Repository: ranger Updated Branches: refs/heads/master f21e2b4cf -> 513788f50
RANGER-2095 : Add unit tests for new read only admin-auditor/kms-auditor roles functionality Signed-off-by: Mehul Parikh <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/eed027ab Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/eed027ab Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/eed027ab Branch: refs/heads/master Commit: eed027abd9ee65c21867e1a2b9676f491d0d1800 Parents: f21e2b4 Author: Bhavik Patel <[email protected]> Authored: Fri May 4 17:52:29 2018 +0530 Committer: Mehul Parikh <[email protected]> Committed: Wed May 9 15:13:51 2018 +0530 ---------------------------------------------------------------------- .../org/apache/ranger/biz/RangerBizUtil.java | 2 +- .../apache/ranger/biz/TestRangerBizUtil.java | 286 +++++++++++++++++++ .../org/apache/ranger/rest/TestAssetREST.java | 64 +++++ 3 files changed, 351 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/eed027ab/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java index a0477fb..00bda59 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java @@ -1562,7 +1562,7 @@ public class RangerBizUtil { } if (!isAccessible) { throw restErrorUtil.createRESTException( - "Logged in user is not allowd to create/update user", + "Logged in user is not allowed to create/update user", MessageEnums.OPER_NO_PERMISSION); } return isAccessible; http://git-wip-us.apache.org/repos/asf/ranger/blob/eed027ab/security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java b/security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java index 10e517f..174f919 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java @@ -18,10 +18,16 @@ package org.apache.ranger.biz; import java.io.File; import java.util.ArrayList; +import java.util.Collection; import java.util.List; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.WebApplicationException; + import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.ContextUtil; +import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerCommonEnums; import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.StringUtil; @@ -44,9 +50,12 @@ import org.apache.ranger.view.VXDataObject; import org.apache.ranger.view.VXPortalUser; import org.apache.ranger.view.VXResource; import org.apache.ranger.view.VXResponse; +import org.apache.ranger.view.VXUser; import org.junit.Assert; import org.junit.Before; +import org.junit.Rule; import org.junit.Test; +import org.junit.rules.ExpectedException; import org.junit.runner.RunWith; import org.mockito.InjectMocks; import org.mockito.Mock; @@ -68,11 +77,37 @@ public class TestRangerBizUtil { @Mock StringUtil stringUtil; + @Mock + VXUser vXUser; + + @Mock + UserMgr userMgr; + + @Mock + ContextUtil contextUtil; + + @Mock + RangerSecurityContext context; + + @Mock + UserSessionBase currentUserSession; + + @Mock + RESTErrorUtil restErrorUtil; + + @Mock + VXResponse vXResponse; + + @Rule + public ExpectedException thrown = ExpectedException.none(); + @Before public void setup(){ RangerSecurityContext context = new RangerSecurityContext(); context.setUserSession(new UserSessionBase()); RangerContextHolder.setSecurityContext(context); + +// RESTErrorUtil restErrorUtil; } @Test @@ -553,4 +588,255 @@ public class TestRangerBizUtil { Mockito.verify(stringUtil).split(Mockito.anyString(), Mockito.anyString()); Assert.assertFalse(bnlChk); } + + @Test + public void testCheckUserAccessibleThrowErrorForKeyAdminAndUserRoleSysAdmin() + throws Exception { + + Collection<String> roleList = new ArrayList<String>(); + roleList.add(RangerConstants.ROLE_SYS_ADMIN); + Mockito.when(userMgr.getRolesByLoginId(vXUser.getName())).thenReturn( + roleList); + Mockito.when(vXUser.getUserRoleList()).thenReturn(roleList); + + currentUserSession.setKeyAdmin(true); + RangerSecurityContext