ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject git commit: ARGUS-160
Date Thu, 06 Nov 2014 02:32:40 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master 3b87db6c4 -> bc502520e


ARGUS-160

1. Added new tests for Audit log enabled checks inside HDFS URLBasedAuthDB
2. Refectored a few old tests
3. Added hamcrest to get at a fuller set of matchers during assertions

Signed-off-by: Madhan Neethiraj <madhan@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/bc502520
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/bc502520
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/bc502520

Branch: refs/heads/master
Commit: bc502520eec334c6d6d78d84cb240cb293c78e78
Parents: 3b87db6
Author: Alok Lal <alal@hortonworks.com>
Authored: Wed Nov 5 15:53:33 2014 -0800
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Wed Nov 5 18:32:29 2014 -0800

----------------------------------------------------------------------
 agents-impl/pom.xml                             |  22 +-
 .../xasecure/pdp/hdfs/URLBasedAuthDBTest.java   |  53 ++-
 ...asedAuthDB_IsAuditLogEnabledByACL_PTest.java | 322 +++++++++++++++++++
 pom.xml                                         |   7 +
 4 files changed, 362 insertions(+), 42 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/bc502520/agents-impl/pom.xml
----------------------------------------------------------------------
diff --git a/agents-impl/pom.xml b/agents-impl/pom.xml
index 98a66d6..4f38594 100644
--- a/agents-impl/pom.xml
+++ b/agents-impl/pom.xml
@@ -30,15 +30,19 @@
   </parent>
   <dependencies>
 
-	<dependency>
-		<groupId>junit</groupId>
-		<artifactId>junit</artifactId>
-	</dependency>
-	<dependency>
-		<groupId>org.mockito</groupId>
-		<artifactId>mockito-core</artifactId>
-	</dependency>
-  <dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-core</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.hamcrest</groupId>
+      <artifactId>hamcrest-integration</artifactId>
+    </dependency>
+    <dependency>
     <groupId>org.glassfish.jersey.core</groupId>
     <artifactId>jersey-client</artifactId>
     <version>2.6</version>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/bc502520/agents-impl/src/test/java/com/xasecure/pdp/hdfs/URLBasedAuthDBTest.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/test/java/com/xasecure/pdp/hdfs/URLBasedAuthDBTest.java b/agents-impl/src/test/java/com/xasecure/pdp/hdfs/URLBasedAuthDBTest.java
index 3ece386..1bb3000 100644
--- a/agents-impl/src/test/java/com/xasecure/pdp/hdfs/URLBasedAuthDBTest.java
+++ b/agents-impl/src/test/java/com/xasecure/pdp/hdfs/URLBasedAuthDBTest.java
@@ -1,12 +1,14 @@
 package com.xasecure.pdp.hdfs;
 
-import static org.junit.Assert.*;
-import static org.mockito.Mockito.*;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
 
 import java.util.ArrayList;
 import java.util.List;
 
-import org.junit.Before;
 import org.junit.Test;
 
 import com.xasecure.pdp.model.Policy;
@@ -15,47 +17,32 @@ import com.xasecure.pdp.model.ResourcePath;
 
 public class URLBasedAuthDBTest {
 
-	@Before
-	public void setUp() throws Exception {
-	}
-
 	@Test
-	public void testIsAuditLogEnabledByACL() {
+	public void testIsAuditLogEnabledByACL_emptyPolicyContainer() {
 
-		// if authdb isn't initialized then return false
-		URLBasedAuthDB authDB = URLBasedAuthDB.getInstance();
-		assertFalse(authDB.isAuditLogEnabledByACL("blah"));
+		// audit can't be enabled if authdb isn't initialized 
+		assertFalse(mAuthDB.isAuditLogEnabledByACL("blah"));
 		
