This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new b50feda65 RANGER-4529: script evaluator updated to reuse bindings for
a request
b50feda65 is described below
commit b50feda65daebb5237aeea643a52633a624619a8
Author: Madhan Neethiraj <mad...@apache.org>
AuthorDate: Mon Nov 13 17:46:31 2023 -0800
RANGER-4529: script evaluator updated to reuse bindings for a request
---
...AnyOfExpectedTagsPresentConditionEvaluator.java | 18 +-
...oneOfExpectedTagsPresentConditionEvaluator.java | 16 +-
.../RangerScriptConditionEvaluator.java | 9 +-
.../RangerTagsAllPresentConditionEvaluator.java | 20 +-
.../policyengine/RangerRequestScriptEvaluator.java | 108 ++--
.../ranger/plugin/util/RangerCommonConstants.java | 12 +-
.../plugin/util/RangerRequestExprResolver.java | 4 +-
.../RangerRequestScriptEvaluatorTest.java | 640 ++++++++++-----------
.../plugin/util/RangerRequestExprResolverTest.java | 1 +
9 files changed, 424 insertions(+), 404 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java
index bf57fb412..c7b78908a 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java
@@ -19,17 +19,16 @@
package org.apache.ranger.plugin.conditionevaluator;
+import org.apache.ranger.plugin.contextenricher.RangerTagForEval;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator;
+import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
// Policy Condition to check if resource Tags does contain any of the policy
Condition Tags
-
public class RangerAnyOfExpectedTagsPresentConditionEvaluator extends
RangerAbstractConditionEvaluator {
private static final Logger LOG =
LoggerFactory.getLogger(RangerAnyOfExpectedTagsPresentConditionEvaluator.class);
@@ -62,14 +61,17 @@ public class
RangerAnyOfExpectedTagsPresentConditionEvaluator extends RangerAbst
LOG.debug("==>
RangerAnyOfExpectedTagsPresentConditionEvaluator.isMatched(" + request + ")");
}
- boolean matched = false;
-
- RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request);
- Set<String> resourceTags =
evaluator.getAllTagTypes();
+ boolean matched = false;
+ Set<RangerTagForEval> resourceTags =
RangerAccessRequestUtil.getRequestTagsFromContext(request.getContext());
if (resourceTags != null) {
// check if resource Tags does contain any of the
policy Condition Tags
- matched = (!Collections.disjoint(resourceTags,
policyConditionTags));
+ for (RangerTagForEval tag : resourceTags) {
+ if
(policyConditionTags.contains(tag.getType())) {
+ matched = true;
+ break;
+ }
+ }
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java
index 938836f66..9f1b60c98 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java
@@ -19,12 +19,12 @@
package org.apache.ranger.plugin.conditionevaluator;
+import org.apache.ranger.plugin.contextenricher.RangerTagForEval;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator;
+import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
@@ -62,13 +62,17 @@ public class
RangerNoneOfExpectedTagsPresentConditionEvaluator extends RangerAbs
LOG.debug("==>
RangerNoneOfExpectedTagsPresentConditionEvaluator.isMatched(" + request + ")");
}
- boolean matched = true;
- RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request);
- Set<String> resourceTags =
evaluator.getAllTagTypes();
+ boolean matched = true;
+ Set<RangerTagForEval> resourceTags =
RangerAccessRequestUtil.getRequestTagsFromContext(request.getContext());
if (resourceTags != null) {
// check if resource Tags does not contain any tags in
the policy condition
- matched = (Collections.disjoint(resourceTags,
policyConditionTags));
+ for (RangerTagForEval tag : resourceTags) {
+ if
(policyConditionTags.contains(tag.getType())) {
+ matched = false;
+ break;
+ }
+ }
}
if(LOG.isDebugEnabled()) {
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
index 80a766566..6eb192270 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
@@ -32,7 +32,8 @@ import javax.script.ScriptEngine;
import java.util.List;
import java.util.Map;
-import static org.apache.ranger.plugin.util.RangerCommonConstants.*;
+import static
org.apache.ranger.plugin.util.RangerCommonConstants.SCRIPT_OPTION_ENABLE_JSON_CTX;
+
public class RangerScriptConditionEvaluator extends
RangerAbstractConditionEvaluator {
private static final Logger LOG =
LoggerFactory.getLogger(RangerScriptConditionEvaluator.class);
@@ -100,13 +101,13 @@ public class RangerScriptConditionEvaluator extends
RangerAbstractConditionEvalu
LOG.debug("RangerScriptConditionEvaluator.isMatched(): script={" + script +
"}");
}
- RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request);
-
if (enableJsonCtx == null) { // if not
specified in evaluatorOptions, set it on first call to isMatched()
enableJsonCtx =
RangerRequestScriptEvaluator.needsJsonCtxEnabled(script);
}
- evaluator.evaluateConditionScript(scriptEngine,
script, enableJsonCtx);
+ RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request, scriptEngine, enableJsonCtx);
+
+ evaluator.evaluateConditionScript(script);
result = evaluator.getResult();
} else {
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java
index 82b59d24b..6dcfe7ac4 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java
@@ -20,8 +20,9 @@
package org.apache.ranger.plugin.conditionevaluator;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.ranger.plugin.contextenricher.RangerTagForEval;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator;
+import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -63,12 +64,21 @@ public class RangerTagsAllPresentConditionEvaluator extends
RangerAbstractCondit
boolean matched = true;
- if (CollectionUtils.isNotEmpty(policyConditionTags)) {
- RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request);
- Set<String> resourceTags =
evaluator.getAllTagTypes();
+ if (CollectionUtils.isNotEmpty(policyConditionTags)) {
+ Set<RangerTagForEval> resourceTags =
RangerAccessRequestUtil.getRequestTagsFromContext(request.getContext());
// check if resource Tags atleast have to have all the
tags in policy Condition
- matched = resourceTags != null &&
resourceTags.containsAll(policyConditionTags);
+ if (CollectionUtils.isNotEmpty(resourceTags)) {
+ Set<String> tags = new
HashSet<>(resourceTags.size());
+
+ for (RangerTagForEval tag : resourceTags) {
+ tags.add(tag.getType());
+ }
+
+ matched = tags.containsAll(policyConditionTags);
+ } else {
+ matched = false;
+ }
}
if(LOG.isDebugEnabled()) {
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
index 2c1fe2ac1..327056431 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
@@ -80,6 +80,8 @@ public final class RangerRequestScriptEvaluator {
private static String[] dateFormatStrings = null;
private final RangerAccessRequest accessRequest;
+ private final ScriptEngine scriptEngine;
+ private final Bindings bindings;
private boolean initDone = false;
private Map<String, String> userAttrs =
Collections.emptyMap();
private Map<String, Map<String, String>> groupAttrs =
Collections.emptyMap();
@@ -179,84 +181,87 @@ public final class RangerRequestScriptEvaluator {
return MACRO_PROCESSOR.expandMacros(script);
}
- public RangerRequestScriptEvaluator(final RangerAccessRequest
accessRequest) {
- this.accessRequest = accessRequest.getReadOnlyCopy();
- }
-
- public Object evaluateScript(ScriptEngine scriptEngine, String script) {
- script = expandMacros(script);
-
- return evaluateScript(scriptEngine, script,
needsJsonCtxEnabled(script));
+ public RangerRequestScriptEvaluator(RangerAccessRequest accessRequest,
ScriptEngine scriptEngine) {
+ this(accessRequest, scriptEngine, true);
}
- public Object evaluateConditionScript(ScriptEngine scriptEngine, String
script, boolean enableJsonCtx) {
- script = expandMacros(script);
-
- Object ret = evaluateScript(scriptEngine, script,
enableJsonCtx);
-
- if (ret == null) {
- ret = getResult();
- }
-
- if (ret instanceof Boolean) {
- result = (Boolean) ret;
- }
-
- return ret;
- }
+ public RangerRequestScriptEvaluator(RangerAccessRequest accessRequest,
ScriptEngine scriptEngine, boolean enableJsonCtx) {
+ this.accessRequest = accessRequest.getReadOnlyCopy();
+ this.scriptEngine = scriptEngine;
+ this.bindings = scriptEngine.createBindings();
- private Object evaluateScript(ScriptEngine scriptEngine, String script,
boolean enableJsonCtx) {
- Object ret = null;
- Bindings bindings =
scriptEngine.createBindings();
- RangerTagForEval currentTag = this.getCurrentTag();
- Map<String, String> tagAttribs = currentTag != null ?
currentTag.getAttributes() : Collections.emptyMap();
- boolean hasIncludes =
StringUtils.contains(script, ".includes(");
- boolean hasIntersects =
StringUtils.contains(script, ".intersects(");
+ RangerTagForEval currentTag = this.getCurrentTag();
+ Map<String, String> tagAttribs = currentTag != null ?
currentTag.getAttributes() : Collections.emptyMap();
bindings.put(SCRIPT_VAR_ctx, this);
bindings.put(SCRIPT_VAR_tag, currentTag);
bindings.put(SCRIPT_VAR_tagAttr, tagAttribs);
- script = SCRIPT_SAFE_PREEXEC + script;
+ String preExecScript = "";
if (enableJsonCtx) {
bindings.put(SCRIPT_VAR__CTX_JSON, this.toJson());
- script = SCRIPT_PREEXEC + script;
+ preExecScript += SCRIPT_PREEXEC;
}
- if (hasIncludes) {
- script = SCRIPT_POLYFILL_INCLUDES + script;
+ if (StringUtils.isNotBlank(preExecScript)) {
+ try {
+ scriptEngine.eval(preExecScript, bindings);
+ } catch (ScriptException excp) {
+ LOG.error("RangerRequestScriptEvaluator():
initialization failed", excp);
+ }
}
+ }
- if (hasIntersects) {
- script = SCRIPT_POLYFILL_INTERSECTS + script;
- }
+ public Object evaluateScript(String script) {
+ script = expandMacros(script);
+
+ return evaluateScriptImpl(script);
+ }
- if (JavaScriptEdits.hasDoubleBrackets(script)) {
- script = JavaScriptEdits.replaceDoubleBrackets(script);
+ public Object evaluateConditionScript(String script) {
+ Object ret = evaluateScript(script);
+
+ if (ret == null) {
+ ret = getResult();
}
- if (LOG.isDebugEnabled()) {
-
LOG.debug("RangerRequestScriptEvaluator.evaluateScript(): script={" + script +
"}");
+ if (ret instanceof Boolean) {
+ result = (Boolean) ret;
}
+ return ret;
+ }
+
+ private Object evaluateScriptImpl(String script) {
+ Object ret = null;
RangerPerfTracer perf = null;
try {
- long requestHash = accessRequest.hashCode();
-
if
(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_CONDITION_SCRIPT_EVAL)) {
- perf =
RangerPerfTracer.getPerfTracer(PERF_POLICY_CONDITION_SCRIPT_EVAL,
"RangerRequestScriptEvaluator.evaluateScript(requestHash=" + requestHash + ")");
+ perf =
RangerPerfTracer.getPerfTracer(PERF_POLICY_CONDITION_SCRIPT_EVAL,
"RangerRequestScriptEvaluator.evaluateScript(requestHash=" +
accessRequest.hashCode() + ")");
+ }
+
+ String preExec = SCRIPT_SAFE_PREEXEC;
+
+ if (script.contains(".includes(")) {
+ preExec += SCRIPT_POLYFILL_INCLUDES;
+ }
+
+ if (script.contains(".intersects(")) {
+ preExec += SCRIPT_POLYFILL_INTERSECTS;
}
- ret = scriptEngine.eval(script, bindings);
+ if (JavaScriptEdits.hasDoubleBrackets(script)) {
+ script =
JavaScriptEdits.replaceDoubleBrackets(script);
+ }
+
+ ret = scriptEngine.eval(preExec + script, bindings);
} catch (NullPointerException nullp) {
LOG.error("RangerRequestScriptEvaluator.evaluateScript(): eval called with NULL
argument(s)", nullp);
-
- } catch (ScriptException exception) {
-
LOG.error("RangerRequestScriptEvaluator.evaluateScript(): failed to evaluate
script," +
- " exception=" + exception);
+ } catch (ScriptException excp) {
+
LOG.error("RangerRequestScriptEvaluator.evaluateScript(): failed to evaluate
script", excp);
} catch (Throwable t) {
LOG.error("RangerRequestScriptEvaluator.evaluateScript(): failed to evaluate
script", t);
} finally {
@@ -269,10 +274,8 @@ public final class RangerRequestScriptEvaluator {
private String toJson() {
RangerPerfTracer perf = null;
- long requestHash = accessRequest.hashCode();
-
if
(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_CONDITION_SCRIPT_TOJSON)) {
- perf =
