[ranger] branch master updated: RANGER-4274: updated security-zones to support admin-roles and audit-roles: fix unit test failures - #2

madhan Fri, 09 Jun 2023 07:31:11 -0700

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git



The following commit(s) were added to refs/heads/master by this push:
     new cb65abc86 RANGER-4274: updated security-zones to support admin-roles 
and audit-roles: fix unit test failures - #2
cb65abc86 is described below

commit cb65abc86802cdae0fa34d41f1479d23a961fd27
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Fri Jun 9 06:33:50 2023 -0700

    RANGER-4274: updated security-zones to support admin-roles and audit-roles: 
fix unit test failures - #2
---
 .../ranger/plugin/model/RangerSecurityZone.java    |  2 +-
 .../RangerSecurityZoneValidatorTest.java           |  2 +-
 .../org/apache/ranger/biz/TestRoleDBStore.java     | 54 ++++++++++++++++------
 3 files changed, 43 insertions(+), 15 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
index ea79b69e8..bd10ff1df 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
@@ -55,7 +55,7 @@ public class RangerSecurityZone extends RangerBaseModelObject 
implements java.io
     }
 
     public RangerSecurityZone(String name, Map<String, 
RangerSecurityZoneService> services,List<String> tagServices, List<String> 
adminUsers, List<String> adminUserGroups, List<String> auditUsers, List<String> 
auditUserGroups, String description) {
-        this(name, services, tagServices, adminUsers, adminUserGroups, null, 
adminUsers, adminUserGroups, null, description);
+        this(name, services, tagServices, adminUsers, adminUserGroups, null, 
auditUsers, auditUserGroups, null, description);
     }
 
     public RangerSecurityZone(String name, Map<String, 
RangerSecurityZoneService> services,List<String> tagServices, List<String> 
adminUsers, List<String> adminUserGroups, List<String> adminRoles, List<String> 
auditUsers, List<String> auditUserGroups, List<String> auditRoles, String 
description) {
diff --git 
a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
 
b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
index 8bc77672c..dcc970c47 100644
--- 
a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
+++ 
b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
@@ -163,7 +163,7 @@ public class RangerSecurityZoneValidatorTest {
                } catch (Exception ex) {
                        Assert.assertEquals(
                                        ex.getMessage(),
-                                       "(0) Validation failure: error 
code[3044], reason[No services specified for security-zone:[MyZone]], 
field[services], subfield[null], type[missing] (1) Validation failure: error 
code[3038], reason[both users and user-groups collections for the security zone 
were null/empty], field[security zone admin users/user-groups], subfield[null], 
type[missing] (2) Validation failure: error code[3038], reason[both users and 
user-groups collections for the security zone were null/empty], field[s [...]
+                                       "(0) Validation failure: error 
code[3044], reason[No services specified for security-zone:[MyZone]], 
field[services], subfield[null], type[missing] (1) Validation failure: error 
code[3038], reason[users, user-groups and roles collections for the security 
zone were null/empty], field[security zone admin users/user-groups/roles], 
subfield[null], type[missing] (2) Validation failure: error code[3038], 
reason[users, user-groups and roles collections for the security zone were 
null/empty [...]
                }
        }
 
diff --git 
a/security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java 
b/security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java
index 75bdb5451..6d340f25a 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java
@@ -35,6 +35,7 @@ import org.apache.ranger.db.XXGlobalStateDao;
 import org.apache.ranger.db.XXPolicyRefRoleDao;
 import org.apache.ranger.db.XXRoleDao;
 import org.apache.ranger.db.XXRoleRefRoleDao;
+import org.apache.ranger.db.XXSecurityZoneRefRoleDao;
 import org.apache.ranger.db.XXServiceDefDao;
 import org.apache.ranger.entity.XXPortalUser;
 import org.apache.ranger.entity.XXRole;
@@ -356,19 +357,22 @@ public class TestRoleDBStore {
 
     @Test
     public void testDeleteRoleByValidRoleName() throws Exception {
-        XXRoleDao          xxRoleDao          = Mockito.mock(XXRoleDao.class);
-        XXPolicyRefRoleDao xxPolicyRefRoleDao = 
Mockito.mock(XXPolicyRefRoleDao.class);
-        XXRoleRefRoleDao   xxRoleRefRoleDao   = 
Mockito.mock(XXRoleRefRoleDao.class);
-        XXTrxLog           xTrxLog            = new XXTrxLog() {{ 
setAction("delete"); }};
-        List<XXTrxLog>     trxLogList         = 
Collections.singletonList(xTrxLog);
-        XXRole             xxRole             = getTestRole();
-        RangerRole         rangerRole         = getRangerRole();
+        XXRoleDao                xxRoleDao          = 
Mockito.mock(XXRoleDao.class);
+        XXPolicyRefRoleDao       xxPolicyRefRoleDao = 
Mockito.mock(XXPolicyRefRoleDao.class);
+        XXRoleRefRoleDao         xxRoleRefRoleDao   = 
Mockito.mock(XXRoleRefRoleDao.class);
+        XXSecurityZoneRefRoleDao xxSzRefRoleDao     = 
Mockito.mock(XXSecurityZoneRefRoleDao.class);
+        XXTrxLog                 xTrxLog            = new XXTrxLog() {{ 
setAction("delete"); }};
+        List<XXTrxLog>           trxLogList         = 
Collections.singletonList(xTrxLog);
+        XXRole                   xxRole             = getTestRole();
+        RangerRole               rangerRole         = getRangerRole();
 
         Mockito.when(daoMgr.getXXRole()).thenReturn(xxRoleDao);
         
