This is an automated email from the ASF dual-hosted git repository.
dhavalshah9131 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 7cb5c9ce0 RANGER-5304: Add Unit Tests for
org.apache.ranger.patch.cliutil Package in Security Admin Module (#649)
7cb5c9ce0 is described below
commit 7cb5c9ce0487cd3d4d96f961a6a554cfd03d0ce3
Author: Rakesh Gupta <[email protected]>
AuthorDate: Fri Sep 12 17:27:51 2025 +0530
RANGER-5304: Add Unit Tests for org.apache.ranger.patch.cliutil Package in
Security Admin Module (#649)
---
.../patch/cliutil/TestChangePasswordUtil.java | 859 +++++++++++++++++++++
.../patch/cliutil/TestChangeUserNameUtil.java | 276 +++++++
.../patch/cliutil/TestDbToSolrMigrationUtil.java | 380 +++++++++
.../ranger/patch/cliutil/TestMetricUtil.java | 233 ++++++
.../patch/cliutil/TestRoleBasedUserSearchUtil.java | 665 +++++++++++++++-
.../patch/cliutil/TestTrxLogV2MigrationUtil.java | 132 ++++
.../cliutil/TestUpdateUserAndGroupNamesInJson.java | 132 ++++
7 files changed, 2663 insertions(+), 14 deletions(-)
diff --git
a/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestChangePasswordUtil.java
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestChangePasswordUtil.java
new file mode 100644
index 000000000..0164dd992
--- /dev/null
+++
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestChangePasswordUtil.java
@@ -0,0 +1,859 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch.cliutil;
+
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
+import org.apache.ranger.biz.UserMgr;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXPortalUserDao;
+import org.apache.ranger.entity.XXPortalUser;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.security.Permission;
+
+/**
+ * @generated by Cursor
+ * @description <Unit Test for ChangePasswordUtil class>
+ */
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class TestChangePasswordUtil {
+ @Mock
+ RangerDaoManager daoMgr;
+ @Mock
+ UserMgr userMgr;
+ @Mock
+ RESTErrorUtil restErrorUtil;
+ @Mock
+ XXPortalUserDao xXPortalUserDao;
+
+ @InjectMocks
+ private ChangePasswordUtil util = new ChangePasswordUtil();
+
+ @Test
+ public void testPrintStats() {
+ util.printStats();
+ }
+
+ @Test
+ public void testInit() throws Exception {
+ util.init();
+ }
+
+ @Test
+ public void testExecLoad_nonFips_adminPath() throws Exception {
+ ChangePasswordUtil.userLoginId = "admin";
+ ChangePasswordUtil.currentPassword = "Admin#123";
+ ChangePasswordUtil.newPassword = "Admin#234";
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+ ChangePasswordUtil.userPwdArgs = new String[] {"admin", "Admin#123",
"Admin#234"};
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("admin");
+ user.setPassword("enc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("admin")).thenReturn(user);
+ Mockito.when(userMgr.encrypt("admin", "Admin#123")).thenReturn("enc");
+
+ util.execLoad();
+ Mockito.verify(userMgr).updatePasswordInSHA256("admin", "Admin#234",
true);
+ }
+
+ @Test
+ public void testExecLoad_defaultPasswordBranch_md5() throws Exception {
+ ChangePasswordUtil.userLoginId = "admin";
+ ChangePasswordUtil.currentPassword = "Admin#123";
+ ChangePasswordUtil.newPassword = "Admin#234";
+ ChangePasswordUtil.defaultPwdChangeRequest = true;
+ ChangePasswordUtil.userPwdArgs = new String[] {"admin", "Admin#123",
"Admin#234", "-default"};
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("admin");
+ user.setPassword("md5");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("admin")).thenReturn(user);
+ Mockito.when(userMgr.encrypt("admin",
"Admin#123")).thenReturn("not-md5");
+ Mockito.when(userMgr.encryptWithOlderAlgo("admin",
"Admin#123")).thenReturn("md5");
+
+ util.execLoad();
+ Mockito.verify(userMgr).updatePasswordInSHA256("admin", "Admin#234",
true);
+ }
+
+ @Test
+ public void testMain_invokesExit() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ ChangePasswordUtil.main(new String[] {"admin", "Admin#123",
"Admin#234"});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testValidatePassword_blank_throws() {
+ Mockito.when(restErrorUtil.createRESTException(Mockito.anyString(),
Mockito.any(MessageEnums.class),
+ Mockito.isNull(), Mockito.anyString(), Mockito.isNull()))
+ .thenThrow(new RuntimeException("bad password"));
+
+ try {
+ Method m =
ChangePasswordUtil.class.getDeclaredMethod("validatePassword", String.class);
+ m.setAccessible(true);
+ m.invoke(util, new Object[] {null});
+ } catch (Exception ignored) {
+ }
+ }
+
+ @Test
+ public void testValidatePassword_invalidPattern_throws() throws Exception {
+ Mockito.when(restErrorUtil.createRESTException(Mockito.anyString(),
Mockito.any(MessageEnums.class),
+ Mockito.isNull(), Mockito.anyString(), Mockito.isNull()))
+ .thenThrow(new RuntimeException("bad password"));
+
+ try {
+ Method m =
ChangePasswordUtil.class.getDeclaredMethod("validatePassword", String.class);
+ m.setAccessible(true);
+ m.invoke(util, "short");
+ } catch (Exception ignored) {
+ }
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_validPath() throws Exception {
+ ChangePasswordUtil.userPwdArgs = new String[] {"bob", "Bob#1234",
"Bob#2345", "carol", "Carol#1234", "Carol#2345"};
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ XXPortalUser bob = new XXPortalUser();
+ bob.setLoginId("bob");
+ bob.setPassword("encB");
+ XXPortalUser carol = new XXPortalUser();
+ carol.setLoginId("carol");
+ carol.setPassword("encC");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("bob")).thenReturn(bob);
+ Mockito.when(xXPortalUserDao.findByLoginId("carol")).thenReturn(carol);
+ Mockito.when(userMgr.encrypt("bob", "Bob#1234")).thenReturn("encB");
+ Mockito.when(userMgr.encrypt("carol",
"Carol#1234")).thenReturn("encC");
+
+ util.updateMultiplePasswords();
+
+ Mockito.verify(userMgr).updatePasswordInSHA256("bob", "Bob#2345",
true);
+ Mockito.verify(userMgr).updatePasswordInSHA256("carol", "Carol#2345",
true);
+ }
+
+ @Test
+ public void testValidatePassword_valid_ok() throws Exception {
+ Method m =
ChangePasswordUtil.class.getDeclaredMethod("validatePassword", String.class);
+ m.setAccessible(true);
+ m.invoke(util, "ValidPass1");
+ }
+
+ @Test
+ public void testUpdateAdminPassword_userNotFound_exits() {
+ ChangePasswordUtil.userLoginId = "ghost";
+ ChangePasswordUtil.currentPassword = "Some#123";
+ ChangePasswordUtil.newPassword = "Some#234";
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("ghost")).thenReturn(null);
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ util.updateAdminPassword();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testUpdateAdminPassword_encryptMismatch_nonDefault_exits() {
+ ChangePasswordUtil.userLoginId = "alice";
+ ChangePasswordUtil.currentPassword = "Alice#123";
+ ChangePasswordUtil.newPassword = "Alice#234";
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("alice");
+ user.setPassword("encDb");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("alice")).thenReturn(user);
+ Mockito.when(userMgr.encrypt("alice",
"Alice#123")).thenReturn("differentEnc");
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ util.updateAdminPassword();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_defaultMismatch_exits() {
+ ChangePasswordUtil.userPwdArgs = new String[] {"bob", "Bob#1234",
"Bob#2345", "-default"};
+ ChangePasswordUtil.defaultPwdChangeRequest = true;
+
+ XXPortalUser bob = new XXPortalUser();
+ bob.setLoginId("bob");
+ bob.setPassword("encB");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("bob")).thenReturn(bob);
+ Mockito.when(userMgr.encrypt("bob",
"Bob#1234")).thenReturn("encOther");
+ Mockito.lenient().when(userMgr.encryptWithOlderAlgo("bob",
"Bob#1234")).thenReturn("notEncB");
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ util.updateMultiplePasswords();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_incorrectArgs_exits() {
+ Integer status = runAndCaptureExitCode(() ->
ChangePasswordUtil.main(new String[] {"onlyTwo", "args"}));
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testUpdateAdminPassword_nonFips_valid_updates() throws
Exception {
+ ChangePasswordUtil.userLoginId = "dave";
+ ChangePasswordUtil.currentPassword = "Dave#123";
+ ChangePasswordUtil.newPassword = "Dave#234";
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("dave");
+ user.setPassword("dbEnc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("dave")).thenReturn(user);
+ Mockito.when(userMgr.encrypt("dave", "Dave#123")).thenReturn("dbEnc");
+
+ util.updateAdminPassword();
+
+ Mockito.verify(userMgr).updatePasswordInSHA256("dave", "Dave#234",
true);
+ }
+
+ @Test
+ public void testUpdateAdminPassword_fips_default_mismatch_exits() {
+ ChangePasswordUtil.userLoginId = "erin";
+ ChangePasswordUtil.currentPassword = "Erin#123";
+ ChangePasswordUtil.newPassword = "Erin#234";
+ ChangePasswordUtil.defaultPwdChangeRequest = true;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("erin");
+ user.setPassword("dbEnc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("erin")).thenReturn(user);
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ util.updateAdminPassword();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_invalidArgs_exits() {
+ ChangePasswordUtil.userPwdArgs = new String[] {"", "c", "n"};
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ util.updateMultiplePasswords();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_missingNewPassword_exits() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ ChangePasswordUtil.main(new String[] {"u", "p", ""});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_withDefaultFlag_runs() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ ChangePasswordUtil.main(new String[] {"u", "p1", "p2",
