http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSchemasTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSchemasTest.java b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSchemasTest.java new file mode 100644 index 0000000..94372aa --- /dev/null +++ b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSchemasTest.java @@ -0,0 +1,126 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific schema governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.admin; + +import com.google.common.collect.Sets; +import org.junit.Before; +import org.junit.Test; + +import java.util.List; +import java.util.Set; +import java.util.Map; +import java.util.HashMap; +import java.util.Arrays; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +public class ListSchemasTest extends LookupTestBase { + + private static final Set<String> DEFAULT_SCHEMAS = Sets.newHashSet("public"); + private static final Set<String> EAST_SCHEMAS = Sets.newHashSet("common", "japan", "public"); + private static final Set<String> WEST_SCHEMAS = Sets.newHashSet("common", "france", "jamaica", "public"); + private static final Set<String> ALL_SCHEMAS = Sets.newHashSet("common", "japan", "france", "jamaica", "public"); + + private Map<String, List<String>> resources; + + @Before + public void setUp() { + resources = new HashMap<>(); + } + + @Test + public void testListSchema_NoResources() throws Exception { + resources.put("database", Arrays.asList("noschema_db")); + List<String> result = service.lookupResource(getContext("schema", "*", resources)); + assertEquals(DEFAULT_SCHEMAS.size(), result.size()); + assertEquals(DEFAULT_SCHEMAS, Sets.newHashSet(result)); + } + + @Test + public void testListSchemas_SingleDb_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east")); + List<String> result = service.lookupResource(getContext("schema", "*", resources)); + assertEquals(EAST_SCHEMAS.size(), result.size()); + assertEquals(EAST_SCHEMAS, Sets.newHashSet(result)); + } + + @Test + public void testListSchemas_TwoDb_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + List<String> result = service.lookupResource(getContext("schema", "*", resources)); + assertEquals(ALL_SCHEMAS.size(), result.size()); + assertEquals(ALL_SCHEMAS, Sets.newHashSet(result)); + } + + @Test + public void testListSchemas_AllDb_AllFilter() throws Exception { + resources.put("database", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("schema", "*", resources)); + assertEquals(ALL_SCHEMAS.size(), result.size()); + assertEquals(ALL_SCHEMAS, Sets.newHashSet(result)); + } + + @Test + public void testListSchemas_SingleDb_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east")); + List<String> result = service.lookupResource(getContext("schema", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSchemas_TwoDb_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + List<String> result = service.lookupResource(getContext("schema", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSchemas_AllDb_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("schema", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSchemas_SingleDb_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east")); + List<String> result = service.lookupResource(getContext("schema", "ja", resources)); + assertEquals(1, result.size()); + assertEquals("japan", result.get(0)); + } + + @Test + public void testListSchemas_TwoDb_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + List<String> result = service.lookupResource(getContext("schema", "ja", resources)); + assertEquals(2, result.size()); + assertEquals(Sets.newHashSet("japan", "jamaica"), Sets.newHashSet(result)); + } + + @Test + public void testListSchemas_AllDb_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("schema", "ja", resources)); + assertEquals(2, result.size()); + assertEquals(Sets.newHashSet("japan", "jamaica"), Sets.newHashSet(result)); + } + +} \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSequencesTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSequencesTest.java b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSequencesTest.java new file mode 100644 index 0000000..0c601c2 --- /dev/null +++ b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListSequencesTest.java @@ -0,0 +1,250 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific schema governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.admin; + +import com.google.common.collect.Sets; +import org.junit.Before; +import org.junit.Test; + +import java.util.List; +import java.util.Map; +import java.util.HashMap; +import java.util.Arrays; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +public class ListSequencesTest extends LookupTestBase { + + private Map<String, List<String>> resources; + + @Before + public void setUp() { + resources = new HashMap<>(); + } + + @Test + public void testListSequences_NoSchemaDb_AllSchemas_AllFilter() throws Exception { + resources.put("database", Arrays.asList("noschema_db")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "*", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSequences_SingleDb_SingleSchema_AllFilter_NoSequences() throws Exception { + resources.put("database", Arrays.asList("west")); + resources.put("schema", Arrays.asList("jamaica")); + List<String> result = service.lookupResource(getContext("sequence", "*", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSequences_SingleDb_SingleSchema_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("sequence", "*", resources)); + assertEquals(2, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sake"))); + } + + @Test + public void testListSequences_SingleDb_TwoSchemas_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("common", "japan")); + List<String> result = service.lookupResource(getContext("sequence", "*", resources)); + assertEquals(3, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sprite", "sake"))); + } + + @Test + public void testListSequences_SingleDb_AllSchemas_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "*", resources)); + assertEquals(3, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sprite", "sake"))); + } + + @Test + public void testListSequences_TwoDb_CommonSchema_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("common")); + List<String> result = service.lookupResource(getContext("sequence", "*", resources)); + assertEquals(2, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sprite"))); + } + + @Test + public void testListSequences_TwoDb_SingleSchema_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("sequence", "*", resources)); + assertEquals(2, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sake"))); + } + + @Test + public void testListSequences_TwoDb_AllSchemas_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "*", resources)); + assertEquals(4, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sprite", "sake", "scotch"))); + } + + @Test + public void testListSequences_AllDb_AllSchemas_AllFilter() throws Exception { + resources.put("database", Arrays.asList("*")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "*", resources)); + assertEquals(4, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water", "sprite", "sake", "scotch"))); + } + + @Test + public void testListSequences_SingleDb_SingleSchema_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("sequence", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSequences_SingleDb_TwoSchemas_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("common", "japan")); + List<String> result = service.lookupResource(getContext("sequence", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSequences_SingleDb_AllSchemas_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSequences_TwoDbs_CommonSchema_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("common")); + List<String> result = service.lookupResource(getContext("sequence", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSequences_TwoDbs_SingleSchema_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("sequence", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSequences_TwoDbs_AllSchemas_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSequences_AllDbs_AllSchemas_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("*")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListSequences_SingleDb_SingleSchema_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("sequence", "s", resources)); + assertEquals(1, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sake"))); + } + + @Test + public void testListSequences_SingleDb_TwoSchemas_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("common", "japan")); + List<String> result = service.lookupResource(getContext("sequence", "s", resources)); + assertEquals(2, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sprite", "sake"))); + } + + @Test + public void testListSequences_SingleDb_AllSchemas_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "s", resources)); + assertEquals(2, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sprite", "sake"))); + } + + @Test + public void testListSequences_SingleDb_AllSchemas_FilteredPresent2() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "w", resources)); + assertEquals(1, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water"))); + } + + @Test + public void testListSequences_TwoDbs_CommonSchema_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("common")); + List<String> result = service.lookupResource(getContext("sequence", "w", resources)); + assertEquals(1, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("water"))); + } + + @Test + public void testListSequences_TwoDbs_SingleSchema_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("sequence", "s", resources)); + assertEquals(1, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sake"))); + } + + @Test + public void testListSequences_TwoDbs_AllSchemas_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "s", resources)); + assertEquals(3, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sprite", "sake", "scotch"))); + } + + @Test + public void testListSequences_AllDbs_AllSchemas_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("*")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("sequence", "s", resources)); + assertEquals(3, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sprite", "sake", "scotch"))); + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablesTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablesTest.java b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablesTest.java new file mode 100644 index 0000000..1360cac --- /dev/null +++ b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablesTest.java @@ -0,0 +1,250 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific schema governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.admin; + +import com.google.common.collect.Sets; +import org.junit.Before; +import org.junit.Test; + +import java.util.List; +import java.util.Map; +import java.util.HashMap; +import java.util.Arrays; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +public class ListTablesTest extends LookupTestBase { + + private Map<String, List<String>> resources; + + @Before + public void setUp() { + resources = new HashMap<>(); + } + + @Test + public void testListTables_NoSchemaDb_AllSchemas_AllFilter() throws Exception { + resources.put("database", Arrays.asList("noschema_db")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "*", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListTables_SingleDb_SingleSchema_AllFilter_NoTables() throws Exception { + resources.put("database", Arrays.asList("west")); + resources.put("schema", Arrays.asList("jamaica")); + List<String> result = service.lookupResource(getContext("table", "*", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListTables_SingleDb_SingleSchema_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("table", "*", resources)); + assertEquals(2, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "sushi"))); + } + + @Test + public void