Examples with RangerResourceDef org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef used on opensource projects

Example 1 with RangerResourceDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.

the class TestRangerPolicyValidator method test_isValidResourceNames_failures.

@Test
public final void test_isValidResourceNames_failures() {
    String serviceName = "a-service-def";
    // setup service-def
    Date now = new Date();
    when(_serviceDef.getName()).thenReturn(serviceName);
    when(_serviceDef.getUpdateTime()).thenReturn(now);
    List<RangerResourceDef> resourceDefs = _utils.createResourceDefs(resourceDefData_multipleHierarchies);
    when(_serviceDef.getResources()).thenReturn(resourceDefs);
    // setup policy
    Map<String, RangerPolicyResource> policyResources = _utils.createPolicyResourceMap(policyResourceMap_bad);
    when(_policy.getResources()).thenReturn(policyResources);
    Assert.assertFalse("Missing required resource and unknown resource", _validator.isValidResourceNames(_policy, _failures, _serviceDef));
    _utils.checkFailureForSemanticError(_failures, "policy resources");
    // another bad resource map that straddles multiple hierarchies
    policyResources = _utils.createPolicyResourceMap(policyResourceMap_bad_multiple_hierarchies);
    when(_policy.getResources()).thenReturn(policyResources);
    _failures.clear();
    Assert.assertFalse("Policy with resources for multiple hierarchies", _validator.isValidResourceNames(_policy, _failures, _serviceDef));
    _utils.checkFailureForSemanticError(_failures, "policy resources", "incompatible");
    // another bad policy resource map that could match multiple hierarchies but is short on mandatory resources for all of those matches
    policyResources = _utils.createPolicyResourceMap(policyResourceMap_bad_multiple_hierarchies_missing_mandatory);
    when(_policy.getResources()).thenReturn(policyResources);
    _failures.clear();
    Assert.assertFalse("Policy with resources for multiple hierarchies missing mandatory resources for all pontential matches", _validator.isValidResourceNames(_policy, _failures, _serviceDef));
    _utils.checkFailureForSemanticError(_failures, "policy resources", "missing mandatory");
}

Example 2 with RangerResourceDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.

the class TestRangerValidator method test_getValidationRegExes.

@Test
public void test_getValidationRegExes() {
    // passing in null service def
    Map<String, String> regExMap = _validator.getValidationRegExes((RangerServiceDef) null);
    Assert.assertTrue(regExMap.isEmpty());
    // that has null or empty access type def
    RangerServiceDef serviceDef = mock(RangerServiceDef.class);
    when(serviceDef.getResources()).thenReturn(null);
    regExMap = _validator.getValidationRegExes(serviceDef);
    Assert.assertTrue(regExMap.isEmpty());
    List<RangerResourceDef> resourceDefs = new ArrayList<>();
    when(serviceDef.getResources()).thenReturn(resourceDefs);
    regExMap = _validator.getValidationRegExes(serviceDef);
    Assert.assertTrue(regExMap.isEmpty());
    // having null accesstypedefs
    resourceDefs.add(null);
    regExMap = _validator.getValidationRegExes(serviceDef);
    Assert.assertTrue(regExMap.isEmpty());
    // access type defs with null empty blank names are skipped, spaces within names are preserved
    String[][] data = { // null-regex
    { "a", null }, // this should put a null element in the resource def!
    null, // valid
    { "b", "regex1" }, // empty regex
    { "c", "" }, // valid
    { "d", "regex2" }, // blank regex
    { "e", "   " }, // all good
    { "f", "regex3" } };
    resourceDefs.addAll(_utils.createResourceDefsWithRegEx(data));
    regExMap = _validator.getValidationRegExes(serviceDef);
    Assert.assertEquals(3, regExMap.size());
    Assert.assertEquals("regex1", regExMap.get("b"));
    Assert.assertEquals("regex2", regExMap.get("d"));
    Assert.assertEquals("regex3", regExMap.get("f"));
}

Example 3 with RangerResourceDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.

the class TestRangerValidator method test_getResourceNames.