RangerPerfTracer.getPerfTracer(PERF_POLICY_CONDITION_SCRIPT_TOJSON,
"RangerRequestScriptEvaluator.toJson(requestHash=" + requestHash + ")");
+ perf =
RangerPerfTracer.getPerfTracer(PERF_POLICY_CONDITION_SCRIPT_TOJSON,
"RangerRequestScriptEvaluator.toJson(requestHash=" + accessRequest.hashCode() +
")");
}
Map<String, Object> ret = new HashMap<>();
@@ -1393,5 +1396,4 @@ public final class RangerRequestScriptEvaluator {
return ret;
}
}
-
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
index 8081dd346..8dbc7eedd 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
@@ -175,13 +175,13 @@ public class RangerCommonConstants {
" Array.prototype, 'intersects', {\n" +
" value: function (x) {\n" +
" if (x == null) {return false;}\n" +
- " var o = Object(this);\n" +
- " var len = o.length >>> 0;\n" +
- " if (len === 0) { return false; }\n" +
- " var result = o.filter(function(n) { return
x.indexOf(n) > -1;})\n" +
- " return result.length != 0;\n" +
+ " var o = Object(this);\n" +
+ " var len = o.length >>> 0;\n" +
+ " if (len === 0) { return false; }\n" +
+ " var result = o.filter(function(n) { return
x.indexOf(n) > -1;})\n" +
+ " return result.length != 0;\n" +
" }\n" +
" }\n" +
- " )\n" +
+ " );\n" +
"}; ";
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java
index 9440d7676..0caa4f0e0 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java
@@ -98,14 +98,14 @@ public class RangerRequestExprResolver {
String ret = str;
if (hasTokens) {
- RangerRequestScriptEvaluator scriptEvaluator = new
RangerRequestScriptEvaluator(request);
ScriptEngine scriptEngine =
ScriptEngineUtil.createScriptEngine(serviceType);
+ RangerRequestScriptEvaluator scriptEvaluator = new
RangerRequestScriptEvaluator(request, scriptEngine,
RangerRequestScriptEvaluator.needsJsonCtxEnabled(str));
StringBuffer sb = new StringBuffer();
Matcher matcher =
PATTERN.matcher(str);
while (matcher.find()) {
String expr = matcher.group(REGEX_GROUP_EXPR);
- String val =
Objects.toString(scriptEvaluator.evaluateScript(scriptEngine, expr));
+ String val =
Objects.toString(scriptEvaluator.evaluateScript(expr));
matcher.appendReplacement(sb, val);
}
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java
b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java
index d3e343480..0059bef88 100644
---
a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java
@@ -52,303 +52,303 @@ public class RangerRequestScriptEvaluatorTest {
RangerTag tagPII = new RangerTag("PII",
Collections.singletonMap("attr1", "PII_value"));
RangerTag tagPCI = new RangerTag("PCI",
Collections.singletonMap("attr1", "PCI_value"));
RangerAccessRequest request = createRequest("test-user",
new HashSet<>(Arrays.asList("test-group1", "test-group2")), new
HashSet<>(Arrays.asList("test-role1", "test-role2")), Arrays.asList(tagPII,
tagPCI));
- RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request);
-
- Assert.assertEquals("test: UG_NAMES_CSV", "test-group1,test-group2",
evaluator.evaluateScript(scriptEngine, "UG_NAMES_CSV"));
- Assert.assertEquals("test: UR_NAMES_CSV", "test-role1,test-role2",
evaluator.evaluateScript(scriptEngine, "UR_NAMES_CSV"));
- Assert.assertEquals("test: TAG_NAMES_CSV", "PCI,PII",
evaluator.evaluateScript(scriptEngine, "TAG_NAMES_CSV"));
- Assert.assertEquals("test: USER_ATTR_NAMES_CSV", "state",
evaluator.evaluateScript(scriptEngine, "USER_ATTR_NAMES_CSV"));
- Assert.assertEquals("test: UG_ATTR_NAMES_CSV", "dept,site",
evaluator.evaluateScript(scriptEngine, "UG_ATTR_NAMES_CSV"));
- Assert.assertEquals("test: TAG_ATTR_NAMES_CSV", "attr1",
evaluator.evaluateScript(scriptEngine, "TAG_ATTR_NAMES_CSV"));
- Assert.assertEquals("test: GET_UG_ATTR_CSV('dept')", "ENGG,PROD",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_CSV('dept')"));
- Assert.assertEquals("test: GET_UG_ATTR_CSV('site')", "10,20",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_CSV('site')"));
- Assert.assertEquals("test: GET_TAG_ATTR_CSV('attr1')",
"PCI_value,PII_value", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR_CSV('attr1')"));
-
- Assert.assertEquals("test: UG_NAMES_Q_CSV",
"'test-group1','test-group2'", evaluator.evaluateScript(scriptEngine,
"UG_NAMES_Q_CSV"));
- Assert.assertEquals("test: UR_NAMES_Q_CSV",
"'test-role1','test-role2'", evaluator.evaluateScript(scriptEngine,
"UR_NAMES_Q_CSV"));
- Assert.assertEquals("test: TAG_NAMES_Q_CSV", "'PCI','PII'",
evaluator.evaluateScript(scriptEngine, "TAG_NAMES_Q_CSV"));
- Assert.assertEquals("test: USER_ATTR_NAMES_Q_CSV", "'state'",
evaluator.evaluateScript(scriptEngine, "USER_ATTR_NAMES_Q_CSV"));
- Assert.assertEquals("test: UG_ATTR_NAMES_Q_CSV", "'dept','site'",
evaluator.evaluateScript(scriptEngine, "UG_ATTR_NAMES_Q_CSV"));
- Assert.assertEquals("test: TAG_ATTR_NAMES_Q_CSV", "'attr1'",
evaluator.evaluateScript(scriptEngine, "TAG_ATTR_NAMES_Q_CSV"));
- Assert.assertEquals("test: GET_UG_ATTR_Q_CSV('dept')",
"'ENGG','PROD'", evaluator.evaluateScript(scriptEngine,
"GET_UG_ATTR_Q_CSV('dept')"));
- Assert.assertEquals("test: GET_UG_ATTR_Q_CSV('site')", "'10','20'",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q_CSV('site')"));
- Assert.assertEquals("test: GET_TAG_ATTR_Q_CSV('attr1')",
"'PCI_value','PII_value'", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR_Q_CSV('attr1')"));
-
- Assert.assertTrue("test: USER._name is 'test-user'", (Boolean)
evaluator.evaluateScript(scriptEngine, "USER._name == 'test-user'"));
- Assert.assertTrue("test: HAS_USER_ATTR(state)",
(Boolean)evaluator.evaluateScript(scriptEngine, "HAS_USER_ATTR('state')"));
- Assert.assertFalse("test: HAS_USER_ATTR(notExists)",
(Boolean)evaluator.evaluateScript(scriptEngine, "HAS_USER_ATTR('notExists')"));
- Assert.assertTrue("test: USER['state'] is 'CA'", (Boolean)
evaluator.evaluateScript(scriptEngine, "USER['state'] == 'CA'"));
- Assert.assertTrue("test: USER.state is 'CA'", (Boolean)
evaluator.evaluateScript(scriptEngine, "USER.state == 'CA'"));
-
- Assert.assertTrue("test: IS_IN_GROUP(test-group1)",
(Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_GROUP('test-group1')"));
- Assert.assertTrue("test: IS_IN_GROUP(test-group2)",
(Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_GROUP('test-group2')"));
- Assert.assertFalse("test: IS_IN_GROUP(notExists)",
(Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_GROUP('notExists')"));
- Assert.assertTrue("test: IS_IN_ANY_GROUP",
(Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_ANY_GROUP"));
- Assert.assertFalse("test: IS_NOT_IN_ANY_GROUP",
(Boolean)evaluator.evaluateScript(scriptEngine, "IS_NOT_IN_ANY_GROUP"));
-
- Assert.assertTrue("test: UG['test-group1'].dept is 'ENGG'", (Boolean)
evaluator.evaluateScript(scriptEngine, "UG['test-group1'].dept == 'ENGG'"));
- Assert.assertTrue("test: UG['test-group1'].site is 10", (Boolean)
evaluator.evaluateScript(scriptEngine, "UG['test-group1'].site == 10"));
- Assert.assertTrue("test: UG['test-group2'].dept is 'PROD'", (Boolean)
evaluator.evaluateScript(scriptEngine, "UG['test-group2'].dept == 'PROD'"));
- Assert.assertTrue("test: UG['test-group2'].site is 20", (Boolean)
evaluator.evaluateScript(scriptEngine, "UG['test-group2'].site == 20"));
- Assert.assertTrue("test: UG['test-group3'] is null", (Boolean)
evaluator.evaluateScript(scriptEngine, "UG['test-group3'] == null"));
- Assert.assertTrue("test: UG['test-group1'].notExists is null",
(Boolean) evaluator.evaluateScript(scriptEngine, "UG['test-group1'].notExists
== null"));
-
- Assert.assertTrue("test: IS_IN_ROLE(test-role1)",
(Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_ROLE('test-role1')"));
- Assert.assertTrue("test: IS_IN_ROLE(test-role2)",
(Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_ROLE('test-role2')"));
- Assert.assertFalse("test: IS_IN_ROLE(notExists)",
(Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_ROLE('notExists')"));
- Assert.assertTrue("test: IS_IN_ANY_ROLE",
(Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_ANY_ROLE"));
- Assert.assertFalse("test: IS_NOT_IN_ANY_ROLE",
(Boolean)evaluator.evaluateScript(scriptEngine, "IS_NOT_IN_ANY_ROLE"));
-
- Assert.assertTrue("test: UGA.sVal['dept'] is 'ENGG'",
(Boolean)evaluator.evaluateScript(scriptEngine, "UGA.sVal['dept'] == 'ENGG'"));
- Assert.assertTrue("test: UGA.sVal['site'] is 10", (Boolean)
evaluator.evaluateScript(scriptEngine, "UGA.sVal['site'] == 10"));
- Assert.assertTrue("test: UGA.sVal['notExists'] is null", (Boolean)
evaluator.evaluateScript(scriptEngine, "UGA.sVal['notExists'] == null"));
- Assert.assertTrue("test: UGA.mVal['dept'] is [\"ENGG\", \"PROD\"]",
(Boolean) evaluator.evaluateScript(scriptEngine, "J(UGA.mVal['dept']) ==
'[\"ENGG\",\"PROD\"]'"));
- Assert.assertTrue("test: UGA.mVal['site'] is [10, 20]", (Boolean)
evaluator.evaluateScript(scriptEngine, "J(UGA.mVal['site']) ==
'[\"10\",\"20\"]'"));
- Assert.assertTrue("test: UGA.mVal['notExists'] is null", (Boolean)
evaluator.evaluateScript(scriptEngine, "UGA.mVal['notExists'] == null"));
- Assert.assertTrue("test: UGA.mVal['dept'] has 'ENGG'", (Boolean)
evaluator.evaluateScript(scriptEngine, "UGA.mVal['dept'].indexOf('ENGG') !=
-1"));
- Assert.assertTrue("test: UGA.mVal['dept'] has 'PROD'", (Boolean)
evaluator.evaluateScript(scriptEngine, "UGA.mVal['dept'].indexOf('PROD') !=
-1"));
- Assert.assertTrue("test: UGA.mVal['dept'] doesn't have 'EXEC'",
(Boolean) evaluator.evaluateScript(scriptEngine,
"UGA.mVal['dept'].indexOf('EXEC') == -1"));
- Assert.assertTrue("test: HAS_UG_ATTR(dept)",
(Boolean)evaluator.evaluateScript(scriptEngine, "HAS_UG_ATTR('dept')"));
- Assert.assertTrue("test: HAS_UG_ATTR(site)",
(Boolean)evaluator.evaluateScript(scriptEngine, "HAS_UG_ATTR('site')"));
- Assert.assertFalse("test: HAS_UG_ATTR(notExists)",
(Boolean)evaluator.evaluateScript(scriptEngine, "HAS_UG_ATTR('notExists')"));
-
- Assert.assertTrue("test: REQ.accessTyp is 'select'", (Boolean)
evaluator.evaluateScript(scriptEngine, "REQ.accessType == 'select'"));
- Assert.assertTrue("test: REQ.action is 'query'", (Boolean)
evaluator.evaluateScript(scriptEngine, "REQ.action == 'query'"));
-
- Assert.assertTrue("test: RES._ownerUser is 'testUser'", (Boolean)
evaluator.evaluateScript(scriptEngine, "RES._ownerUser == 'testUser'"));
- Assert.assertTrue("test: RES.database is 'db1'", (Boolean)
evaluator.evaluateScript(scriptEngine, "RES.database == 'db1'"));
- Assert.assertTrue("test: RES.table is 'tbl1'", (Boolean)
evaluator.evaluateScript(scriptEngine, "RES.table == 'tbl1'"));
- Assert.assertTrue("test: RES.column is 'col1'", (Boolean)
evaluator.evaluateScript(scriptEngine, "RES.column == 'col1'"));
-
- Assert.assertTrue("test: TAG._type is 'PII'", (Boolean)
evaluator.evaluateScript(scriptEngine, "TAG._type == 'PII'"));
- Assert.assertTrue("test: TAG.attr1 is 'PII_value'", (Boolean)
evaluator.evaluateScript(scriptEngine, "TAG.attr1 == 'PII_value'"));
- Assert.assertTrue("test: TAGS.length is 2", (Boolean)
evaluator.evaluateScript(scriptEngine, "Object.keys(TAGS).length == 2"));
- Assert.assertEquals("test: TAG PII has attr1=PII_value",
evaluator.evaluateScript(scriptEngine, "TAGS['PII'].attr1"), "PII_value");
- Assert.assertEquals("test: TAG PCI has attr1=PCI_value",
evaluator.evaluateScript(scriptEngine, "TAGS['PCI'].attr1"), "PCI_value");
- Assert.assertTrue("test: TAG PII doesn't have PII.notExists",
(Boolean) evaluator.evaluateScript(scriptEngine, "TAGS['PII'].notExists ==
undefined"));
- Assert.assertTrue("test: HAS_TAG_ATTR(attr1)", (Boolean)
evaluator.evaluateScript(scriptEngine, "HAS_TAG_ATTR('attr1')"));
- Assert.assertFalse("test: HAS_TAG_ATTR(notExists)", (Boolean)
evaluator.evaluateScript(scriptEngine, "HAS_TAG_ATTR('notExists')"));
-
- Assert.assertTrue("test: TAGNAMES.length is 2", (Boolean)
evaluator.evaluateScript(scriptEngine, "TAGNAMES.length == 2"));
- Assert.assertTrue("test: HAS_TAG(PII)", (Boolean)
evaluator.evaluateScript(scriptEngine, "HAS_TAG('PII')"));
- Assert.assertTrue("test: HAS_TAG(PCI)", (Boolean)
