This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new a2ad0f4ab RANGER-4102: fixed incorrect TestPolicyACLs unit tests
a2ad0f4ab is described below
commit a2ad0f4ab9d2f8be9ffe006fee10e035a74cfcd1
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Mon Feb 20 17:25:11 2023 -0800
RANGER-4102: fixed incorrect TestPolicyACLs unit tests
(cherry picked from commit 4ef413a29529849c12a9543bca1f24a89bc7bd1c)
---
.../org/apache/ranger/plugin/policyengine/TestPolicyACLs.java | 10 ++++++++++
.../test/resources/policyengine/test_aclprovider_default.json | 9 +++++----
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
index a7f48bb33..196755c6e 100644
---
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
@@ -35,6 +35,7 @@ import com.google.gson.JsonParseException;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
+import
org.apache.ranger.plugin.policyengine.RangerAccessRequest.ResourceMatchingScope;
import org.apache.ranger.plugin.policyengine.RangerResourceACLs.DataMaskResult;
import
org.apache.ranger.plugin.policyengine.RangerResourceACLs.RowFilterResult;
import org.apache.ranger.plugin.util.ServicePolicies;
@@ -118,11 +119,15 @@ public class TestPolicyACLs {
continue;
}
RangerAccessRequestImpl request = new
RangerAccessRequestImpl(oneTest.resource, RangerPolicyEngine.ANY_ACCESS, null,
null, null);
+
+
request.setResourceMatchingScope(oneTest.resourceMatchingScope);
+
RangerResourceACLs acls =
policyEngine.getResourceACLs(request);
boolean userACLsMatched = true,
groupACLsMatched = true, roleACLsMatched = true, rowFiltersMatched = true,
dataMaskingMatched = true;
if (MapUtils.isNotEmpty(acls.getUserACLs()) &&
MapUtils.isNotEmpty(oneTest.userPermissions)) {
+ assertEquals("getResourceACLs() failed!
" + testCase.name + ":" + oneTest.name + " - userACLsMatched",
oneTest.userPermissions.size(), acls.getUserACLs().size());
for (Map.Entry<String, Map<String,
RangerResourceACLs.AccessResult>> entry :
acls.getUserACLs().entrySet()) {
@@ -195,6 +200,8 @@ public class TestPolicyACLs {
}
if (MapUtils.isNotEmpty(acls.getGroupACLs()) &&
MapUtils.isNotEmpty(oneTest.groupPermissions)) {
+ assertEquals("getResourceACLs() failed!
" + testCase.name + ":" + oneTest.name + " - groupACLsMatched",
oneTest.groupPermissions.size(), acls.getGroupACLs().size());
+
for (Map.Entry<String, Map<String,
RangerResourceACLs.AccessResult>> entry :
acls.getGroupACLs().entrySet()) {
String groupName =
entry.getKey();
@@ -232,6 +239,8 @@ public class TestPolicyACLs {
}
if (MapUtils.isNotEmpty(acls.getRoleACLs()) &&
MapUtils.isNotEmpty(oneTest.rolePermissions)) {
+ assertEquals("getResourceACLs() failed!
" + testCase.name + ":" + oneTest.name + " - roleACLsMatched",
oneTest.rolePermissions.size(), acls.getRoleACLs().size());
+
for (Map.Entry<String, Map<String,
RangerResourceACLs.AccessResult>> entry :
acls.getRoleACLs().entrySet()) {
String roleName =
entry.getKey();
@@ -287,6 +296,7 @@ public class TestPolicyACLs {
class OneTest {
String name;
RangerAccessResource resource;
+ ResourceMatchingScope resourceMatchingScope;
Map<String, Map<String,
RangerResourceACLs.AccessResult>> userPermissions;
Map<String, Map<String,
RangerResourceACLs.AccessResult>> groupPermissions;
Map<String, Map<String,
RangerResourceACLs.AccessResult>> rolePermissions;
diff --git
a/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
b/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
index 8b799acff..5434fd28c 100644
---
a/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
+++
b/agents-common/src/test/resources/policyengine/test_aclprovider_default.json
@@ -626,6 +626,7 @@
{
"name": "conditional-tag-only-test-descendant",
"resource": {"elements":{"database":"finance", "table":"sales"}},
+ "resourceMatchingScope": "SELF_OR_DESCENDANTS",
"userPermissions": {"hive":{"select":{"result":-1,
"isFinal":true},"create":{"result":1, "isFinal":true}, "drop":{"result":-1,
"isFinal":true}}, "admin":{"select":{"result":-1, "isFinal":true}} },
"groupPermissions": {"public": {"index":{"result":2,
"isFinal":true}}}
},
@@ -638,14 +639,14 @@
{
"name": "public-allow-test",
"resource": {"elements":{"database":"finance", "table":"accounts",
"column": "status" }},
- "userPermissions": {"john":{"select":{"result":2, "isFinal":true},
"update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}},
"mary":{"update":{"result":-1, "isFinal":true}}},
- "groupPermissions": {"public": {"select":{"result":2,
"isFinal":true}}, "accounting": {"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}}, "admin":
{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}},
"interns":{"update":{"result":-1, "isFinal":true}},
"housekeeping":{"select":{"result":-1, "isFinal":true}}}
+ "userPermissions": {"john":{"select":{"result":2, "isFinal":true},
"update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}}},
+ "groupPermissions": {"public": {"select":{"result":2,
"isFinal":true}}, "accounting": {"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}}, "admin":
{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}},
"housekeeping":{"select":{"result":-1, "isFinal":true}}}
},
{
"name": "public-allow-test-next",
"resource": {"elements":{"database":"finance", "table":"accounts",
"column": "amount" }},
- "userPermissions": {"john":{"select":{"result":2, "isFinal":true},
"update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}},
"mary":{"update":{"result":-1, "isFinal":true}}},
- "groupPermissions": {"public": {"select":{"result":2,
"isFinal":true}}, "accounting": {"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}}, "admin":
{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}},
"interns":{"update":{"result":-1, "isFinal":true}},
"housekeeping":{"drop":{"result":-1, "isFinal":true}}}
+ "userPermissions": {"john":{"select":{"result":2, "isFinal":true},
"update":{"result":2, "isFinal":true}}, "jane":{"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}}},
+ "groupPermissions": {"public": {"select":{"result":2,
"isFinal":true}}, "accounting": {"select":{"result":2,
"isFinal":true},"update":{"result":2, "isFinal":true}}, "admin":
{"select":{"result":2, "isFinal":true},"update":{"result":2, "isFinal":true}},
"housekeeping":{"drop":{"result":-1, "isFinal":true}}}
},
{
"name": "conditions-in-exceptions-test",
