = new HashSet<>(); + access.add(resourceAccess); + return prepareRequest(requestId, user, clientIp, context, access); + } + + private AuthorizationRequest prepareRequest( + Integer requestId, String user, String clientIp, String context, String resources) { + + Set access = new HashSet<>(); + // resource string is like "db:schema:table>select,update#db:schema:table>create" + for (String resourceStr : resources.split("#")) { + String[] parts = resourceStr.split(">"); + String[] resource = parts[0].split(":"); + String[] privs = parts[1].split(","); + + Map tableResource = new HashMap<>(); + tableResource.put(HawqResource.database, resource[0]); + if (resource.length > 1) { + tableResource.put(HawqResource.schema, resource[1]); + } + if (resource.length > 2) { + tableResource.put(HawqResource.table, resource[2]); + } + ResourceAccess tableAccess = new ResourceAccess(); + tableAccess.setResource(tableResource); + + Set privSet = new HashSet<>(); + for (String priv : privs) { + privSet.add(HawqPrivilege.valueOf(priv)); + } + tableAccess.setPrivileges(privSet); + access.add(tableAccess); + } + + return prepareRequest(requestId, user, clientIp, context, access); + } + + private void validateResponse(AuthorizationResponse response, String resources) { + + assertNotNull(response); + + Set actual = response.getAccess(); + Set expected = new HashSet<>(); + + // resources string is like "db:schema:table>select,update>true#db:schema:table>create>false" + for (String resourceStr : resources.split("#")) { + String[] parts = resourceStr.split(">"); + String[] resource = parts[0].split(":"); + String[] privs = parts[1].split(","); + Boolean allowed = Boolean.valueOf(parts[2]); + + Map tableResource = new HashMap<>(); + tableResource.put(HawqResource.database, resource[0]); + if (resource.length > 1) { + tableResource.put(HawqResource.schema, resource[1]); + } + if (resource.length > 2) { + tableResource.put(HawqResource.table, resource[2]); + } + ResourceAccess tableAccess = new ResourceAccess(); + tableAccess.setResource(tableResource); + + Set privSet = new HashSet<>(); + for (String priv : privs) { + privSet.add(HawqPrivilege.fromString(priv)); + } + tableAccess.setPrivileges(privSet); + tableAccess.setAllowed(allowed); + + expected.add(tableAccess); + } + + assertEquals(expected.size(), actual.size()); + assertEquals(expected, actual); + } + + /* ----- Argument Matchers ----- */ + + private class SchemaMatcher extends ArgumentMatcher { + private String schema; + public SchemaMatcher(String schema) { + this.schema = schema; + } + @Override + public boolean matches(Object request) { + return request == null ? false : + schema.equals(((RangerAccessRequest) request).getResource().getAsMap().get("schema")); + } + }; + + private class PrivilegeMatcher extends ArgumentMatcher { + private Set privileges; + public PrivilegeMatcher(String... privileges) { + this.privileges = Sets.newSet(privileges); + } + @Override + public boolean matches(Object request) { + return request == null ? false : + privileges.contains(((RangerAccessRequest) request).getAccessType()); + } + }; + +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResourceTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResourceTest.java b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResourceTest.java new file mode 100644 index 0000000..40c2217 --- /dev/null +++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResourceTest.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hawq.ranger.authorization; + +import org.apache.hawq.ranger.authorization.model.AuthorizationRequest; +import org.apache.hawq.ranger.authorization.model.AuthorizationResponse; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +import static junit.framework.TestCase.