"-default"});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_moreThanFourArgs_withDefaultFlag_runs() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ ChangePasswordUtil.main(new String[] {"u1", "p1", "n1", "u2",
"p2", "n2", "-default"});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testUpdateAdminPassword_fips_default_matches_updates() throws
Exception {
+ ChangePasswordUtil.userLoginId = "fips";
+ ChangePasswordUtil.currentPassword = "Old#1234";
+ ChangePasswordUtil.newPassword = "New#1234";
+ ChangePasswordUtil.defaultPwdChangeRequest = true;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("fips");
+ user.setPassword("md5enc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("fips")).thenReturn(user);
+ Mockito.when(userMgr.encrypt("fips",
"Old#1234")).thenReturn("otherEnc");
+ // Simulate FIPS enabled path via isPasswordValid not used in default
path
+ Mockito.when(userMgr.encryptWithOlderAlgo("fips",
"Old#1234")).thenReturn("md5enc");
+
+ util.updateAdminPassword();
+
+ Mockito.verify(userMgr).updatePasswordInSHA256("fips", "New#1234",
true);
+ }
+
+ @Test
+ public void testMain_blankNewPassword_exits() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ ChangePasswordUtil.main(new String[] {"u", "p", ""});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_blankLogin_exits() {
+ Integer status = runAndCaptureExitCode(() ->
ChangePasswordUtil.main(new String[] {"", "p", "n"}));
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testMain_blankCurrent_exits() {
+ Integer status = runAndCaptureExitCode(() ->
ChangePasswordUtil.main(new String[] {"u", "", "n"}));
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_skipDefaultToken_noExit() {
+ ChangePasswordUtil.userPwdArgs = new String[] {"-default", "ignored1",
"ignored2"};
+ util.updateMultiplePasswords();
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_emptyCurrent_exits() {
+ ChangePasswordUtil.userPwdArgs = new String[] {"u", "", "n"};
+ Integer status = runAndCaptureExitCode(() ->
util.updateMultiplePasswords());
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testMain_fourArgs_nonDefault_runs() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ ChangePasswordUtil.main(new String[] {"u", "p1", "p2",
"someFlag"});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_moreThanFourArgs_withoutDefault_runs() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ ChangePasswordUtil.main(new String[] {"u1", "p1", "n1", "u2",
"p2", "n2"});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_emptyNew_exits() {
+ ChangePasswordUtil.userPwdArgs = new String[] {"u", "c", ""};
+ Integer status = runAndCaptureExitCode(() ->
util.updateMultiplePasswords());
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_userNotFound_exits() {
+ ChangePasswordUtil.userPwdArgs = new String[] {"nouser", "c", "n"};
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("nouser")).thenReturn(null);
+ Integer status = runAndCaptureExitCode(() ->
util.updateMultiplePasswords());
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_mismatchNonDefault_exits() {
+ ChangePasswordUtil.userPwdArgs = new String[] {"user", "cur", "new"};
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("user");
+ user.setPassword("dbEnc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("user")).thenReturn(user);
+ Mockito.when(userMgr.encrypt("user", "cur")).thenReturn("notDbEnc");
+
+ Integer status = runAndCaptureExitCode(() ->
util.updateMultiplePasswords());
+ Assertions.assertEquals(1, status);
+ }
+
+ private static Integer runAndCaptureExitCode(Runnable r) {
+ class ExitException extends SecurityException {
+ final int code;
+
+ ExitException(int code) {
+ this.code = code;
+ }
+ }
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new ExitException(status);
+ }
+ });
+ try {
+ r.run();
+ } catch (ExitException e) {
+ return e.code;
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ return null;
+ }
+
+ @Test
+ public void
testUpdateAdminPassword_fips_nonDefault_isPasswordValid_updates() throws
Exception {
+ ChangePasswordUtil.userLoginId = "fipsUser";
+ ChangePasswordUtil.currentPassword = "Old#1234";
+ ChangePasswordUtil.newPassword = "New#1234";
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("fipsUser");
+ user.setPassword("dbHash");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("fipsUser")).thenReturn(user);
+
+ RangerAdminConfig cfg = Mockito.mock(RangerAdminConfig.class);
+ Mockito.when(cfg.isFipsEnabled()).thenReturn(true);
+ Field f = util.getClass().getSuperclass().getDeclaredField("config");
+ f.setAccessible(true);
+ f.set(util, cfg);
+
+ Mockito.when(userMgr.isPasswordValid("fipsUser", "dbHash",
"Old#1234")).thenReturn(true);
+
+ util.updateAdminPassword();
+
+ Mockito.verify(userMgr).updatePasswordInSHA256("fipsUser", "New#1234",
true);
+ }
+
+ @Test
+ public void
testUpdateMultiplePasswords_fips_nonDefault_isPasswordValid_updates() throws
Exception {
+ ChangePasswordUtil.userPwdArgs = new String[] {"fipsMulti",
"Old#1234", "New#1234"};
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("fipsMulti");
+ user.setPassword("dbHash");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("fipsMulti")).thenReturn(user);
+
+ RangerAdminConfig cfg = Mockito.mock(RangerAdminConfig.class);
+ Mockito.when(cfg.isFipsEnabled()).thenReturn(true);
+ Field f = util.getClass().getSuperclass().getDeclaredField("config");
+ f.setAccessible(true);
+ f.set(util, cfg);
+
+ Mockito.when(userMgr.isPasswordValid("fipsMulti", "dbHash",
"Old#1234")).thenReturn(true);
+
+ util.updateMultiplePasswords();
+
+ Mockito.verify(userMgr).updatePasswordInSHA256("fipsMulti",
"New#1234", true);
+ }
+
+ @Test
+ public void
testUpdateAdminPassword_fipsDefault_matches_updates_withFipsConfig() throws
Exception {
+ Mockito.reset(userMgr);
+ ChangePasswordUtil.userLoginId = "fipsAdmin";
+ ChangePasswordUtil.currentPassword = "Old#1234";
+ ChangePasswordUtil.newPassword = "New#1234";
+ ChangePasswordUtil.defaultPwdChangeRequest = true;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("fipsAdmin");
+ user.setPassword("md5hash");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("fipsAdmin")).thenReturn(user);
+
+ RangerAdminConfig cfg = Mockito.mock(RangerAdminConfig.class);
+ Mockito.when(cfg.isFipsEnabled()).thenReturn(true);
+ Field f = util.getClass().getSuperclass().getDeclaredField("config");
+ f.setAccessible(true);
+ f.set(util, cfg);
+
+ Mockito.when(userMgr.encryptWithOlderAlgo("fipsAdmin",
"Old#1234")).thenReturn("md5hash");
+
+ util.updateAdminPassword();
+
+ Mockito.verify(userMgr).updatePasswordInSHA256("fipsAdmin",
"New#1234", true);
+ }
+
+ @Test
+ public void
testUpdateAdminPassword_fipsDefault_mismatch_exits_withFipsConfig() throws
Exception {
+ ChangePasswordUtil.userLoginId = "fipsAdmin2";
+ ChangePasswordUtil.currentPassword = "Old#1234";
+ ChangePasswordUtil.newPassword = "New#1234";
+ ChangePasswordUtil.defaultPwdChangeRequest = true;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("fipsAdmin2");
+ user.setPassword("dbHash");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("fipsAdmin2")).thenReturn(user);
+
+ RangerAdminConfig cfg = Mockito.mock(RangerAdminConfig.class);
+ Mockito.when(cfg.isFipsEnabled()).thenReturn(true);
+ Field f = util.getClass().getSuperclass().getDeclaredField("config");
+ f.setAccessible(true);
+ f.set(util, cfg);
+
+ Mockito.when(userMgr.encryptWithOlderAlgo("fipsAdmin2",
"Old#1234")).thenReturn("notDbHash");
+
+ Integer status = runAndCaptureExitCode(() ->
util.updateAdminPassword());
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testUpdateAdminPassword_fips_nonDefault_invalid_noUpdate()
throws Exception {
+ Mockito.reset(userMgr);
+ ChangePasswordUtil.userLoginId = "fipsNoUpdate";
+ ChangePasswordUtil.currentPassword = "Old#1234";
+ ChangePasswordUtil.newPassword = "New#1234";
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("fipsNoUpdate");
+ user.setPassword("dbHash");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("fipsNoUpdate")).thenReturn(user);
+
+ RangerAdminConfig cfg = Mockito.mock(RangerAdminConfig.class);
+ Mockito.when(cfg.isFipsEnabled()).thenReturn(true);
+ Field f = util.getClass().getSuperclass().getDeclaredField("config");
+ f.setAccessible(true);
+ f.set(util, cfg);
+
+ Mockito.when(userMgr.isPasswordValid("fipsNoUpdate", "dbHash",
"Old#1234")).thenReturn(false);
+
+ util.updateAdminPassword();
+
+ Mockito.verify(userMgr,
Mockito.never()).updatePasswordInSHA256(Mockito.anyString(),
Mockito.anyString(),
+ Mockito.anyBoolean());
+ }
+
+ @Test
+ public void testUpdateAdminPassword_exception_exits() {
+ ChangePasswordUtil.userLoginId = "exAdmin";
+ ChangePasswordUtil.currentPassword = "Old#1234";
+ ChangePasswordUtil.newPassword = "New#1234";
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("exAdmin");
+ user.setPassword("dbEnc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("exAdmin")).thenReturn(user);
+ Mockito.when(userMgr.encrypt("exAdmin", "Old#1234")).thenThrow(new
RuntimeException("boom"));
+
+ Integer status = runAndCaptureExitCode(() ->
util.updateAdminPassword());
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_fips_default_matches_updates()
throws Exception {
+ Mockito.reset(userMgr);
+ ChangePasswordUtil.userPwdArgs = new String[] {"fipsMultiDef",
"Old#1234", "New#1234"};
+ ChangePasswordUtil.defaultPwdChangeRequest = true;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("fipsMultiDef");
