ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject incubator-ranger git commit: RANGER-278: Re-enable policy validation code and tests
Date Fri, 17 Apr 2015 05:54:48 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master b3e31fadd -> c7727f571


RANGER-278: Re-enable policy validation code and tests

Signed-off-by: Madhan Neethiraj <madhan@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c7727f57
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c7727f57
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c7727f57

Branch: refs/heads/master
Commit: c7727f571fc36b8aaf9c7a2054f23856f456d4f5
Parents: b3e31fa
Author: Alok Lal <alal@hortonworks.com>
Authored: Mon Apr 13 17:24:21 2015 -0700
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Thu Apr 16 22:37:59 2015 -0700

----------------------------------------------------------------------
 .../org/apache/ranger/rest/ServiceREST.java     |  23 ++--
 .../rest/TestServiceRESTForValidation.java      | 120 +++++++++++--------
 .../src/test/resources/log4j.properties         |  36 ++++++
 3 files changed, 116 insertions(+), 63 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c7727f57/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index a9ade43..01f2b7c 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -59,16 +59,17 @@ import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.validation.RangerPolicyValidator;
 import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
 import org.apache.ranger.plugin.model.validation.RangerServiceValidator;
-import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
 import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngineCache;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
+import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
 import org.apache.ranger.plugin.policyengine.RangerAccessResource;
 import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngineCache;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
 import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
 import org.apache.ranger.plugin.service.ResourceLookupContext;
@@ -863,8 +864,8 @@ public class ServiceREST {
 		RangerPolicy ret = null;
 		
 		try {
-			// RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
-			// validator.validate(policy, Action.CREATE, bizUtil.isAdmin());
+			 RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
+			 validator.validate(policy, Action.CREATE, bizUtil.isAdmin());
 
 			ensureAdminAccess(policy.getService(), policy.getResources());
 
@@ -897,8 +898,8 @@ public class ServiceREST {
 		RangerPolicy ret = null;
 
 		try {
-			// RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
-			// validator.validate(policy, Action.UPDATE, bizUtil.isAdmin());
+			 RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
+			 validator.validate(policy, Action.UPDATE, bizUtil.isAdmin());
 
 			ensureAdminAccess(policy.getService(), policy.getResources());
 
@@ -925,8 +926,8 @@ public class ServiceREST {
 		}
 
 		try {
-			// RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
-			// validator.validate(id, Action.DELETE);
+			 RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
+			 validator.validate(id, Action.DELETE);
 
 			RangerPolicy policy = svcStore.getPolicy(id);
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c7727f57/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
index f4534a1..1003213 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
@@ -34,6 +34,7 @@ import javax.ws.rs.WebApplicationException;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.biz.RangerBizUtil;
 import org.apache.ranger.biz.ServiceDBStore;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.plugin.model.RangerPolicy;
@@ -42,9 +43,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
 import org.apache.ranger.plugin.model.validation.RangerPolicyValidator;
 import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
 import org.apache.ranger.plugin.model.validation.RangerServiceValidator;
-import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
 import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
-import org.apache.ranger.rest.ServiceREST;
+import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mockito;
@@ -59,6 +59,8 @@ public class TestServiceRESTForValidation {
 		// inject out store in it
 		_store = mock(ServiceDBStore.class);
 		_serviceRest.svcStore = _store;
+		_bizUtils = mock(RangerBizUtil.class);
+		_serviceRest.bizUtil = _bizUtils;
 		
 		// and our validator factory
 		_factory = mock(RangerValidatorFactory.class);
@@ -202,15 +204,17 @@ public class TestServiceRESTForValidation {
 
 	@Test
 	public void testPolicy_happyPath() {
+		setupBizUtils();
+		
 		try {
-//			_serviceRest.updatePolicy(_policy);
-//			verify(_policyValidator).validate(_policy, Action.UPDATE);
+			_serviceRest.updatePolicy(_policy);
+			verify(_policyValidator).validate(_policy, Action.UPDATE, true);
 
 			_serviceRest.deletePolicy(3L);
 			verify(_policyValidator).validate(3L, Action.DELETE);
 
-//			_serviceRest.createPolicy(_policy);
-//			verify(_policyValidator).validate(_policy, Action.CREATE);
+			_serviceRest.createPolicy(_policy);
+			verify(_policyValidator).validate(_policy, Action.CREATE, true);
 		} catch (Exception e) {
 			LOG.debug(e);
 			fail("unexpected exception");
@@ -219,30 +223,33 @@ public class TestServiceRESTForValidation {
 	
 	@Test
 	public void testPolicy_validatorFailure() throws Exception {
+
+		// let's have bizutil return true everytime
+		setupBizUtils();
 		