*; +import static org.junit.Assert.fail; +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.when; + +@RunWith(PowerMockRunner.class) +@PrepareForTest(RangerHawqAuthorizer.class) +public class RangerHawqPluginResourceTest { + + private RangerHawqPluginResource resource; + + @Mock + private RangerHawqAuthorizer mockAuthorizer; + @Mock + private AuthorizationResponse mockResponse; + @Mock + private RuntimeException mockException; + + @Before + public void setup() throws Exception { + PowerMockito.mockStatic(RangerHawqAuthorizer.class); + when(RangerHawqAuthorizer.getInstance()).thenReturn(mockAuthorizer); + resource = new RangerHawqPluginResource(); + } + + @Test + public void testGetVersion() { + String version = (String) resource.version().getEntity(); + assertEquals("{\"version\":\"version-test\"}", version); + } + + @Test + public void testAuthorizeSuccess() { + when(mockAuthorizer.isAccessAllowed(any(AuthorizationRequest.class))).thenReturn(mockResponse); + AuthorizationResponse response = resource.authorize(new AuthorizationRequest()); + assertNotNull(response); + assertEquals(mockResponse, response); + } + + @Test + public void testAuthorizeException() { + when(mockAuthorizer.isAccessAllowed(any(AuthorizationRequest.class))).thenThrow(mockException); + try { + resource.authorize(new AuthorizationRequest()); + fail("should've thrown exception"); + } catch (Exception e) { + assertSame(mockException, e); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapperTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapperTest.java b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapperTest.java new file mode 100644 index 0000000..e81b76c --- /dev/null +++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapperTest.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hawq.ranger.authorization; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.runners.MockitoJUnitRunner; + +import javax.ws.rs.core.Response; + +import static org.junit.Assert.assertEquals; + +@RunWith(MockitoJUnitRunner.class) +public class ServiceExceptionMapperTest { + + private ServiceExceptionMapper mapper; + + @Before + public void setup() { + mapper = new ServiceExceptionMapper(); + } + + @Test + public void testIllegalArgumentException() { + + Response response = mapper.toResponse(new IllegalArgumentException("reason")); + ServiceExceptionMapper.ErrorPayload entity = (ServiceExceptionMapper.ErrorPayload) response.getEntity(); + + assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus()); + assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), entity.getStatus()); + assertEquals("reason", entity.getMessage()); + } + + @Test + public void testOtherException() { + + Response response = mapper.toResponse(new Exception("reason")); + ServiceExceptionMapper.ErrorPayload entity = (ServiceExceptionMapper.ErrorPayload) response.getEntity(); + + assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus()); + assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), entity.getStatus()); + assertEquals("reason", entity.getMessage()); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java new file mode 100644 index 0000000..bf62785 --- /dev/null +++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.authorization; + +import org.junit.Test; + +import static org.apache.hawq.ranger.authorization.Utils.APP_ID_PROPERTY; +import static org.junit.Assert.assertEquals; + +/** + * This test class uses values from rps.properties file in test/resources directory. + */ +public class UtilsTest { + + @Test + public void testCustomAppId_SystemEnv() throws Exception { + System.setProperty(APP_ID_PROPERTY, "app-id"); + assertEquals("app-id", Utils.getAppId()); + System.clearProperty(APP_ID_PROPERTY); + } + + @Test + public void testCustomAppId_PropertyFile() throws Exception { + assertEquals("instance-test", Utils.getAppId()); + } + + @Test + public void testGetVersion() throws Exception { + assertEquals("version-test", Utils.getVersion()); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqPrivilegeTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqPrivilegeTest.java b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqPrivilegeTest.java new file mode 100644 index 0000000..39dd3cc --- /dev/null +++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqPrivilegeTest.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.authorization.model; + +import org.codehaus.jackson.map.ObjectMapper; +import org.junit.Test; + +import java.io.IOException; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertSame; + +public class HawqPrivilegeTest { + + @Test + public void testSerialization() throws IOException { + assertEquals("create", HawqPrivilege.create.toValue()); + assertEquals("create-schema", HawqPrivilege.create_schema.toValue()); + assertEquals("usage-schema", HawqPrivilege.usage_schema.toValue()); + + ObjectMapper mapper = new ObjectMapper(); + assertEquals("{\"value\":\"create\"}", mapper.writeValueAsString(new PrivilegeHolder(HawqPrivilege.create))); + assertEquals("{\"value\":\"create-schema\"}", mapper.writeValueAsString(new