Search in sources :

Example 41 with RangerResourceDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.

the class TestRangerServiceDefHelper method test_isResourceGraphValid_forest.

@Test
public final void test_isResourceGraphValid_forest() {
    /*
		 * Create a service-def which is a forest
		 *   Database -> Table-space
		 *       |
		 *       v
		 *      Table -> Column
		 *
		 *   Namespace -> package
		 *       |
		 *       v
		 *     function
		 *
		 * Check that helper corrects reports back all of the hierarchies: levels in it and their order.
		 */
    RangerResourceDef database = createResourceDef("database", "");
    RangerResourceDef tableSpace = createResourceDef("table-space", "database", true);
    RangerResourceDef table = createResourceDef("table", "database");
    RangerResourceDef column = createResourceDef("column", "table", true);
    RangerResourceDef namespace = createResourceDef("namespace", "");
    RangerResourceDef function = createResourceDef("function", "namespace", true);
    RangerResourceDef Package = createResourceDef("package", "namespace", true);
    List<RangerResourceDef> resourceDefs = Lists.newArrayList(database, tableSpace, table, column, namespace, function, Package);
    when(_serviceDef.getResources()).thenReturn(resourceDefs);
    _helper = new RangerServiceDefHelper(_serviceDef);
    assertTrue(_helper.isResourceGraphValid());
    Set<List<RangerResourceDef>> hierarchies = _helper.getResourceHierarchies(RangerPolicy.POLICY_TYPE_ACCESS);
    Set<List<String>> expectedHierarchies = new HashSet<>();
    expectedHierarchies.add(Lists.newArrayList("database", "table-space"));
    expectedHierarchies.add(Lists.newArrayList("database", "table", "column"));
    expectedHierarchies.add(Lists.newArrayList("namespace", "package"));
    expectedHierarchies.add(Lists.newArrayList("namespace", "function"));
    for (List<RangerResourceDef> aHierarchy : hierarchies) {
        List<String> resourceNames = _helper.getAllResourceNamesOrdered(aHierarchy);
        assertTrue(expectedHierarchies.contains(resourceNames));
        expectedHierarchies.remove(resourceNames);
    }
    // make sure we got back all hierarchies
    assertTrue("Missing hierarchies: " + expectedHierarchies.toString(), expectedHierarchies.isEmpty());
}
Also used : List(java.util.List) RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 42 with RangerResourceDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.

the class TestRangerServiceDefValidator method test_isValidResourceGraph.

@Test
public final void test_isValidResourceGraph() {
    Object[][] data_bad = new Object[][] { // { name,  excludesSupported, recursiveSupported, mandatory, reg-exp, parent-level, level }
    { "db", null, null, null, null, "", 10 }, // same as db's level
    { "table", null, null, null, null, "db", 20 }, // level is null!
    { "column-family", null, null, null, null, "table", null }, // level is duplicate for [db->table->column-family-> column] hierarchy
    { "column", null, null, null, null, "column-family", 20 }, // udf's id conflicts with that of db in the [db->udf] hierarchy
    { "udf", null, null, null, null, "db", 10 } };
    List<RangerResourceDef> resourceDefs = _utils.createResourceDefs(data_bad);
    when(_serviceDef.getResources()).thenReturn(resourceDefs);
    when(_serviceDef.getName()).thenReturn("service-name");
    when(_serviceDef.getUpdateTime()).thenReturn(new Date());
    _failures.clear();
    assertFalse(_validator.isValidResourceGraph(_serviceDef, _failures));
    _utils.checkFailureForMissingValue(_failures, "resource level");
    // level 20 is duplicate for 1 hierarchy
    _utils.checkFailureForSemanticError(_failures, "resource level", "20");
    // level 10 is duplicate for another hierarchy
    _utils.checkFailureForSemanticError(_failures, "resource level", "10");
    data_bad = new Object[][] { // { name,  excludesSupported, recursiveSupported, mandatory, reg-exp, parent-level, level }
    { "db", null, null, null, null, "", 10 }, { "table", null, null, null, null, "db", 20 }, // level is smaller than table!
    { "column-family", null, null, null, null, "table", 15 }, { "column", null, null, null, null, "column-family", 30 }, { "udf", null, null, null, null, "db", 15 } };
    resourceDefs = _utils.createResourceDefs(data_bad);
    when(_serviceDef.getResources()).thenReturn(resourceDefs);
    when(_serviceDef.getName()).thenReturn("service-name");
    when(_serviceDef.getUpdateTime()).thenReturn(new Date());
    _failures.clear();
    assertFalse(_validator.isValidResourceGraph(_serviceDef, _failures));
    // level 20 is duplicate for 1 hierarchy
    _utils.checkFailureForSemanticError(_failures, "resource level", "15");
    Object[][] data_good = new Object[][] { // -ve level is ok
    { "db", null, null, null, null, "", -10 }, // 0 level is ok
    { "table", null, null, null, null, "db", 0 }, // level is null!
    { "column", null, null, null, null, "table", 10 }, // should not conflict as it belong to a different hierarchy
    { "udf", null, null, null, null, "db", 0 } };
    resourceDefs = _utils.createResourceDefs(data_good);
    when(_serviceDef.getResources()).thenReturn(resourceDefs);
    _failures.clear();
    assertTrue(_validator.isValidResourceGraph(_serviceDef, _failures));
    assertTrue(_failures.isEmpty());
    Object[][] data_cycles = new Object[][] { // -ve level is ok
    { "db", null, null, null, null, "column", -10 }, // 0 level is ok
    { "table", null, null, null, null, "db", 0 }, // level is null!
    { "column", null, null, null, null, "table", 10 }, // should not conflict as it belong to a different hierarchy
    { "udf", null, null, null, null, "db", -5 } };
    resourceDefs = _utils.createResourceDefs(data_cycles);
    when(_serviceDef.getResources()).thenReturn(resourceDefs);
    _failures.clear();
    assertFalse("Graph was valid!", _validator.isValidResourceGraph(_serviceDef, _failures));
    assertFalse(_failures.isEmpty());
    _utils.checkFailureForSemanticError(_failures, "resource graph");
}
Also used : Date(java.util.Date) RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef) Test(org.junit.Test)