-//		doThrow(_exception).when(_policyValidator).validate(_policy, Action.CREATE);
-//		try {
-//			_serviceRest.createPolicy(_policy);
-//			fail("Should have thrown exception!");
-//		} catch (WebApplicationException t) {
-//			verify(_policyValidator).validate(_policy, Action.CREATE);
-//			verify(_store, never()).createPolicy(_policy);
-//		} catch (Throwable t) {
-//			LOG.debug(t);
-//			fail("Unexpected exception!");
-//		}
-//
-//		doThrow(_exception).when(_policyValidator).validate(_policy, Action.UPDATE);
-//		try {
-//			_serviceRest.updatePolicy(_policy);
-//			fail("Should have thrown exception!");
-//		} catch (WebApplicationException t) {
-//			verify(_policyValidator).validate(_policy, Action.UPDATE);
-//			verify(_store, never()).updatePolicy(_policy);
-//		} catch (Throwable t) {
-//			LOG.debug(t);
-//			fail("Unexpected exception!");
-//		}
+		doThrow(_exception).when(_policyValidator).validate(_policy, Action.CREATE, true);
+		try {
+			_serviceRest.createPolicy(_policy);
+			fail("Should have thrown exception!");
+		} catch (WebApplicationException t) {
+			verify(_policyValidator).validate(_policy, Action.CREATE, true);
+			verify(_store, never()).createPolicy(_policy);
+		} catch (Throwable t) {
+			LOG.debug(t);
+			fail("Unexpected exception!");
+		}
+
+		doThrow(_exception).when(_policyValidator).validate(_policy, Action.UPDATE, true);
+		try {
+			_serviceRest.updatePolicy(_policy);
+			fail("Should have thrown exception!");
+		} catch (WebApplicationException t) {
+			verify(_policyValidator).validate(_policy, Action.UPDATE, true);
+			verify(_store, never()).updatePolicy(_policy);
+		} catch (Throwable t) {
+			LOG.debug(t);
+			fail("Unexpected exception!");
+		}
 
 		doThrow(_exception).when(_policyValidator).validate(4L, Action.DELETE);
 		try {
@@ -259,29 +266,33 @@ public class TestServiceRESTForValidation {
 	
 	@Test
 	public void testPolicy_storeFailure() throws Exception {
-//		doThrow(_exception).when(_store).createPolicy(_policy);
-//		try {
-//			_serviceRest.createPolicy(_policy);
-//			fail("Should have thrown exception!");
-//		} catch (WebApplicationException e) {
-//			verify(_policyValidator).validate(_policy, Action.CREATE);
-//			verify(_store).createPolicy(_policy);
-//		} catch (Throwable t) {
-//			LOG.debug(t);
-//			fail("Unexpected exception!");
-//		}
-//		
-//		doThrow(_exception).when(_store).updatePolicy(_policy);
-//		try {
-//			_serviceRest.updatePolicy(_policy);
-//			fail("Should have thrown exception!");
-//		} catch (WebApplicationException e) {
-//			verify(_policyValidator).validate(_policy, Action.UPDATE);
-//			verify(_store).updatePolicy(_policy);
-//		} catch (Throwable t) {
-//			LOG.debug(t);
-//			fail("Unexpected exception!");
-//		}
+
+		// let's have bizutils return true for now
+		setupBizUtils();
+		
+		doThrow(_exception).when(_store).createPolicy(_policy);
+		try {
+			_serviceRest.createPolicy(_policy);
+			fail("Should have thrown exception!");
+		} catch (WebApplicationException e) {
+			verify(_policyValidator).validate(_policy, Action.CREATE, true);
+			verify(_store).createPolicy(_policy);
+		} catch (Throwable t) {
+			LOG.debug(t);
+			fail("Unexpected exception!");
+		}
+		
+		doThrow(_exception).when(_store).updatePolicy(_policy);
+		try {
+			_serviceRest.updatePolicy(_policy);
+			fail("Should have thrown exception!");
+		} catch (WebApplicationException e) {
+			verify(_policyValidator).validate(_policy, Action.UPDATE, true);
+			verify(_store).updatePolicy(_policy);
+		} catch (Throwable t) {
+			LOG.debug(t);
+			fail("Unexpected exception!");
+		}
 		
 		doThrow(_exception).when(_store).deletePolicy(5L);
 		try {
@@ -401,6 +412,10 @@ public class TestServiceRESTForValidation {
 		}
 	}
 
+	void setupBizUtils() {
+		when(_bizUtils.isAdmin()).thenReturn(true);
+	}
+	
 	private RangerValidatorFactory _factory;
 	private RangerServiceValidator _serviceValidator;
 	private RangerPolicyValidator _policyValidator;
@@ -410,6 +425,7 @@ public class TestServiceRESTForValidation {
 	private ServiceREST _serviceRest;
 	private Exception _exception;
 	private RESTErrorUtil _restErrorUtil;
+	private RangerBizUtil _bizUtils;
 
 	private RangerService _service;
 	private RangerPolicy _policy;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c7727f57/security-admin/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/test/resources/log4j.properties b/security-admin/src/test/resources/log4j.properties
new file mode 100644
index 0000000..bd8197d
--- /dev/null
+++ b/security-admin/src/test/resources/log4j.properties
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+##-- To prevent junits from cluttering the build run by default all test runs send output
to null appender 
+log4j.appender.devnull=org.apache.log4j.varia.NullAppender
+log4j.rootLogger=FATAL, devnull
+
+##-- uncomment the following line during during development/debugging so see debug messages
during test run to be emitted to console
+# ranger.root.logger=DEBUG,console
+
+# Define the root logger to the system property "hbase.root.logger".
+log4j.rootLogger=${ranger.root.logger}
+
+# Logging Threshold
+log4j.threshold=ALL
+
+#
+# console
+# Add "console" to rootlogger above if you want to use this
+#
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n


Mime
View raw message