-		// Policy container with empty acl list is the same!
-		URLBasedAuthDB spy = spy(authDB);
-		PolicyContainer policyContainer = mock(PolicyContainer.class);
+		// or if the policy container in is null!
+		URLBasedAuthDB spy = spy(mAuthDB);
+		when(spy.getPolicyContainer()).thenReturn(null);
+		assertFalse(mAuthDB.isAuditLogEnabledByACL("blah"));
+		
+		// of if policy container is empty, i.e. has no policies!
 		List<Policy> policies = new ArrayList<Policy>();
+		PolicyContainer policyContainer = mock(PolicyContainer.class);
 		when(policyContainer.getAcl()).thenReturn(policies);
-		
 		when(spy.getPolicyContainer()).thenReturn(policyContainer);
-		assertFalse(spy.isAuditLogEnabledByACL("blah"));
+		assertFalse(mAuthDB.isAuditLogEnabledByACL("blah"));
 		
-		// or a non-empty acl with empty resource lists!
+		// or if all policies are empty, i.e. no acls!
 		Policy aPolicy = mock(Policy.class);
 		when(aPolicy.getResourceList()).thenReturn(new ArrayList<ResourcePath>());
 		policies.add(aPolicy);
+		when(policyContainer.getAcl()).thenReturn(policies);
+		when(spy.getPolicyContainer()).thenReturn(policyContainer);
 		assertFalse(spy.isAuditLogEnabledByACL("blah"));
-		
-		// setup a resource non-recursive path
-		ResourcePath path = mock(ResourcePath.class);
-		when(path.getPath()).thenReturn("aPath");
-		when(path.isWildcardPath()).thenReturn(false);
-		
-		// build a resource list with this path
-		List<ResourcePath> resourcePaths = new ArrayList<ResourcePath>();
-		resourcePaths.add(path);
-		when(aPolicy.getResourceList()).thenReturn(resourcePaths);
-		// let the ACL not be recursive either
-		when(aPolicy.getRecursiveInd()).thenReturn(0);
-		when(aPolicy.getAuditInd()).thenReturn(1);
-		assertFalse(spy.isAuditLogEnabledByACL("blah"));
-		// right path matches
-		assertTrue(spy.isAuditLogEnabledByACL("aPath"));
 	}
 	