+ user.setPassword("md5hash");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("fipsMultiDef")).thenReturn(user);
+
+ RangerAdminConfig cfg = Mockito.mock(RangerAdminConfig.class);
+ Mockito.when(cfg.isFipsEnabled()).thenReturn(true);
+ Field f = util.getClass().getSuperclass().getDeclaredField("config");
+ f.setAccessible(true);
+ f.set(util, cfg);
+
+ Mockito.when(userMgr.encryptWithOlderAlgo("fipsMultiDef",
"Old#1234")).thenReturn("md5hash");
+
+ util.updateMultiplePasswords();
+
+ Mockito.verify(userMgr).updatePasswordInSHA256("fipsMultiDef",
"New#1234", true);
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_fips_default_mismatch_exits()
throws Exception {
+ ChangePasswordUtil.userPwdArgs = new String[] {"fipsMultiDef2",
"Old#1234", "New#1234"};
+ ChangePasswordUtil.defaultPwdChangeRequest = true;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("fipsMultiDef2");
+ user.setPassword("dbHash");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("fipsMultiDef2")).thenReturn(user);
+
+ RangerAdminConfig cfg = Mockito.mock(RangerAdminConfig.class);
+ Mockito.when(cfg.isFipsEnabled()).thenReturn(true);
+ Field f = util.getClass().getSuperclass().getDeclaredField("config");
+ f.setAccessible(true);
+ f.set(util, cfg);
+
+ Mockito.when(userMgr.encryptWithOlderAlgo("fipsMultiDef2",
"Old#1234")).thenReturn("notDbHash");
+
+ Integer status = runAndCaptureExitCode(() ->
util.updateMultiplePasswords());
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_fips_nonDefault_invalid_noUpdate()
throws Exception {
+ Mockito.reset(userMgr);
+ ChangePasswordUtil.userPwdArgs = new String[] {"fipsNoUpd",
"Old#1234", "New#1234"};
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("fipsNoUpd");
+ user.setPassword("dbHash");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("fipsNoUpd")).thenReturn(user);
+
+ RangerAdminConfig cfg = Mockito.mock(RangerAdminConfig.class);
+ Mockito.when(cfg.isFipsEnabled()).thenReturn(true);
+ Field f = util.getClass().getSuperclass().getDeclaredField("config");
+ f.setAccessible(true);
+ f.set(util, cfg);
+
+ Mockito.when(userMgr.isPasswordValid("fipsNoUpd", "dbHash",
"Old#1234")).thenReturn(false);
+
+ util.updateMultiplePasswords();
+
+ Mockito.verify(userMgr,
Mockito.never()).updatePasswordInSHA256(Mockito.anyString(),
Mockito.anyString(),
+ Mockito.anyBoolean());
+ }
+
+ @Test
+ public void testUpdateMultiplePasswords_exception_exits() {
+ ChangePasswordUtil.userPwdArgs = new String[] {"exMulti", "Old#1234",
"New#1234"};
+ ChangePasswordUtil.defaultPwdChangeRequest = false;
+
+ XXPortalUser user = new XXPortalUser();
+ user.setLoginId("exMulti");
+ user.setPassword("dbEnc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("exMulti")).thenReturn(user);
+ Mockito.when(userMgr.encrypt("exMulti", "Old#1234")).thenThrow(new
RuntimeException("boom"));
+
+ Integer status = runAndCaptureExitCode(() ->
util.updateMultiplePasswords());
+ Assertions.assertEquals(1, status);
+ }
+}
diff --git
a/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestChangeUserNameUtil.java
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestChangeUserNameUtil.java
new file mode 100644
index 000000000..c6a495898
--- /dev/null
+++
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestChangeUserNameUtil.java
@@ -0,0 +1,276 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch.cliutil;
+
+import org.apache.ranger.biz.UserMgr;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXPortalUserDao;
+import org.apache.ranger.entity.XXPortalUser;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.security.Permission;
+
+/**
+ * @generated by Cursor
+ * @description <Unit Test for ChangeUserNameUtil class>
+ */
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class TestChangeUserNameUtil {
+ @Mock
+ RangerDaoManager daoMgr;
+ @Mock
+ UserMgr userMgr;
+ @Mock
+ XXPortalUserDao xXPortalUserDao;
+
+ @InjectMocks
+ private ChangeUserNameUtil util = new ChangeUserNameUtil();
+
+ @Test
+ public void testUpdateUserName_success() throws Exception {
+ ChangeUserNameUtil.userLoginId = "alice";
+ ChangeUserNameUtil.currentPassword = "Pass#123";
+ ChangeUserNameUtil.newUserName = "alice2";
+
+ XXPortalUser existing = new XXPortalUser();
+ existing.setLoginId("alice");
+ existing.setPassword("enc");
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("alice2")).thenReturn(null);
+
Mockito.when(xXPortalUserDao.findByLoginId("alice")).thenReturn(existing);
+ Mockito.when(userMgr.encrypt("alice", "Pass#123")).thenReturn("enc");
+
+ util.updateUserName();
+
+ Mockito.verify(userMgr).updateOldUserName("alice", "alice2",
"Pass#123");
+ }
+
+ @Test
+ public void testUpdateUserName_duplicateNewUserName() {
+ ChangeUserNameUtil.userLoginId = "bob";
+ ChangeUserNameUtil.currentPassword = "Pass#123";
+ ChangeUserNameUtil.newUserName = "existing";
+
+ XXPortalUser dup = new XXPortalUser();
+ dup.setLoginId("existing");
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("existing")).thenReturn(dup);
+
+ runIgnoringSystemExit(() -> util.updateUserName());
+
+ Mockito.verify(userMgr,
Mockito.never()).updateOldUserName(Mockito.anyString(), Mockito.anyString(),
+ Mockito.anyString());
+ }
+
+ @Test
+ public void testUpdateUserName_userNotFound_exit() {
+ ChangeUserNameUtil.userLoginId = "nouser";
+ ChangeUserNameUtil.currentPassword = "Pass#123";
+ ChangeUserNameUtil.newUserName = "newname";
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("newname")).thenReturn(null);
+ Mockito.when(xXPortalUserDao.findByLoginId("nouser")).thenReturn(null);
+
+ runIgnoringSystemExit(() -> util.updateUserName());
+
+ Mockito.verify(userMgr,
Mockito.never()).updateOldUserName(Mockito.anyString(), Mockito.anyString(),
+ Mockito.anyString());
+ }
+
+ @Test
+ public void testUpdateUserName_invalidPassword_exit() throws Exception {
+ ChangeUserNameUtil.userLoginId = "charlie";
+ ChangeUserNameUtil.currentPassword = "wrong";
+ ChangeUserNameUtil.newUserName = "charlie2";
+
+ XXPortalUser existing = new XXPortalUser();
+ existing.setLoginId("charlie");
+ existing.setPassword("enc1");
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("charlie2")).thenReturn(null);
+
Mockito.when(xXPortalUserDao.findByLoginId("charlie")).thenReturn(existing);
+ Mockito.when(userMgr.encrypt("charlie", "wrong")).thenReturn("enc2");
+
+ runIgnoringSystemExit(() -> util.updateUserName());
+
+ Mockito.verify(userMgr,
Mockito.never()).updateOldUserName(Mockito.anyString(), Mockito.anyString(),
+ Mockito.anyString());
+ }
+
+ @Test
+ public void testPrintStats() {
+ util.printStats();
+ }
+
+ @Test
+ public void testInit() throws Exception {
+ util.init();
+ }
+
+ @Test
+ public void testExecLoad_invokesUpdateUserName() {
+ ChangeUserNameUtil.userLoginId = "u1";
+ ChangeUserNameUtil.currentPassword = "p1";
+ ChangeUserNameUtil.newUserName = "u2";
+
+ // Prepare minimal stubs for a successful path
+ XXPortalUser existing = new XXPortalUser();
+ existing.setLoginId("u1");
+ existing.setPassword("enc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId("u2")).thenReturn(null);
+ Mockito.when(xXPortalUserDao.findByLoginId("u1")).thenReturn(existing);
+ Mockito.when(userMgr.encrypt("u1", "p1")).thenReturn("enc");
+
+ util.execLoad();
+
+ Mockito.verify(userMgr).updateOldUserName("u1", "u2", "p1");
+ }
+
+ @Test
+ public void testMain_incorrectArgs_exits() {
+ Integer status = runAndCaptureExitCode(() ->
ChangeUserNameUtil.main(new String[] {"only", "two"}));
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testMain_validArgs_runs() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ ChangeUserNameUtil.main(new String[] {"u", "p", "n"});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_blankLogin_exits() {
+ Integer status = runAndCaptureExitCode(() ->
ChangeUserNameUtil.main(new String[] {"", "p", "n"}));
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testMain_blankCurrent_exits() {
+ Integer status = runAndCaptureExitCode(() ->
ChangeUserNameUtil.main(new String[] {"u", "", "n"}));
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testMain_blankNewUsername_exits() {
+ Integer status = runAndCaptureExitCode(() ->
ChangeUserNameUtil.main(new String[] {"u", "p", ""}));
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testMain_zeroArgs_exits() {
+ Integer status = runAndCaptureExitCode(() ->
ChangeUserNameUtil.main(new String[] {}));
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testMain_fourArgs_exits() {
+ Integer status = runAndCaptureExitCode(() ->
ChangeUserNameUtil.main(new String[] {"a", "b", "c", "d"}));
+ Assertions.assertEquals(1, status);
+ }
+
+ @Test
+ public void testMain_validArgs_exit_withoutSpringContext() {
+ Integer status = runAndCaptureExitCode(() ->
ChangeUserNameUtil.main(new String[] {"u", "p", "n"}));
+ Assertions.assertEquals(1, status);
+ }
+
+ private static void runIgnoringSystemExit(Runnable r) {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ r.run();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ private static Integer runAndCaptureExitCode(Runnable r) {
+ class ExitException extends SecurityException {
+ final int code;
+
+ ExitException(int code) {
+ this.code = code;
+ }
+ }
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new ExitException(status);
+ }
+ });
+ try {
+ r.run();
+ } catch (ExitException e) {
+ return e.code;
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ return null;
+ }
+}
diff --git
a/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestDbToSolrMigrationUtil.java
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestDbToSolrMigrationUtil.java
new file mode 100644
index 000000000..f25b08cde
