ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dillido...@apache.org
Subject git commit: ARGUS-23: Add unit tests for knox agent pdp logic URLBasedAuthDB
Date Mon, 25 Aug 2014 23:04:54 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master f2034ba72 -> c89af3a14


ARGUS-23: Add unit tests for knox agent pdp logic URLBasedAuthDB


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/c89af3a1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/c89af3a1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/c89af3a1

Branch: refs/heads/master
Commit: c89af3a1411c573f9d0386fd35e28cfd4b1ec1b6
Parents: f2034ba
Author: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Authored: Mon Aug 25 11:37:29 2014 -0700
Committer: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Committed: Mon Aug 25 16:01:09 2014 -0700

----------------------------------------------------------------------
 .../xasecure/pdp/knox/URLBasedAuthDBTest.java   | 833 ++++++++++++++++++-
 1 file changed, 825 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/c89af3a1/agents-impl/src/test/java/com/xasecure/pdp/knox/URLBasedAuthDBTest.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/test/java/com/xasecure/pdp/knox/URLBasedAuthDBTest.java b/agents-impl/src/test/java/com/xasecure/pdp/knox/URLBasedAuthDBTest.java
index c3a54d6..dc784c2 100644
--- a/agents-impl/src/test/java/com/xasecure/pdp/knox/URLBasedAuthDBTest.java
+++ b/agents-impl/src/test/java/com/xasecure/pdp/knox/URLBasedAuthDBTest.java
@@ -30,11 +30,492 @@ import com.xasecure.pdp.model.Policy;
 import com.xasecure.pdp.model.PolicyContainer;
 import com.xasecure.pdp.model.RolePermission;
 