+	private final URLBasedAuthDB mAuthDB = URLBasedAuthDB.getInstance();	
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/bc502520/agents-impl/src/test/java/com/xasecure/pdp/hdfs/URLBasedAuthDB_IsAuditLogEnabledByACL_PTest.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/test/java/com/xasecure/pdp/hdfs/URLBasedAuthDB_IsAuditLogEnabledByACL_PTest.java
b/agents-impl/src/test/java/com/xasecure/pdp/hdfs/URLBasedAuthDB_IsAuditLogEnabledByACL_PTest.java
new file mode 100644
index 0000000..a063581
--- /dev/null
+++ b/agents-impl/src/test/java/com/xasecure/pdp/hdfs/URLBasedAuthDB_IsAuditLogEnabledByACL_PTest.java
@@ -0,0 +1,322 @@
+package com.xasecure.pdp.hdfs;
+
+import static org.hamcrest.Matchers.is;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
+
+import com.xasecure.pdp.model.Policy;
+import com.xasecure.pdp.model.PolicyContainer;
+import com.xasecure.pdp.model.ResourcePath;
+
+@RunWith(Parameterized.class)
+public class URLBasedAuthDB_IsAuditLogEnabledByACL_PTest {
+
+	static class PolicyIs {
+		static final boolean wildcard = true;
+		static final boolean audited = true;
+		static final boolean recursive = true;
+
+		static final boolean notWildcard = false;
+		static final boolean notAudited = false;
+		static final boolean notRecursive = false;
+	}
+	
+	static final class PolicyPath {
+		static final String path1 = "aPath";
+		static final String path1Child1 = PolicyPath.path1 + "/" + "child1";
+		static final String path1Child2 = PolicyPath.path1 + "/" + "child2";
+
+		static final String path2 = "anotherPath";
+	}
+	static final class TestPath {
+		static final String path1 = PolicyPath.path1;
+		static final String beginsWithPath1 = PolicyPath.path1 + "_";
+		static final String path1Child1 = PolicyPath.path1Child1;
+		static final String path1Child2 = PolicyPath.path1Child2;
+		static final String path1GrandChild1 = String.format("%s/%s/%s", path1, path1Child1, "grandChild1");
+		static final String path1GrandChild2 = String.format("%s/%s/%s", path1, path1Child1, "grandChild2");
+
+		static final String path2 = PolicyPath.path2;
+		static final String beginsWithPath2 = PolicyPath.path2 + "_";
+		static final String path2Child1 = PolicyPath.path2 + "/" + "child1";
+		static final String path2Child2 = PolicyPath.path2 + "/" + "child2";
+	}
+
+	static class ExpectedResult {
+		static final class AuditEnabled {
+			static final boolean yes = true;
+			static final boolean no = false;
+		}
+	}
+	
+	static class TestDataIndex {
+		static final int ExpectedResult = 6;
+		static final int Audited = 3;
+		public static final int TestName = 0;
+		public static final int wildCard = 2;
+	}
+	
+	
+	/**
+	 * ASSUMPTION: set of tests passed as such that they require wildcard flag to be set for
them to return audit enabled.
+	 * So turn wildcard flag of them off to assert that they no-longer work.  Of course, those
that don't work even with wildcard
+	 * should also continue to not work when wildcard is turned off!
+	 */
+	private static List<Object[]> turnWildcardOffForTestsThatRequireWildcard(List<Object[]>
tests) {
+		
+		// in the worse case we would generate one test for each existing test
+		List<Object[]> newTests = new ArrayList<Object[]>(tests.size());
+		for (Object[] aTest: tests) {
+			boolean isPolicyWildcard = (Boolean) aTest[TestDataIndex.wildCard];
+			if (isPolicyWildcard == PolicyIs.wildcard) {
+				Object[] newTest = Arrays.copyOf(aTest, aTest.length);
+				// Change the policy of this test so that Audit is disabled at policy level and accordingly