context = new RangerSecurityContext(); + context.setUserSession(currentUserSession); + RangerContextHolder.setSecurityContext(context); + + Mockito.when(currentUserSession.isKeyAdmin()).thenReturn(true); + + WebApplicationException webExp = new WebApplicationException(); + + Mockito.when( + restErrorUtil.createRESTException( + "Logged in user is not allowed to create/update user", + MessageEnums.OPER_NO_PERMISSION)).thenReturn(webExp); + + thrown.expect(WebApplicationException.class); + + rangerBizUtil.checkUserAccessible(vXUser); + + Mockito.verify(restErrorUtil).createRESTException( + "Logged in user is not allowed to create/update user", + MessageEnums.OPER_NO_PERMISSION); + + } + + @Test + public void testCheckUserAccessibleThrowErrorForKeyAdminAndUserRoleAdminAuditor() + throws Exception { + + Collection<String> roleList = new ArrayList<String>(); + roleList.add(RangerConstants.ROLE_ADMIN_AUDITOR); + Mockito.when(userMgr.getRolesByLoginId(vXUser.getName())).thenReturn( + roleList); + Mockito.when(vXUser.getUserRoleList()).thenReturn(roleList); + + currentUserSession.setKeyAdmin(true); + RangerSecurityContext context = new RangerSecurityContext(); + context.setUserSession(currentUserSession); + RangerContextHolder.setSecurityContext(context); + + Mockito.when(currentUserSession.isKeyAdmin()).thenReturn(true); + + WebApplicationException webExp = new WebApplicationException(); + + Mockito.when( + restErrorUtil.createRESTException( + "Logged in user is not allowed to create/update user", + MessageEnums.OPER_NO_PERMISSION)).thenReturn(webExp); + + thrown.expect(WebApplicationException.class); + + rangerBizUtil.checkUserAccessible(vXUser); + + Mockito.verify(restErrorUtil).createRESTException( + "Logged in user is not allowed to create/update user", + MessageEnums.OPER_NO_PERMISSION); + + } + + @Test + public void testCheckUserAccessibleSuccessForKeyAdmin(){ + Collection<String> roleList = new ArrayList<String>(); + roleList.add(RangerConstants.ROLE_KEY_ADMIN); + roleList.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR); + Mockito.when(userMgr.getRolesByLoginId(vXUser.getName())).thenReturn( + roleList); + Mockito.when(vXUser.getUserRoleList()).thenReturn(roleList); + + currentUserSession.setKeyAdmin(true); + + RangerSecurityContext context = new RangerSecurityContext(); + context.setUserSession(currentUserSession); + RangerContextHolder.setSecurityContext(context); + + Mockito.when(currentUserSession.isKeyAdmin()).thenReturn(true); + + boolean result = rangerBizUtil.checkUserAccessible(vXUser); + Assert.assertTrue(result); + + } + + @Test + public void testCheckUserAccessibleThrowErrorForAdminAndUserRoleKeyAdmin() + throws Exception { + + Collection<String> roleList = new ArrayList<String>(); + roleList.add(RangerConstants.ROLE_KEY_ADMIN); + Mockito.when(userMgr.getRolesByLoginId(vXUser.getName())).thenReturn( + roleList); + Mockito.when(vXUser.getUserRoleList()).thenReturn(roleList); + + currentUserSession.setUserAdmin(true); + + RangerSecurityContext context = new RangerSecurityContext(); + context.setUserSession(currentUserSession); + RangerContextHolder.setSecurityContext(context); + + Mockito.when(currentUserSession.isUserAdmin()).thenReturn(true); + + WebApplicationException webExp = new WebApplicationException(); + + Mockito.when( + restErrorUtil.createRESTException( + "Logged in user is not allowed to create/update user", + MessageEnums.OPER_NO_PERMISSION)).thenReturn(webExp); + + thrown.expect(WebApplicationException.class); + + rangerBizUtil.checkUserAccessible(vXUser); + + Mockito.verify(restErrorUtil).createRESTException( + "Logged in user is not allowed to create/update user", + MessageEnums.OPER_NO_PERMISSION); + + } + + @Test + public void testCheckUserAccessibleThrowErrorForAdminAndUserRoleKeyAdminAuditor() + throws Exception { + + Collection<String> roleList = new ArrayList<String>(); + roleList.