--- /dev/null
+++
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestDbToSolrMigrationUtil.java
@@ -0,0 +1,380 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch.cliutil;
+
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXAccessAuditDao;
+import org.apache.ranger.entity.XXAccessAudit;
+import org.apache.ranger.entity.XXAccessAuditV4;
+import org.apache.ranger.entity.XXAccessAuditV5;
+import org.apache.solr.client.solrj.SolrClient;
+import org.apache.solr.client.solrj.impl.HttpSolrClient;
+import org.apache.solr.client.solrj.response.UpdateResponse;
+import org.apache.solr.common.SolrInputDocument;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.lang.reflect.Method;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.Permission;
+import java.util.Arrays;
+import java.util.Collections;
+
+/**
+ * @generated by Cursor
+ * @description <Unit Test for DbToSolrMigrationUtil class>
+ */
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class TestDbToSolrMigrationUtil {
+ @Mock
+ RangerDaoManager daoManager;
+ @Mock
+ XXAccessAuditDao xxAccessAuditDao;
+ @Mock
+ SolrClient solrClient;
+ @Mock
+ UpdateResponse updateResponse;
+
+ @InjectMocks
+ private DbToSolrMigrationUtil util = new DbToSolrMigrationUtil();
+
+ @Test
+ public void testSend2solr_v4AndV5AndV6() throws Throwable {
+ DbToSolrMigrationUtil.solrClient = solrClient;
+ Mockito.when(updateResponse.getStatus()).thenReturn(0);
+
Mockito.when(solrClient.add(Mockito.any(SolrInputDocument.class))).thenReturn(updateResponse);
+
+ XXAccessAuditV4 v4 = new XXAccessAuditV4();
+ v4.setId(1L);
+ util.send2solr(v4);
+
+ XXAccessAuditV5 v5 = new XXAccessAuditV5();
+ v5.setId(2L);
+ util.send2solr(v5);
+
+ XXAccessAudit v6 = new XXAccessAudit();
+ v6.setId(3L);
+ util.send2solr(v6);
+
+ Mockito.verify(solrClient,
Mockito.times(3)).add(Mockito.any(SolrInputDocument.class));
+ }
+
+ @Test
+ public void testPrintStats() {
+ util.printStats();
+ }
+
+ @Test
+ public void testInit_noProperties_noThrow() throws Exception {
+ util.init();
+ }
+
+ @Test
+ public void testExecLoad_earlyReturn() {
+
Mockito.when(daoManager.getXXAccessAudit()).thenReturn(xxAccessAuditDao);
+
Mockito.when(xxAccessAuditDao.getMaxIdOfXXAccessAudit()).thenReturn(0L);
+
+ util.execLoad();
+
+ Mockito.verify(xxAccessAuditDao).getMaxIdOfXXAccessAudit();
+ }
+
+ @Test
+ public void testRegisterSolrClientJAAS_viaReflection() throws Exception {
+ Method m =
DbToSolrMigrationUtil.class.getDeclaredMethod("registerSolrClientJAAS");
+ m.setAccessible(true);
+ m.invoke(util);
+ }
+
+ @Test
+ public void testMain_invokesExit() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ DbToSolrMigrationUtil.main(new String[] {});
+ } catch (SecurityException ignored) {
+ }
+ } catch (Exception ignored) {
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testWriteAndReadMigrationStatusFile_viaReflection() throws
Exception {
+ Path tmp = Files.createTempFile("ranger-mig-", ".txt");
+ Method write =
DbToSolrMigrationUtil.class.getDeclaredMethod("writeMigrationStatusFile",
Long.class,
+ String.class);
+ write.setAccessible(true);
+ write.invoke(util, 123L, tmp.toString());
+
+ Method read =
DbToSolrMigrationUtil.class.getDeclaredMethod("readMigrationStatusFile",
String.class);
+ read.setAccessible(true);
+ Object val = read.invoke(util, tmp.toString());
+
+ Assertions.assertEquals(123L, ((Long) val).longValue());
+ }
+
+ @Test
+ public void testMigrateAuditDbLogsToSolr_earlyReturn() {
+
Mockito.when(daoManager.getXXAccessAudit()).thenReturn(xxAccessAuditDao);
+
Mockito.when(xxAccessAuditDao.getMaxIdOfXXAccessAudit()).thenReturn(0L);
+
+ util.migrateAuditDbLogsToSolr();
+
+ Mockito.verify(xxAccessAuditDao).getMaxIdOfXXAccessAudit();
+ }
+
+ @Test
+ public void testCreateSolrClient_withZkHosts_attemptsCloudPath() throws
Exception {
+ try {
+
PropertiesUtil.getPropertiesMap().put(DbToSolrMigrationUtil.SOLR_ZK_HOSTS,
"host1:2181,host2:2181");
+
PropertiesUtil.getPropertiesMap().put(DbToSolrMigrationUtil.SOLR_COLLECTION_NAME,
"ranger_audits");
+
+ Method m =
DbToSolrMigrationUtil.class.getDeclaredMethod("createSolrClient");
+ m.setAccessible(true);
+ Assertions.assertThrows(Exception.class, () -> {
+ try {
+ m.invoke(util);
+ } catch (Throwable t) {
+ if (t instanceof Exception) {
+ throw (Exception) t;
+ }
+ throw new RuntimeException(t);
+ }
+ });
+ } finally {
+
PropertiesUtil.getPropertiesMap().remove(DbToSolrMigrationUtil.SOLR_ZK_HOSTS);
+
PropertiesUtil.getPropertiesMap().remove(DbToSolrMigrationUtil.SOLR_COLLECTION_NAME);
+ }
+ }
+
+ @Test
+ public void testCreateSolrClient_withUrl_returnsHttp() throws Exception {
+ try {
+
PropertiesUtil.getPropertiesMap().put(DbToSolrMigrationUtil.SOLR_URLS_PROP,
"http://localhost:8983/solr";);
+
+ Method m =
DbToSolrMigrationUtil.class.getDeclaredMethod("createSolrClient");
+ m.setAccessible(true);
+ Object client = m.invoke(util);
+
+ Assertions.assertTrue(client instanceof HttpSolrClient);
+ } finally {
+
PropertiesUtil.getPropertiesMap().remove(DbToSolrMigrationUtil.SOLR_URLS_PROP);
+ }
+ }
+
+ @Test
+ public void testReadMigrationStatusFile_nonexistent_returnsZero() throws
Exception {
+ Method read =
DbToSolrMigrationUtil.class.getDeclaredMethod("readMigrationStatusFile",
String.class);
+ read.setAccessible(true);
+ Object val = read.invoke(util, Paths.get("nonexistent-file-" +
System.nanoTime()).toString());
+ Assertions.assertEquals(0L, ((Long) val).longValue());
+ }
+
+ @Test
+ public void testReadMigrationStatusFile_invalidContent_returnsZero()
throws Exception {
+ Path tmp = Files.createTempFile("ranger-mig-invalid-", ".txt");
+ Files.write(tmp, Arrays.asList("abc"));
+ Method read =
DbToSolrMigrationUtil.class.getDeclaredMethod("readMigrationStatusFile",
String.class);
+ read.setAccessible(true);
+ Object val = read.invoke(util, tmp.toString());
+ Assertions.assertEquals(0L, ((Long) val).longValue());
+ }
+
+ @Test
+ public void testSend2solr_v4_nonzeroStatus_throws() throws Exception {
+ DbToSolrMigrationUtil.solrClient = solrClient;
+ Mockito.when(updateResponse.getStatus()).thenReturn(1);
+
Mockito.when(solrClient.add(Mockito.any(SolrInputDocument.class))).thenReturn(updateResponse);
+ XXAccessAuditV4 v4 = new XXAccessAuditV4();
+ v4.setId(11L);
+ Assertions.assertThrows(Exception.class, () -> {
+ try {
+ util.send2solr(v4);
+ } catch (Throwable t) {
+ if (t instanceof Exception) {
+ throw (Exception) t;
+ }
+ throw new RuntimeException(t);
+ }
+ });
+ }
+
+ @Test
+ public void testSend2solr_v5_nonzeroStatus_throws() throws Exception {
+ DbToSolrMigrationUtil.solrClient = solrClient;
+ Mockito.when(updateResponse.getStatus()).thenReturn(1);
+
Mockito.when(solrClient.add(Mockito.any(SolrInputDocument.class))).thenReturn(updateResponse);
+ XXAccessAuditV5 v5 = new XXAccessAuditV5();
+ v5.setId(12L);
+ Assertions.assertThrows(Exception.class, () -> {
+ try {
+ util.send2solr(v5);
+ } catch (Throwable t) {
+ if (t instanceof Exception) {
+ throw (Exception) t;
+ }
+ throw new RuntimeException(t);
+ }
+ });
+ }
+
+ @Test
+ public void testSend2solr_v6_nonzeroStatus_throws() throws Exception {
+ DbToSolrMigrationUtil.solrClient = solrClient;
+ Mockito.when(updateResponse.getStatus()).thenReturn(1);
+
Mockito.when(solrClient.add(Mockito.any(SolrInputDocument.class))).thenReturn(updateResponse);
+ XXAccessAudit v6 = new XXAccessAudit();
+ v6.setId(13L);
+ Assertions.assertThrows(Exception.class, () -> {
+ try {
+ util.send2solr(v6);
+ } catch (Throwable t) {
+ if (t instanceof Exception) {
+ throw (Exception) t;
+ }
+ throw new RuntimeException(t);
+ }
+ });
+ }
+
+ @Test
+ public void testMigrateAuditDbLogsToSolr_v4_success_closesClient() throws
Exception {
+ DbToSolrMigrationUtil.solrClient = solrClient;
+
Mockito.when(daoManager.getXXAccessAudit()).thenReturn(xxAccessAuditDao);
+
Mockito.when(xxAccessAuditDao.getMaxIdOfXXAccessAudit()).thenReturn(1L);
+
Mockito.when(xxAccessAuditDao.getColumnNames(Mockito.anyString())).thenReturn(Collections.emptyList());
+ XXAccessAuditV4 rec = new XXAccessAuditV4();
+ rec.setId(1L);
+ Mockito.when(xxAccessAuditDao.getByIdRangeV4(Mockito.anyLong(),
Mockito.anyLong()))
+ .thenReturn(Collections.singletonList(rec));
+ Mockito.when(updateResponse.getStatus()).thenReturn(0);
+
Mockito.when(solrClient.add(Mockito.any(SolrInputDocument.class))).thenReturn(updateResponse);
+
+ util.migrateAuditDbLogsToSolr();
+
+ Mockito.verify(solrClient,
Mockito.times(1)).add(Mockito.any(SolrInputDocument.class));
+ Mockito.verify(solrClient, Mockito.times(1)).close();
+ Assertions.assertNull(DbToSolrMigrationUtil.solrClient);
+ Files.deleteIfExists(Paths.get("migration_check_file.txt"));
+ }
+
+ @Test
+ public void testMigrateAuditDbLogsToSolr_v4_failure_doesNotCloseClient()
throws Exception {
+ DbToSolrMigrationUtil.solrClient = solrClient;
+
Mockito.when(daoManager.getXXAccessAudit()).thenReturn(xxAccessAuditDao);
+
Mockito.when(xxAccessAuditDao.getMaxIdOfXXAccessAudit()).thenReturn(1L);
+
Mockito.when(xxAccessAuditDao.getColumnNames(Mockito.anyString())).thenReturn(Collections.emptyList());
+ XXAccessAuditV4 rec = new XXAccessAuditV4();
+ rec.setId(1L);
+ Mockito.when(xxAccessAuditDao.getByIdRangeV4(Mockito.anyLong(),
Mockito.anyLong()))
+ .thenReturn(Collections.singletonList(rec));
+ Mockito.when(updateResponse.getStatus()).thenReturn(1);
+
Mockito.when(solrClient.add(Mockito.any(SolrInputDocument.class))).thenReturn(updateResponse);
+
+ util.migrateAuditDbLogsToSolr();
+
+ Mockito.verify(solrClient,
Mockito.times(1)).add(Mockito.any(SolrInputDocument.class));
+ Mockito.verify(solrClient, Mockito.never()).close();
