use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class TestRangerServiceDefHelper method test_isResourceGraphValid_forest.
@Test
public final void test_isResourceGraphValid_forest() {
/*
* Create a service-def which is a forest
* Database -> Table-space
* |
* v
* Table -> Column
*
* Namespace -> package
* |
* v
* function
*
* Check that helper corrects reports back all of the hierarchies: levels in it and their order.
*/
RangerResourceDef database = createResourceDef("database", "");
RangerResourceDef tableSpace = createResourceDef("table-space", "database", true);
RangerResourceDef table = createResourceDef("table", "database");
RangerResourceDef column = createResourceDef("column", "table", true);
RangerResourceDef namespace = createResourceDef("namespace", "");
RangerResourceDef function = createResourceDef("function", "namespace", true);
RangerResourceDef Package = createResourceDef("package", "namespace", true);
List<RangerResourceDef> resourceDefs = Lists.newArrayList(database, tableSpace, table, column, namespace, function, Package);
when(_serviceDef.getResources()).thenReturn(resourceDefs);
_helper = new RangerServiceDefHelper(_serviceDef);
assertTrue(_helper.isResourceGraphValid());
Set<List<RangerResourceDef>> hierarchies = _helper.getResourceHierarchies(RangerPolicy.POLICY_TYPE_ACCESS);
Set<List<String>> expectedHierarchies = new HashSet<>();
expectedHierarchies.add(Lists.newArrayList("database", "table-space"));
expectedHierarchies.add(Lists.newArrayList("database", "table", "column"));
expectedHierarchies.add(Lists.newArrayList("namespace", "package"));
expectedHierarchies.add(Lists.newArrayList("namespace", "function"));
for (List<RangerResourceDef> aHierarchy : hierarchies) {
List<String> resourceNames = _helper.getAllResourceNamesOrdered(aHierarchy);
assertTrue(expectedHierarchies.contains(resourceNames));
expectedHierarchies.remove(resourceNames);
}
// make sure we got back all hierarchies
assertTrue("Missing hierarchies: " + expectedHierarchies.toString(), expectedHierarchies.isEmpty());
}
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class TestRangerServiceDefValidator method test_isValidResourceGraph.
@Test
public final void test_isValidResourceGraph() {
Object[][] data_bad = new Object[][] { // { name, excludesSupported, recursiveSupported, mandatory, reg-exp, parent-level, level }
{ "db", null, null, null, null, "", 10 }, // same as db's level
{ "table", null, null, null, null, "db", 20 }, // level is null!
{ "column-family", null, null, null, null, "table", null }, // level is duplicate for [db->table->column-family-> column] hierarchy
{ "column", null, null, null, null, "column-family", 20 }, // udf's id conflicts with that of db in the [db->udf] hierarchy
{ "udf", null, null, null, null, "db", 10 } };
List<RangerResourceDef> resourceDefs = _utils.createResourceDefs(data_bad);
when(_serviceDef.getResources()).thenReturn(resourceDefs);
when(_serviceDef.getName()).thenReturn("service-name");
when(_serviceDef.getUpdateTime()).thenReturn(new Date());
_failures.clear();
assertFalse(_validator.isValidResourceGraph(_serviceDef, _failures));
_utils.checkFailureForMissingValue(_failures, "resource level");
// level 20 is duplicate for 1 hierarchy
_utils.checkFailureForSemanticError(_failures, "resource level", "20");
// level 10 is duplicate for another hierarchy
_utils.checkFailureForSemanticError(_failures, "resource level", "10");
data_bad = new Object[][] { // { name, excludesSupported, recursiveSupported, mandatory, reg-exp, parent-level, level }
{ "db", null, null, null, null, "", 10 }, { "table", null, null, null, null, "db", 20 }, // level is smaller than table!
{ "column-family", null, null, null, null, "table", 15 }, { "column", null, null, null, null, "column-family", 30 }, { "udf", null, null, null, null, "db", 15 } };
resourceDefs = _utils.createResourceDefs(data_bad);
when(_serviceDef.getResources()).thenReturn(resourceDefs);
when(_serviceDef.getName()).thenReturn("service-name");
when(_serviceDef.getUpdateTime()).thenReturn(new Date());
_failures.clear();
assertFalse(_validator.isValidResourceGraph(_serviceDef, _failures));
// level 20 is duplicate for 1 hierarchy
_utils.checkFailureForSemanticError(_failures, "resource level", "15");
Object[][] data_good = new Object[][] { // -ve level is ok
{ "db", null, null, null, null, "", -10 }, // 0 level is ok
{ "table", null, null, null, null, "db", 0 }, // level is null!