-// FIXME: this is just a starting stub
 public class URLBasedAuthDBTest {
 
 	@Test
-	public void testBasic() {
+	public void testPolicyEnabled() {
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null, // ipAddress
+				true, // policyEnabled
+				true); // auditEnabled
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testPolicyEnabled allowed: " + allowed);
+		Assert.assertTrue("Access denied while policy is enabled", allowed);
+	}
+	
+	@Test
+	public void testPolicyNotEnabled() {
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null, // ipAddress
+				false, // policyEnabled
+				true); // auditEnabled
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testPolicyNotEnabled allowed: " + allowed);
+		Assert.assertFalse("Access allowed while policy is disabled", allowed);
+	}
+	
+	@Test
+	public void testPolicyEnabledAuditOnTmSm() {
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null, // ipAddress
+				true, // policyEnabled
+				true); // auditEnabled
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean auditEnabled = pdp.isAuditEnabled(
+				"xa", 
+				"WEBHDFS"
+				);
+		System.out.println("testPolicyEnabledAuditOnTmSm: " + auditEnabled);
+		Assert.assertTrue("Audit not ebabled while policy is matched", auditEnabled);
+	}
+	
+	@Test
+	public void testPolicyEnabledAuditOnTnmSm() {
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null, // ipAddress
+				true, // policyEnabled
+				true); // auditEnabled
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean auditEnabled = pdp.isAuditEnabled(
+				"yxa", 
+				"WEBHDFS"
+				);
+		System.out.println("testPolicyEnabledAuditOnTnmSm auditEnabled: " + auditEnabled);
+		Assert.assertFalse("Audit ebabled with a non matching topology", auditEnabled);
+	}
+	
+	@Test
+	public void testPolicyEnabledAuditOnTmSnm() {
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null, // ipAddress
+				true, // policyEnabled
+				true); // auditEnabled
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean auditEnabled = pdp.isAuditEnabled(
+				"xa", 
+				"yWEBHDFS"
+				);
+		System.out.println("testPolicyEnabledAuditOnTmSnm auditEnabled: " + auditEnabled);
+		Assert.assertFalse("Audit ebabled with a non matching service", auditEnabled);
+	}
+	
+	@Test
+	public void testPolicyEnabledAuditOff() {
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null, // ipAddress
+				true, // policyEnabled
+				false); // auditEnabled
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean auditEnabled = pdp.isAuditEnabled(
+				"xa", 
+				"WEBHDFS"
+				);
+		System.out.println("testPolicyEnabledAuditOff auditEnabled: " + auditEnabled);
+		Assert.assertFalse("Audit ebabled with policy disabling audit", auditEnabled);
+	}
+	
+	@Test
+	public void testPolicyNotEnabledAuditOn() {
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null, // ipAddress
+				false, // policyEnabled
+				true); // auditEnabled
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean auditEnabled = pdp.isAuditEnabled(
+				"xa", 
+				"WEBHDFS"
+				);
+		System.out.println("testPolicyNotEnabledAuditOn auditEnabled: " + auditEnabled);
+		Assert.assertFalse("Audit ebabled with policy not enabled", auditEnabled);
+	}
+	
+	@Test
+	public void testPolicyNotEnabledAuditOff() {
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null, // ipAddress
+				false, // policyEnabled
+				true); // auditEnabled
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean auditEnabled = pdp.isAuditEnabled(
+				"xa", 
+				"WEBHDFS"
+				);
+		System.out.println("testPolicyNotEnabledAuditOff auditEnabled: " + auditEnabled);
+		Assert.assertFalse("Audit ebabled with policy not enabled and audit off", auditEnabled);
+	}
+	
+	@Test
+	public void testSimpleTopologyAccessAllowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testSimpleTopologyAccessAllowed allowed: " + allowed);
+		Assert.assertTrue("Access denied for a simple allow policy", allowed);
+
+	}
+	
+	@Test
+	public void testSimpleTopologyAccessDenied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean allowed = pdp.isAccessGranted(
+				"ya", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testSimpleTopologyAccessDenied allowed: " + allowed);
+		Assert.assertFalse("Access allwed for a simple deny policy", allowed);
+
+	}
+	
+	@Test
+	public void testWildTopologyAccessAllowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"x*", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testWildTopologyAccessAllowed allowed: " + allowed);
+		Assert.assertTrue("Access denied for a matching wild topology policy", allowed);
+
+	}
+
+	@Test
+	public void testWildTopologyAccessDenied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"x*", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean allowed = pdp.isAccessGranted(
+				"ya", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testWildTopologyAccessDenied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for non matching wild topology policy", allowed);
+
+	}
+	
+	@Test
+	public void testSimpleServiceAccessAllowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testSimpleServiceAccessAllowed allowed: " + allowed);
+		Assert.assertTrue("Access denied for a policy matching service", allowed);
+
+	}
+	
+	@Test
+	public void testSimpleServiceAccessDenied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"yWEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testSimpleServiceAccessDenied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for a policy with no matching service", allowed);
+
+	}
+	
+	@Test
+	public void testWildServiceAccessAllowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEB*",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testWildServiceAccessAllowed allowed: " + allowed);
+		Assert.assertTrue("Access denied for policy with matching wild service", allowed);
+
+	}
+
+	@Test
+	public void testWildServiceAccessDenied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEB*",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"yWEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testWildServiceAccessDenied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for a policy with a non matching wild service", allowed);
+
+	}
+	
+	@Test
+	public void testAccessTypeAccessAllowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testAccessTypeAccessAllowed allowed: " + allowed);
+		Assert.assertTrue("Access denied for a policy with matching accessTyoe", allowed);
+
+	}
+	
+	@Test
+	public void testAccessTypeAccessDenied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"yallow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testAccessTypeAccessDenied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for a non matching accessType", allowed);
+
+	}
+	
+	@Test
+	public void testUserAccessAllowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testUserAccessAllowed allowed: " + allowed);
+		Assert.assertTrue("Access denied for matching user", allowed);
+
+	}
+	
+	@Test
+	public void testUserAccessDenied() {
 		
 		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
 		
@@ -42,28 +523,362 @@ public class URLBasedAuthDBTest {
 				"xa", 
 				"WEBHDFS",
 				asList("allow"), 
-				asList("guest"), 
+				asList("yguest"), 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"yallow",
+				"guest", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testUserAccessDenied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for a non matching user", allowed);
+
+	}
+	
+	@Test
+	public void testGroupAccessAllowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				null, 
 				asList("sales"),
-				asList("127.127.*"));
+				null);
 		pdp.setPolicyContainer(policyContainer);
 		