evaluator.evaluateScript(scriptEngine, "HAS_TAG('PCI')"));
- Assert.assertFalse("test: HAS_TAG(notExists)", (Boolean)
evaluator.evaluateScript(scriptEngine, "HAS_TAG('notExists')"));
- Assert.assertTrue("test: HAS_ANY_TAG", (Boolean)
evaluator.evaluateScript(scriptEngine, "HAS_ANY_TAG"));
- Assert.assertFalse("test: HAS_NO_TAG", (Boolean)
evaluator.evaluateScript(scriptEngine, "HAS_NO_TAG"));
-
- Assert.assertEquals("GET_TAG_NAMES()", "PCI,PII",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES()"));
- Assert.assertEquals("GET_TAG_NAMES(null)", "PCI,PII",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES(null)"));
- Assert.assertEquals("GET_TAG_NAMES(null, '|')", "PCI|PII",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES(null, '|')"));
- Assert.assertEquals("GET_TAG_NAMES(null, null)", "PCIPII",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES(null, null)"));
-
- Assert.assertEquals("GET_TAG_NAMES_Q()",
"'PCI','PII'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q()"));
- Assert.assertEquals("GET_TAG_NAMES_Q(null)",
"'PCI','PII'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null)"));
- Assert.assertEquals("GET_TAG_NAMES_Q(null, '|')",
"'PCI'|'PII'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null,
'|')"));
- Assert.assertEquals("GET_TAG_NAMES_Q(null, null)",
"'PCI''PII'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null,
null)"));
- Assert.assertEquals("GET_TAG_NAMES_Q(null, '|', null)", "PCI|PII",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null, '|', null)"));
- Assert.assertEquals("GET_TAG_NAMES_Q(null, ',', '{', '}')",
"{PCI},{PII}", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null,
',', '{', '}')"));
-
- Assert.assertEquals("GET_TAG_ATTR_NAMES()", "attr1",
evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES()"));
- Assert.assertEquals("GET_TAG_ATTR_NAMES(null)", "attr1",
evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES(null)"));
- Assert.assertEquals("GET_TAG_ATTR_NAMES(null, '|',)", "attr1",
evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES(null, '|')"));
- Assert.assertEquals("GET_TAG_ATTR_NAMES(null, null)", "attr1",
evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES(null, null)"));
-
- Assert.assertEquals("GET_TAG_ATTR_NAMES_Q()",
"'attr1'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q()"));
- Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null)",
"'attr1'", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR_NAMES_Q(null)"));
- Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, '|')",
"'attr1'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q(null,
'|')"));
- Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, null)",
"'attr1'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q(null,
null)"));
- Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, '|', null)",
"attr1", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q(null,
'|', null)"));
- Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, ',', '{', '}')",
"{attr1}", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q(null,
',', '{', '}')"));
-
- Assert.assertEquals("GET_TAG_ATTR('attr1')",
"PCI_value,PII_value", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR('attr1')"));
- Assert.assertEquals("GET_TAG_ATTR('attr1', null)",
"PCI_value,PII_value", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR('attr1', null)"));
- Assert.assertEquals("GET_TAG_ATTR('attr1', null, '|')",
"PCI_value|PII_value", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR('attr1', null, '|')"));
- Assert.assertEquals("GET_TAG_ATTR('attr1', null, null)",
"PCI_valuePII_value", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR('attr1', null, null)"));
-
- Assert.assertEquals("GET_TAG_ATTR_Q('attr1')",
"'PCI_value','PII_value'", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR_Q('attr1')"));
- Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null)",
"'PCI_value','PII_value'", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR_Q('attr1', null)"));
- Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, null)",
"'PCI_value''PII_value'", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR_Q('attr1', null, null)"));
- Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, '|')",
"'PCI_value'|'PII_value'", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR_Q('attr1', null, '|')"));
- Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, ',', null)",
"PCI_value,PII_value", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR_Q('attr1', null, ',', null)"));
- Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, ',', '{', '}')",
"{PCI_value},{PII_value}", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR_Q('attr1', null, ',', '{', '}')"));
-
- Assert.assertEquals("GET_UG_NAMES()",
"test-group1,test-group2", evaluator.evaluateScript(scriptEngine,
"GET_UG_NAMES()"));
- Assert.assertEquals("GET_UG_NAMES(null)",
"test-group1,test-group2", evaluator.evaluateScript(scriptEngine,
"GET_UG_NAMES(null)"));
- Assert.assertEquals("GET_UG_NAMES(null, '|')",
"test-group1|test-group2", evaluator.evaluateScript(scriptEngine,
"GET_UG_NAMES(null, '|')"));
- Assert.assertEquals("GET_UG_NAMES(null, null)",
"test-group1test-group2", evaluator.evaluateScript(scriptEngine,
"GET_UG_NAMES(null, null)"));
-
- Assert.assertEquals("GET_UG_NAMES_Q()",
"'test-group1','test-group2'", evaluator.evaluateScript(scriptEngine,
"GET_UG_NAMES_Q()"));
- Assert.assertEquals("GET_UG_NAMES_Q(null)",
"'test-group1','test-group2'", evaluator.evaluateScript(scriptEngine,
"GET_UG_NAMES_Q(null)"));
- Assert.assertEquals("GET_UG_NAMES_Q(null, null)",
"'test-group1''test-group2'", evaluator.evaluateScript(scriptEngine,
"GET_UG_NAMES_Q(null, null)"));
- Assert.assertEquals("GET_UG_NAMES_Q(null, '|')",
"'test-group1'|'test-group2'", evaluator.evaluateScript(scriptEngine,
"GET_UG_NAMES_Q(null, '|')"));
- Assert.assertEquals("GET_UG_NAMES_Q(null, ',', null)",
"test-group1,test-group2", evaluator.evaluateScript(scriptEngine,
"GET_UG_NAMES_Q(null, ',', null)"));
- Assert.assertEquals("GET_UG_NAMES_Q(null, ',', '{', '}')",
"{test-group1},{test-group2}", evaluator.evaluateScript(scriptEngine,
"GET_UG_NAMES_Q(null, ',', '{', '}')"));
-
- Assert.assertEquals("GET_UG_ATTR_NAMES()", "dept,site",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES()"));
- Assert.assertEquals("GET_UG_ATTR_NAMES(null)", "dept,site",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES(null)"));
- Assert.assertEquals("GET_UG_ATTR_NAMES(null, '|')", "dept|site",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES(null, '|')"));
- Assert.assertEquals("GET_UG_ATTR_NAMES(null, null)", "deptsite",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES(null, null)"));
-
- Assert.assertEquals("GET_UG_ATTR_NAMES_Q()",
"'dept','site'", evaluator.evaluateScript(scriptEngine,
"GET_UG_ATTR_NAMES_Q()"));
- Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null)",
"'dept','site'", evaluator.evaluateScript(scriptEngine,
"GET_UG_ATTR_NAMES_Q(null)"));
- Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, null)",
"'dept''site'", evaluator.evaluateScript(scriptEngine,
"GET_UG_ATTR_NAMES_Q(null, null)"));
- Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, '|')",
"'dept'|'site'", evaluator.evaluateScript(scriptEngine,
"GET_UG_ATTR_NAMES_Q(null, '|')"));
- Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, ',', null)",
"dept,site", evaluator.evaluateScript(scriptEngine,
"GET_UG_ATTR_NAMES_Q(null, ',', null)"));
- Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, ',', '{', '}')",
"{dept},{site}", evaluator.evaluateScript(scriptEngine,
"GET_UG_ATTR_NAMES_Q(null, ',', '{', '}')"));
-
- Assert.assertEquals("GET_UG_ATTR('dept')", "ENGG,PROD",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('dept')"));
- Assert.assertEquals("GET_UG_ATTR('dept', null)", "ENGG,PROD",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('dept', null)"));
- Assert.assertEquals("GET_UG_ATTR('dept', null, '|')", "ENGG|PROD",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('dept', null, '|')"));
- Assert.assertEquals("GET_UG_ATTR('dept', null, null)", "ENGGPROD",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('dept', null, null)"));
-
- Assert.assertEquals("GET_UG_ATTR_Q('dept')",
"'ENGG','PROD'", evaluator.evaluateScript(scriptEngine,
"GET_UG_ATTR_Q('dept')"));
- Assert.assertEquals("GET_UG_ATTR_Q('dept', null)",
"'ENGG','PROD'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept',
null)"));
- Assert.assertEquals("GET_UG_ATTR_Q('dept', null, null)",
"'ENGG''PROD'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept',
null, null)"));
- Assert.assertEquals("GET_UG_ATTR_Q('dept', null, '|')",
"'ENGG'|'PROD'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept',
null, '|')"));
- Assert.assertEquals("GET_UG_ATTR_Q('dept', null, ',', null)",
"ENGG,PROD", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept',
null, ',', null)"));
- Assert.assertEquals("GET_UG_ATTR_Q('dept', null, ',', '{', '}')",
"{ENGG},{PROD}", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept',
null, ',', '{', '}')"));
-
- Assert.assertEquals("GET_UG_ATTR('site')", "10,20",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('site')"));
- Assert.assertEquals("GET_UG_ATTR('site', null)", "10,20",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('site', null)"));
- Assert.assertEquals("GET_UG_ATTR('site', null, '|')", "10|20",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('site', null, '|')"));
- Assert.assertEquals("GET_UG_ATTR('site', null, null)", "1020",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('site', null, null)"));
-
- Assert.assertEquals("GET_UG_ATTR_Q('site')",
"'10','20'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site')"));
- Assert.assertEquals("GET_UG_ATTR_Q('site', null)",
"'10','20'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site',
null)"));
- Assert.assertEquals("GET_UG_ATTR_Q('site', null, null)",
"'10''20'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site',
null, null)"));
- Assert.assertEquals("GET_UG_ATTR_Q('site', null, '|')",
"'10'|'20'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site',
null, '|')"));
- Assert.assertEquals("GET_UG_ATTR_Q('site', null, ',', null)",
"10,20", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site',
null, ',', null)"));
- Assert.assertEquals("GET_UG_ATTR_Q('site', null, ',', '{', '}')",
"{10},{20}", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site',
null, ',', '{', '}')"));
-
- Assert.assertEquals("GET_UR_NAMES()",
"test-role1,test-role2", evaluator.evaluateScript(scriptEngine,
"GET_UR_NAMES()"));
- Assert.assertEquals("GET_UR_NAMES(null)",
"test-role1,test-role2", evaluator.evaluateScript(scriptEngine,
"GET_UR_NAMES(null)"));
- Assert.assertEquals("GET_UR_NAMES(null, '|')",
"test-role1|test-role2", evaluator.evaluateScript(scriptEngine,
"GET_UR_NAMES(null, '|')"));
- Assert.assertEquals("GET_UR_NAMES(null, null)",
"test-role1test-role2", evaluator.evaluateScript(scriptEngine,
"GET_UR_NAMES(null, null)"));
-
- Assert.assertEquals("GET_UR_NAMES_Q()",
"'test-role1','test-role2'", evaluator.evaluateScript(scriptEngine,
"GET_UR_NAMES_Q()"));
- Assert.assertEquals("GET_UR_NAMES_Q(null)",
"'test-role1','test-role2'", evaluator.evaluateScript(scriptEngine,
"GET_UR_NAMES_Q(null)"));
- Assert.assertEquals("GET_UR_NAMES_Q(null, null)",
"'test-role1''test-role2'", evaluator.evaluateScript(scriptEngine,
"GET_UR_NAMES_Q(null, null)"));
- Assert.assertEquals("GET_UR_NAMES_Q(null, '|')",
"'test-role1'|'test-role2'", evaluator.evaluateScript(scriptEngine,
"GET_UR_NAMES_Q(null, '|')"));
- Assert.assertEquals("GET_UR_NAMES_Q(null, ',', null)",
"test-role1,test-role2", evaluator.evaluateScript(scriptEngine,
"GET_UR_NAMES_Q(null, ',', null)"));
- Assert.assertEquals("GET_UR_NAMES_Q(null, ',', '{', '}')",