@Test
public void test_getResourceNames() {
    // passing in null service def
    Set<String> accessTypes = _validator.getMandatoryResourceNames((RangerServiceDef) null);
    Assert.assertTrue(accessTypes.isEmpty());
    // that has null or empty access type def
    RangerServiceDef serviceDef = mock(RangerServiceDef.class);
    when(serviceDef.getResources()).thenReturn(null);
    accessTypes = _validator.getMandatoryResourceNames(serviceDef);
    Assert.assertTrue(accessTypes.isEmpty());
    List<RangerResourceDef> resourceDefs = new ArrayList<>();
    when(serviceDef.getResources()).thenReturn(resourceDefs);
    accessTypes = _validator.getMandatoryResourceNames(serviceDef);
    Assert.assertTrue(accessTypes.isEmpty());
    // having null accesstypedefs
    resourceDefs.add(null);
    accessTypes = _validator.getMandatoryResourceNames(serviceDef);
    Assert.assertTrue(accessTypes.isEmpty());
    // access type defs with null empty blank names are skipped, spaces within names are preserved
    Object[][] data = { // all good
    { "a", null, null, true }, // this should put a null element in the resource def!
    null, // mandatory field is null, i.e. false
    { "b", null, null, null }, // non-mandatory field false - upper case
    { "c", null, null, false }, // resource specified in upper case
    { "D", null, null, true }, // all good
    { "E", null, null, false } };
    resourceDefs.addAll(_utils.createResourceDefs(data));
    accessTypes = _validator.getMandatoryResourceNames(serviceDef);
    Assert.assertEquals(2, accessTypes.size());
    Assert.assertTrue(accessTypes.contains("a"));
    // name should come back lower case
    Assert.assertTrue(accessTypes.contains("d"));
    accessTypes = _validator.getAllResourceNames(serviceDef);
    Assert.assertEquals(5, accessTypes.size());
    Assert.assertTrue(accessTypes.contains("b"));
    Assert.assertTrue(accessTypes.contains("c"));
    Assert.assertTrue(accessTypes.contains("e"));
}

Example 4 with RangerResourceDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.

the class TestRangerServiceDefHelper method test_isResourceGraphValid_detectCycle.

@Test
public final void test_isResourceGraphValid_detectCycle() {
    /*
		 * Create a service-def with cycles in resource graph
		 *  A --> B --> C
		 *  ^           |
		 *  |           |
		 *  |---- D <---
		 */
    // A's parent is D, etc.
    RangerResourceDef A = createResourceDef("A", "D");
    RangerResourceDef B = createResourceDef("B", "C");
    RangerResourceDef C = createResourceDef("C", "D");
    RangerResourceDef D = createResourceDef("D", "A");
    // order of resources in list sould not matter
    List<RangerResourceDef> resourceDefs = Lists.newArrayList(A, B, C, D);
    when(_serviceDef.getResources()).thenReturn(resourceDefs);
    _helper = new RangerServiceDefHelper(_serviceDef);
    assertFalse("Graph was valid!", _helper.isResourceGraphValid());
}

Example 5 with RangerResourceDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.

the class TestRangerServiceDefHelper method test_getResourceHierarchies.

@Test
public void test_getResourceHierarchies() {
    /*
		 * Create a service-def with following resource graph
		 *
		 *   Database -> UDF
		 *       |
		 *       v
		 *      Table -> Column
		 *         |
		 *         v
		 *        Table-Attribute
		 *
		 *  It contains following hierarchies
		 *  - [ Database UDF]
		 *  - [ Database Table Column ]
		 *  - [ Database Table Table-Attribute ]
		 */
    RangerResourceDef Database = createResourceDef("Database", "");
    RangerResourceDef UDF = createResourceDef("UDF", "Database");
    RangerResourceDef Table = createResourceDef("Table", "Database");
    RangerResourceDef Column = createResourceDef("Column", "Table", true);
    RangerResourceDef Table_Attribute = createResourceDef("Table-Attribute", "Table", true);
    // order of resources in list sould not matter
    List<RangerResourceDef> resourceDefs = Lists.newArrayList(Column, Database, Table, Table_Attribute, UDF);
    // stuff this into a service-def
    when(_serviceDef.getResources()).thenReturn(resourceDefs);
    // now assert the behavior
    _helper = new RangerServiceDefHelper(_serviceDef);
    assertTrue(_helper.isResourceGraphValid());
    Set<List<RangerResourceDef>> hierarchies = _helper.getResourceHierarchies(RangerPolicy.POLICY_TYPE_ACCESS);
    // there should be
    List<RangerResourceDef> hierarchy = Lists.newArrayList(Database, UDF);
    assertTrue(hierarchies.contains(hierarchy));
    hierarchy = Lists.newArrayList(Database, Table, Column);
    assertTrue(hierarchies.contains(hierarchy));
    hierarchy = Lists.newArrayList(Database, Table, Table_Attribute);
    assertTrue(hierarchies.contains(hierarchy));
}