testListTables_SingleDb_TwoSchemas_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("common", "japan")); + List<String> result = service.lookupResource(getContext("table", "*", resources)); + assertEquals(3, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "soup", "sushi"))); + } + + @Test + public void testListTables_SingleDb_AllSchemas_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "*", resources)); + assertEquals(3, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "soup", "sushi"))); + } + + @Test + public void testListTables_TwoDb_CommonSchema_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("common")); + List<String> result = service.lookupResource(getContext("table", "*", resources)); + assertEquals(2, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "soup"))); + } + + @Test + public void testListTables_TwoDb_SingleSchema_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("table", "*", resources)); + assertEquals(2, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "sushi"))); + } + + @Test + public void testListTables_TwoDb_AllSchemas_AllFilter() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "*", resources)); + assertEquals(4, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "soup", "sushi", "stew"))); + } + + @Test + public void testListTables_AllDb_AllSchemas_AllFilter() throws Exception { + resources.put("database", Arrays.asList("*")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "*", resources)); + assertEquals(4, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice", "soup", "sushi", "stew"))); + } + + @Test + public void testListTables_SingleDb_SingleSchema_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("table", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListTables_SingleDb_TwoSchemas_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("common", "japan")); + List<String> result = service.lookupResource(getContext("table", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListTables_SingleDb_AllSchemas_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListTables_TwoDbs_CommonSchema_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("common")); + List<String> result = service.lookupResource(getContext("table", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListTables_TwoDbs_SingleSchema_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("table", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListTables_TwoDbs_AllSchemas_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListTables_AllDbs_AllSchemas_FilteredAbsent() throws Exception { + resources.put("database", Arrays.asList("*")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "z", resources)); + assertTrue(result.isEmpty()); + } + + @Test + public void testListTables_SingleDb_SingleSchema_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("table", "s", resources)); + assertEquals(1, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sushi"))); + } + + @Test + public void testListTables_SingleDb_TwoSchemas_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("common", "japan")); + List<String> result = service.lookupResource(getContext("table", "s", resources)); + assertEquals(2, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("soup", "sushi"))); + } + + @Test + public void testListTables_SingleDb_AllSchemas_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "s", resources)); + assertEquals(2, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("soup", "sushi"))); + } + + @Test + public void testListTables_SingleDb_AllSchemas_FilteredPresent2() throws Exception { + resources.put("database", Arrays.asList("east")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "r", resources)); + assertEquals(1, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice"))); + } + + @Test + public void testListTables_TwoDbs_CommonSchema_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("common")); + List<String> result = service.lookupResource(getContext("table", "r", resources)); + assertEquals(1, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("rice"))); + } + + @Test + public void testListTables_TwoDbs_SingleSchema_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("japan")); + List<String> result = service.lookupResource(getContext("table", "s", resources)); + assertEquals(1, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("sushi"))); + } + + @Test + public void testListTables_TwoDbs_AllSchemas_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("east", "west")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "s", resources)); + assertEquals(3, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("soup", "sushi", "stew"))); + } + + @Test + public void testListTables_AllDbs_AllSchemas_FilteredPresent() throws Exception { + resources.put("database", Arrays.asList("*")); + resources.put("schema", Arrays.asList("*")); + List<String> result = service.lookupResource(getContext("table", "s", resources)); + assertEquals(3, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("soup", "sushi", "stew"))); + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablespacesTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablespacesTest.java b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablespacesTest.java new file mode 100644 index 0000000..65048db --- /dev/null +++ b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/ListTablespacesTest.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.admin; + +import com.google.common.collect.Sets; +import org.junit.Test; + +import java.util.List; +import java.util.Set; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +public class ListTablespacesTest extends LookupTestBase { + + private static final Set<String> TABLESPACES = Sets.newHashSet("pg_default", "pg_global", "dfs_default"); + + @Test + public void testListTablespace_All() throws Exception { + List<String> result = service.lookupResource(getContext("tablespace", "*")); + assertEquals(3, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet(TABLESPACES))); + } + + @Test + public void testListTablespace_FilteredPresent() throws Exception { + List<String> result = service.lookupResource(getContext("tablespace", "pg_d")); + assertEquals(1, result.size()); + assertTrue(Sets.newHashSet(result).equals(Sets.newHashSet("pg_default"))); + } + + @Test + public void testListTablespace_FilteredAbsent() throws Exception { + List<String> result = service.lookupResource(getContext("tablespace", "z")); + assertTrue(result.isEmpty()); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/LookupTestBase.