"{test-role1},{test-role2}", evaluator.evaluateScript(scriptEngine,
"GET_UR_NAMES_Q(null, ',', '{', '}')"));
-
- Assert.assertEquals("GET_USER_ATTR_NAMES()", "state",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES()"));
- Assert.assertEquals("GET_USER_ATTR_NAMES(null)", "state",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES(null)"));
- Assert.assertEquals("GET_USER_ATTR_NAMES(null, '|')", "state",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES(null, '|')"));
- Assert.assertEquals("GET_USER_ATTR_NAMES(null, null)", "state",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES(null, null)"));
-
- Assert.assertEquals("GET_USER_ATTR_NAMES_Q()",
"'state'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q()"));
- Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null)",
"'state'", evaluator.evaluateScript(scriptEngine,
"GET_USER_ATTR_NAMES_Q(null)"));
- Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, null)",
"'state'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q(null,
null)"));
- Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, '|')",
"'state'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q(null,
'|')"));
- Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, ',', null)",
"state", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q(null,
',', null)"));
- Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, ',', '{', '}')",
"{state}", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q(null,
',', '{', '}')"));
-
- Assert.assertEquals("GET_USER_ATTR('state')", "CA",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('state')"));
- Assert.assertEquals("GET_USER_ATTR('state', null)", "CA",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('state', null)"));
- Assert.assertEquals("GET_USER_ATTR('state', null, '|')", "CA",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('state', null, '|')"));
- Assert.assertEquals("GET_USER_ATTR('state', null, null)", "CA",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('state', null, null)"));
-
- Assert.assertEquals("GET_USER_ATTR_Q('state')",
"'CA'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state')"));
- Assert.assertEquals("GET_USER_ATTR_Q('state', null)",
"'CA'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state',
null)"));
- Assert.assertEquals("GET_USER_ATTR_Q('state', null, null)",
"'CA'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state', null,
null)"));
- Assert.assertEquals("GET_USER_ATTR_Q('state', null, '|')",
"'CA'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state', null,
'|')"));
- Assert.assertEquals("GET_USER_ATTR_Q('state', null, ',', null)",
"CA", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state', null,
',', null)"));
- Assert.assertEquals("GET_USER_ATTR_Q('state', null, ',', '{', '}')",
"{CA}", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state', null,
',', '{', '}')"));
+ RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request, scriptEngine);
+
+ Assert.assertEquals("test: UG_NAMES_CSV", "test-group1,test-group2",
evaluator.evaluateScript("UG_NAMES_CSV"));
+ Assert.assertEquals("test: UR_NAMES_CSV", "test-role1,test-role2",
evaluator.evaluateScript("UR_NAMES_CSV"));
+ Assert.assertEquals("test: TAG_NAMES_CSV", "PCI,PII",
evaluator.evaluateScript("TAG_NAMES_CSV"));
+ Assert.assertEquals("test: USER_ATTR_NAMES_CSV", "state",
evaluator.evaluateScript("USER_ATTR_NAMES_CSV"));
+ Assert.assertEquals("test: UG_ATTR_NAMES_CSV", "dept,site",
evaluator.evaluateScript("UG_ATTR_NAMES_CSV"));
+ Assert.assertEquals("test: TAG_ATTR_NAMES_CSV", "attr1",
evaluator.evaluateScript("TAG_ATTR_NAMES_CSV"));
+ Assert.assertEquals("test: GET_UG_ATTR_CSV('dept')", "ENGG,PROD",
evaluator.evaluateScript("GET_UG_ATTR_CSV('dept')"));
+ Assert.assertEquals("test: GET_UG_ATTR_CSV('site')", "10,20",
evaluator.evaluateScript("GET_UG_ATTR_CSV('site')"));
+ Assert.assertEquals("test: GET_TAG_ATTR_CSV('attr1')",
"PCI_value,PII_value", evaluator.evaluateScript("GET_TAG_ATTR_CSV('attr1')"));
+
+ Assert.assertEquals("test: UG_NAMES_Q_CSV",
"'test-group1','test-group2'", evaluator.evaluateScript("UG_NAMES_Q_CSV"));
+ Assert.assertEquals("test: UR_NAMES_Q_CSV",
"'test-role1','test-role2'", evaluator.evaluateScript("UR_NAMES_Q_CSV"));
+ Assert.assertEquals("test: TAG_NAMES_Q_CSV", "'PCI','PII'",
evaluator.evaluateScript("TAG_NAMES_Q_CSV"));
+ Assert.assertEquals("test: USER_ATTR_NAMES_Q_CSV", "'state'",
evaluator.evaluateScript("USER_ATTR_NAMES_Q_CSV"));
+ Assert.assertEquals("test: UG_ATTR_NAMES_Q_CSV", "'dept','site'",
evaluator.evaluateScript("UG_ATTR_NAMES_Q_CSV"));
+ Assert.assertEquals("test: TAG_ATTR_NAMES_Q_CSV", "'attr1'",
evaluator.evaluateScript("TAG_ATTR_NAMES_Q_CSV"));
+ Assert.assertEquals("test: GET_UG_ATTR_Q_CSV('dept')",
"'ENGG','PROD'", evaluator.evaluateScript("GET_UG_ATTR_Q_CSV('dept')"));
+ Assert.assertEquals("test: GET_UG_ATTR_Q_CSV('site')", "'10','20'",
evaluator.evaluateScript("GET_UG_ATTR_Q_CSV('site')"));
+ Assert.assertEquals("test: GET_TAG_ATTR_Q_CSV('attr1')",
"'PCI_value','PII_value'",
evaluator.evaluateScript("GET_TAG_ATTR_Q_CSV('attr1')"));
+
+ Assert.assertTrue("test: USER._name is 'test-user'", (Boolean)
evaluator.evaluateScript("USER._name == 'test-user'"));
+ Assert.assertTrue("test: HAS_USER_ATTR(state)",
(Boolean)evaluator.evaluateScript("HAS_USER_ATTR('state')"));
+ Assert.assertFalse("test: HAS_USER_ATTR(notExists)",
(Boolean)evaluator.evaluateScript("HAS_USER_ATTR('notExists')"));
+ Assert.assertTrue("test: USER['state'] is 'CA'", (Boolean)
evaluator.evaluateScript("USER['state'] == 'CA'"));
+ Assert.assertTrue("test: USER.state is 'CA'", (Boolean)
evaluator.evaluateScript("USER.state == 'CA'"));
+
+ Assert.assertTrue("test: IS_IN_GROUP(test-group1)",
(Boolean)evaluator.evaluateScript("IS_IN_GROUP('test-group1')"));
+ Assert.assertTrue("test: IS_IN_GROUP(test-group2)",
(Boolean)evaluator.evaluateScript("IS_IN_GROUP('test-group2')"));
+ Assert.assertFalse("test: IS_IN_GROUP(notExists)",
(Boolean)evaluator.evaluateScript("IS_IN_GROUP('notExists')"));
+ Assert.assertTrue("test: IS_IN_ANY_GROUP",
(Boolean)evaluator.evaluateScript("IS_IN_ANY_GROUP"));
+ Assert.assertFalse("test: IS_NOT_IN_ANY_GROUP",
(Boolean)evaluator.evaluateScript("IS_NOT_IN_ANY_GROUP"));
+
+ Assert.assertTrue("test: UG['test-group1'].dept is 'ENGG'", (Boolean)
evaluator.evaluateScript("UG['test-group1'].dept == 'ENGG'"));
+ Assert.assertTrue("test: UG['test-group1'].site is 10", (Boolean)
evaluator.evaluateScript("UG['test-group1'].site == 10"));
+ Assert.assertTrue("test: UG['test-group2'].dept is 'PROD'", (Boolean)
evaluator.evaluateScript("UG['test-group2'].dept == 'PROD'"));
+ Assert.assertTrue("test: UG['test-group2'].site is 20", (Boolean)
evaluator.evaluateScript("UG['test-group2'].site == 20"));
+ Assert.assertTrue("test: UG['test-group3'] is null", (Boolean)
evaluator.evaluateScript("UG['test-group3'] == null"));
+ Assert.assertTrue("test: UG['test-group1'].notExists is null",
(Boolean) evaluator.evaluateScript("UG['test-group1'].notExists == null"));
+
+ Assert.assertTrue("test: IS_IN_ROLE(test-role1)",
(Boolean)evaluator.evaluateScript("IS_IN_ROLE('test-role1')"));
+ Assert.assertTrue("test: IS_IN_ROLE(test-role2)",
(Boolean)evaluator.evaluateScript("IS_IN_ROLE('test-role2')"));
+ Assert.assertFalse("test: IS_IN_ROLE(notExists)",
(Boolean)evaluator.evaluateScript("IS_IN_ROLE('notExists')"));
+ Assert.assertTrue("test: IS_IN_ANY_ROLE",
(Boolean)evaluator.evaluateScript("IS_IN_ANY_ROLE"));
+ Assert.assertFalse("test: IS_NOT_IN_ANY_ROLE",
(Boolean)evaluator.evaluateScript("IS_NOT_IN_ANY_ROLE"));
+
+ Assert.assertTrue("test: UGA.sVal['dept'] is 'ENGG'",
(Boolean)evaluator.evaluateScript("UGA.sVal['dept'] == 'ENGG'"));
+ Assert.assertTrue("test: UGA.sVal['site'] is 10", (Boolean)
evaluator.evaluateScript("UGA.sVal['site'] == 10"));
+ Assert.assertTrue("test: UGA.sVal['notExists'] is null", (Boolean)
evaluator.evaluateScript("UGA.sVal['notExists'] == null"));
+ Assert.assertTrue("test: UGA.mVal['dept'] is [\"ENGG\", \"PROD\"]",
(Boolean) evaluator.evaluateScript("J(UGA.mVal['dept']) ==
'[\"ENGG\",\"PROD\"]'"));
+ Assert.assertTrue("test: UGA.mVal['site'] is [10, 20]", (Boolean)
evaluator.evaluateScript("J(UGA.mVal['site']) == '[\"10\",\"20\"]'"));
+ Assert.assertTrue("test: UGA.mVal['notExists'] is null", (Boolean)
evaluator.evaluateScript("UGA.mVal['notExists'] == null"));
+ Assert.assertTrue("test: UGA.mVal['dept'] has 'ENGG'", (Boolean)
evaluator.evaluateScript("UGA.mVal['dept'].indexOf('ENGG') != -1"));
+ Assert.assertTrue("test: UGA.mVal['dept'] has 'PROD'", (Boolean)
evaluator.evaluateScript("UGA.mVal['dept'].indexOf('PROD') != -1"));
+ Assert.assertTrue("test: UGA.mVal['dept'] doesn't have 'EXEC'",
(Boolean) evaluator.evaluateScript("UGA.mVal['dept'].indexOf('EXEC') == -1"));
+ Assert.assertTrue("test: HAS_UG_ATTR(dept)",
(Boolean)evaluator.evaluateScript("HAS_UG_ATTR('dept')"));
+ Assert.assertTrue("test: HAS_UG_ATTR(site)",
(Boolean)evaluator.evaluateScript("HAS_UG_ATTR('site')"));
+ Assert.assertFalse("test: HAS_UG_ATTR(notExists)",
(Boolean)evaluator.evaluateScript("HAS_UG_ATTR('notExists')"));
+
+ Assert.assertTrue("test: REQ.accessTyp is 'select'", (Boolean)
evaluator.evaluateScript("REQ.accessType == 'select'"));
+ Assert.assertTrue("test: REQ.action is 'query'", (Boolean)
evaluator.evaluateScript("REQ.action == 'query'"));
+
+ Assert.assertTrue("test: RES._ownerUser is 'testUser'", (Boolean)
evaluator.evaluateScript("RES._ownerUser == 'testUser'"));
+ Assert.assertTrue("test: RES.database is 'db1'", (Boolean)
evaluator.evaluateScript("RES.database == 'db1'"));
+ Assert.assertTrue("test: RES.table is 'tbl1'", (Boolean)
evaluator.evaluateScript("RES.table == 'tbl1'"));
+ Assert.assertTrue("test: RES.column is 'col1'", (Boolean)
evaluator.evaluateScript("RES.column == 'col1'"));
+
+ Assert.assertTrue("test: TAG._type is 'PII'", (Boolean)
evaluator.evaluateScript("TAG._type == 'PII'"));
+ Assert.assertTrue("test: TAG.attr1 is 'PII_value'", (Boolean)
evaluator.evaluateScript("TAG.attr1 == 'PII_value'"));
+ Assert.assertTrue("test: TAGS.length is 2", (Boolean)
evaluator.evaluateScript("Object.keys(TAGS).length == 2"));
+ Assert.assertEquals("test: TAG PII has attr1=PII_value",
evaluator.evaluateScript("TAGS['PII'].attr1"), "PII_value");
+ Assert.assertEquals("test: TAG PCI has attr1=PCI_value",
evaluator.evaluateScript("TAGS['PCI'].attr1"), "PCI_value");
+ Assert.assertTrue("test: TAG PII doesn't have PII.notExists",
(Boolean) evaluator.evaluateScript("TAGS['PII'].notExists == undefined"));
+ Assert.assertTrue("test: HAS_TAG_ATTR(attr1)", (Boolean)
evaluator.evaluateScript("HAS_TAG_ATTR('attr1')"));
+ Assert.assertFalse("test: HAS_TAG_ATTR(notExists)", (Boolean)
evaluator.evaluateScript("HAS_TAG_ATTR('notExists')"));
+
+ Assert.assertTrue("test: TAGNAMES.length is 2", (Boolean)
evaluator.evaluateScript("TAGNAMES.length == 2"));
+ Assert.assertTrue("test: HAS_TAG(PII)", (Boolean)
evaluator.evaluateScript("HAS_TAG('PII')"));
+ Assert.assertTrue("test: HAS_TAG(PCI)", (Boolean)
evaluator.evaluateScript("HAS_TAG('PCI')"));
+ Assert.assertFalse("test: HAS_TAG(notExists)", (Boolean)
evaluator.evaluateScript("HAS_TAG('notExists')"));
+ Assert.assertTrue("test: HAS_ANY_TAG", (Boolean)
evaluator.evaluateScript("HAS_ANY_TAG"));
+ Assert.assertFalse("test: HAS_NO_TAG", (Boolean)
evaluator.evaluateScript("HAS_NO_TAG"));
+
+ Assert.assertEquals("GET_TAG_NAMES()", "PCI,PII",
evaluator.evaluateScript("GET_TAG_NAMES()"));
+ Assert.assertEquals("GET_TAG_NAMES(null)", "PCI,PII",
evaluator.evaluateScript("GET_TAG_NAMES(null)"));
+ Assert.assertEquals("GET_TAG_NAMES(null, '|')", "PCI|PII",
evaluator.evaluateScript("GET_TAG_NAMES(null, '|')"));
+ Assert.assertEquals("GET_TAG_NAMES(null, null)", "PCIPII",
evaluator.evaluateScript("GET_TAG_NAMES(null, null)"));
+
+ Assert.assertEquals("GET_TAG_NAMES_Q()",