Example 43 with RangerResourceDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.

the class ValidationTestUtils method createResourceDefsWithIds.

List<RangerResourceDef> createResourceDefsWithIds(Object[][] data) {
    // if data itself is null then return null back
    if (data == null) {
        return null;
    }
    List<RangerResourceDef> defs = new ArrayList<>();
    for (Object[] row : data) {
        RangerResourceDef aDef = null;
        if (row != null) {
            Long itemId = (Long) row[0];
            Integer level = (Integer) row[1];
            String name = (String) row[2];
            aDef = mock(RangerResourceDef.class);
            when(aDef.getName()).thenReturn(name);
            when(aDef.getItemId()).thenReturn(itemId);
            when(aDef.getLevel()).thenReturn(level);
        }
        defs.add(aDef);
    }
    return defs;
}
Also used : ArrayList(java.util.ArrayList) RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)

Example 44 with RangerResourceDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.

the class ValidationTestUtils method createResourceDefsWithRegEx.

List<RangerResourceDef> createResourceDefsWithRegEx(String[][] data) {
    // if data itself is null then return null back
    if (data == null) {
        return null;
    }
    List<RangerResourceDef> defs = new ArrayList<>();
    for (String[] row : data) {
        RangerResourceDef aDef = null;
        if (row != null) {
            String name = row[0];
            String regEx = row[1];
            aDef = mock(RangerResourceDef.class);
            when(aDef.getName()).thenReturn(name);
            when(aDef.getValidationRegEx()).thenReturn(regEx);
        }
        defs.add(aDef);
    }
    return defs;
}
Also used : ArrayList(java.util.ArrayList) RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)

Example 45 with RangerResourceDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.

the class ValidationTestUtils method createResourceDefs.

List<RangerResourceDef> createResourceDefs(Object[][] data) {
    // if data itself is null then return null back
    if (data == null) {
        return null;
    }
    List<RangerResourceDef> defs = new ArrayList<>();
    for (Object[] row : data) {
        RangerResourceDef aDef = null;
        if (row != null) {
            String name = null;
            Boolean mandatory = null;
            String regExPattern = null;
            Boolean isExcludesSupported = null;
            Boolean isRecursiveSupported = null;
            String parent = null;
            Integer level = null;
            switch(row.length) {
                case 7:
                    level = (Integer) row[6];
                case 6:
                    parent = (String) row[5];
                case 5:
                    regExPattern = (String) row[4];
                case 4:
                    mandatory = (Boolean) row[3];
                case 3:
                    isRecursiveSupported = (Boolean) row[2];
                case 2:
                    isExcludesSupported = (Boolean) row[1];
                case 1:
                    name = (String) row[0];
            }
            aDef = mock(RangerResourceDef.class);
            when(aDef.getName()).thenReturn(name);
            when(aDef.getMandatory()).thenReturn(mandatory);
            when(aDef.getValidationRegEx()).thenReturn(regExPattern);
            when(aDef.getExcludesSupported()).thenReturn(isExcludesSupported);
            when(aDef.getRecursiveSupported()).thenReturn(isRecursiveSupported);
            when(aDef.getParent()).thenReturn(parent);
            when(aDef.getLevel()).thenReturn(level);
            when(aDef.getIsValidLeaf()).thenReturn(null);
        }
        defs.add(aDef);
    }
    return defs;
}
Also used : ArrayList(java.util.ArrayList) RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)

Aggregations

RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)50 ArrayList (java.util.ArrayList)19 Test (org.junit.Test)15 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)12 RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)12 Date (java.util.Date)11 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)11 RangerContextEnricherDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)10 RangerEnumDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)10 RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)10 RangerServiceConfigDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)10 List (java.util.List)7 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)7 HashSet (java.util.HashSet)5 XXResourceDef (org.apache.ranger.entity.XXResourceDef)5 RangerServiceDefHelper (org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)4 RangerResourceMatcher (org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher)4 VXString (org.apache.ranger.view.VXString)4 HashMap (java.util.HashMap)3 XXResourceDefDao (org.apache.ranger.db.XXResourceDefDao)3