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR); + Mockito.when(userMgr.getRolesByLoginId(vXUser.getName())).thenReturn( + roleList); + Mockito.when(vXUser.getUserRoleList()).thenReturn(roleList); + + currentUserSession.setUserAdmin(true); + + RangerSecurityContext context = new RangerSecurityContext(); + context.setUserSession(currentUserSession); + RangerContextHolder.setSecurityContext(context); + + Mockito.when(currentUserSession.isUserAdmin()).thenReturn(true); + + WebApplicationException webExp = new WebApplicationException(); + + Mockito.when( + restErrorUtil.createRESTException( + "Logged in user is not allowed to create/update user", + MessageEnums.OPER_NO_PERMISSION)).thenReturn(webExp); + + thrown.expect(WebApplicationException.class); + + rangerBizUtil.checkUserAccessible(vXUser); + + Mockito.verify(restErrorUtil).createRESTException( + "Logged in user is not allowed to create/update user", + MessageEnums.OPER_NO_PERMISSION); + + } + + @Test + public void testCheckUserAccessibleSuccessForAdmin(){ + Collection<String> roleList = new ArrayList<String>(); + roleList.add(RangerConstants.ROLE_SYS_ADMIN); + roleList.contains(RangerConstants.ROLE_ADMIN_AUDITOR); + Mockito.when(userMgr.getRolesByLoginId(vXUser.getName())).thenReturn( + roleList); + Mockito.when(vXUser.getUserRoleList()).thenReturn(roleList); + + currentUserSession.setUserAdmin(true); + + RangerSecurityContext context = new RangerSecurityContext(); + context.setUserSession(currentUserSession); + RangerContextHolder.setSecurityContext(context); + + Mockito.when(currentUserSession.isUserAdmin()).thenReturn(true); + + boolean result = rangerBizUtil.checkUserAccessible(vXUser); + Assert.assertTrue(result); + + } + + @Test + public void testBlockAuditorRoleUserThrowsErrorForAuditKeyAdmin(){ + RangerBizUtil rangerBizUtilMock = Mockito.mock(RangerBizUtil.class); + vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); + vXResponse.setMsgDesc("Operation denied. LoggedInUser=1 ,isn't permitted to perform the action."); + + XXPortalUser xxPortalUser = new XXPortalUser(); + xxPortalUser.setId(1L); + + currentUserSession.setAuditKeyAdmin(true); + + RangerSecurityContext context = new RangerSecurityContext(); + context.setUserSession(currentUserSession); + RangerContextHolder.setSecurityContext(context); + + Mockito.doThrow(new WebApplicationException()).when(rangerBizUtilMock).blockAuditorRoleUser(); + thrown.expect(WebApplicationException.class); + + rangerBizUtilMock.blockAuditorRoleUser(); + + } + + @Test + public void testBlockAuditorRoleUserThrowsErrorForAuditUserAdmin(){ + + RangerBizUtil rangerBizUtilMock = Mockito.mock(RangerBizUtil.class); + + vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); + vXResponse.setMsgDesc("Operation denied. LoggedInUser=1 ,isn't permitted to perform the action."); + + XXPortalUser xxPortalUser = new XXPortalUser(); + xxPortalUser.setId(1L); + + currentUserSession.setAuditKeyAdmin(true); + + RangerSecurityContext context = new RangerSecurityContext(); + context.setUserSession(currentUserSession); + RangerContextHolder.setSecurityContext(context); + + + Mockito.doThrow(new WebApplicationException()).when(rangerBizUtilMock).blockAuditorRoleUser(); + + thrown.expect(WebApplicationException.class); + + rangerBizUtilMock.blockAuditorRoleUser(); + } + + @Test + public void testBlockAuditorRoleUserSuccess(){ + RangerBizUtil rangerBizUtilMock = Mockito.mock(RangerBizUtil.class); + + XXPortalUser xxPortalUser = new XXPortalUser(); + xxPortalUser.setId(1L); + + currentUserSession.setUserAdmin(true); + + RangerSecurityContext context = new