change the expected result
+				newTest[TestDataIndex.wildCard] = PolicyIs.notWildcard;
+				newTest[TestDataIndex.ExpectedResult] = ExpectedResult.AuditEnabled.no;
+				// for debugging purposes alter the test description, too
+				String testName = (String) newTest[TestDataIndex.TestName];
+				newTest[TestDataIndex.TestName] = "[Wildcard-ed base test with wildcard flag turned off]
" + testName;
+				newTests.add(newTest);
+			}
+		}
+		return newTests;
+	}
+	
+	/**
+	 * wildcard - policy flag says wildcard by the policy path itself does not have any wildcards
worth expanding.
+	 * This should work exactly the same as if wildcard was turned off!
+	 */
+	private static List<Object[]> turnWildcardOnForNonWildcardTests(List<Object[]>
tests) {
+		
+		// in the worse case we would generate one test for each existing test
+		List<Object[]> newTests = new ArrayList<Object[]>(tests.size());
+		/*
+		 * If a test currently does not have wildcard set on it, then expectation is changing wildcard
flag
+		 * true shouldn't change the result.  ASSUMPTION here, of course, is that "base tests"
don't use any
+		 * wild-card characters in their resource paths that would make an otherwise disabled audit
to return enabled. 
+		 */
+		for (Object[] aTest: tests) {
+			boolean isPolicyWildcard = (Boolean) aTest[TestDataIndex.wildCard];
+			if (isPolicyWildcard == PolicyIs.notWildcard) {
+				Object[] newTest = Arrays.copyOf(aTest, aTest.length);
+				// Change the policy of this test so that Audit is disabled at policy level and accordingly
change the expected result
+				newTest[TestDataIndex.wildCard] = PolicyIs.wildcard;
+				// for debugging purposes alter the test description, too
+				String testName = (String) newTest[TestDataIndex.TestName];
+				newTest[TestDataIndex.TestName] = "[Base test with wildcard enabled] " + testName;
+				newTests.add(newTest);
+			}
+		}
+		return newTests;
+	}
+	
+	/**
+	 * Disabled audit on every test that expects result to be yes to ensure that no matter what
answer should be false if policy says that audit is disabled!
+	 */
+	private static List<Object[]> disableAuditForBaseTests(List<Object[]> tests)
{
+
+		List<Object[]> newTests = new ArrayList<Object[]>(tests.size());
+		
+		for (Object[] aTest : tests) {
+			boolean expectedResult = (Boolean) aTest[TestDataIndex.ExpectedResult];
+			boolean isPolicyAuditEnabled = (Boolean) aTest[TestDataIndex.Audited];
+			
+			if (expectedResult == ExpectedResult.AuditEnabled.yes 
+					&& isPolicyAuditEnabled == PolicyIs.audited) {
+				Object[] newTest = Arrays.copyOf(aTest, aTest.length);
+				// Change the policy of this test so that Audit is disabled at policy level and accordingly
change the expected result
+				newTest[TestDataIndex.Audited] = PolicyIs.notAudited;
+				newTest[TestDataIndex.ExpectedResult] = ExpectedResult.AuditEnabled.no;
+				// for debugging purposes alter the test description, too
+				String testName = (String) newTest[TestDataIndex.TestName];
+				newTest[TestDataIndex.TestName] = "[Base tests with audit disabled] " + testName;
+				newTests.add(newTest);
+			}
+		}
+		
+		return newTests;
+	}
+
+	@Parameters
+	public static Collection<Object[]> data() {
+		Object[][] baseTestData = new Object[][] {
+
+				// no-recursive paths - return true if paths match
+				{"policypath(path1) == testpath(path1) => yes", 
+					PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.notRecursive, TestPath.path1,
ExpectedResult.AuditEnabled.yes},