-		Set<String> userGroups = asSet("sales");
 		
 		boolean allowed = pdp.isAccessGranted(
 				"xa", 
 				"WEBHDFS", 
 				"allow",
+				"sam", 
+				asSet("sales"), 
+				"127.127.127.127");
+		System.out.println("testGroupAccessAllowe allowed: " + allowed);
+		Assert.assertTrue("Access denied for a matching user group", allowed);
+
+	}
+	
+	@Test
+	public void testGroupAccessDenied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				null, 
+				asList("sales"),
+				null);
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"yallow",
 				"guest", 
-				userGroups, 
+				asSet("sales"), 
 				"127.127.127.127");
-		System.out.println("allowed: " + allowed);
-		Assert.assertTrue("not good", allowed);
+		System.out.println("testGroupAccessDenied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for a non matching user group", allowed);
+
+	}
+	
+	
+	
+	@Test
+	public void testSimpleIP4Allowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132.133.134.135"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132.133.134.135");
+		System.out.println("testSimpleIP4Allowed allowed: " + allowed);
+		Assert.assertTrue("Access denied for a matching IP4 request ip", allowed);
+
+	}
+	
+	@Test
+	public void testSimpleIP4Denied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132.133.134.135"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132.133.134.136");
+		System.out.println("testSimpleIP4Denied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for a non matching IP4 request ip", allowed);
+
+	}
+	
+	@Test
+	public void testWildIP4Allowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132.133.134.*"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132.133.134.135");
+		System.out.println("testWildIP4Allowed allowed: " + allowed);
+		Assert.assertTrue("Access denied for a request ip matching wild IP4", allowed);
+
+	}
+	
+	@Test
+	public void testWildIP4Denied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132.133.134.*"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132.133.234.136");
+		System.out.println("testWildIP4Denied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for a request ip not matching wild IP4", allowed);
+
+	}
+	
+	@Test
+	public void testWilderIP4Allowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132.133.*.*"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132.133.234.235");
+		System.out.println("testWilderIP4Allowed: " + allowed);
+		Assert.assertTrue("Access denied for a request ip matching wilder IP4", allowed);
+
+	}
+	
+	@Test
+	public void testWilderIP4Denied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132.133.*.*"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132.233.234.136");
+		System.out.println("testWilderIP4Denied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for a request ip not matching wilder IP4", allowed);
+
+	}
+	
+	@Test
+	public void testWildIP6Allowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132:133:134:*"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132:133:134:135");
+		System.out.println("testWildIP6Allowed allowed: " + allowed);
+		Assert.assertTrue("Access denied for a request ip matching wild IP6", allowed);
+
+	}
+	
+	@Test
+	public void testWildIP6Denied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132:133:134:*"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132:133:234:136");
+		System.out.println("testWildIP6Denied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for a request ip not matching wild IP6", allowed);
+
+	}
+	
+	@Test
+	public void testWilderIP6Allowed() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132:133:*:*"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132:133:234:235");
+		System.out.println("testWilderIP6Allowed allowed: " + allowed);
+		Assert.assertTrue("Access denied for a request ip matching wilder IP6", allowed);
 
 	}
+	
+	@Test
+	public void testWilderIP6Denied() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132:133:*:*"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132:233:234:136");
+		System.out.println("testWilderIP6Denied allowed: " + allowed);
+		Assert.assertFalse("Access allowed for a request ip not matching wilder IP6", allowed);
 
+	}
+	
 	private static PolicyContainer buildPolicyContainer(String topologies,
 			String services, List<String> accessTypes, List<String> users,
 			List<String> groups, List<String> ipAddresses) {
+		return buildPolicyContainer( topologies,  services, accessTypes,
+				users, groups, ipAddresses, true, true);
+		
+	}
+	
+	private static PolicyContainer buildPolicyContainer(String topologies,
+			String  services, List<String> accessTypes, List<String> users,
+			List<String> groups, List<String> ipAddresses,
+			boolean policyEnabled, boolean auditEnabled) {
 
 		PolicyContainer policyContainer = new PolicyContainer();
 		policyContainer.setRepositoryName("knoxdev");
@@ -73,6 +888,8 @@ public class URLBasedAuthDBTest {
 		Policy policy = new Policy();
 		policy.setTopologies(topologies);
 		policy.setServices(services);
+		policy.setPolicyStatus(policyEnabled ? "Enabled" : "NotEnabled");
+		policy.setAuditInd(auditEnabled ? 1 : 0);
 
 		List<RolePermission> rolePermissions = new ArrayList<RolePermission>();
 		


Mime
View raw message