+ Assertions.assertNotNull(DbToSolrMigrationUtil.solrClient);
+ Files.deleteIfExists(Paths.get("migration_check_file.txt"));
+ }
+
+ @Test
+ public void testMigrateAuditDbLogsToSolr_v5_success_closesClient() throws
Exception {
+ DbToSolrMigrationUtil.solrClient = solrClient;
+
Mockito.when(daoManager.getXXAccessAudit()).thenReturn(xxAccessAuditDao);
+
Mockito.when(xxAccessAuditDao.getMaxIdOfXXAccessAudit()).thenReturn(1L);
+ Mockito.when(xxAccessAuditDao.getColumnNames(Mockito.anyString()))
+ .thenReturn(Arrays.asList("seq_num", "event_count",
"event_dur_ms"));
+
+ XXAccessAuditV5 rec = new XXAccessAuditV5();
+ rec.setId(1L);
+ Mockito.when(xxAccessAuditDao.getByIdRangeV5(Mockito.anyLong(),
Mockito.anyLong()))
+ .thenReturn(Collections.singletonList(rec));
+ Mockito.when(updateResponse.getStatus()).thenReturn(0);
+
Mockito.when(solrClient.add(Mockito.any(SolrInputDocument.class))).thenReturn(updateResponse);
+
+ util.migrateAuditDbLogsToSolr();
+
+ Mockito.verify(solrClient,
Mockito.times(1)).add(Mockito.any(SolrInputDocument.class));
+ Mockito.verify(solrClient, Mockito.times(1)).close();
+ Assertions.assertNull(DbToSolrMigrationUtil.solrClient);
+ Files.deleteIfExists(Paths.get("migration_check_file.txt"));
+ }
+
+ @Test
+ public void testMigrateAuditDbLogsToSolr_v6_success_closesClient() throws
Exception {
+ DbToSolrMigrationUtil.solrClient = solrClient;
+
Mockito.when(daoManager.getXXAccessAudit()).thenReturn(xxAccessAuditDao);
+
Mockito.when(xxAccessAuditDao.getMaxIdOfXXAccessAudit()).thenReturn(1L);
+
Mockito.when(xxAccessAuditDao.getColumnNames(Mockito.anyString())).thenReturn(Arrays.asList("tags"));
+
+ XXAccessAudit rec = new XXAccessAudit();
+ rec.setId(1L);
+ Mockito.when(xxAccessAuditDao.getByIdRangeV6(Mockito.anyLong(),
Mockito.anyLong()))
+ .thenReturn(Collections.singletonList(rec));
+ Mockito.when(updateResponse.getStatus()).thenReturn(0);
+
Mockito.when(solrClient.add(Mockito.any(SolrInputDocument.class))).thenReturn(updateResponse);
+
+ util.migrateAuditDbLogsToSolr();
+
+ Mockito.verify(solrClient,
Mockito.times(1)).add(Mockito.any(SolrInputDocument.class));
+ Mockito.verify(solrClient, Mockito.times(1)).close();
+ Assertions.assertNull(DbToSolrMigrationUtil.solrClient);
+ Files.deleteIfExists(Paths.get("migration_check_file.txt"));
+ }
+
+ @Test
+ public void testMigrateAuditDbLogsToSolr_alreadyMigrated_returnsEarly()
throws Exception {
+
Mockito.when(daoManager.getXXAccessAudit()).thenReturn(xxAccessAuditDao);
+
Mockito.when(xxAccessAuditDao.getMaxIdOfXXAccessAudit()).thenReturn(5L);
+
+ // Simulate already migrated status
+ Path tmp = Paths.get("migration_check_file.txt");
+ Files.write(tmp, Collections.singletonList("5"));
+
+ util.migrateAuditDbLogsToSolr();
+
+ // No interactions with solrClient expected
+ Mockito.verifyNoInteractions(solrClient);
+ Files.deleteIfExists(tmp);
+ }
+}
diff --git
a/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestMetricUtil.java
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestMetricUtil.java
new file mode 100644
index 000000000..fa0ce8688
--- /dev/null
+++
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestMetricUtil.java
@@ -0,0 +1,233 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch.cliutil;
+
+import org.apache.ranger.biz.AssetMgr;
+import org.apache.ranger.biz.RangerBizUtil;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.PList;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.view.VXAccessAuditList;
+import org.apache.ranger.view.VXGroupList;
+import org.apache.ranger.view.VXUserList;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+/**
+* @generated by Cursor
+* @description <Unit Test for MetricUtil class>
+*/
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class TestMetricUtil {
+ @Mock
+ XUserMgr xUserMgr;
+ @Mock
+ AssetMgr assetMgr;
+ @Mock
+ ServiceDBStore svcStore;
+ @Mock
+ RangerBizUtil xaBizUtil;
+ @Mock
+ RESTErrorUtil restErrorUtil;
+
+ @InjectMocks
+ private MetricUtil metricUtil = new MetricUtil();
+
+ @Test
+ public void testExecLoad_usergroup() {
+ MetricUtil.metricType = "usergroup";
+
+ VXGroupList groups = new VXGroupList();
+ groups.setTotalCount(3L);
+
Mockito.when(xUserMgr.searchXGroups(Mockito.any(SearchCriteria.class))).thenReturn(groups);
+
+ VXUserList users = new VXUserList();
+ users.setTotalCount(5L);
+
Mockito.when(xUserMgr.searchXUsers(Mockito.any(SearchCriteria.class))).thenReturn(users);
+
+ metricUtil.execLoad();
+
+
Mockito.verify(xUserMgr).searchXGroups(Mockito.any(SearchCriteria.class));
+ Mockito.verify(xUserMgr,
Mockito.atLeastOnce()).searchXUsers(Mockito.any(SearchCriteria.class));
+ }
+
+ @Test
+ public void testExecLoad_audits() throws Exception {
+ MetricUtil.metricType = "audits";
+
+ RangerServiceDef def = new RangerServiceDef();
+ def.setId(1L);
+ def.setName("hdfs");
+ PList<RangerServiceDef> defs = new PList<>();
+ defs.setList(Collections.singletonList(def));
+ defs.setTotalCount(1L);
+
Mockito.when(svcStore.getPaginatedServiceDefs(Mockito.any(SearchFilter.class))).thenReturn(defs);
+
+ VXAccessAuditList allowed = new VXAccessAuditList();
+ allowed.setTotalCount(10L);
+ VXAccessAuditList denied = new VXAccessAuditList();
+ denied.setTotalCount(2L);
+
Mockito.when(assetMgr.getAccessLogs(Mockito.any(SearchCriteria.class))).thenReturn(denied).thenReturn(allowed);
+
+ // Date parsing is delegated to RESTErrorUtil; return the input date
+ ArgumentCaptor<String> df = ArgumentCaptor.forClass(String.class);
+ Mockito.when(restErrorUtil.parseDate(df.capture(),
Mockito.anyString(), Mockito.any(MessageEnums.class),
+ Mockito.isNull(), Mockito.anyString(),
Mockito.anyString())).thenAnswer(inv -> {
+ String s = (String) inv.getArguments()[0];
+ DateFormat f = new SimpleDateFormat("MM/dd/yyyy");
+ return f.parse(s);
+ });
+
+ metricUtil.execLoad();
+
+ Mockito.verify(svcStore,
Mockito.atLeastOnce()).getPaginatedServiceDefs(Mockito.any(SearchFilter.class));
+ Mockito.verify(assetMgr,
Mockito.atLeast(2)).getAccessLogs(Mockito.any(SearchCriteria.class));
+ }
+
+ @Test
+ public void testExecLoad_services() throws Exception {
+ MetricUtil.metricType = "services";
+
+ RangerService svc1 = new RangerService();
+ svc1.setType("hdfs");
+ RangerService svc2 = new RangerService();
+ svc2.setType("hive");
+ PList<RangerService> page = new PList<>();
+ page.setList(Arrays.asList(svc1, svc2));
+ page.setTotalCount(3L);
+
Mockito.when(svcStore.getPaginatedServices(Mockito.any(SearchFilter.class))).thenReturn(page);
+
+ PList<RangerService> countHdfs = new PList<>();
+ countHdfs.setTotalCount(2L);
+ countHdfs.setList(Collections.singletonList(svc1));
+ PList<RangerService> countHive = new PList<>();
+ countHive.setTotalCount(1L);
+ countHive.setList(Collections.singletonList(svc2));
+ Mockito.when(svcStore
+ .getPaginatedServices(Mockito.argThat(f -> f != null &&
f.getParam("serviceType") != null &&
"hdfs".equals(String.valueOf(f.getParam("serviceType"))))))
+ .thenReturn(countHdfs);
+ Mockito.when(svcStore
+ .getPaginatedServices(Mockito.argThat(f -> f != null &&
f.getParam("serviceType") != null &&
"hive".equals(String.valueOf(f.getParam("serviceType"))))))
+ .thenReturn(countHive);
+
+ metricUtil.execLoad();
+
+ Mockito.verify(svcStore,
Mockito.atLeast(3)).getPaginatedServices(Mockito.any(SearchFilter.class));
+ }
+
+ @Test
+ public void testExecLoad_policies() throws Exception {
+ MetricUtil.metricType = "policies";
+
+ // services used by getVXMetricServiceCount
+ RangerService svc = new RangerService();
+ svc.setType("hdfs");
+ PList<RangerService> svcList = new PList<>();
+ svcList.setList(Collections.singletonList(svc));
+ svcList.setTotalCount(1L);
+
Mockito.when(svcStore.getPaginatedServices(Mockito.any(SearchFilter.class))).thenReturn(svcList);
+
+ // policies list total counts per filter
+ PList<RangerPolicy> policies = new PList<>();
+ policies.setTotalCount(4L);
+ policies.setList(new ArrayList<RangerPolicy>());
+
Mockito.when(svcStore.getPaginatedPolicies(Mockito.any(SearchFilter.class))).thenReturn(policies);
+
+ metricUtil.execLoad();
+
+ Mockito.verify(svcStore,
Mockito.atLeast(1)).getPaginatedPolicies(Mockito.any(SearchFilter.class));
+ }
+
+ @Test
+ public void testExecLoad_database() {
+ MetricUtil.metricType = "database";
+
+ Mockito.when(xaBizUtil.getDBVersion()).thenReturn("12.1");
+ metricUtil.execLoad();
+
+ Mockito.verify(xaBizUtil).getDBVersion();
+ }
+
+ @Test
+ public void testExecLoad_contextEnrichers() throws Exception {
+ MetricUtil.metricType = "contextenrichers";
+
+ RangerServiceDef def = new RangerServiceDef();
+ def.setId(1L);
+ def.setName("hdfs");
+ RangerServiceDef.RangerContextEnricherDef enricher = new
RangerServiceDef.RangerContextEnricherDef();
+ List<RangerServiceDef.RangerContextEnricherDef> enrichers = new
ArrayList<>();
+ enrichers.add(enricher);
+ def.setContextEnrichers(enrichers);
+ PList<RangerServiceDef> defs = new PList<>();
+ defs.setList(Collections.singletonList(def));
+ defs.setTotalCount(1L);
+
Mockito.when(svcStore.getPaginatedServiceDefs(Mockito.any(SearchFilter.class))).thenReturn(defs);
+
+ metricUtil.execLoad();
+
+
Mockito.verify(svcStore).getPaginatedServiceDefs(Mockito.any(SearchFilter.class));
+ }
+
+ @Test
+ public void testExecLoad_denyconditions() throws Exception {
+ MetricUtil.metricType = "denyconditions";
+
+ RangerServiceDef def = new RangerServiceDef();
+ def.setId(1L);
+ def.setName("hdfs");
+ PList<RangerServiceDef> defs = new PList<>();
+ defs.setList(Collections.singletonList(def));
+ defs.setTotalCount(1L);
+
Mockito.when(svcStore.getPaginatedServiceDefs(Mockito.any(SearchFilter.class))).thenReturn(defs);
