This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new b50feda65 RANGER-4529: script evaluator updated to reuse bindings for a request b50feda65 is described below commit b50feda65daebb5237aeea643a52633a624619a8 Author: Madhan Neethiraj <mad...@apache.org> AuthorDate: Mon Nov 13 17:46:31 2023 -0800 RANGER-4529: script evaluator updated to reuse bindings for a request --- ...AnyOfExpectedTagsPresentConditionEvaluator.java | 18 +- ...oneOfExpectedTagsPresentConditionEvaluator.java | 16 +- .../RangerScriptConditionEvaluator.java | 9 +- .../RangerTagsAllPresentConditionEvaluator.java | 20 +- .../policyengine/RangerRequestScriptEvaluator.java | 108 ++-- .../ranger/plugin/util/RangerCommonConstants.java | 12 +- .../plugin/util/RangerRequestExprResolver.java | 4 +- .../RangerRequestScriptEvaluatorTest.java | 640 ++++++++++----------- .../plugin/util/RangerRequestExprResolverTest.java | 1 + 9 files changed, 424 insertions(+), 404 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java index bf57fb412..c7b78908a 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java @@ -19,17 +19,16 @@ package org.apache.ranger.plugin.conditionevaluator; +import org.apache.ranger.plugin.contextenricher.RangerTagForEval; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; -import org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator; +import org.apache.ranger.plugin.util.RangerAccessRequestUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.Collections; import java.util.HashSet; import java.util.Set; // Policy Condition to check if resource Tags does contain any of the policy Condition Tags - public class RangerAnyOfExpectedTagsPresentConditionEvaluator extends RangerAbstractConditionEvaluator { private static final Logger LOG = LoggerFactory.getLogger(RangerAnyOfExpectedTagsPresentConditionEvaluator.class); @@ -62,14 +61,17 @@ public class RangerAnyOfExpectedTagsPresentConditionEvaluator extends RangerAbst LOG.debug("==> RangerAnyOfExpectedTagsPresentConditionEvaluator.isMatched(" + request + ")"); } - boolean matched = false; - - RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request); - Set<String> resourceTags = evaluator.getAllTagTypes(); + boolean matched = false; + Set<RangerTagForEval> resourceTags = RangerAccessRequestUtil.getRequestTagsFromContext(request.getContext()); if (resourceTags != null) { // check if resource Tags does contain any of the policy Condition Tags - matched = (!Collections.disjoint(resourceTags, policyConditionTags)); + for (RangerTagForEval tag : resourceTags) { + if (policyConditionTags.contains(tag.getType())) { + matched = true; + break; + } + } } diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java index 938836f66..9f1b60c98 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java @@ -19,12 +19,12 @@ package org.apache.ranger.plugin.conditionevaluator; +import org.apache.ranger.plugin.contextenricher.RangerTagForEval; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; -import org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator; +import org.apache.ranger.plugin.util.RangerAccessRequestUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.Collections; import java.util.HashSet; import java.util.Set; @@ -62,13 +62,17 @@ public class RangerNoneOfExpectedTagsPresentConditionEvaluator extends RangerAbs LOG.debug("==> RangerNoneOfExpectedTagsPresentConditionEvaluator.isMatched(" + request + ")"); } - boolean matched = true; - RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request); - Set<String> resourceTags = evaluator.getAllTagTypes(); + boolean matched = true; + Set<RangerTagForEval> resourceTags = RangerAccessRequestUtil.getRequestTagsFromContext(request.getContext()); if (resourceTags != null) { // check if resource Tags does not contain any tags in the policy condition - matched = (Collections.disjoint(resourceTags, policyConditionTags)); + for (RangerTagForEval tag : resourceTags) { + if (policyConditionTags.contains(tag.getType())) { + matched = false; + break; + } + } } if(LOG.isDebugEnabled()) { diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java index 80a766566..6eb192270 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java @@ -32,7 +32,8 @@ import javax.script.ScriptEngine; import java.util.List; import java.util.Map; -import static org.apache.ranger.plugin.util.RangerCommonConstants.*; +import static org.apache.ranger.plugin.util.RangerCommonConstants.SCRIPT_OPTION_ENABLE_JSON_CTX; + public class RangerScriptConditionEvaluator extends RangerAbstractConditionEvaluator { private static final Logger LOG = LoggerFactory.getLogger(RangerScriptConditionEvaluator.class); @@ -100,13 +101,13 @@ public class RangerScriptConditionEvaluator extends RangerAbstractConditionEvalu LOG.debug("RangerScriptConditionEvaluator.isMatched(): script={" + script + "}"); } - RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request); - if (enableJsonCtx == null) { // if not specified in evaluatorOptions, set it on first call to isMatched() enableJsonCtx = RangerRequestScriptEvaluator.needsJsonCtxEnabled(script); } - evaluator.evaluateConditionScript(scriptEngine, script, enableJsonCtx); + RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request, scriptEngine, enableJsonCtx); + + evaluator.evaluateConditionScript(script); result = evaluator.getResult(); } else { diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java index 82b59d24b..6dcfe7ac4 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java @@ -20,8 +20,9 @@ package org.apache.ranger.plugin.conditionevaluator; import org.apache.commons.collections.CollectionUtils; +import