{ "column", null, null, null, null, "table", 10 }, // should not conflict as it belong to a different hierarchy
{ "udf", null, null, null, null, "db", 0 } };
resourceDefs = _utils.createResourceDefs(data_good);
when(_serviceDef.getResources()).thenReturn(resourceDefs);
_failures.clear();
assertTrue(_validator.isValidResourceGraph(_serviceDef, _failures));
assertTrue(_failures.isEmpty());
Object[][] data_cycles = new Object[][] { // -ve level is ok
{ "db", null, null, null, null, "column", -10 }, // 0 level is ok
{ "table", null, null, null, null, "db", 0 }, // level is null!
{ "column", null, null, null, null, "table", 10 }, // should not conflict as it belong to a different hierarchy
{ "udf", null, null, null, null, "db", -5 } };
resourceDefs = _utils.createResourceDefs(data_cycles);
when(_serviceDef.getResources()).thenReturn(resourceDefs);
_failures.clear();
assertFalse("Graph was valid!", _validator.isValidResourceGraph(_serviceDef, _failures));
assertFalse(_failures.isEmpty());
_utils.checkFailureForSemanticError(_failures, "resource graph");
}
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class ValidationTestUtils method createResourceDefsWithIds.
List<RangerResourceDef> createResourceDefsWithIds(Object[][] data) {
// if data itself is null then return null back
if (data == null) {
return null;
}
List<RangerResourceDef> defs = new ArrayList<>();
for (Object[] row : data) {
RangerResourceDef aDef = null;
if (row != null) {
Long itemId = (Long) row[0];
Integer level = (Integer) row[1];
String name = (String) row[2];
aDef = mock(RangerResourceDef.class);
when(aDef.getName()).thenReturn(name);
when(aDef.getItemId()).thenReturn(itemId);
when(aDef.getLevel()).thenReturn(level);
}
defs.add(aDef);
}
return defs;
}
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class ValidationTestUtils method createResourceDefsWithRegEx.
List<RangerResourceDef> createResourceDefsWithRegEx(String[][] data) {
// if data itself is null then return null back
if (data == null) {
return null;
}
List<RangerResourceDef> defs = new ArrayList<>();
for (String[] row : data) {
RangerResourceDef aDef = null;
if (row != null) {
String name = row[0];
String regEx = row[1];
aDef = mock(RangerResourceDef.class);
when(aDef.getName()).thenReturn(name);
when(aDef.getValidationRegEx()).thenReturn(regEx);
}
defs.add(aDef);
}
return defs;
}
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class ValidationTestUtils method createResourceDefs.
List<RangerResourceDef> createResourceDefs(Object[][] data) {
// if data itself is null then return null back
if (data == null) {
return null;
}
List<RangerResourceDef> defs = new ArrayList<>();
for (Object[] row : data) {
RangerResourceDef aDef = null;
if (row != null) {
String name = null;
Boolean mandatory = null;
String regExPattern = null;
Boolean isExcludesSupported = null;
Boolean isRecursiveSupported = null;
String parent = null;
Integer level = null;
switch(row.length) {
case 7:
level = (Integer) row[6];
case 6:
parent = (String) row[5];
case 5:
regExPattern = (String) row[4];
case 4:
mandatory = (Boolean) row[3];
case 3:
isRecursiveSupported = (Boolean) row[2];
case 2:
isExcludesSupported = (Boolean) row[1];
case 1:
name = (String) row[0];
}
aDef = mock(RangerResourceDef.class);
when(aDef.getName()).thenReturn(name);
when(aDef.getMandatory()).thenReturn(mandatory);
when(aDef.getValidationRegEx()).thenReturn(regExPattern);
when(aDef.getExcludesSupported()).thenReturn(isExcludesSupported);
when(aDef.getRecursiveSupported()).thenReturn(isRecursiveSupported);
when(aDef.getParent()).thenReturn(parent);
when(aDef.getLevel()).thenReturn(level);
when(aDef.getIsValidLeaf()).thenReturn(null);
}
defs.add(aDef);
}
return defs;
}
Aggregations