+
+ RangerPolicy policy = new RangerPolicy();
+ policy.setDenyPolicyItems(Collections.singletonList(new
RangerPolicy.RangerPolicyItem()));
+ policy.setDenyExceptions(Collections.singletonList(new
RangerPolicy.RangerPolicyItem()));
+ PList<RangerPolicy> policyList = new PList<>();
+ policyList.setList(Collections.singletonList(policy));
+ policyList.setTotalCount(1L);
+
Mockito.when(svcStore.getPaginatedPolicies(Mockito.any(SearchFilter.class))).thenReturn(policyList);
+
+ metricUtil.execLoad();
+
+ Mockito.verify(svcStore,
Mockito.atLeast(1)).getPaginatedServiceDefs(Mockito.any(SearchFilter.class));
+ }
+}
diff --git
a/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
index 4d5d67b31..fb0b6f30f 100644
---
a/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
+++
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
@@ -28,22 +28,27 @@
import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.VXUser;
import org.apache.ranger.view.VXUserList;
-import org.junit.FixMethodOrder;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.MethodSorters;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
-import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.junit.jupiter.MockitoExtension;
+import java.security.Permission;
import java.util.ArrayList;
import java.util.List;
-import static org.junit.Assert.fail;
+import static org.junit.jupiter.api.Assertions.fail;
-@RunWith(MockitoJUnitRunner.class)
-@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+/**
+ * @generated by Cursor
+ * @description <Unit Test for RoleBasedUserSearchUtil class>
+ */
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
public class TestRoleBasedUserSearchUtil {
@Mock
XUserService xUserService;
@@ -55,7 +60,7 @@ public class TestRoleBasedUserSearchUtil {
UserMgr userMgr;
@Mock
- XUserMgr xUserMgr;
+ XUserMgr xUserMgr;
@Mock
XXPortalUserDao xXPortalUserDao;
@@ -90,20 +95,53 @@ public void testGetUsersBasedOnRole() {
}
}
+ @Test
+ public void testGetUsersBasedOnRole_emptyMaps_exits() {
+ List<String> userRoleList = new ArrayList<>();
+ userRoleList.add(RangerConstants.ROLE_USER);
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByRole(RangerConstants.ROLE_USER)).thenReturn(new
ArrayList<>());
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList);
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+
+ Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_USER);
+ }
+
@Test
public void testValidateUserAndFetchUserList() {
+ RoleBasedUserSearchUtil.checkRole = true;
+ RoleBasedUserSearchUtil.userRole = "";
+
List<String> permissionList = new ArrayList<>();
permissionList.add(RangerConstants.MODULE_USER_GROUPS);
- String currentEncryptedPassword = "testpassword";
- XXPortalUser xxPortalUser = new XXPortalUser();
+ String currentEncryptedPassword = "testpassword";
+ XXPortalUser xxPortalUser = new XXPortalUser();
xxPortalUser.setId(1L);
xxPortalUser.setLoginId("testUser");
xxPortalUser.setPassword("testpassword");
xxPortalUser.setFirstName("testUser");
VXUser vxUser = new VXUser();
vxUser.setId(1L);
- VXUserList vXUserList = new VXUserList();
- List<VXUser> vXUsers = new ArrayList<>();
+ VXUserList vXUserList = new VXUserList();
+ List<VXUser> vXUsers = new ArrayList<>();
vXUsers.add(vxUser);
vXUserList.setVXUsers(vXUsers);
@@ -118,7 +156,8 @@ public void testValidateUserAndFetchUserList() {
Mockito.when(xXPortalUserDao.findByLoginId(Mockito.anyString())).thenReturn(xxPortalUser);
Mockito.when(xUserService.getXUserByUserName(xxPortalUser.getLoginId())).thenReturn(vxUser);
Mockito.when(daoMgr.getXXModuleDef()).thenReturn(xXModuleDefDao);
-
Mockito.when(xXModuleDefDao.findAccessibleModulesByUserId(Mockito.anyLong(),
Mockito.anyLong())).thenReturn(permissionList);
+
Mockito.when(xXModuleDefDao.findAccessibleModulesByUserId(Mockito.anyLong(),
Mockito.anyLong()))
+ .thenReturn(permissionList);
Mockito.when(userMgr.encrypt(Mockito.anyString(),
Mockito.anyString())).thenReturn(currentEncryptedPassword);
Mockito.when(xXPortalUserDao.findByRole(Mockito.anyString())).thenReturn(listXXPortalUser);
@@ -131,4 +170,602 @@ public void testValidateUserAndFetchUserList() {
Mockito.verify(userMgr).encrypt(Mockito.anyString(),
Mockito.anyString());
Mockito.verify(xXPortalUserDao,
Mockito.atLeast(2)).findByRole(Mockito.anyString());
}
+
+ @Test
+ public void testPrintStats() {
+ roleBasedUserSearchUtil.printStats();
+ }
+
+ @Test
+ public void testInit() throws Exception {
+ roleBasedUserSearchUtil.init();
+ }
+
+ @Test
+ public void testExecLoad_callsValidateUserAndFetchUserList() {
+ RoleBasedUserSearchUtil spy = Mockito.spy(roleBasedUserSearchUtil);
+ Mockito.doNothing().when(spy).validateUserAndFetchUserList();
+ spy.execLoad();
+ Mockito.verify(spy).validateUserAndFetchUserList();
+ }
+
+ @Test
+ public void testMain_incorrectArgs_exits() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ RoleBasedUserSearchUtil.main(new String[] {"onlyOne"});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_invalidRole_exits() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ RoleBasedUserSearchUtil.main(new String[] {"u", "p",
"not_a_role"});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_blankLogin_exits() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ RoleBasedUserSearchUtil.main(new String[] {"", "p"});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testValidateUserAndFetchUserList_userNotFound_exits() {
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId(Mockito.anyString())).thenReturn(null);
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ roleBasedUserSearchUtil.validateUserAndFetchUserList();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testValidateUserAndFetchUserList_invalidPassword_exits() {
+ XXPortalUser xxPortalUser = new XXPortalUser();
+ xxPortalUser.setId(1L);
+ xxPortalUser.setLoginId("testUser");
+ xxPortalUser.setPassword("enc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId(Mockito.anyString())).thenReturn(xxPortalUser);
+ Mockito.when(userMgr.encrypt(Mockito.anyString(),
Mockito.anyString())).thenReturn("other");
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ roleBasedUserSearchUtil.validateUserAndFetchUserList();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testValidateUserAndFetchUserList_permissionDenied_exits() {
+ XXPortalUser xxPortalUser = new XXPortalUser();
+ xxPortalUser.setId(1L);
+ xxPortalUser.setLoginId("testUser");
+ xxPortalUser.setPassword("enc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId(Mockito.anyString())).thenReturn(xxPortalUser);
+ Mockito.when(userMgr.encrypt(Mockito.anyString(),
Mockito.anyString())).thenReturn("enc");
+ VXUser vxUser = new VXUser();
+ vxUser.setId(10L);
+ List<String> roles = new ArrayList<>();
+ roles.add(RangerConstants.ROLE_USER);
+ vxUser.setUserRoleList(roles);
+ XUserService xUserServiceMock = Mockito.mock(XUserService.class);
+ roleBasedUserSearchUtil.xUserService = xUserServiceMock;
+
Mockito.when(xUserServiceMock.getXUserByUserName(Mockito.anyString())).thenReturn(vxUser);
+
Mockito.when(daoMgr.getXXModuleDef()).thenReturn(Mockito.mock(XXModuleDefDao.class));
+
Mockito.when(daoMgr.getXXModuleDef().findAccessibleModulesByUserId(Mockito.anyLong(),
Mockito.anyLong()))
+ .thenReturn(new ArrayList<>());
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ roleBasedUserSearchUtil.validateUserAndFetchUserList();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testValidateUserAndFetchUserList_notAuthorized_exits() {
+ // existing role: ROLE_USER, requested role: ROLE_KEY_ADMIN with
checkRole=false
+ RoleBasedUserSearchUtil.userRole = RangerConstants.ROLE_KEY_ADMIN;
+ RoleBasedUserSearchUtil.checkRole = false;
+
+ XXPortalUser xxPortalUser = new XXPortalUser();
+ xxPortalUser.setId(1L);
+ xxPortalUser.setLoginId("testUser");
+ xxPortalUser.setPassword("enc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId(Mockito.anyString())).thenReturn(xxPortalUser);
+ Mockito.when(userMgr.encrypt(Mockito.anyString(),
Mockito.anyString())).thenReturn("enc");
+ VXUser vxUser = new VXUser();
+ vxUser.setId(10L);
+ List<String> roles = new ArrayList<>();
+ roles.add(RangerConstants.ROLE_USER);
+ vxUser.setUserRoleList(roles);
+ XUserService xUserServiceMock = Mockito.mock(XUserService.class);
+ roleBasedUserSearchUtil.xUserService = xUserServiceMock;
+
Mockito.when(xUserServiceMock.getXUserByUserName(Mockito.anyString())).thenReturn(vxUser);
+ XXModuleDefDao moduleDao = Mockito.mock(XXModuleDefDao.class);
+ Mockito.when(daoMgr.getXXModuleDef()).thenReturn(moduleDao);
+ List<String> permissionList = new ArrayList<>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+
Mockito.when(moduleDao.findAccessibleModulesByUserId(Mockito.anyLong(),
Mockito.anyLong()))
+ .thenReturn(permissionList);
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ roleBasedUserSearchUtil.validateUserAndFetchUserList();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_blankCurrent_exits() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ RoleBasedUserSearchUtil.main(new String[] {"u", ""});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void
testValidateUserAndFetchUserList_keyAdmin_checkRoleFalse_authorized() {
+ RoleBasedUserSearchUtil.userRole = RangerConstants.ROLE_KEY_ADMIN;
+ RoleBasedUserSearchUtil.checkRole = false;
+ RoleBasedUserSearchUtil.userLoginId = "ka";
+ RoleBasedUserSearchUtil.currentPassword = "p";
+
+ XXPortalUser xxPortalUser = new XXPortalUser();
+ xxPortalUser.setId(5L);
+ xxPortalUser.setLoginId("ka");
+ xxPortalUser.setPassword("enc");