PrivilegeHolder(HawqPrivilege.create_schema))); + assertEquals("{\"value\":\"usage-schema\"}", mapper.writeValueAsString(new PrivilegeHolder(HawqPrivilege.usage_schema))); + } + + @Test + public void testDeserialization() throws IOException { + assertNull(HawqPrivilege.fromString(null)); + assertSame(HawqPrivilege.create, HawqPrivilege.fromString("create")); + assertSame(HawqPrivilege.create, HawqPrivilege.fromString("CREATE")); + assertSame(HawqPrivilege.create, HawqPrivilege.fromString("CreATe")); + assertSame(HawqPrivilege.create_schema, HawqPrivilege.fromString("CreATe-schema")); + assertSame(HawqPrivilege.usage_schema, HawqPrivilege.fromString("USage-schema")); + + + ObjectMapper mapper = new ObjectMapper(); + assertSame(HawqPrivilege.create, mapper.readValue("{\"value\": \"create\"}", PrivilegeHolder.class).value); + assertSame(HawqPrivilege.create, mapper.readValue("{\"value\": \"CREATE\"}", PrivilegeHolder.class).value); + assertSame(HawqPrivilege.create, mapper.readValue("{\"value\": \"creATe\"}", PrivilegeHolder.class).value); + assertSame(HawqPrivilege.create_schema, mapper.readValue("{\"value\": \"CreATe-schema\"}", PrivilegeHolder.class).value); + assertSame(HawqPrivilege.usage_schema, mapper.readValue("{\"value\": \"USage-schema\"}", PrivilegeHolder.class).value); + } + + public static class PrivilegeHolder { + public HawqPrivilege value; + PrivilegeHolder () { + } + PrivilegeHolder(HawqPrivilege value) { + this.value = value; + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqResourceTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqResourceTest.java b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqResourceTest.java new file mode 100644 index 0000000..f59a600 --- /dev/null +++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/model/HawqResourceTest.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.authorization.model; + +import org.codehaus.jackson.map.ObjectMapper; +import org.junit.Test; + +import java.io.IOException; + +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertSame; + +public class HawqResourceTest { + + @Test + public void testCaseInsensitiveDeserialization() throws IOException { + assertNull(HawqResource.fromString(null)); + assertSame(HawqResource.database, HawqResource.fromString("database")); + assertSame(HawqResource.database, HawqResource.fromString("DATABASE")); + assertSame(HawqResource.database, HawqResource.fromString("datABAse")); + + ObjectMapper mapper = new ObjectMapper(); + assertSame(HawqResource.database, mapper.readValue("{\"value\": \"database\"}", ResourceHolder.class).value); + assertSame(HawqResource.database, mapper.readValue("{\"value\": \"DATABASE\"}", ResourceHolder.class).value); + assertSame(HawqResource.database, mapper.readValue("{\"value\": \"datABAse\"}", ResourceHolder.class).value); + } + + public static class ResourceHolder { + public HawqResource value; + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/test/resources/log4j.properties b/ranger-plugin/service/src/test/resources/log4j.properties new file mode 100644 index 0000000..b9888df --- /dev/null +++ b/ranger-plugin/service/src/test/resources/log4j.properties @@ -0,0 +1,42 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# see debug messages during unit tests +#project.root.logger=DEBUG,console + +# suppress all logging output during unit tests +project.root.logger=FATAL,devnull + +# +# Loggers +# +log4j.rootLogger=${project.root.logger} + +# ignore most errors from the Apache Ranger and Hadoop for unit tests +log4j.logger.org.apache.ranger=FATAL +log4j.logger.org.apache.hadoop=FATAL + +# +# Appenders +# + +# nothing +log4j.appender.devnull=org.apache.log4j.varia.NullAppender + +# console +log4j.appender.console=org.apache.log4j.ConsoleAppender +log4j.appender.console.target=System.err +log4j.appender.console.layout=org.apache.log4j.PatternLayout +log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/resources/rps.properties ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/test/resources/rps.properties b/ranger-plugin/service/src/test/resources/rps.properties new file mode 100644 index 0000000..1fd50e5 --- /dev/null +++ b/ranger-plugin/service/src/test/resources/rps.properties @@ -0,0 +1,17 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ranger.hawq.instance=instance-test +version=version-test \ No newline at end of file