Mockito.when(daoMgr.getXXPolicyRefRole()).thenReturn(xxPolicyRefRoleDao);
+        
Mockito.when(daoMgr.getXXSecurityZoneRefRole()).thenReturn(xxSzRefRoleDao);
         
Mockito.when(xxPolicyRefRoleDao.findRoleRefPolicyCount(roleName)).thenReturn(0L);
         Mockito.when(daoMgr.getXXRoleRefRole()).thenReturn(xxRoleRefRoleDao);
         
Mockito.when(xxRoleRefRoleDao.findRoleRefRoleCount(roleName)).thenReturn(0L);
+        
Mockito.when(xxSzRefRoleDao.findRoleRefZoneCount(roleName)).thenReturn(0L);
         Mockito.when(roleService.read(xxRole.getId())).thenReturn(rangerRole);
         Mockito.when(xxRoleDao.findByRoleName(roleName)).thenReturn(xxRole);
         
Mockito.doNothing().when(transactionSynchronizationAdapter).executeOnTransactionCommit(Mockito.any());
@@ -450,16 +454,19 @@ public class TestRoleDBStore {
 
     @Test
     public void testDeleteRoleByRoleId() throws Exception {
-        RangerRole         rangerRole         = getRangerRole();
-        XXPolicyRefRoleDao xxPolicyRefRoleDao = 
Mockito.mock(XXPolicyRefRoleDao.class);
-        XXRoleRefRoleDao   xxRoleRefRoleDao   = 
Mockito.mock(XXRoleRefRoleDao.class);
-        XXTrxLog           xTrxLog            = new XXTrxLog() {{ 
setAction("delete"); }};
-        List<XXTrxLog>     trxLogList         = 
Collections.singletonList(xTrxLog);
-        XXRole             xxRole             = getTestRole();
+        RangerRole               rangerRole         = getRangerRole();
+        XXPolicyRefRoleDao       xxPolicyRefRoleDao = 
Mockito.mock(XXPolicyRefRoleDao.class);
+        XXRoleRefRoleDao         xxRoleRefRoleDao   = 
Mockito.mock(XXRoleRefRoleDao.class);
+        XXSecurityZoneRefRoleDao xxSzRefRoleDao     = 
Mockito.mock(XXSecurityZoneRefRoleDao.class);
+        XXTrxLog                 xTrxLog            = new XXTrxLog() {{ 
setAction("delete"); }};
+        List<XXTrxLog>           trxLogList         = 
Collections.singletonList(xTrxLog);
+        XXRole                   xxRole             = getTestRole();
 
         Mockito.when(roleService.read(roleId)).thenReturn(rangerRole);
         
Mockito.when(daoMgr.getXXPolicyRefRole()).thenReturn(xxPolicyRefRoleDao);
+        
Mockito.when(daoMgr.getXXSecurityZoneRefRole()).thenReturn(xxSzRefRoleDao);
         
Mockito.when(xxPolicyRefRoleDao.findRoleRefPolicyCount(rangerRole.getName())).thenReturn(0L);
+        
Mockito.when(xxSzRefRoleDao.findRoleRefZoneCount(rangerRole.getName())).thenReturn(0L);
         Mockito.when(daoMgr.getXXRoleRefRole()).thenReturn(xxRoleRefRoleDao);
         
Mockito.when(xxRoleRefRoleDao.findRoleRefRoleCount(rangerRole.getName())).thenReturn(0L);
         Mockito.when(roleService.read(xxRole.getId())).thenReturn(rangerRole);
@@ -506,6 +513,27 @@ public class TestRoleDBStore {
         roleDBStore.deleteRole(roleName);
     }
 
+    @Test
+    public void 
testDeleteRoleByValidRoleNameWhenRoleIsAssociatedWithOneOrMoreSecurityZones() 
throws Exception {
+        XXRole                   xxRole             = getTestRole();
+        XXRoleDao                xxRoleDao          = 
Mockito.mock(XXRoleDao.class);
+        XXPolicyRefRoleDao       xxPolicyRefRoleDao = 
Mockito.mock(XXPolicyRefRoleDao.class);
+        XXRoleRefRoleDao         xxRoleRefRoleDao   = 
Mockito.mock(XXRoleRefRoleDao.class);
+        XXSecurityZoneRefRoleDao xxSzRefRoleDao     = 
Mockito.mock(XXSecurityZoneRefRoleDao.class);
+
+        Mockito.when(daoMgr.getXXRole()).thenReturn(xxRoleDao);
+        Mockito.when(xxRoleDao.findByRoleName(roleName)).thenReturn(xxRole);
+        
Mockito.when(daoMgr.getXXPolicyRefRole()).thenReturn(xxPolicyRefRoleDao);
+        
Mockito.when(xxPolicyRefRoleDao.findRoleRefPolicyCount(roleName)).thenReturn(0L);
+        Mockito.when(daoMgr.getXXRoleRefRole()).thenReturn(xxRoleRefRoleDao);
+        
Mockito.when(xxRoleRefRoleDao.findRoleRefRoleCount(roleName)).thenReturn(0L);
+        
Mockito.when(daoMgr.getXXSecurityZoneRefRole()).thenReturn(xxSzRefRoleDao);
+        
Mockito.when(xxSzRefRoleDao.findRoleRefZoneCount(roleName)).thenReturn(1L);
+        thrown.expect(Exception.class);
+
+        roleDBStore.deleteRole(roleName);
+    }
+
     private XXRole getTestRole() {
         return new XXRole() {{
             setId(TestRoleDBStore.roleId);

[ranger] branch master updated: RANGER-4274: updated security-zones to support admin-roles and audit-roles: fix unit test failures - #2

Reply via email to