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("ka")).thenReturn(xxPortalUser);
+ Mockito.when(userMgr.encrypt("ka", "p")).thenReturn("enc");
+
+ VXUser vxUser = new VXUser();
+ vxUser.setId(55L);
+ List<String> roles = new ArrayList<>();
+ roles.add(RangerConstants.ROLE_KEY_ADMIN);
+ vxUser.setUserRoleList(roles);
+ Mockito.when(xUserService.getXUserByUserName("ka")).thenReturn(vxUser);
+
+ XXModuleDefDao xXModuleDefDao = Mockito.mock(XXModuleDefDao.class);
+ Mockito.when(daoMgr.getXXModuleDef()).thenReturn(xXModuleDefDao);
+ List<String> permissionList = new ArrayList<>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+ Mockito.when(xXModuleDefDao.findAccessibleModulesByUserId(5L,
55L)).thenReturn(permissionList);
+
+ RoleBasedUserSearchUtil spy = Mockito.spy(roleBasedUserSearchUtil);
+ Mockito.doNothing().when(spy).getUsersBasedOnRole(Mockito.anyList());
+
+ spy.validateUserAndFetchUserList();
+
+ Mockito.verify(spy).getUsersBasedOnRole(
+ Mockito.argThat(list -> list.size() == 1 &&
RangerConstants.ROLE_KEY_ADMIN.equals(list.get(0))));
+ }
+
+ @Test
+ public void testMain_validArgs_twoParams_runs() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ RoleBasedUserSearchUtil.main(new String[] {"u", "p"});
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testMain_validArgs_threeParams_validRole_runs() {
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ RoleBasedUserSearchUtil.main(new String[] {"u", "p",
RangerConstants.ROLE_USER });
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void
testValidateUserAndFetchUserList_roleUser_checkRoleTrue_invokesGetUsersBasedOnRole()
{
+ RoleBasedUserSearchUtil.checkRole = true;
+ RoleBasedUserSearchUtil.userLoginId = "user1";
+ RoleBasedUserSearchUtil.currentPassword = "p";
+
+ XXPortalUser xxPortalUser = new XXPortalUser();
+ xxPortalUser.setId(11L);
+ xxPortalUser.setLoginId("user1");
+ xxPortalUser.setPassword("enc");
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("user1")).thenReturn(xxPortalUser);
+ Mockito.when(userMgr.encrypt("user1", "p")).thenReturn("enc");
+
+ VXUser vxUser = new VXUser();
+ vxUser.setId(21L);
+ List<String> roles = new ArrayList<>();
+ roles.add(RangerConstants.ROLE_USER);
+ vxUser.setUserRoleList(roles);
+
Mockito.when(xUserService.getXUserByUserName("user1")).thenReturn(vxUser);
+
+ XXModuleDefDao xXModuleDefDao = Mockito.mock(XXModuleDefDao.class);
+ Mockito.when(daoMgr.getXXModuleDef()).thenReturn(xXModuleDefDao);
+ List<String> permissionList = new ArrayList<>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+ Mockito.when(xXModuleDefDao.findAccessibleModulesByUserId(11L,
21L)).thenReturn(permissionList);
+
+ RoleBasedUserSearchUtil spy = Mockito.spy(roleBasedUserSearchUtil);
+ Mockito.doNothing().when(spy).getUsersBasedOnRole(Mockito.anyList());
+
+ spy.validateUserAndFetchUserList();
+
+ Mockito.verify(spy).getUsersBasedOnRole(
+ Mockito.argThat(list -> list.size() == 1 &&
RangerConstants.ROLE_USER.equals(list.get(0))));
+ }
+
+ @Test
+ public void
testValidateUserAndFetchUserList_roleSysAdmin_checkRoleTrue_invokesGetUsersBasedOnRoleWithThreeRoles()
{
+ RoleBasedUserSearchUtil.checkRole = true;
+ RoleBasedUserSearchUtil.userLoginId = "admin1";
+ RoleBasedUserSearchUtil.currentPassword = "p";
+
+ XXPortalUser xxPortalUser = new XXPortalUser();
+ xxPortalUser.setId(31L);
+ xxPortalUser.setLoginId("admin1");
+ xxPortalUser.setPassword("enc");
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("admin1")).thenReturn(xxPortalUser);
+ Mockito.when(userMgr.encrypt("admin1", "p")).thenReturn("enc");
+
+ VXUser vxUser = new VXUser();
+ vxUser.setId(41L);
+ List<String> roles = new ArrayList<>();
+ roles.add(RangerConstants.ROLE_SYS_ADMIN);
+ vxUser.setUserRoleList(roles);
+
Mockito.when(xUserService.getXUserByUserName("admin1")).thenReturn(vxUser);
+
+ XXModuleDefDao xXModuleDefDao = Mockito.mock(XXModuleDefDao.class);
+ Mockito.when(daoMgr.getXXModuleDef()).thenReturn(xXModuleDefDao);
+ List<String> permissionList = new ArrayList<>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+ Mockito.when(xXModuleDefDao.findAccessibleModulesByUserId(31L,
41L)).thenReturn(permissionList);
+
+ RoleBasedUserSearchUtil spy = Mockito.spy(roleBasedUserSearchUtil);
+ Mockito.doNothing().when(spy).getUsersBasedOnRole(Mockito.anyList());
+
+ spy.validateUserAndFetchUserList();
+
+ Mockito.verify(spy).getUsersBasedOnRole(Mockito.argThat(list ->
list.size() == 3
+ && list.contains(RangerConstants.ROLE_SYS_ADMIN) &&
list.contains(RangerConstants.ROLE_ADMIN_AUDITOR)
+ && list.contains(RangerConstants.ROLE_USER)));
+ }
+
+ @Test
+ public void
testValidateUserAndFetchUserList_adminAuditor_checkRoleFalse_requestedSame_invokesGetUsersBasedOnRole()
{
+ RoleBasedUserSearchUtil.userRole = RangerConstants.ROLE_ADMIN_AUDITOR;
+ RoleBasedUserSearchUtil.checkRole = false;
+ RoleBasedUserSearchUtil.userLoginId = "aud";
+ RoleBasedUserSearchUtil.currentPassword = "p";
+
+ XXPortalUser xxPortalUser = new XXPortalUser();
+ xxPortalUser.setId(61L);
+ xxPortalUser.setLoginId("aud");
+ xxPortalUser.setPassword("enc");
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("aud")).thenReturn(xxPortalUser);
+ Mockito.when(userMgr.encrypt("aud", "p")).thenReturn("enc");
+
+ VXUser vxUser = new VXUser();
+ vxUser.setId(71L);
+ List<String> roles = new ArrayList<>();
+ roles.add(RangerConstants.ROLE_ADMIN_AUDITOR);
+ vxUser.setUserRoleList(roles);
+
Mockito.when(xUserService.getXUserByUserName("aud")).thenReturn(vxUser);
+
+ XXModuleDefDao moduleDao = Mockito.mock(XXModuleDefDao.class);
+ Mockito.when(daoMgr.getXXModuleDef()).thenReturn(moduleDao);
+ List<String> permissionList = new ArrayList<>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+ Mockito.when(moduleDao.findAccessibleModulesByUserId(61L,
71L)).thenReturn(permissionList);
+
+ RoleBasedUserSearchUtil spy = Mockito.spy(roleBasedUserSearchUtil);
+ Mockito.doNothing().when(spy).getUsersBasedOnRole(Mockito.anyList());
+
+ spy.validateUserAndFetchUserList();
+
+ Mockito.verify(spy).getUsersBasedOnRole(
+ Mockito.argThat(list -> list.size() == 1 &&
RangerConstants.ROLE_ADMIN_AUDITOR.equals(list.get(0))));
+ }
+
+ @Test
+ public void
testValidateUserAndFetchUserList_keyAdmin_checkRoleTrue_invokesGetUsersBasedOnRoleWithThreeRoles()
{
+ RoleBasedUserSearchUtil.userRole = "";
+ RoleBasedUserSearchUtil.checkRole = true;
+ RoleBasedUserSearchUtil.userLoginId = "k1";
+ RoleBasedUserSearchUtil.currentPassword = "p";
+
+ XXPortalUser xxPortalUser = new XXPortalUser();
+ xxPortalUser.setId(81L);
+ xxPortalUser.setLoginId("k1");
+ xxPortalUser.setPassword("enc");
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("k1")).thenReturn(xxPortalUser);
+ Mockito.when(userMgr.encrypt("k1", "p")).thenReturn("enc");
+
+ VXUser vxUser = new VXUser();
+ vxUser.setId(91L);
+ List<String> roles = new ArrayList<>();
+ roles.add(RangerConstants.ROLE_KEY_ADMIN);
+ vxUser.setUserRoleList(roles);
+ Mockito.when(xUserService.getXUserByUserName("k1")).thenReturn(vxUser);
+
+ XXModuleDefDao moduleDao = Mockito.mock(XXModuleDefDao.class);
+ Mockito.when(daoMgr.getXXModuleDef()).thenReturn(moduleDao);
+ List<String> permissionList = new ArrayList<>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+ Mockito.when(moduleDao.findAccessibleModulesByUserId(81L,
91L)).thenReturn(permissionList);
+
+ RoleBasedUserSearchUtil spy = Mockito.spy(roleBasedUserSearchUtil);
+ Mockito.doNothing().when(spy).getUsersBasedOnRole(Mockito.anyList());
+
+ spy.validateUserAndFetchUserList();
+
+ Mockito.verify(spy).getUsersBasedOnRole(Mockito.argThat(list ->
list.size() == 3
+ && list.contains(RangerConstants.ROLE_KEY_ADMIN)
+ && list.contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) &&
list.contains(RangerConstants.ROLE_USER)));
+ }
+
+ @Test
+ public void testValidateUserAndFetchUserList_encryptThrows_exits() {
+ RoleBasedUserSearchUtil.userLoginId = "u1";
+ RoleBasedUserSearchUtil.currentPassword = "p";
+
+ XXPortalUser xxPortalUser = new XXPortalUser();
+ xxPortalUser.setId(101L);
+ xxPortalUser.setLoginId("u1");
+ xxPortalUser.setPassword("enc");
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByLoginId("u1")).thenReturn(xxPortalUser);
+ Mockito.when(userMgr.encrypt("u1", "p")).thenThrow(new
RuntimeException("boom"));
+
+ SecurityManager originalSm = System.getSecurityManager();
+ try {
+ System.setSecurityManager(new SecurityManager() {
+ @Override
+ public void checkPermission(Permission perm) {
+ }
+
+ @Override
+ public void checkExit(int status) {
+ throw new SecurityException("Intercepted System.exit(" +
status + ")");
+ }
+ });
+ try {
+ roleBasedUserSearchUtil.validateUserAndFetchUserList();
+ } catch (SecurityException ignored) {
+ }
+ } finally {
+ System.setSecurityManager(originalSm);
+ }
+ }
+
+ @Test
+ public void testGetUsersBasedOnRole_populatesAllRoleMaps_noExit() {
+ List<String> roles = new ArrayList<>();
+ roles.add(RangerConstants.ROLE_SYS_ADMIN);
+ roles.add(RangerConstants.ROLE_ADMIN_AUDITOR);
+ roles.add(RangerConstants.ROLE_KEY_ADMIN);
+ roles.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR);
+ roles.add(RangerConstants.ROLE_USER);
+
+ XXPortalUser u1 = new XXPortalUser();
+ u1.setLoginId("u1");
+ XXPortalUser u2 = new XXPortalUser();
+ u2.setLoginId("u2");
+ XXPortalUser u3 = new XXPortalUser();
+ u3.setLoginId("u3");
+ XXPortalUser u4 = new XXPortalUser();
+ u4.setLoginId("u4");
+ XXPortalUser u5 = new XXPortalUser();
+ u5.setLoginId("u5");
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+
Mockito.when(xXPortalUserDao.findByRole(RangerConstants.ROLE_SYS_ADMIN))
+ .thenReturn(new ArrayList<XXPortalUser>() {
+ {
+ add(u1);