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/LookupTestBase.java b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/LookupTestBase.java new file mode 100644 index 0000000..25265f3 --- /dev/null +++ b/ranger-plugin/integration/admin/src/test/java/org/apache/hawq/ranger/integration/admin/LookupTestBase.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.admin; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hawq.ranger.service.RangerServiceHawq; +import org.apache.ranger.plugin.service.ResourceLookupContext; +import org.junit.Before; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +public abstract class LookupTestBase { + + protected static final Log LOG = LogFactory.getLog(LookupTestBase.class); + protected RangerServiceHawq service; + + @Before + public void setup() { + Map<String, String> configs = new HashMap<>(); + configs = new HashMap<>(); + configs.put("username", "gpadmin"); + configs.put("password", "dQSF8ViAE4/I38xmFwJfCg=="); + configs.put("hostname", "localhost"); + configs.put("port", "5432"); + configs.put("jdbc.driverClassName", "org.postgresql.Driver"); + + service = new RangerServiceHawq(); + service.setServiceName("hawq"); + service.setServiceType("hawq"); + service.setConfigs(configs); + } + + protected ResourceLookupContext getContext(String resourceName, String userInput) { + ResourceLookupContext context = new ResourceLookupContext(); + context.setResourceName(resourceName); + context.setUserInput(userInput); + return context; + } + + protected ResourceLookupContext getContext(String resourceName, String userInput, Map<String, List<String>> resources) { + ResourceLookupContext context = getContext(resourceName, userInput); + context.setResources(resources); + return context; + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/resources/admin-tests-ddl.sql ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/admin/src/test/resources/admin-tests-ddl.sql b/ranger-plugin/integration/admin/src/test/resources/admin-tests-ddl.sql new file mode 100644 index 0000000..d9e7fcc --- /dev/null +++ b/ranger-plugin/integration/admin/src/test/resources/admin-tests-ddl.sql @@ -0,0 +1,61 @@ +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. + +-- EAST Database and its objects +DROP DATABASE IF EXISTS east; +CREATE DATABASE east; +\c east; +CREATE SCHEMA common; +CREATE TABLE common.rice (id integer); +CREATE TABLE common.soup (id integer); +CREATE SEQUENCE common.water; +CREATE SEQUENCE common.sprite; +CREATE FUNCTION common.eat(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL; +CREATE FUNCTION common.sleep(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL; +CREATE SCHEMA japan; +CREATE TABLE japan.rice (id integer); +CREATE TABLE japan.sushi (id integer); +CREATE SEQUENCE japan.water; +CREATE SEQUENCE japan.sake; +CREATE FUNCTION japan.eat(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL; +CREATE FUNCTION japan.stand(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL; +CREATE LANGUAGE langdbeast HANDLER plpgsql_call_handler; + +-- WEST Database and its objects +DROP DATABASE IF EXISTS west; +CREATE DATABASE west; +\c west; +CREATE SCHEMA common; +CREATE TABLE common.rice (id integer); +CREATE TABLE common.soup (id integer); +CREATE SEQUENCE common.water; +CREATE SEQUENCE common.sprite; +CREATE FUNCTION common.eat(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL; +CREATE FUNCTION common.sleep(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL; +CREATE SCHEMA france; +CREATE TABLE france.rice (id integer); +CREATE TABLE france.stew (id integer); +CREATE SEQUENCE france.water; +CREATE SEQUENCE france.scotch; +CREATE FUNCTION france.eat(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL; +CREATE FUNCTION france.smile(integer) RETURNS integer AS 'select $1;' LANGUAGE SQL; +CREATE LANGUAGE langdbwest HANDLER plpgsql_call_handler; +CREATE SCHEMA jamaica; + +-- Database without an explicit schema +DROP DATABASE IF EXISTS noschema_db; +CREATE DATABASE noschema_db; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/admin/src/test/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/admin/src/test/resources/log4j.properties b/ranger-plugin/integration/admin/src/test/resources/log4j.properties new file mode 100644 index 0000000..903f0b6 --- /dev/null +++ b/ranger-plugin/integration/admin/src/test/resources/log4j.properties @@ -0,0 +1,34 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##-- To prevent junits from cluttering the build run by default all test runs send output to null appender +log4j.appender.devnull=org.apache.log4j.varia.NullAppender +#hawq.ranger.root.logger=FATAL,devnull + +##-- uncomment the following line during during development/debugging so see debug messages during test run to be emitted to console +hawq.ranger.root.logger=DEBUG,console +log4j.rootLogger=${hawq.ranger.root.logger} + +# Logging Threshold +log4j.threshold=ALL + +# +# console +# Add "console" to rootlogger above if you want to use this +# +log4j.appender.console=org.apache.log4j.ConsoleAppender +log4j.appender.console.target=System.err +log4j.appender.console.layout=org.apache.log4j.PatternLayout +log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/pom.xml b/ranger-plugin/integration/pom.xml new file mode 100644 index 0000000..b6aac80 --- /dev/null +++ b/ranger-plugin/integration/pom.xml @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<project xmlns="http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>org.apache.hawq</groupId> + <artifactId>ranger-plugin-integration</artifactId> + <packaging>pom</packaging> + <name>HAWQ Ranger Plugin - Integration Tests</name> + <description>HAWQ Ranger Plugin - Integration Tests</description> + + <parent> + <groupId>org.apache.hawq</groupId> + <artifactId>ranger-plugin</artifactId> + <version>2.1.0.0</version> + <relativePath>..