"'PCI','PII'", evaluator.evaluateScript("GET_TAG_NAMES_Q()"));
+ Assert.assertEquals("GET_TAG_NAMES_Q(null)",
"'PCI','PII'", evaluator.evaluateScript("GET_TAG_NAMES_Q(null)"));
+ Assert.assertEquals("GET_TAG_NAMES_Q(null, '|')",
"'PCI'|'PII'", evaluator.evaluateScript("GET_TAG_NAMES_Q(null, '|')"));
+ Assert.assertEquals("GET_TAG_NAMES_Q(null, null)",
"'PCI''PII'", evaluator.evaluateScript("GET_TAG_NAMES_Q(null, null)"));
+ Assert.assertEquals("GET_TAG_NAMES_Q(null, '|', null)", "PCI|PII",
evaluator.evaluateScript("GET_TAG_NAMES_Q(null, '|', null)"));
+ Assert.assertEquals("GET_TAG_NAMES_Q(null, ',', '{', '}')",
"{PCI},{PII}", evaluator.evaluateScript("GET_TAG_NAMES_Q(null, ',', '{',
'}')"));
+
+ Assert.assertEquals("GET_TAG_ATTR_NAMES()", "attr1",
evaluator.evaluateScript("GET_TAG_ATTR_NAMES()"));
+ Assert.assertEquals("GET_TAG_ATTR_NAMES(null)", "attr1",
evaluator.evaluateScript("GET_TAG_ATTR_NAMES(null)"));
+ Assert.assertEquals("GET_TAG_ATTR_NAMES(null, '|',)", "attr1",
evaluator.evaluateScript("GET_TAG_ATTR_NAMES(null, '|')"));
+ Assert.assertEquals("GET_TAG_ATTR_NAMES(null, null)", "attr1",
evaluator.evaluateScript("GET_TAG_ATTR_NAMES(null, null)"));
+
+ Assert.assertEquals("GET_TAG_ATTR_NAMES_Q()",
"'attr1'", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q()"));
+ Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null)",
"'attr1'", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q(null)"));
+ Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, '|')",
"'attr1'", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q(null, '|')"));
+ Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, null)",
"'attr1'", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q(null, null)"));
+ Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, '|', null)",
"attr1", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q(null, '|', null)"));
+ Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, ',', '{', '}')",
"{attr1}", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q(null, ',', '{',
'}')"));
+
+ Assert.assertEquals("GET_TAG_ATTR('attr1')",
"PCI_value,PII_value", evaluator.evaluateScript("GET_TAG_ATTR('attr1')"));
+ Assert.assertEquals("GET_TAG_ATTR('attr1', null)",
"PCI_value,PII_value", evaluator.evaluateScript("GET_TAG_ATTR('attr1', null)"));
+ Assert.assertEquals("GET_TAG_ATTR('attr1', null, '|')",
"PCI_value|PII_value", evaluator.evaluateScript("GET_TAG_ATTR('attr1', null,
'|')"));
+ Assert.assertEquals("GET_TAG_ATTR('attr1', null, null)",
"PCI_valuePII_value", evaluator.evaluateScript("GET_TAG_ATTR('attr1', null,
null)"));
+
+ Assert.assertEquals("GET_TAG_ATTR_Q('attr1')",
"'PCI_value','PII_value'", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1')"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null)",
"'PCI_value','PII_value'", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1',
null)"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, null)",
"'PCI_value''PII_value'", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1',
null, null)"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, '|')",
"'PCI_value'|'PII_value'", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1',
null, '|')"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, ',', null)",
"PCI_value,PII_value", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1',
null, ',', null)"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, ',', '{', '}')",
"{PCI_value},{PII_value}", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1',
null, ',', '{', '}')"));
+
+ Assert.assertEquals("GET_UG_NAMES()",
"test-group1,test-group2", evaluator.evaluateScript("GET_UG_NAMES()"));
+ Assert.assertEquals("GET_UG_NAMES(null)",
"test-group1,test-group2", evaluator.evaluateScript("GET_UG_NAMES(null)"));
+ Assert.assertEquals("GET_UG_NAMES(null, '|')",
"test-group1|test-group2", evaluator.evaluateScript("GET_UG_NAMES(null, '|')"));
+ Assert.assertEquals("GET_UG_NAMES(null, null)",
"test-group1test-group2", evaluator.evaluateScript("GET_UG_NAMES(null,
null)"));
+
+ Assert.assertEquals("GET_UG_NAMES_Q()",
"'test-group1','test-group2'", evaluator.evaluateScript("GET_UG_NAMES_Q()"));
+ Assert.assertEquals("GET_UG_NAMES_Q(null)",
"'test-group1','test-group2'",
evaluator.evaluateScript("GET_UG_NAMES_Q(null)"));
+ Assert.assertEquals("GET_UG_NAMES_Q(null, null)",
"'test-group1''test-group2'", evaluator.evaluateScript("GET_UG_NAMES_Q(null,
null)"));
+ Assert.assertEquals("GET_UG_NAMES_Q(null, '|')",
"'test-group1'|'test-group2'", evaluator.evaluateScript("GET_UG_NAMES_Q(null,
'|')"));
+ Assert.assertEquals("GET_UG_NAMES_Q(null, ',', null)",
"test-group1,test-group2", evaluator.evaluateScript("GET_UG_NAMES_Q(null,
',', null)"));
+ Assert.assertEquals("GET_UG_NAMES_Q(null, ',', '{', '}')",
"{test-group1},{test-group2}", evaluator.evaluateScript("GET_UG_NAMES_Q(null,
',', '{', '}')"));
+
+ Assert.assertEquals("GET_UG_ATTR_NAMES()", "dept,site",
evaluator.evaluateScript("GET_UG_ATTR_NAMES()"));
+ Assert.assertEquals("GET_UG_ATTR_NAMES(null)", "dept,site",
evaluator.evaluateScript("GET_UG_ATTR_NAMES(null)"));
+ Assert.assertEquals("GET_UG_ATTR_NAMES(null, '|')", "dept|site",
evaluator.evaluateScript("GET_UG_ATTR_NAMES(null, '|')"));
+ Assert.assertEquals("GET_UG_ATTR_NAMES(null, null)", "deptsite",
evaluator.evaluateScript("GET_UG_ATTR_NAMES(null, null)"));
+
+ Assert.assertEquals("GET_UG_ATTR_NAMES_Q()",
"'dept','site'", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q()"));
+ Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null)",
"'dept','site'", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q(null)"));
+ Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, null)",
"'dept''site'", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q(null, null)"));
+ Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, '|')",
"'dept'|'site'", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q(null, '|')"));
+ Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, ',', null)",
"dept,site", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q(null, ',',
null)"));
+ Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, ',', '{', '}')",
"{dept},{site}", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q(null, ',', '{',
'}')"));
+
+ Assert.assertEquals("GET_UG_ATTR('dept')", "ENGG,PROD",
evaluator.evaluateScript("GET_UG_ATTR('dept')"));
+ Assert.assertEquals("GET_UG_ATTR('dept', null)", "ENGG,PROD",
evaluator.evaluateScript("GET_UG_ATTR('dept', null)"));
+ Assert.assertEquals("GET_UG_ATTR('dept', null, '|')", "ENGG|PROD",
evaluator.evaluateScript("GET_UG_ATTR('dept', null, '|')"));
+ Assert.assertEquals("GET_UG_ATTR('dept', null, null)", "ENGGPROD",
evaluator.evaluateScript("GET_UG_ATTR('dept', null, null)"));
+
+ Assert.assertEquals("GET_UG_ATTR_Q('dept')",
"'ENGG','PROD'", evaluator.evaluateScript("GET_UG_ATTR_Q('dept')"));
+ Assert.assertEquals("GET_UG_ATTR_Q('dept', null)",
"'ENGG','PROD'", evaluator.evaluateScript("GET_UG_ATTR_Q('dept', null)"));
+ Assert.assertEquals("GET_UG_ATTR_Q('dept', null, null)",
"'ENGG''PROD'", evaluator.evaluateScript("GET_UG_ATTR_Q('dept', null, null)"));
+ Assert.assertEquals("GET_UG_ATTR_Q('dept', null, '|')",
"'ENGG'|'PROD'", evaluator.evaluateScript("GET_UG_ATTR_Q('dept', null, '|')"));
+ Assert.assertEquals("GET_UG_ATTR_Q('dept', null, ',', null)",
"ENGG,PROD", evaluator.evaluateScript("GET_UG_ATTR_Q('dept', null, ',',
null)"));
+ Assert.assertEquals("GET_UG_ATTR_Q('dept', null, ',', '{', '}')",
"{ENGG},{PROD}", evaluator.evaluateScript("GET_UG_ATTR_Q('dept', null, ',',
'{', '}')"));
+
+ Assert.assertEquals("GET_UG_ATTR('site')", "10,20",
evaluator.evaluateScript("GET_UG_ATTR('site')"));
+ Assert.assertEquals("GET_UG_ATTR('site', null)", "10,20",
evaluator.evaluateScript("GET_UG_ATTR('site', null)"));
+ Assert.assertEquals("GET_UG_ATTR('site', null, '|')", "10|20",
evaluator.evaluateScript("GET_UG_ATTR('site', null, '|')"));
+ Assert.assertEquals("GET_UG_ATTR('site', null, null)", "1020",
evaluator.evaluateScript("GET_UG_ATTR('site', null, null)"));
+
+ Assert.assertEquals("GET_UG_ATTR_Q('site')",
"'10','20'", evaluator.evaluateScript("GET_UG_ATTR_Q('site')"));
+ Assert.assertEquals("GET_UG_ATTR_Q('site', null)",
"'10','20'", evaluator.evaluateScript("GET_UG_ATTR_Q('site', null)"));
+ Assert.assertEquals("GET_UG_ATTR_Q('site', null, null)",
"'10''20'", evaluator.evaluateScript("GET_UG_ATTR_Q('site', null, null)"));
+ Assert.assertEquals("GET_UG_ATTR_Q('site', null, '|')",
"'10'|'20'", evaluator.evaluateScript("GET_UG_ATTR_Q('site', null, '|')"));
+ Assert.assertEquals("GET_UG_ATTR_Q('site', null, ',', null)",
"10,20", evaluator.evaluateScript("GET_UG_ATTR_Q('site', null, ',',
null)"));
+ Assert.assertEquals("GET_UG_ATTR_Q('site', null, ',', '{', '}')",
"{10},{20}", evaluator.evaluateScript("GET_UG_ATTR_Q('site', null, ',', '{',
'}')"));
+
+ Assert.assertEquals("GET_UR_NAMES()",
"test-role1,test-role2", evaluator.evaluateScript("GET_UR_NAMES()"));
+ Assert.assertEquals("GET_UR_NAMES(null)",
"test-role1,test-role2", evaluator.evaluateScript("GET_UR_NAMES(null)"));
+ Assert.assertEquals("GET_UR_NAMES(null, '|')",
"test-role1|test-role2", evaluator.evaluateScript("GET_UR_NAMES(null, '|')"));
+ Assert.assertEquals("GET_UR_NAMES(null, null)",
"test-role1test-role2", evaluator.evaluateScript("GET_UR_NAMES(null, null)"));
+
+ Assert.assertEquals("GET_UR_NAMES_Q()",
"'test-role1','test-role2'", evaluator.evaluateScript("GET_UR_NAMES_Q()"));
+ Assert.assertEquals("GET_UR_NAMES_Q(null)",
"'test-role1','test-role2'", evaluator.evaluateScript("GET_UR_NAMES_Q(null)"));
+ Assert.assertEquals("GET_UR_NAMES_Q(null, null)",
"'test-role1''test-role2'", evaluator.evaluateScript("GET_UR_NAMES_Q(null,
null)"));
+ Assert.assertEquals("GET_UR_NAMES_Q(null, '|')",
"'test-role1'|'test-role2'", evaluator.evaluateScript("GET_UR_NAMES_Q(null,
'|')"));
+ Assert.assertEquals("GET_UR_NAMES_Q(null, ',', null)",
"test-role1,test-role2", evaluator.evaluateScript("GET_UR_NAMES_Q(null,
',', null)"));
+ Assert.assertEquals("GET_UR_NAMES_Q(null, ',', '{', '}')",
"{test-role1},{test-role2}", evaluator.evaluateScript("GET_UR_NAMES_Q(null,
',', '{', '}')"));
+
+ Assert.assertEquals("GET_USER_ATTR_NAMES()", "state",
evaluator.evaluateScript("GET_USER_ATTR_NAMES()"));
+ Assert.assertEquals("GET_USER_ATTR_NAMES(null)", "state",
evaluator.evaluateScript("GET_USER_ATTR_NAMES(null)"));
+ Assert.assertEquals("GET_USER_ATTR_NAMES(null, '|')", "state",
evaluator.evaluateScript("GET_USER_ATTR_NAMES(null, '|')"));
+ Assert.assertEquals("GET_USER_ATTR_NAMES(null, null)", "state",
evaluator.evaluateScript("GET_USER_ATTR_NAMES(null, null)"));
+
+ Assert.assertEquals("GET_USER_ATTR_NAMES_Q()",
"'state'", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q()"));
+ Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null)",
"'state'", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q(null)"));
+ Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, null)",
"'state'", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q(null, null)"));
+ Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, '|')",
"'state'", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q(null, '|')"));
+ Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, ',', null)",
"state", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q(null, ',', null)"));
+ Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, ',', '{', '}')",
"{state}", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q(null, ',', '{',
'}')"));
+
+ Assert.assertEquals("GET_USER_ATTR('state')", "CA",
evaluator.evaluateScript("GET_USER_ATTR('state')"));
+ Assert.assertEquals("GET_USER_ATTR('state', null)", "CA",
evaluator.evaluateScript("GET_USER_ATTR('state', null)"));
+ Assert.assertEquals("GET_USER_ATTR('state', null, '|')", "CA",
evaluator.evaluateScript("GET_USER_ATTR('state', null, '|')"));
+ Assert.assertEquals("GET_USER_ATTR('state', null, null)", "CA",