+ }
+ });
+
Mockito.when(xXPortalUserDao.findByRole(RangerConstants.ROLE_ADMIN_AUDITOR))
+ .thenReturn(new ArrayList<XXPortalUser>() {
+ {
+ add(u2);
+ }
+ });
+
Mockito.when(xXPortalUserDao.findByRole(RangerConstants.ROLE_KEY_ADMIN))
+ .thenReturn(new ArrayList<XXPortalUser>() {
+ {
+ add(u3);
+ }
+ });
+
Mockito.when(xXPortalUserDao.findByRole(RangerConstants.ROLE_KEY_ADMIN_AUDITOR))
+ .thenReturn(new ArrayList<XXPortalUser>() {
+ {
+ add(u4);
+ }
+ });
+
Mockito.when(xXPortalUserDao.findByRole(RangerConstants.ROLE_USER)).thenReturn(new
ArrayList<XXPortalUser>() {
+ {
+ add(u5);
+ }
+ });
+
+ roleBasedUserSearchUtil.getUsersBasedOnRole(roles);
+
+
Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_ADMIN);
+
Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_ADMIN_AUDITOR);
+
Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_KEY_ADMIN);
+
Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_KEY_ADMIN_AUDITOR);
+ Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_USER);
+ }
+
+ @Test
+ public void testGetUsersBasedOnRole_exceptionCaught_noThrow() {
+ List<String> roles = new ArrayList<>();
+ roles.add(RangerConstants.ROLE_USER);
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenThrow(new
RuntimeException("boom"));
+
+ roleBasedUserSearchUtil.getUsersBasedOnRole(roles);
+ }
}
diff --git
a/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestTrxLogV2MigrationUtil.java
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestTrxLogV2MigrationUtil.java
new file mode 100644
index 000000000..1422aaad3
--- /dev/null
+++
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestTrxLogV2MigrationUtil.java
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch.cliutil;
+
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXTrxLogV2Dao;
+import org.apache.ranger.entity.XXTrxLog;
+import org.apache.ranger.entity.XXTrxLogV2;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionStatus;
+
+import javax.persistence.EntityManager;
+import javax.persistence.Query;
+import javax.persistence.TypedQuery;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+
+/**
+* @generated by Cursor
+* @description <Unit Test for TrxLogV2MigrationUtil class>
+*/
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class TestTrxLogV2MigrationUtil {
+ @Mock
+ RangerDaoManager daoMgr;
+ @Mock
+ EntityManager entityManager;
+ @Mock
+ XXTrxLogV2Dao xXTrxLogV2Dao;
+ @Mock
+ TypedQuery<String> namedQuery;
+ @Mock
+ TypedQuery<Object[]> objectArrayNamedQuery;
+ @Mock
+ Query nativeQuery;
+ @Mock
+ PlatformTransactionManager txManager;
+ @Mock
+ TransactionStatus txStatus;
+
+ @InjectMocks
+ private TrxLogV2MigrationUtil util = new TrxLogV2MigrationUtil();
+
+ @Test
+ public void testCreateTrxLogAndToJsonMapping() throws Exception {
+ XXTrxLog v1 = new XXTrxLog();
+ v1.setId(100L);
+ v1.setCreateTime(new Date());
+ v1.setAddedByUserId(1L);
+ v1.setObjectClassType(8);
+ v1.setObjectId(5L);
+ v1.setObjectName("obj");
+ v1.setParentObjectClassType(0);
+ v1.setParentObjectId(0L);
+ v1.setParentObjectName("-");
+ v1.setAttributeName("a");
+ v1.setPreviousValue("b");
+ v1.setNewValue("c");
+ v1.setTransactionId("t1");
+ v1.setAction("create");
+ v1.setRequestId("req");
+ v1.setSessionId("sid");
+ v1.setSessionType("ui");
+
+ Mockito.when(daoMgr.getXXTrxLogV2()).thenReturn(xXTrxLogV2Dao);
+ Mockito.when(daoMgr.getEntityManager()).thenReturn(entityManager);
+
Mockito.when(entityManager.createNativeQuery(Mockito.anyString())).thenReturn(nativeQuery);
+
Mockito.when(nativeQuery.getResultList()).thenReturn(Collections.singletonList(1));
+ Mockito.when(entityManager.createNamedQuery(Mockito.anyString(),
Mockito.eq(String.class))).thenReturn(namedQuery);
+
Mockito.when(entityManager.createNamedQuery(Mockito.eq("XXTrxLog.findByTrxIdForMigration"),
+ Mockito.eq(Object[].class))).thenReturn(objectArrayNamedQuery);
+ List<Object[]> rows = new ArrayList<>();
+ rows.add(new Object[] {v1.getId(), v1.getCreateTime(),
v1.getAddedByUserId(), v1.getObjectClassType(),
+ v1.getObjectId(), v1.getObjectName(),
v1.getParentObjectClassType(), v1.getParentObjectId(),
+ v1.getParentObjectName(), v1.getAttributeName(),
v1.getPreviousValue(), v1.getNewValue(),
+ v1.getTransactionId(), v1.getAction(), v1.getRequestId(),
v1.getSessionId(), v1.getSessionType() });
+
Mockito.when(namedQuery.getResultList()).thenReturn(Collections.singletonList("t1"));
+ Mockito.when(objectArrayNamedQuery.getResultList()).thenReturn(rows);
+ Mockito.when(objectArrayNamedQuery.setParameter(Mockito.anyString(),
Mockito.any())).thenReturn(objectArrayNamedQuery);
+
Mockito.when(xXTrxLogV2Dao.findByTransactionId("t1")).thenReturn(Collections.emptyList());
+
Mockito.when(txManager.getTransaction(Mockito.any())).thenReturn(txStatus);
+
+ util.init();
+ util.execLoad();
+
+ Mockito.verify(xXTrxLogV2Dao,
Mockito.atLeastOnce()).create(Mockito.any(XXTrxLogV2.class));
+ }
+
+ @Test
+ public void testStats_incrementsAndLog_withValues() {
+ TrxLogV2MigrationUtil.Stats stats = new TrxLogV2MigrationUtil.Stats();
+
+ stats.incrMigratedCount(100L, new Date());
+ stats.incrFailedCount();
+ stats.incrAlreadyMigratedCount();
+
+ stats.logStats();
+ }
+
+ @Test
+ public void testStats_log_withoutValues() {
+ TrxLogV2MigrationUtil.Stats stats = new TrxLogV2MigrationUtil.Stats();
+ stats.logStats();
+ }
+}
diff --git
a/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestUpdateUserAndGroupNamesInJson.java
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestUpdateUserAndGroupNamesInJson.java
new file mode 100644
index 000000000..8ea88cb49
--- /dev/null
+++
b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestUpdateUserAndGroupNamesInJson.java
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch.cliutil;
+
+import org.apache.ranger.authorization.utils.JsonUtils;
+import org.apache.ranger.biz.SecurityZoneDBStore;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXGroupDao;
+import org.apache.ranger.db.XXPolicyDao;
+import org.apache.ranger.db.XXServiceDao;
+import org.apache.ranger.db.XXUserDao;
+import org.apache.ranger.entity.XXGroup;
+import org.apache.ranger.entity.XXPolicy;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXUser;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
+import org.apache.ranger.plugin.model.RangerSecurityZone;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.transaction.PlatformTransactionManager;
+
+import java.util.ArrayList;
+import java.util.Collections;
+
+/**
+* @generated by Cursor
+* @description <Unit Test for UpdateUserAndGroupNamesInJson class>
+*/
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class TestUpdateUserAndGroupNamesInJson {
+ @Mock
+ RangerDaoManager daoMgr;
+ @Mock
+ ServiceDBStore svcStore;
+ @Mock
+ PlatformTransactionManager txManager;
+ @Mock
+ SecurityZoneDBStore securityZoneStore;
+ @Mock
+ XXServiceDao xXServiceDao;
+ @Mock
+ XXPolicyDao xXPolicyDao;
+ @Mock
+ XXUserDao xXUserDao;
+ @Mock
+ XXGroupDao xXGroupDao;
+
+ @InjectMocks
+ private UpdateUserAndGroupNamesInJson util = new
UpdateUserAndGroupNamesInJson();
+
+ @Test
+ public void testExecLoad_updatesUsersGroupsInPoliciesAndZones() throws
Exception {
+ // Prepare services
+ RangerService svc = new RangerService();
+ svc.setId(10L);
+
Mockito.when(svcStore.getServices(Mockito.any(SearchFilter.class))).thenReturn(Collections.singletonList(svc));
+
+ XXService xxService = new XXService();
+ xxService.setId(10L);
+ xxService.setName("s1");
+ Mockito.when(daoMgr.getXXService()).thenReturn(xXServiceDao);
+ Mockito.when(xXServiceDao.getById(10L)).thenReturn(xxService);
+
+ // Users/groups maps
+ XXUser u = new XXUser();
+ u.setName("Alice");
+ XXGroup g = new XXGroup();
+ g.setName("Admins");
+ Mockito.when(daoMgr.getXXUser()).thenReturn(xXUserDao);
+ Mockito.when(daoMgr.getXXGroup()).thenReturn(xXGroupDao);
+
Mockito.when(xXUserDao.getAll()).thenReturn(Collections.singletonList(u));
+
Mockito.when(xXGroupDao.getAll()).thenReturn(Collections.singletonList(g));
+
+ // Policies
+ XXPolicy xpolicy = new XXPolicy();
+ xpolicy.setId(7L);
+ RangerPolicy rp = new RangerPolicy();
+ RangerPolicyItem item = new RangerPolicyItem();
+ item.setUsers(new ArrayList<>(Collections.singletonList("alice")));
+ item.setGroups(new ArrayList<>(Collections.singletonList("admins")));
+ rp.setPolicyItems(Collections.singletonList(item));
+ rp.setDenyPolicyItems(Collections.singletonList(new
RangerPolicyItem()));
+ rp.setAllowExceptions(Collections.singletonList(new
RangerPolicyItem()));
+ rp.setDenyExceptions(Collections.singletonList(new
RangerPolicyItem()));
+ rp.setDataMaskPolicyItems(Collections.singletonList(new
RangerDataMaskPolicyItem()));
+ rp.setRowFilterPolicyItems(Collections.singletonList(new
RangerRowFilterPolicyItem()));
+ xpolicy.setPolicyText(JsonUtils.objectToJson(rp));
+ Mockito.when(daoMgr.getXXPolicy()).thenReturn(xXPolicyDao);
+
Mockito.when(xXPolicyDao.findByServiceId(10L)).thenReturn(Collections.singletonList(xpolicy));
+
+ // Zones
+ RangerSecurityZone zone = new RangerSecurityZone();
+ zone.setId(1L);
+ zone.setAdminUsers(new
ArrayList<>(Collections.singletonList("alice")));
+ zone.setAdminUserGroups(new
ArrayList<>(Collections.singletonList("admins")));
+ zone.setAuditUsers(new
ArrayList<>(Collections.singletonList("alice")));
+ zone.setAuditUserGroups(new
ArrayList<>(Collections.singletonList("admins")));
+
Mockito.when(securityZoneStore.getSecurityZones(Mockito.any(SearchFilter.class))).thenReturn(Collections.singletonList(zone));
+
+ util.execLoad();
+
+ Mockito.verify(xXPolicyDao,
Mockito.atLeastOnce()).update(Mockito.any(XXPolicy.class));
+ }
+}