</relativePath> + </parent> + + <modules> + <module>admin</module> + <module>service</module> + </modules> + + <properties> + <jackson.version>1.9</jackson.version> + </properties> + + <build> + <testResources> + <testResource> + <directory>src/test/resources</directory> + <includes> + <include>**/*</include> + </includes> + <filtering>true</filtering> + </testResource> + </testResources> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <source>1.7</source> + <target>1.7</target> + </configuration> + </plugin> + </plugins> + </build> + +</project> http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/pom.xml b/ranger-plugin/integration/service/pom.xml new file mode 100644 index 0000000..34ade8d --- /dev/null +++ b/ranger-plugin/integration/service/pom.xml @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<project xmlns="http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>org.apache.hawq</groupId> + <artifactId>ranger-plugin-integration-service</artifactId> + <packaging>jar</packaging> + <name>HAWQ Ranger Plugin - Integration Tests</name> + <description>HAWQ Ranger Plugin - Integration Tests</description> + + <parent> + <groupId>org.apache.hawq</groupId> + <artifactId>ranger-plugin-integration</artifactId> + <version>2.1.0.0</version> + <relativePath>..</relativePath> + </parent> + + <dependencies> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </dependency> + <dependency> + <groupId>postgresql</groupId> + <artifactId>postgresql</artifactId> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-io</artifactId> + <version>1.3.2</version> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + <version>4.5.2</version> + </dependency> + <dependency> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-mapper-asl</artifactId> + <version>1.9.13</version> + </dependency> + + <!-- Test Dependencies --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </dependency> + </dependencies> + +</project> http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java new file mode 100644 index 0000000..451a289 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.junit.Test; + +import java.io.IOException; +import java.util.Arrays; +import java.util.List; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class DatabaseTest extends ServiceBaseTest { + + private static final List<String> PRIVILEGES = Arrays.asList("connect", "temp"); + + public void beforeTest() + throws IOException { + createPolicy("test-database.json"); + resources.put("database", "sirotan"); + } + + @Test + public void testDatabases_UserMaria_SirotanDb_Allowed() + throws IOException { + assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testDatabases_UserMaria_DoesNotExistDb_Denied() + throws IOException { + resources.put("database", "doesnotexist"); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testDatabases_UserBob_SirotanDb_Denied() + throws IOException { + assertFalse(hasAccess("bob", resources, PRIVILEGES)); + } + + @Test + public void testDatabases_UserMaria_SirotanDb_Denied() + throws IOException { + deletePolicy(); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java new file mode 100644 index 0000000..1253c38 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.junit.Test; + +import java.io.IOException; +import java.util.Arrays; +import java.util.List; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class FunctionTest extends ServiceBaseTest { + + private static final List<String> PRIVILEGES = Arrays.asList("execute"); + + public void beforeTest() + throws IOException { + createPolicy("test-function.json"); + resources.put("database", "sirotan"); + resources.put("schema", "siroschema"); + resources.put("function", "atan"); + } + + @Test + public void testFunctions_UserMaria_SirotanDb_AtanFunction_Allowed() + throws IOException { + assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testFunctions_UserMaria_OtherDb_AtanFunction_Denied() + throws IOException { + resources.put("database", "other"); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testFunctions_UserMaria_SirotanDb_DoesNotExistFunction_Denied() + throws IOException { + resources.put("function", "doesnotexist"); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testFunctions_UserBob_SirotanDb_AtanFunction_Denied() + throws IOException { + assertFalse(hasAccess("bob", resources, PRIVILEGES)); + } + + @Test + public void testFunctions_UserMaria_SirotanDb_AtanFunction_Denied() + throws IOException { + deletePolicy(); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testFunctions_UserMaria_DoesNotExistDb_AtanFunction_Denied() + throws IOException { + resources.put("database", "doesnotexist"); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testFunctions_UserMaria_SirotanDb_AtanFunction_Policy2_Allowed() + throws IOException { + deletePolicy(); + createPolicy("test-function-2.json"); + assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java new file mode 100644 index 0000000..6eedb08 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.junit.Test; + +import java.io.IOException; +import java.util.Arrays; +import java.util.List; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class LanguageTest extends ServiceBaseTest { + + private static final List<String> PRIVILEGES = Arrays.asList("usage"); + + public void beforeTest() + throws IOException { + createPolicy("test-language.json"); + resources.put("database", "sirotan"); + resources.put("language", "sql"); + } + + @Test + public void testLanguages_UserMaria_SirotanDb_SqlLanguage_Allowed() + throws IOException { + assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testLanguages_UserMaria_SirotanDb_DoesNotExistLanguage_Denied() + throws IOException { + resources.put("language", "doesnotexist"); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testLanguages_UserBob_SirotanDb_SqlLanguage_Denied() + throws IOException { + assertFalse(hasAccess("bob", resources, PRIVILEGES)); + } + + @Test + public void testLanguages_UserMaria_SirotanDb_SqlLanguage_Denied() + throws IOException { + deletePolicy(); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testLanguages_UserMaria_DoesNotExistDb_SqlLanguage_Denied() + throws IOException { + resources.put("database", "doesnotexist"); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testLanguages_UserMaria_SirotanDb_SqlLanguage_Policy2_Allowed() + throws IOException { + deletePolicy(); + createPolicy("test-language-2.json"); + assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java new file mode 100644 index 0000000..f0e5c99 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.junit.Test; + +import java.io.IOException; +import java.util.Arrays; +import java.util.List; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class ProtocolTest extends ServiceBaseTest { + + private static final List<String> PRIVILEGES = Arrays.asList("select", "insert"); + + public void beforeTest() + throws IOException { + createPolicy("test-protocol.json"); + resources.put("protocol", "pxf"); + } + + @Test + public void testProtocols_UserMaria_PxfProtocol_Allowed() + throws IOException { + assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testProtocols_UserMaria_DoesNotExistProtocol_Denied() + throws IOException { + resources.put("protocol", "doesnotexist"); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testProtocols_UserBob_PxfProtocol_Denied() + throws IOException { + assertFalse(hasAccess("bob", resources, PRIVILEGES)); + } + + @Test + public void testProtocols_UserMaria_PxfProtocol_Denied() + throws IOException { + deletePolicy(); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java new file mode 100644 index 0000000..7e7787a --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.codehaus.jackson.map.ObjectMapper; + +import java.io.IOException; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +public class RPSRequest { + + String user; + Map<String, String> resources; + List<String> privileges; + + public RPSRequest(String user, + Map<String, String> resources, + List<String> privileges) { + this.user = user; + this.resources = resources; + this.privileges = privileges; + } + + public String getJsonString() + throws IOException { + + Map<String, Object> request = new HashMap<>(); + request.put("requestId", 9); + request.put("user", user); + request.put("clientIp", "123.0.0.21"); + request.put("context", "CREATE DATABASE sirotan;"); + Map<String, Object> accessHash = new HashMap<>(); + accessHash.put("resource", resources); + accessHash.put("privileges", privileges); + request.put("access", Arrays.asList(accessHash)); + return new ObjectMapper().writeValueAsString(request); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java new file mode 100644 index 0000000..2ed1046 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.codehaus.jackson.annotate.JsonProperty; + +import java.util.List; +import java.util.Map; + +public class RPSResponse { + + @JsonProperty + public int requestId; + + @JsonProperty + public List<Map<String, Object>> access; + + public List<Map<String, Object>> getAccess() { + return access; + } + + public boolean hasAccess() { + return (boolean) access.get(0).get("allowed"); + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java new file mode 100644 index 0000000..8608584 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java @@ -0,0 +1,116 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.http.client.methods.HttpDelete; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.entity.StringEntity; +import org.junit.After; +import org.junit.Before; +import org.junit.Rule; +import org.junit.rules.TestName; + +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +public abstract class ServiceBaseTest { + + protected final Log log = LogFactory.getLog(this.getClass()); + + @Rule + public final TestName testName = new TestName(); + protected final String policyName = getClass().getSimpleName(); + protected Map<String, String> resources = new HashMap<>(); + + public static String RANGER_PLUGIN_SERVICE_HOST = "localhost"; + public static String RANGER_PLUGIN_SERVICE_PORT = "8432"; + public static String RANGER_PLUGIN_SERVICE_URL = + "http://"; + RANGER_PLUGIN_SERVICE_HOST + ":" + RANGER_PLUGIN_SERVICE_PORT + "/rps"; + public static String RANGER_ADMIN_HOST = "localhost"; + public static String RANGER_ADMIN_PORT = "6080"; + public static String RANGER_URL = + "http://"; + RANGER_ADMIN_HOST + ":" + RANGER_ADMIN_PORT + "/service/public/v2/api"; + public static String RANGER_TEST_USER = "maria_dev"; + public static int POLICY_REFRESH_INTERVAL = 6000; + + @Before + public void setUp() + throws IOException { + log.info("======================================================================================"); + log.info("Running test " + testName.getMethodName()); + log.info("======================================================================================"); + beforeTest(); + } + + @After + public void tearDown() + throws IOException { + deletePolicy(); + } + + protected void createPolicy(String jsonFile) + throws IOException { + + log.info("Creating policy " + policyName); + HttpPost httpPost = new HttpPost(RANGER_URL + "/policy"); + httpPost.setEntity(new StringEntity(Utils.getPayload(jsonFile))); + Utils.processHttpRequest(httpPost); + waitForPolicyRefresh(); + } + + protected void deletePolicy() + throws IOException { + + log.info("Deleting policy " + policyName); + String requestUrl = RANGER_URL + "/policy?servicename=hawq&policyname=" + policyName; + Utils.processHttpRequest(new HttpDelete(requestUrl)); + waitForPolicyRefresh(); + } + + protected boolean hasAccess(String user, + Map<String, String> resources, + List<String> privileges) + throws IOException { + + log.info("Checking access for user " + user); + RPSRequest request = new RPSRequest(user, resources, privileges); + HttpPost