evaluator.evaluateScript("GET_USER_ATTR('state', null, null)"));
+
+ Assert.assertEquals("GET_USER_ATTR_Q('state')",
"'CA'", evaluator.evaluateScript("GET_USER_ATTR_Q('state')"));
+ Assert.assertEquals("GET_USER_ATTR_Q('state', null)",
"'CA'", evaluator.evaluateScript("GET_USER_ATTR_Q('state', null)"));
+ Assert.assertEquals("GET_USER_ATTR_Q('state', null, null)",
"'CA'", evaluator.evaluateScript("GET_USER_ATTR_Q('state', null, null)"));
+ Assert.assertEquals("GET_USER_ATTR_Q('state', null, '|')",
"'CA'", evaluator.evaluateScript("GET_USER_ATTR_Q('state', null, '|')"));
+ Assert.assertEquals("GET_USER_ATTR_Q('state', null, ',', null)",
"CA", evaluator.evaluateScript("GET_USER_ATTR_Q('state', null, ',', null)"));
+ Assert.assertEquals("GET_USER_ATTR_Q('state', null, ',', '{', '}')",
"{CA}", evaluator.evaluateScript("GET_USER_ATTR_Q('state', null, ',', '{',
'}')"));
}
@Test
public void testNonExistentValues() {
RangerAccessRequest request = createRequest("test-user",
Collections.emptySet(), Collections.emptySet(), Collections.emptyList());
- RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request);
+ RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request, scriptEngine);
// empty TAG names
- Assert.assertEquals("GET_TAG_NAMES()", "",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES()"));
- Assert.assertEquals("GET_TAG_NAMES(null)", "",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES(null)"));
- Assert.assertEquals("GET_TAG_NAMES('empty')", "empty",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES('empty')"));
- Assert.assertEquals("GET_TAG_NAMES('empty', '|')", "empty",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES('empty', '|')"));
- Assert.assertEquals("GET_TAG_NAMES('empty', null)", "empty",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES('empty', null)"));
+ Assert.assertEquals("GET_TAG_NAMES()", "",
evaluator.evaluateScript("GET_TAG_NAMES()"));
+ Assert.assertEquals("GET_TAG_NAMES(null)", "",
evaluator.evaluateScript("GET_TAG_NAMES(null)"));
+ Assert.assertEquals("GET_TAG_NAMES('empty')", "empty",
evaluator.evaluateScript("GET_TAG_NAMES('empty')"));
+ Assert.assertEquals("GET_TAG_NAMES('empty', '|')", "empty",
evaluator.evaluateScript("GET_TAG_NAMES('empty', '|')"));
+ Assert.assertEquals("GET_TAG_NAMES('empty', null)", "empty",
evaluator.evaluateScript("GET_TAG_NAMES('empty', null)"));
// empty TAG names
- Assert.assertEquals("GET_TAG_NAMES_Q()", "",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q()"));
- Assert.assertEquals("GET_TAG_NAMES_Q(null)", "",
evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null)"));
- Assert.assertEquals("GET_TAG_NAMES_Q('empty')",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q('empty')"));
- Assert.assertEquals("GET_TAG_NAMES_Q('empty', ',')",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q('empty',
',')"));
- Assert.assertEquals("GET_TAG_NAMES_Q('empty', '|', null)",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q('empty',
'|')"));
- Assert.assertEquals("GET_TAG_NAMES_Q('empty', ',', '{', '}')",
"{empty}", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q('empty',
',', '{', '}')"));
+ Assert.assertEquals("GET_TAG_NAMES_Q()", "",
evaluator.evaluateScript("GET_TAG_NAMES_Q()"));
+ Assert.assertEquals("GET_TAG_NAMES_Q(null)", "",
evaluator.evaluateScript("GET_TAG_NAMES_Q(null)"));
+ Assert.assertEquals("GET_TAG_NAMES_Q('empty')",
"'empty'", evaluator.evaluateScript("GET_TAG_NAMES_Q('empty')"));
+ Assert.assertEquals("GET_TAG_NAMES_Q('empty', ',')",
"'empty'", evaluator.evaluateScript("GET_TAG_NAMES_Q('empty', ',')"));
+ Assert.assertEquals("GET_TAG_NAMES_Q('empty', '|', null)",
"'empty'", evaluator.evaluateScript("GET_TAG_NAMES_Q('empty', '|')"));
+ Assert.assertEquals("GET_TAG_NAMES_Q('empty', ',', '{', '}')",
"{empty}", evaluator.evaluateScript("GET_TAG_NAMES_Q('empty', ',', '{', '}')"));
// empty UG names
- Assert.assertEquals("GET_UG_NAMES()", "",
evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES()"));
- Assert.assertEquals("GET_UG_NAMES(null)", "",
evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES(null)"));
- Assert.assertEquals("GET_UG_NAMES('empty')", "empty",
evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES('empty')"));
- Assert.assertEquals("GET_UG_NAMES('empty', '|')", "empty",
evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES('empty', '|')"));
- Assert.assertEquals("GET_UG_NAMES('empty', null)", "empty",
evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES('empty', null)"));
+ Assert.assertEquals("GET_UG_NAMES()", "",
evaluator.evaluateScript("GET_UG_NAMES()"));
+ Assert.assertEquals("GET_UG_NAMES(null)", "",
evaluator.evaluateScript("GET_UG_NAMES(null)"));
+ Assert.assertEquals("GET_UG_NAMES('empty')", "empty",
evaluator.evaluateScript("GET_UG_NAMES('empty')"));
+ Assert.assertEquals("GET_UG_NAMES('empty', '|')", "empty",
evaluator.evaluateScript("GET_UG_NAMES('empty', '|')"));
+ Assert.assertEquals("GET_UG_NAMES('empty', null)", "empty",
evaluator.evaluateScript("GET_UG_NAMES('empty', null)"));
// empty UG names
- Assert.assertEquals("GET_UG_NAMES_Q()", "",
evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q()"));
- Assert.assertEquals("GET_UG_NAMES_Q(null)", "",
evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q(null)"));
- Assert.assertEquals("GET_UG_NAMES_Q('empty')",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q('empty')"));
- Assert.assertEquals("GET_UG_NAMES_Q('empty', ',')",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q('empty',
',')"));
- Assert.assertEquals("GET_UG_NAMES_Q('empty', '|', null)",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q('empty',
'|')"));
- Assert.assertEquals("GET_UG_NAMES_Q('empty', ',', '{', '}')",
"{empty}", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q('empty', ',',
'{', '}')"));
+ Assert.assertEquals("GET_UG_NAMES_Q()", "",
evaluator.evaluateScript("GET_UG_NAMES_Q()"));
+ Assert.assertEquals("GET_UG_NAMES_Q(null)", "",
evaluator.evaluateScript("GET_UG_NAMES_Q(null)"));
+ Assert.assertEquals("GET_UG_NAMES_Q('empty')",
"'empty'", evaluator.evaluateScript("GET_UG_NAMES_Q('empty')"));
+ Assert.assertEquals("GET_UG_NAMES_Q('empty', ',')",
"'empty'", evaluator.evaluateScript("GET_UG_NAMES_Q('empty', ',')"));
+ Assert.assertEquals("GET_UG_NAMES_Q('empty', '|', null)",
"'empty'", evaluator.evaluateScript("GET_UG_NAMES_Q('empty', '|')"));
+ Assert.assertEquals("GET_UG_NAMES_Q('empty', ',', '{', '}')",
"{empty}", evaluator.evaluateScript("GET_UG_NAMES_Q('empty', ',', '{', '}')"));
// empty UR names
- Assert.assertEquals("GET_UR_NAMES()", "",
evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES()"));
- Assert.assertEquals("GET_UR_NAMES(null)", "",
evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES(null)"));
- Assert.assertEquals("GET_UR_NAMES('empty')", "empty",
evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES('empty')"));
- Assert.assertEquals("GET_UR_NAMES('empty', '|')", "empty",
evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES('empty', '|')"));
- Assert.assertEquals("GET_UR_NAMES('empty', null)", "empty",
evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES('empty', null)"));
+ Assert.assertEquals("GET_UR_NAMES()", "",
evaluator.evaluateScript("GET_UR_NAMES()"));
+ Assert.assertEquals("GET_UR_NAMES(null)", "",
evaluator.evaluateScript("GET_UR_NAMES(null)"));
+ Assert.assertEquals("GET_UR_NAMES('empty')", "empty",
evaluator.evaluateScript("GET_UR_NAMES('empty')"));
+ Assert.assertEquals("GET_UR_NAMES('empty', '|')", "empty",
evaluator.evaluateScript("GET_UR_NAMES('empty', '|')"));
+ Assert.assertEquals("GET_UR_NAMES('empty', null)", "empty",
evaluator.evaluateScript("GET_UR_NAMES('empty', null)"));
// empty UR names
- Assert.assertEquals("GET_UR_NAMES_Q()", "",
evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q()"));
- Assert.assertEquals("GET_UR_NAMES_Q(null)", "",
evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q(null)"));
- Assert.assertEquals("GET_UR_NAMES_Q('empty')",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q('empty')"));
- Assert.assertEquals("GET_UR_NAMES_Q('empty', ',')",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q('empty',
',')"));
- Assert.assertEquals("GET_UR_NAMES_Q('empty', '|', null)",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q('empty',
'|')"));
- Assert.assertEquals("GET_UR_NAMES_Q('empty', ',', '{', '}')",
"{empty}", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q('empty', ',',
'{', '}')"));
+ Assert.assertEquals("GET_UR_NAMES_Q()", "",
evaluator.evaluateScript("GET_UR_NAMES_Q()"));
+ Assert.assertEquals("GET_UR_NAMES_Q(null)", "",
evaluator.evaluateScript("GET_UR_NAMES_Q(null)"));
+ Assert.assertEquals("GET_UR_NAMES_Q('empty')",
"'empty'", evaluator.evaluateScript("GET_UR_NAMES_Q('empty')"));
+ Assert.assertEquals("GET_UR_NAMES_Q('empty', ',')",
"'empty'", evaluator.evaluateScript("GET_UR_NAMES_Q('empty', ',')"));
+ Assert.assertEquals("GET_UR_NAMES_Q('empty', '|', null)",
"'empty'", evaluator.evaluateScript("GET_UR_NAMES_Q('empty', '|')"));
+ Assert.assertEquals("GET_UR_NAMES_Q('empty', ',', '{', '}')",
"{empty}", evaluator.evaluateScript("GET_UR_NAMES_Q('empty', ',', '{', '}')"));
// non-existent attribute
- Assert.assertEquals("GET_TAG_ATTR('noattr')", "",
evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('noattr')"));
- Assert.assertEquals("GET_TAG_ATTR('noattr', null)", "",
evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('noattr', null)"));
- Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty')", "empty",
evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('noattr', 'empty')"));
- Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty', '|')", "empty",
evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('noattr', 'empty', '|')"));
- Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty', null)", "empty",
evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('noattr', 'empty',
null)"));
+ Assert.assertEquals("GET_TAG_ATTR('noattr')", "",
evaluator.evaluateScript("GET_TAG_ATTR('noattr')"));
+ Assert.assertEquals("GET_TAG_ATTR('noattr', null)", "",
evaluator.evaluateScript("GET_TAG_ATTR('noattr', null)"));
+ Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty')", "empty",
evaluator.evaluateScript("GET_TAG_ATTR('noattr', 'empty')"));
+ Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty', '|')", "empty",
evaluator.evaluateScript("GET_TAG_ATTR('noattr', 'empty', '|')"));
+ Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty', null)", "empty",
evaluator.evaluateScript("GET_TAG_ATTR('noattr', 'empty', null)"));
// non-existent attribute
- Assert.assertEquals("GET_TAG_ATTR_Q('noattr')",
"", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr')"));
- Assert.assertEquals("GET_TAG_ATTR_Q('noattr', null)",
"", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr',
null)"));
- Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty')",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr',
'empty')"));
- Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', ',')",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr',
'empty', ',')"));
- Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', '|', null)",
"empty", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr',
'empty', '|', null)"));
- Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', ',', '{',
'}')", "{empty}", evaluator.evaluateScript(scriptEngine,
"GET_TAG_ATTR_Q('noattr', 'empty', ',', '{', '}')"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('noattr')",
"", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr')"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('noattr', null)",
"", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr', null)"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty')",