RangerSecurityContext(); + context.setUserSession(currentUserSession); + RangerContextHolder.setSecurityContext(context); + + + Mockito.doNothing().when(rangerBizUtilMock).blockAuditorRoleUser(); + + rangerBizUtilMock.blockAuditorRoleUser(); + Mockito.verify(rangerBizUtilMock).blockAuditorRoleUser(); + + } + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ranger/blob/eed027ab/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java index 9182195..ce6971d 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java @@ -104,6 +104,9 @@ public class TestAssetREST { @Mock RangerSearchUtil searchUtil; + @Mock + RangerBizUtil xaBizUtil; + @Mock XAssetService xAssetService; @@ -937,6 +940,67 @@ public class TestAssetREST { } + @Test + public void testGetReportLogsForAuditAdmin() { + SearchCriteria searchCriteria = new SearchCriteria(); + List<SortField> sortFields = null; + List<VXTrxLog> vXTrxLogs = new ArrayList<VXTrxLog>(); + VXTrxLogList vXTrxLogList = new VXTrxLogList(); + vXTrxLogList.setVXTrxLogs(vXTrxLogs); + Mockito.when(searchUtil.extractCommonCriterias(request, sortFields)).thenReturn(searchCriteria); + Mockito.when(searchUtil.extractString((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString())) + .thenReturn("test"); + Mockito.when(searchUtil.extractInt((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString())) + .thenReturn((Integer) 8); + Mockito.when(searchUtil.extractDate((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString())) + .thenReturn(new Date()); + Mockito.when(assetMgr.getReportLogs(searchCriteria)).thenReturn(vXTrxLogList); + VXTrxLogList expectedVXTrxLogListt = assetREST.getReportLogs(request); + Assert.assertEquals(vXTrxLogList, expectedVXTrxLogListt); + Mockito.verify(searchUtil, Mockito.times(4)).extractString((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString()); + Mockito.verify(searchUtil).extractInt((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString()); + Mockito.verify(searchUtil, Mockito.times(2)).extractDate((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString()); + Mockito.verify(assetMgr).getReportLogs(searchCriteria); + Mockito.verify(searchUtil).extractCommonCriterias(request, sortFields); + } + + + @Test + public void testGetReportLogsForAuditKeyAdmin() { + SearchCriteria searchCriteria = new SearchCriteria(); + List<SortField> sortFields = null; + List<VXTrxLog> vXTrxLogs = new ArrayList<VXTrxLog>(); + VXTrxLogList vXTrxLogList = new VXTrxLogList(); + vXTrxLogList.setVXTrxLogs(vXTrxLogs); + Mockito.when(searchUtil.extractCommonCriterias(request, sortFields)).thenReturn(searchCriteria); + Mockito.when(searchUtil.extractString((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString())) + .thenReturn("test"); + Mockito.when(searchUtil.extractInt((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString())) + .thenReturn((Integer) 8); + Mockito.when(searchUtil.extractDate((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString())) + .thenReturn(new Date()); + Mockito.when(assetMgr.getReportLogs(searchCriteria)).thenReturn(vXTrxLogList); + VXTrxLogList expectedVXTrxLogListt = assetREST.getReportLogs(request); + Assert.assertEquals(vXTrxLogList, expectedVXTrxLogListt); + Mockito.verify(searchUtil, Mockito.times(4)).extractString((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString()); + Mockito.verify(searchUtil).extractInt((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString()); + Mockito.verify(searchUtil, Mockito.times(2)).extractDate((HttpServletRequest) Mockito.any(), + (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString()); + Mockito.verify(assetMgr).getReportLogs(searchCriteria); + Mockito.verify(searchUtil).extractCommonCriterias(request, sortFields); + } + public Map<String, String> getSampleConfig() { Map<String, String> configs = new HashMap<String, String>(); configs.put("username", "servicemgr");