httpPost = new HttpPost(RANGER_PLUGIN_SERVICE_URL); + httpPost.setEntity(new StringEntity(request.getJsonString())); + String result = Utils.processHttpRequest(httpPost); + RPSResponse rpsResponse = Utils.getResponse(result); + return rpsResponse.hasAccess(); + } + + private void waitForPolicyRefresh() { + + try { + Thread.sleep(POLICY_REFRESH_INTERVAL); + } + catch (InterruptedException e) { + log.error(e); + } + } + + public abstract void beforeTest() throws IOException; +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java new file mode 100644 index 0000000..cfc41cb --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.junit.Test; + +import java.io.IOException; +import java.util.Arrays; +import java.util.List; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class TablespaceTest extends ServiceBaseTest { + + private static final List<String> PRIVILEGES = Arrays.asList("create"); + + public void beforeTest() + throws IOException { + createPolicy("test-tablespace.json"); + resources.put("tablespace", "pg_global"); + } + + @Test + public void testTablespaces_UserMaria_PgGlobalTablespace_Allowed() + throws IOException { + assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testTablespaces_UserMaria_DoesNotExistTablespace_Denied() + throws IOException { + resources.put("tablespace", "doesnotexist"); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + + @Test + public void testTablespaces_UserBob_PgGlobalTablespace_Denied() + throws IOException { + assertFalse(hasAccess("bob", resources, PRIVILEGES)); + } + + @Test + public void testTablespaces_UserMaria_PgGlobalTablespace_Denied() + throws IOException { + deletePolicy(); + assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java new file mode 100644 index 0000000..971e513 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.io.IOUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.http.HttpEntity; +import org.apache.http.HttpResponse; +import org.apache.http.client.HttpClient; +import org.apache.http.client.methods.HttpRequestBase; +import org.apache.http.impl.client.HttpClientBuilder; +import org.codehaus.jackson.map.ObjectMapper; + +import java.io.IOException; + +public class Utils { + + protected static final Log log = LogFactory.getLog(Utils.class); + + public static String getPayload(String jsonFile) + throws IOException { + return IOUtils.toString(Utils.class.getClassLoader().getResourceAsStream(jsonFile)); + } + + public static String getEncoding() { + return Base64.encodeBase64String("admin:admin".getBytes()); + } + + public static String processHttpRequest(HttpRequestBase request) + throws IOException { + + if (log.isDebugEnabled()) { + log.debug("Request URI = " + request.getURI().toString()); + } + request.setHeader("Authorization", "Basic " + getEncoding()); + request.setHeader("Content-Type", "application/json"); + HttpClient httpClient = HttpClientBuilder.create().build(); + HttpResponse response = httpClient.execute(request); + int responseCode = response.getStatusLine().getStatusCode(); + log.info("Response Code = " + responseCode); + HttpEntity entity = response.getEntity(); + if (entity != null) { + String result = IOUtils.toString(entity.getContent()); + if (log.isDebugEnabled()) { + log.debug(result); + } + return result; + } + return null; + } + + public static RPSResponse getResponse(String result) + throws IOException { + return new ObjectMapper().readValue(result, RPSResponse.class); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/log4j.properties b/ranger-plugin/integration/service/src/test/resources/log4j.properties new file mode 100644 index 0000000..8578fd2 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/resources/log4j.properties @@ -0,0 +1,35 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##-- To prevent junits from cluttering the build run by default all test runs send output to null appender +log4j.appender.devnull=org.apache.log4j.varia.NullAppender +#hawq.ranger.root.logger=FATAL,devnull + +##-- uncomment the following line during during development/debugging so see debug messages during test run to be emitted to console +hawq.ranger.root.logger=DEBUG,console +log4j.rootLogger=${hawq.ranger.root.logger} +log4j.logger.org.apache.http=WARN + +# Logging Threshold +log4j.threshold=ALL + +# +# console +# Add "console" to rootlogger above if you want to use this +# +log4j.appender.console=org.apache.log4j.ConsoleAppender +log4j.appender.console.target=System.err +log4j.appender.console.layout=org.apache.log4j.PatternLayout +log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-database.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-database.json b/ranger-plugin/integration/service/src/test/resources/test-database.json new file mode 100644 index 0000000..ffa3bfe --- /dev/null +++ b/ranger-plugin/integration/service/src/test/resources/test-database.json @@ -0,0 +1,46 @@ +{ + "isEnabled": true, + "service": "hawq", + "name": "DatabaseTest", + "policyType": 0, + "description": "Test policy for database resource", + "isAuditEnabled": true, + "resources": { + "schema": { + "values": ["*"], + "isExcludes": false, + "isRecursive": false + }, + "database": { + "values": ["sirotan"], + "isExcludes": false, + "isRecursive": false + }, + "function": { + "values": ["*"], + "isExcludes": false, + "isRecursive": false + } + }, + "policyItems": [{ + "accesses": [{ + "type": "create", + "isAllowed": true + }, { + "type": "connect", + "isAllowed": true + }, { + "type": "temp", + "isAllowed": true + }], + "users": ["maria_dev"], + "groups": [], + "conditions": [], + "delegateAdmin": true + }], + "denyPolicyItems": [], + "allowExceptions": [], + "denyExceptions": [], + "dataMaskPolicyItems": [], + "rowFilterPolicyItems": [] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-function-2.