This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new 11130b0 RANGER-3106: Add unit test cases for TrieNode.undoSetup()
11130b0 is described below
commit 11130b093a3f3c732f4fe1744fa4c0e1de23d049
Author: Abhay Kulkarni <[email protected]>
AuthorDate: Mon Dec 7 09:34:52 2020 -0800
RANGER-3106: Add unit test cases for TrieNode.undoSetup()
---
.../policyengine/RangerPolicyRepository.java | 5 +-
.../plugin/policyengine/RangerResourceTrie.java | 23 +++---
.../plugin/policyengine/TestPolicyEngine.java | 7 ++
.../test_policyengine_hdfs_incremental_update.json | 83 ++++++++++++++++++++++
4 files changed, 106 insertions(+), 12 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index 0d6074f..ffbd908 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -1404,7 +1404,10 @@ public class RangerPolicyRepository {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerPolicyRepository.deletePolicyEvaluator(" +
evaluator.getPolicy() + ")");
}
- int policyType = evaluator.getPolicy().getPolicyType();
+ Integer policyType = evaluator.getPolicy().getPolicyType();
+ if (policyType == null) {
+ policyType = RangerPolicy.POLICY_TYPE_ACCESS;
+ }
List<RangerPolicyEvaluator> evaluators = null;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
index 0ca5896..4428503 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
@@ -947,19 +947,20 @@ public class RangerResourceTrie<T extends
RangerPolicyResourceEvaluator> {
if (CollectionUtils.isEmpty(evaluators)) {
evaluators = null;
}
+ }
+ }
+ }
+ if (wildcardEvaluators != null) {
+ if (isSharingParentWildcardEvaluators) {
+ wildcardEvaluators = null;
+ } else {
+ Set<U> parentWildcardEvaluators = getParent() == null
? null : getParent().getWildcardEvaluators();
- if (isSharingParentWildcardEvaluators) {
- wildcardEvaluators = null;
- } else {
- Set<U> parentWildcardEvaluators = getParent()
== null ? null : getParent().getWildcardEvaluators();
-
- if (parentWildcardEvaluators != null) {
-
wildcardEvaluators.removeAll(parentWildcardEvaluators);
+ if (parentWildcardEvaluators != null) {
+
wildcardEvaluators.removeAll(parentWildcardEvaluators);
- if
(CollectionUtils.isEmpty(wildcardEvaluators)) {
- wildcardEvaluators = null;
- }
- }
+ if (CollectionUtils.isEmpty(wildcardEvaluators)) {
+ wildcardEvaluators = null;
}
}
}
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
index 046e15f..dbb5b4a 100644
---
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -266,6 +266,13 @@ public class TestPolicyEngine {
}
@Test
+ public void testPolicyEngine_hdfs_incremental_update() {
+ String[] hdfsTestResourceFiles =
{"/policyengine/test_policyengine_hdfs_incremental_update.json"};
+
+ runTestsFromResourceFiles(hdfsTestResourceFiles);
+ }
+
+ @Test
public void testPolicyEngine_hiveForTag() {
String[] hiveTestResourceFiles = {
"/policyengine/test_policyengine_tag_hive.json" };
diff --git
a/agents-common/src/test/resources/policyengine/test_policyengine_hdfs_incremental_update.json
b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs_incremental_update.json
new file mode 100644
index 0000000..2672425
--- /dev/null
+++
b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs_incremental_update.json
@@ -0,0 +1,83 @@
+{
+ "serviceName":"hdfsdev",
+
+ "serviceDef":{
+ "name":"hdfs",
+ "id":1,
+ "resources":[
+
{"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"recursiveSupported":
true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":{"wildCard":true,
"ignoreCase":true},"label":"Resource Path","description":"HDFS file or
directory path"}
+ ],
+ "accessTypes":[
+ {"name":"read","label":"Read"},
+ {"name":"write","label":"Write"},
+ {"name":"execute","label":"Execute"}
+ ],
+ "contextEnrichers": [],
+ "policyConditions": []
+ },
+
+ "policies":[
+ {"id":10,"name":"allow-read-to-user1
/a/b*","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"path":{"values":["/a/b*"],"isRecursive":false}},
+ "policyItems":[
+ {"accesses":[{"type":"read","isAllowed":true},
{"type":"write","isAllowed":true},
{"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
+ ]
+ }
+ ,
+ {"id":20,"name":"allow-read-to-user1
/a/bc*","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"path":{"values":["/a/bc*"],"isRecursive":false}},
+ "policyItems":[
+ {"accesses":[{"type":"read","isAllowed":true},
{"type":"write","isAllowed":true},
{"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
+ ]
+ }
+ ],
+
+ "tests":[
+ {"name":"ALLOW 'read /a/bcd' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/a/bcd"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read
/a/bcd"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":10}
+ }
+ ,
+ {"name":"ALLOW 'read /a/bd' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/a/bd"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read
/a/bd"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":10}
+ }
+ ],
+ "updatedPolicies": {
+ "policyDeltas": [
+ {
+ "changeType": 1,
+ "policy": {
+ "id": 10, "version": 2, "name": "path=/a/b", "isEnabled": true,
"isAuditEnabled": true, "serviceType": "hdfs", "policyType": 0,
+ "resources":{"path":{"values":["/a/b"],"isRecursive":false}},
+ "policyItems": [
+ {"accesses":[{"type":"read","isAllowed":true},
{"type":"write","isAllowed":true},
{"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
+ ]
+ }
+ }
+ ]
+ },
+ "updatedTests": [
+ {"name":"ALLOW 'read /a/bcd' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/a/bcd"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read
/a/bcd"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":20}
+ }
+ ,
+ {"name":"DENY 'read /a/bd' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/a/bd"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read
/a/bd"
+ },
+ "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+ }
+ ]
+}
\ No newline at end of file