"'empty'", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr', 'empty')"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', ',')",
"'empty'", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr', 'empty', ',')"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', '|', null)",
"empty", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr', 'empty', '|',
null)"));
+ Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', ',', '{',
'}')", "{empty}", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr', 'empty',
',', '{', '}')"));
// non-existent attribute
- Assert.assertEquals("GET_UG_ATTR('noattr')", "",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('noattr')"));
- Assert.assertEquals("GET_UG_ATTR('noattr', null)", "",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('noattr', null)"));
- Assert.assertEquals("GET_UG_ATTR('noattr', 'empty', '|')", "empty",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('noattr', 'empty', '|')"));
- Assert.assertEquals("GET_UG_ATTR('noattr', 'empty', null)", "empty",
evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('noattr', 'empty', null)"));
+ Assert.assertEquals("GET_UG_ATTR('noattr')", "",
evaluator.evaluateScript("GET_UG_ATTR('noattr')"));
+ Assert.assertEquals("GET_UG_ATTR('noattr', null)", "",
evaluator.evaluateScript("GET_UG_ATTR('noattr', null)"));
+ Assert.assertEquals("GET_UG_ATTR('noattr', 'empty', '|')", "empty",
evaluator.evaluateScript("GET_UG_ATTR('noattr', 'empty', '|')"));
+ Assert.assertEquals("GET_UG_ATTR('noattr', 'empty', null)", "empty",
evaluator.evaluateScript("GET_UG_ATTR('noattr', 'empty', null)"));
// non-existent attribute
- Assert.assertEquals("GET_UG_ATTR_Q('noattr')",
"", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr')"));
- Assert.assertEquals("GET_UG_ATTR_Q('noattr', null)",
"", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr',
null)"));
- Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', null)",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr',
'empty', null)"));
- Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', '|')",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr',
'empty', '|')"));
- Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', ',', null)",
"empty", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr',
'empty', ',', null)"));
- Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', ',', '{', '}')",
"{empty}", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr',
'empty', ',', '{', '}')"));
+ Assert.assertEquals("GET_UG_ATTR_Q('noattr')",
"", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr')"));
+ Assert.assertEquals("GET_UG_ATTR_Q('noattr', null)",
"", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr', null)"));
+ Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', null)",
"'empty'", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr', 'empty', null)"));
+ Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', '|')",
"'empty'", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr', 'empty', '|')"));
+ Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', ',', null)",
"empty", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr', 'empty', ',',
null)"));
+ Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', ',', '{', '}')",
"{empty}", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr', 'empty', ',', '{',
'}')"));
// non-existent attribute
- Assert.assertEquals("GET_USER_ATTR('noattr')", "",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('noattr')"));
- Assert.assertEquals("GET_USER_ATTR('noattr', null)", "",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('noattr', null)"));
- Assert.assertEquals("GET_USER_ATTR('noattr', 'empty', '|')", "empty",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('noattr', 'empty',
'|')"));
- Assert.assertEquals("GET_USER_ATTR('noattr', 'empty', null)", "empty",
evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('noattr', 'empty',
null)"));
+ Assert.assertEquals("GET_USER_ATTR('noattr')", "",
evaluator.evaluateScript("GET_USER_ATTR('noattr')"));
+ Assert.assertEquals("GET_USER_ATTR('noattr', null)", "",
evaluator.evaluateScript("GET_USER_ATTR('noattr', null)"));
+ Assert.assertEquals("GET_USER_ATTR('noattr', 'empty', '|')", "empty",
evaluator.evaluateScript("GET_USER_ATTR('noattr', 'empty', '|')"));
+ Assert.assertEquals("GET_USER_ATTR('noattr', 'empty', null)", "empty",
evaluator.evaluateScript("GET_USER_ATTR('noattr', 'empty', null)"));
// non-existent attribute
- Assert.assertEquals("GET_USER_ATTR_Q('noattr')",
"", evaluator.evaluateScript(scriptEngine,
"GET_USER_ATTR_Q('noattr')"));
- Assert.assertEquals("GET_USER_ATTR_Q('noattr', null)",
"", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('noattr',
null)"));
- Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', null)",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('noattr',
'empty', null)"));
- Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', '|')",
"'empty'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('noattr',
'empty', '|')"));
- Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', ',', null)",
"empty", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('noattr',
'empty', ',', null)"));
- Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', ',', '{',
'}')", "{empty}", evaluator.evaluateScript(scriptEngine,
"GET_USER_ATTR_Q('noattr', 'empty', ',', '{', '}')"));
+ Assert.assertEquals("GET_USER_ATTR_Q('noattr')",
"", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr')"));
+ Assert.assertEquals("GET_USER_ATTR_Q('noattr', null)",
"", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr', null)"));
+ Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', null)",
"'empty'", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr', 'empty',
null)"));
+ Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', '|')",
"'empty'", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr', 'empty',
'|')"));
+ Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', ',', null)",
"empty", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr', 'empty', ',',
null)"));
+ Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', ',', '{',
'}')", "{empty}", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr', 'empty',
',', '{', '}')"));
}
@Test
@@ -356,111 +356,111 @@ public class RangerRequestScriptEvaluatorTest {
RangerTag tagPartners = new RangerTag("PARTNERS",
Collections.singletonMap("names", "partner-1,partner-2"));
RangerTag tagDepts = new RangerTag("DEPTS",
Collections.singletonMap("names", "ENGG,SALES"));
RangerAccessRequest request = createRequest("test-user2",
Collections.singleton("test-group2"), Collections.singleton("test-role2"),
Arrays.asList(tagPartners, tagDepts));
- RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request);
-
- Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['sales'])", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].intersects(['sales'])"));
- Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['mktg'])", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].intersects(['mktg'])"));
- Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['products'])", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].intersects(['products'])"));
- Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['sales', 'engineering'])", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].intersects(['sales', 'engineering'])"));
- Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['mktg', 'engineering'])", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].intersects(['mktg', 'engineering'])"));
- Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['products', 'engineering'])", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].intersects(['products', 'engineering'])"));
- Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['engineering', 'hr', 'sales'])", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].intersects(['engineering', 'hr', 'sales'])"));
- Assert.assertFalse("test: ['sales', 'mktg',
'products'].intersects(['engineering'])", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].intersects(['engineering'])"));
- Assert.assertFalse("test: ['sales', 'mktg',
'products'].intersects([])", (Boolean) evaluator.evaluateScript(scriptEngine,
"['sales', 'mktg', 'products'].intersects([])"));
- Assert.assertFalse("test: ['sales', 'mktg',
'products'].intersects(null)", (Boolean) evaluator.evaluateScript(scriptEngine,
"['sales', 'mktg', 'products'].intersects(null)"));
- Assert.assertFalse("test: [].intersects(['engineering'])", (Boolean)
evaluator.evaluateScript(scriptEngine, "[].intersects(['engineering'])"));
- Assert.assertFalse("test: [].intersects([])", (Boolean)
evaluator.evaluateScript(scriptEngine, "[].intersects([])"));
+ RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request, scriptEngine);
+
+ Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['sales'])", (Boolean)
evaluator.evaluateScript("['sales', 'mktg',
'products'].intersects(['sales'])"));
+ Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['mktg'])", (Boolean)
evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['mktg'])"));
+ Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['products'])", (Boolean)
evaluator.evaluateScript("['sales', 'mktg',
'products'].intersects(['products'])"));
+ Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['sales', 'engineering'])", (Boolean)
evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['sales',
'engineering'])"));
+ Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['mktg', 'engineering'])", (Boolean)
evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['mktg',
'engineering'])"));
+ Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['products', 'engineering'])", (Boolean)
evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['products',
'engineering'])"));
+ Assert.assertTrue("test: ['sales', 'mktg',
'products'].intersects(['engineering', 'hr', 'sales'])", (Boolean)
evaluator.evaluateScript("['sales', 'mktg',
'products'].intersects(['engineering', 'hr', 'sales'])"));
+ Assert.assertFalse("test: ['sales', 'mktg',
'products'].intersects(['engineering'])", (Boolean)
evaluator.evaluateScript("['sales', 'mktg',
'products'].intersects(['engineering'])"));
+ Assert.assertFalse("test: ['sales', 'mktg',
'products'].intersects([])", (Boolean) evaluator.evaluateScript("['sales',
'mktg', 'products'].intersects([])"));
+ Assert.assertFalse("test: ['sales', 'mktg',
'products'].intersects(null)", (Boolean) evaluator.evaluateScript("['sales',
'mktg', 'products'].intersects(null)"));
+ Assert.assertFalse("test: [].intersects(['engineering'])", (Boolean)
evaluator.evaluateScript("[].intersects(['engineering'])"));
+ Assert.assertFalse("test: [].intersects([])", (Boolean)
evaluator.evaluateScript("[].intersects([])"));
/*
TAGS.PARTNERS.names = partner-1,partner-2
USER.partners = partner-1,partner-2,partners-3
*/
- Assert.assertTrue("test:
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean)
evaluator.evaluateScript(scriptEngine, "HAS_USER_ATTR('partners') &&
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))"));
+ Assert.assertTrue("test:
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean)
evaluator.evaluateScript("HAS_USER_ATTR('partners') &&
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))"));
- Assert.assertTrue("test: ['sales', 'mktg',
'products'].includes('sales')", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].includes('sales')"));
- Assert.assertTrue("test: ['sales', 'mktg',
'products'].includes('mktg')", (Boolean) evaluator.evaluateScript(scriptEngine,
"['sales', 'mktg', 'products'].includes('mktg')"));
- Assert.assertTrue("test: ['sales', 'mktg',
'products'].includes('products')", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].includes('products')"));
- Assert.assertFalse("test: ['sales', 'mktg',
'products'].includes(['engineering'])", (Boolean)
evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].includes('engineering')"));
- Assert.assertFalse("test: ['sales', 'mktg', 'products'].includes('')",
(Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg',
'products'].includes('')"));
- Assert.assertFalse("test: ['sales', 'mktg',
'products'].includes(null)", (Boolean) evaluator.evaluateScript(scriptEngine,
"['sales', 'mktg', 'products'].includes(null)"));
- Assert.assertFalse("test: [].includes('engineering')", (Boolean)
evaluator.evaluateScript(scriptEngine, "[].includes('engineering')"));
- Assert.assertFalse("test: [].includes([])", (Boolean)
evaluator.evaluateScript(scriptEngine, "[].includes([])"));
+ Assert.assertTrue("test: ['sales', 'mktg',
'products'].includes('sales')", (Boolean) evaluator.evaluateScript("['sales',
'mktg', 'products'].includes('sales')"));
+ Assert.assertTrue("test: ['sales', 'mktg',
'products'].includes('mktg')", (Boolean) evaluator.evaluateScript("['sales',
'mktg', 'products'].includes('mktg')"));
+ Assert.assertTrue("test: ['sales', 'mktg',
'products'].includes('products')", (Boolean)
evaluator.evaluateScript("['sales', 'mktg', 'products'].includes('products')"));
+ Assert.assertFalse("test: ['sales', 'mktg',
'products'].includes(['engineering'])", (Boolean)
evaluator.evaluateScript("['sales', 'mktg',
'products'].includes('engineering')"));
+ Assert.assertFalse("test: ['sales', 'mktg', 'products'].includes('')",
(Boolean) evaluator.evaluateScript("['sales', 'mktg',
'products'].includes('')"));
+ Assert.assertFalse("test: ['sales', 'mktg',
'products'].includes(null)", (Boolean) evaluator.evaluateScript("['sales',
'mktg', 'products'].includes(null)"));
+ Assert.assertFalse("test: [].includes('engineering')", (Boolean)
evaluator.evaluateScript("[].includes('engineering')"));
+ Assert.assertFalse("test: [].includes([])", (Boolean)
evaluator.evaluateScript("[].includes([])"));
/*
TAGS.DEPTS.names = ENGG,SALES
USER.dept = ENGG
*/
- Assert.assertTrue("test:
TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean)
evaluator.evaluateScript(scriptEngine,
"TAGS.DEPTS.names.split(',').includes(USER.dept)"));
+ Assert.assertTrue("test:
TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean)
evaluator.evaluateScript("TAGS.DEPTS.names.split(',').includes(USER.dept)"));
// switch context to user test-user3, who has different attribute
values for partners and dept
request = createRequest("test-user3",
Collections.singleton("test-group3"), Collections.singleton("test-role3"),
Arrays.asList(tagPartners, tagDepts));
- evaluator = new RangerRequestScriptEvaluator(request);
+ evaluator = new RangerRequestScriptEvaluator(request, scriptEngine);
/*
TAGS.PARTNERS.names = partner-1,partner-2
USER.partners = partner-3
*/
- Assert.assertFalse("test:
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean)
evaluator.evaluateScript(scriptEngine, "HAS_USER_ATTR('partners') &&
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))"));
+ Assert.assertFalse("test:
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean)
evaluator.evaluateScript("HAS_USER_ATTR('partners') &&
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))"));
/*
TAGS.DEPTS.names = ENGG,SALES
USER.dept = MKTG
*/
- Assert.assertFalse("test:
TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean)
evaluator.evaluateScript(scriptEngine,
"TAGS.DEPTS.names.split(',').includes(USER.dept)"));
+ Assert.assertFalse("test:
TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean)
evaluator.evaluateScript("TAGS.DEPTS.names.split(',').includes(USER.dept)"));
// switch context to user test-user4, who doesn't have attribute
partners and dept
request = createRequest("test-user4",
Collections.singleton("test-group4"), Collections.singleton("test-role4"),
Arrays.asList(tagPartners, tagDepts));
- evaluator = new RangerRequestScriptEvaluator(request);
+ evaluator = new RangerRequestScriptEvaluator(request, scriptEngine);
/*
TAGS.PARTNERS.names = partner-1,partner-2
USER.partners = null
*/
- Assert.assertFalse("test:
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean)
evaluator.evaluateScript(scriptEngine, "HAS_USER_ATTR('partners') &&
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))"));
+ Assert.assertFalse("test:
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean)
evaluator.evaluateScript("HAS_USER_ATTR('partners') &&
TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))"));
/*
TAGS.DEPTS.names = ENGG,SALES
USER.dept = null
*/
- Assert.assertFalse("test:
TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean)
evaluator.evaluateScript(scriptEngine,
"TAGS.DEPTS.names.split(',').includes(USER.dept)"));
+ Assert.assertFalse("test:
TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean)
evaluator.evaluateScript("TAGS.DEPTS.names.split(',').includes(USER.dept)"));
}
@Test
public void testBlockJavaClassReferences() {
RangerAccessRequest request = createRequest("test-user",
Collections.EMPTY_SET, Collections.EMPTY_SET, Collections.EMPTY_LIST);
- RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request);
+ RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request, scriptEngine, false);
- Assert.assertNull("test: java.lang.System.out.println(\"test\");",
evaluator.evaluateScript(scriptEngine,
"java.lang.System.out.println(\"test\");"));
- Assert.assertNull("test:
java.lang.Runtime.getRuntime().exec(\"bash\");",
evaluator.evaluateScript(scriptEngine,
"java.lang.Runtime.getRuntime().exec(\"bash\");"));
+ Assert.assertNull("test: java.lang.System.out.println(\"test\");",
evaluator.evaluateScript("java.lang.System.out.println(\"test\");"));
+ Assert.assertNull("test:
java.lang.Runtime.getRuntime().exec(\"bash\");",
evaluator.evaluateScript("java.lang.Runtime.getRuntime().exec(\"bash\");"));
}
@Test
public void testIsTimeMacros() {
RangerAccessRequest request = createRequest("test-user",
Collections.emptySet(), Collections.emptySet(), Collections.emptyList());
- RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request);
+ RangerRequestScriptEvaluator evaluator = new
RangerRequestScriptEvaluator(request, scriptEngine, false);
// Date
- Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01')",
(Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_AFTER('2020/01/01')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01', 'GMT')",
(Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_AFTER('2020/01/01', 'GMT')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01')",
(Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BEFORE('2100/01/01')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01', 'GMT')",
(Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BEFORE('2100/01/01', 'GMT')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01',
'2100/01/01')", (Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01',
'2100/01/01', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01', 'GMT')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01')",
(Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01', 'GMT')",
(Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01',
'GMT')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01')",
(Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01', 'GMT')",
(Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01',
'GMT')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01',
'2100/01/01')", (Boolean)
evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01',
'2100/01/01', 'GMT')", (Boolean)
evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01',
'GMT')"));
// Date hh:mm
- Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00')",
(Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_AFTER('2020/01/01 15:00')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00',
'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_AFTER('2020/01/01 15:00', 'GMT')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00')",
(Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BEFORE('2100/01/01 15:00')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00',
'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BEFORE('2100/01/01 15:00', 'GMT')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00',
'2100/01/01 15:00')", (Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00', '2100/01/01 15:00')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00',
'2100/01/01 15:00', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00', '2100/01/01 15:00', 'GMT')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00')",
(Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01 15:00')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00',
'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01
15:00', 'GMT')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00')",
(Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01
15:00')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00',
'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01
15:00', 'GMT')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00',
'2100/01/01 15:00')", (Boolean)
evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00',
'2100/01/01 15:00')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00',
'2100/01/01 15:00', 'GMT')", (Boolean)
evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00',
'2100/01/01 15:00', 'GMT')"));
// Date hh:mm:ss
- Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42')",
(Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42',
'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42', 'GMT')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01
15:00:42')", (Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42',
'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42', 'GMT')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42',
'2100/01/01 15:00:42')", (Boolean) evaluator.evaluateScript(scriptEngine,
"IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42', '2100/01/01 15:00:42')"));
- Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42',
'2100/01/01 15:00:42', 'GMT')", (Boolean)
evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BETWEEN('2010/01/01
15:00:42', '2100/01/01 15:00:42', 'GMT')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42')",
(Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01
15:00:42')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42',
'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01
15:00:42', 'GMT')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01
15:00:42')", (Boolean)
evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42',
'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01
15:00:42', 'GMT')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42',
'2100/01/01 15:00:42')", (Boolean)
evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42',
'2100/01/01 15:00:42')"));
+ Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42',
'2100/01/01 15:00:42', 'GMT')", (Boolean)
evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42',
'2100/01/01 15:00:42', 'GMT')"));
}
RangerAccessRequest createRequest(String userName, Set<String> userGroups,
Set<String> userRoles, List<RangerTag> resourceTags) {
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java
b/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java
index 6d5edc04c..a062f0e9b 100644
---
a/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java
@@ -42,6 +42,7 @@ public class RangerRequestExprResolverTest {
exprValue.put("s3://mybucket/users/${{USER._name}}/${{USER.state}}/test.txt",
"s3://mybucket/users/test-user/CA/test.txt");
exprValue.put("state == '${{USER.state}}' AND dept ==
'${{UGA.sVal.dept}}'", "state == 'CA' AND dept == 'ENGG'");
+ exprValue.put("state == '${{USER.state}}' AND group IN
(${{GET_UG_NAMES_Q()}})", "state == 'CA' AND group IN
('test-group1','test-group2')");
exprValue.put("attr1 == '${{TAG.attr1}}'", "attr1 == 'PII_value'");
exprValue.put("${{USER._name}}", "test-user");