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-function-2.json b/ranger-plugin/integration/service/src/test/resources/test-function-2.json new file mode 100644 index 0000000..5ae7f0b --- /dev/null +++ b/ranger-plugin/integration/service/src/test/resources/test-function-2.json @@ -0,0 +1,40 @@ +{ + "isEnabled": true, + "service": "hawq", + "name": "FunctionTest", + "policyType": 0, + "description": "Test policy for function resource", + "isAuditEnabled": true, + "resources": { + "schema": { + "values": ["*"], + "isExcludes": false, + "isRecursive": false + }, + "database": { + "values": ["*"], + "isExcludes": false, + "isRecursive": false + }, + "function": { + "values": ["atan"], + "isExcludes": false, + "isRecursive": false + } + }, + "policyItems": [{ + "accesses": [{ + "type": "execute", + "isAllowed": true + }], + "users": ["maria_dev"], + "groups": [], + "conditions": [], + "delegateAdmin": true + }], + "denyPolicyItems": [], + "allowExceptions": [], + "denyExceptions": [], + "dataMaskPolicyItems": [], + "rowFilterPolicyItems": [] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-function.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-function.json b/ranger-plugin/integration/service/src/test/resources/test-function.json new file mode 100644 index 0000000..74d5d83 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/resources/test-function.json @@ -0,0 +1,40 @@ +{ + "isEnabled": true, + "service": "hawq", + "name": "FunctionTest", + "policyType": 0, + "description": "Test policy for function resource", + "isAuditEnabled": true, + "resources": { + "schema": { + "values": ["siroschema"], + "isExcludes": false, + "isRecursive": false + }, + "database": { + "values": ["sirotan"], + "isExcludes": false, + "isRecursive": false + }, + "function": { + "values": ["atan"], + "isExcludes": false, + "isRecursive": false + } + }, + "policyItems": [{ + "accesses": [{ + "type": "execute", + "isAllowed": true + }], + "users": ["maria_dev"], + "groups": [], + "conditions": [], + "delegateAdmin": true + }], + "denyPolicyItems": [], + "allowExceptions": [], + "denyExceptions": [], + "dataMaskPolicyItems": [], + "rowFilterPolicyItems": [] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-language-2.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-language-2.json b/ranger-plugin/integration/service/src/test/resources/test-language-2.json new file mode 100644 index 0000000..93a41fe --- /dev/null +++ b/ranger-plugin/integration/service/src/test/resources/test-language-2.json @@ -0,0 +1,35 @@ +{ + "isEnabled": true, + "service": "hawq", + "name": "LanguageTest", + "policyType": 0, + "description": "Test policy for language resource", + "isAuditEnabled": true, + "resources": { + "language": { + "values": ["sql"], + "isExcludes": false, + "isRecursive": false + }, + "database": { + "values": ["*"], + "isExcludes": false, + "isRecursive": false + } + }, + "policyItems": [{ + "accesses": [{ + "type": "usage", + "isAllowed": true + }], + "users": ["maria_dev"], + "groups": [], + "conditions": [], + "delegateAdmin": true + }], + "denyPolicyItems": [], + "allowExceptions": [], + "denyExceptions": [], + "dataMaskPolicyItems": [], + "rowFilterPolicyItems": [] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-language.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-language.json b/ranger-plugin/integration/service/src/test/resources/test-language.json new file mode 100644 index 0000000..cba2f43 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/resources/test-language.json @@ -0,0 +1,35 @@ +{ + "isEnabled": true, + "service": "hawq", + "name": "LanguageTest", + "policyType": 0, + "description": "Test policy for language resource", + "isAuditEnabled": true, + "resources": { + "language": { + "values": ["sql"], + "isExcludes": false, + "isRecursive": false + }, + "database": { + "values": ["sirotan"], + "isExcludes": false, + "isRecursive": false + } + }, + "policyItems": [{ + "accesses": [{ + "type": "usage", + "isAllowed": true + }], + "users": ["maria_dev"], + "groups": [], + "conditions": [], + "delegateAdmin": true + }], + "denyPolicyItems": [], + "allowExceptions": [], + "denyExceptions": [], + "dataMaskPolicyItems": [], + "rowFilterPolicyItems": [] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-protocol.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-protocol.json b/ranger-plugin/integration/service/src/test/resources/test-protocol.json new file mode 100644 index 0000000..d59caed --- /dev/null +++ b/ranger-plugin/integration/service/src/test/resources/test-protocol.json @@ -0,0 +1,33 @@ +{ + "isEnabled": true, + "service": "hawq", + "name": "ProtocolTest", + "policyType": 0, + "description": "Test policy for protocol resource", + "isAuditEnabled": true, + "resources": { + "protocol": { + "values": ["pxf"], + "isExcludes": false, + "isRecursive": false + } + }, + "policyItems": [{ + "accesses": [{ + "type": "select", + "isAllowed": true + }, { + "type": "insert", + "isAllowed": true + }], + "users": ["maria_dev"], + "groups": [], + "conditions": [], + "delegateAdmin": true + }], + "denyPolicyItems": [], + "allowExceptions": [], + "denyExceptions": [], + "dataMaskPolicyItems": [], + "rowFilterPolicyItems": [] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/integration/service/src/test/resources/test-tablespace.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-tablespace.json b/ranger-plugin/integration/service/src/test/resources/test-tablespace.json new file mode 100644 index 0000000..a45ecea --- /dev/null +++ b/ranger-plugin/integration/service/src/test/resources/test-tablespace.json @@ -0,0 +1,30 @@ +{ + "isEnabled": true, + "service": "hawq", + "name": "TablespaceTest", + "policyType": 0, + "description": "Test policy for tablespace resource", + "isAuditEnabled": true, + "resources": { + "tablespace": { + "values": ["pg_global"], + "isExcludes": false, + "isRecursive": false + } + }, + "policyItems": [{ + "accesses": [{ + "type": "create", + "isAllowed": true + }], + "users": ["maria_dev"], + "groups": [], + "conditions": [], + "delegateAdmin": true + }], + "denyPolicyItems": [], + "allowExceptions": [], + "denyExceptions": [], + "dataMaskPolicyItems": [], + "rowFilterPolicyItems": [] +} \ No newline at end of file