+				{"policypath(path2) == testpath(path2) => yes", 
+					PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.notRecursive, TestPath.path2,
ExpectedResult.AuditEnabled.yes},
+
+				// no-recursive paths - return false if paths don't match!
+				{"policypath(path1) != testPath(path2) => no", 
+					PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.notRecursive, TestPath.path2,
ExpectedResult.AuditEnabled.no},
+				{"policypath(path2) != testPath(path1) => no", 
+					PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.notRecursive, TestPath.path1,
ExpectedResult.AuditEnabled.no},
+				
+				// recursive path policy - should work at least as well as non-recursive, i.e. match
when same and not otherwise!
+				{"recursive, policypath(path1) == testpath(path1)",
+					PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1,
ExpectedResult.AuditEnabled.yes}, 
+				{"recursive, policypath(path2) == testpath(path2)", 
+					PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2,
ExpectedResult.AuditEnabled.yes}, 
+				{"recursive, policypath(path1) == testpath(path2)",
+					PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2,
ExpectedResult.AuditEnabled.no},
+				{"recursive, policypath(path1) == testpath(path2)",
+					PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1,
ExpectedResult.AuditEnabled.no}, 
+
+				// recursive path policy - should match children
+				{"recursive, policypath(path1) == testpath(path1/child1)", 
+					PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1Child1,
ExpectedResult.AuditEnabled.yes}, 
+				{"recursive, policypath(path1) == testpath(path1/child2)", 
+					PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1Child2,
ExpectedResult.AuditEnabled.yes}, 
+				{"recursive, policypath(path1) == testpath(path1/child1)", 
+					PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2Child1,
ExpectedResult.AuditEnabled.yes}, 
+				{"recursive, policypath(path1) == testpath(path1/child2)", 
+					PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2Child2,
ExpectedResult.AuditEnabled.yes}, 
+
+				// recursive path policy - should match grand children, too!
+				{"recursive, policypath(path1) == testpath(path1/child1/grandChild1)", 
+					PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1GrandChild1,
ExpectedResult.AuditEnabled.yes}, 
+				{"recursive, policypath(path1) == testpath(path1/child1/grandChild2)", 
+					PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1GrandChild2,
ExpectedResult.AuditEnabled.yes}, 
+
+				// recursive path policy - shouldn't match child in some other directory
+				{"recursive, policypath(path1) == testpath(path1/child1)", 
+					PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2Child1,
ExpectedResult.AuditEnabled.no}, 
+				{"recursive, policypath(path1) == testpath(path1/child2)", 
+					PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2Child2,
ExpectedResult.AuditEnabled.no}, 
+				{"recursive, policypath(path1) == testpath(path1/child1)", 
+					PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1Child1,
ExpectedResult.AuditEnabled.no}, 
+				{"recursive, policypath(path1) == testpath(path1/child2)", 
+					PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1Child2,
ExpectedResult.AuditEnabled.no}, 
+
+		};
+		
+		Object[][] wildCardTestData = new Object[][] {
+				// Pattern contains exact substring
+				{"Wildcard, Pattern contains substring of tested path - 1", 
+					"aPath*", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath", ExpectedResult.AuditEnabled.yes},

+				{"Wildcard, Pattern contains substring of tested path - 2",
+					"*aPath", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath", ExpectedResult.AuditEnabled.yes},

+				{"Wildcard, Pattern contains substring of tested path - 3",
+					"aPa*th", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath", ExpectedResult.AuditEnabled.yes},

+				{"Wildcard, Pattern contains substring of tested path - 4",
+					"aP*at*h", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath", ExpectedResult.AuditEnabled.yes},
+
+				// Pattern should match
+				{"Wildcard, Pattern should match - 1",
+					"aPath*", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath_", ExpectedResult.AuditEnabled.yes},
+				{"Wildcard, Pattern should match - 2",
+					"aPath*", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath_longSuffix",
ExpectedResult.AuditEnabled.yes},
+				{"Wildcard, Pattern should match - 3",
+					"*aPath", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "_aPath", ExpectedResult.AuditEnabled.yes},
+				{"Wildcard, Pattern should match - 4",
+					"*aPath", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "longPrefix_aPath",
ExpectedResult.AuditEnabled.yes},
+				{"Wildcard, Pattern should match - 5",
+					"*aPath", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "_aPath", ExpectedResult.AuditEnabled.yes},
+				{"Wildcard, Pattern should match - 6",
+					"*aPath", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "longPrefix_aPath",
ExpectedResult.AuditEnabled.yes},
+				{"Wildcard, Pattern should match - 5",
+					"a*Path", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "a___Path", ExpectedResult.AuditEnabled.yes},
+				{"Wildcard, Pattern should match - 6",
+					"a*Path", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aMiddlePath", ExpectedResult.AuditEnabled.yes},
+		};
+		
+		// in the worst case all tests have a corresponding audit disabled test 
+		List<Object[]> baseTests = Arrays.asList(baseTestData);
+		List<Object[]> result = new ArrayList<Object[]>(baseTests);
+		
+		// answer is false no matter what if policy is set to not audit
+		List<Object[]> additionalTests = disableAuditForBaseTests(baseTests);
+		result.addAll(additionalTests);
+		
+		// turning wildcard flag on when policy path itself does not have wildcard characters in
it shouldn't change the result!
+		additionalTests = turnWildcardOnForNonWildcardTests(baseTests);
+		result.addAll(additionalTests);
+		
+		List<Object[]> wildcardBaseTests = Arrays.asList(wildCardTestData);
+		result.addAll(wildcardBaseTests);
+		
+		additionalTests = turnWildcardOffForTestsThatRequireWildcard(wildcardBaseTests);
+		result.addAll(additionalTests);
+		return result;
+	}
+
+	public URLBasedAuthDB_IsAuditLogEnabledByACL_PTest(String testName, String policyPath, boolean
wildCard, boolean audited, boolean recursive, String testPath, boolean expectedResult) {
+		_testName = testName;
+		_policyPath = policyPath;
+		_policyPathWildcard = wildCard;
+		_policyAudited = audited;
+		_policyRecursive = recursive;
+		_testPath = testPath;
+		_expectedResult = expectedResult;
+	}
+	
+	private final String _testName;
+	private final String _policyPath;
+	private final boolean _policyPathWildcard;
+	private final boolean _policyAudited;
+	private final boolean _policyRecursive;
+	private final String _testPath;
+	private final boolean _expectedResult;
+	
+	@Test
+	public void testIsAuditLogEnabledByACL() {
+		
+		if (LOG.isDebugEnabled()) {
+			LOG.debug(String.format("Test: %sPolicy Path: %s, isWildcard: %b, isAudited: %b, isRecursive:
%b, TestPath: %s",
+					_testName, _policyPath, _policyPathWildcard, _policyAudited, _policyRecursive, _testPath));
+		}
+
+		// A policy can have several paths, so let's first stuff our path into a collection
+		ResourcePath path = mock(ResourcePath.class);
+		when(path.getPath()).thenReturn(_policyPath);
+		when(path.isWildcardPath()).thenReturn(_policyPathWildcard);
+		List<ResourcePath> resourcePaths = new ArrayList<ResourcePath>();
+		resourcePaths.add(path);
+		
+		// wire it into the policy and set other aspects of the policy
+		Policy aPolicy = mock(Policy.class);
+		when(aPolicy.getResourceList()).thenReturn(resourcePaths);
+		
+		int recursiveIndicator = _policyRecursive ? 1 : 0;
+		when(aPolicy.getRecursiveInd()).thenReturn(recursiveIndicator);
+		
+		int auditedIndicator = _policyAudited ? 1 : 0;
+		when(aPolicy.getAuditInd()).thenReturn(auditedIndicator);
+
+		// a container can have several policies to first we stuff our policy into a container
+		List<Policy> policies = new ArrayList<Policy>();
+		policies.add(aPolicy);
+		// now wire the policy into the container
+		PolicyContainer policyContainer = mock(PolicyContainer.class);
+		when(policyContainer.getAcl()).thenReturn(policies);
+
+		// finally wire the policy container into the authdb
+		URLBasedAuthDB spy = spy(mAuthDB);
+		when(spy.getPolicyContainer()).thenReturn(policyContainer);
+		
+		// assert the result
+		boolean result = spy.isAuditLogEnabledByACL(_testPath);
+		assertThat(_testName, result, is(_expectedResult));
+		if (LOG.isDebugEnabled()) {
+			LOG.debug(String.format(", Expected Result (Audit enabled?): %b Result: %b\n", _expectedResult,
result));
+		}
+	}
+
+	private final URLBasedAuthDB mAuthDB = URLBasedAuthDB.getInstance();
+	private static final Log LOG = LogFactory.getLog(URLBasedAuthDB_IsAuditLogEnabledByACL_PTest.class)
;
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/bc502520/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 0d74fe8..5ee2afe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -91,6 +91,7 @@
 		<jersey-bundle.version>1.17.1</jersey-bundle.version>
 		<junit.version>4.11</junit.version>
 		<mockito.version>1.8.4</mockito.version>
+		<hamcrest-version>1.3</hamcrest-version>
 		<knox.gateway.version>0.5.0-SNAPSHOT</knox.gateway.version>
 		<local.lib.dir>${project.basedir}/../lib/local</local.lib.dir>
 		<log4j.version>1.2.17</log4j.version>
@@ -218,6 +219,12 @@
 				<version>${powermock.version}</version>
 				<scope>test</scope>
 			</dependency>
+			<dependency>
+				<groupId>org.hamcrest</groupId>
+				<artifactId>hamcrest-integration</artifactId>
+				<version>${hamcrest-version}</version>
+				<scope>test</scope>
+			</dependency>
 		</dependencies>
 	</dependencyManagement>
   <build>


Mime
View raw message