org.apache.ranger.plugin.contextenricher.RangerTagForEval; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; -import org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator; +import org.apache.ranger.plugin.util.RangerAccessRequestUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -63,12 +64,21 @@ public class RangerTagsAllPresentConditionEvaluator extends RangerAbstractCondit boolean matched = true; - if (CollectionUtils.isNotEmpty(policyConditionTags)) { - RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request); - Set<String> resourceTags = evaluator.getAllTagTypes(); + if (CollectionUtils.isNotEmpty(policyConditionTags)) { + Set<RangerTagForEval> resourceTags = RangerAccessRequestUtil.getRequestTagsFromContext(request.getContext()); // check if resource Tags atleast have to have all the tags in policy Condition - matched = resourceTags != null && resourceTags.containsAll(policyConditionTags); + if (CollectionUtils.isNotEmpty(resourceTags)) { + Set<String> tags = new HashSet<>(resourceTags.size()); + + for (RangerTagForEval tag : resourceTags) { + tags.add(tag.getType()); + } + + matched = tags.containsAll(policyConditionTags); + } else { + matched = false; + } } if(LOG.isDebugEnabled()) { diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java index 2c1fe2ac1..327056431 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java @@ -80,6 +80,8 @@ public final class RangerRequestScriptEvaluator { private static String[] dateFormatStrings = null; private final RangerAccessRequest accessRequest; + private final ScriptEngine scriptEngine; + private final Bindings bindings; private boolean initDone = false; private Map<String, String> userAttrs = Collections.emptyMap(); private Map<String, Map<String, String>> groupAttrs = Collections.emptyMap(); @@ -179,84 +181,87 @@ public final class RangerRequestScriptEvaluator { return MACRO_PROCESSOR.expandMacros(script); } - public RangerRequestScriptEvaluator(final RangerAccessRequest accessRequest) { - this.accessRequest = accessRequest.getReadOnlyCopy(); - } - - public Object evaluateScript(ScriptEngine scriptEngine, String script) { - script = expandMacros(script); - - return evaluateScript(scriptEngine, script, needsJsonCtxEnabled(script)); + public RangerRequestScriptEvaluator(RangerAccessRequest accessRequest, ScriptEngine scriptEngine) { + this(accessRequest, scriptEngine, true); } - public Object evaluateConditionScript(ScriptEngine scriptEngine, String script, boolean enableJsonCtx) { - script = expandMacros(script); - - Object ret = evaluateScript(scriptEngine, script, enableJsonCtx); - - if (ret == null) { - ret = getResult(); - } - - if (ret instanceof Boolean) { - result = (Boolean) ret; - } - - return ret; - } + public RangerRequestScriptEvaluator(RangerAccessRequest accessRequest, ScriptEngine scriptEngine, boolean enableJsonCtx) { + this.accessRequest = accessRequest.getReadOnlyCopy(); + this.scriptEngine = scriptEngine; + this.bindings = scriptEngine.createBindings(); - private Object evaluateScript(ScriptEngine scriptEngine, String script, boolean enableJsonCtx) { - Object ret = null; - Bindings bindings = scriptEngine.createBindings(); - RangerTagForEval currentTag = this.getCurrentTag(); - Map<String, String> tagAttribs = currentTag != null ? currentTag.getAttributes() : Collections.emptyMap(); - boolean hasIncludes = StringUtils.contains(script, ".includes("); - boolean hasIntersects = StringUtils.contains(script, ".intersects("); + RangerTagForEval currentTag = this.getCurrentTag(); + Map<String, String> tagAttribs = currentTag != null ? currentTag.getAttributes() : Collections.emptyMap(); bindings.put(SCRIPT_VAR_ctx, this); bindings.put(SCRIPT_VAR_tag, currentTag); bindings.put(SCRIPT_VAR_tagAttr, tagAttribs); - script = SCRIPT_SAFE_PREEXEC + script; + String preExecScript = ""; if (enableJsonCtx) { bindings.put(SCRIPT_VAR__CTX_JSON, this.toJson()); - script = SCRIPT_PREEXEC + script; + preExecScript += SCRIPT_PREEXEC; } - if (hasIncludes) { - script = SCRIPT_POLYFILL_INCLUDES + script; + if (StringUtils.isNotBlank(preExecScript)) { + try { + scriptEngine.eval(preExecScript, bindings); + } catch (ScriptException excp) { + LOG.error("RangerRequestScriptEvaluator(): initialization failed", excp); + } } + } - if (hasIntersects) { - script = SCRIPT_POLYFILL_INTERSECTS + script; - } + public Object evaluateScript(String script) { + script = expandMacros(script); + + return evaluateScriptImpl(script); + } - if (JavaScriptEdits.hasDoubleBrackets(script)) { - script = JavaScriptEdits.replaceDoubleBrackets(script); + public Object evaluateConditionScript(String script) { + Object ret = evaluateScript(script); + + if (ret == null) { + ret = getResult(); } - if (LOG.isDebugEnabled()) { - LOG.debug("RangerRequestScriptEvaluator.evaluateScript(): script={" + script + "}"); + if (ret instanceof Boolean) { + result = (Boolean) ret; } + return ret; + } + + private Object evaluateScriptImpl(String script) { + Object ret = null; RangerPerfTracer perf = null; try { - long requestHash = accessRequest.hashCode(); - if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_CONDITION_SCRIPT_EVAL)) { - perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_CONDITION_SCRIPT_EVAL, "RangerRequestScriptEvaluator.evaluateScript(requestHash=" + requestHash + ")"); + perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_CONDITION_SCRIPT_EVAL, "RangerRequestScriptEvaluator.evaluateScript(requestHash=" + accessRequest.hashCode() + ")"); + } + + String preExec = SCRIPT_SAFE_PREEXEC; + + if (script.contains(".includes(")) { + preExec += SCRIPT_POLYFILL_INCLUDES; + } + + if (script.contains(".intersects(")) { + preExec += SCRIPT_POLYFILL_INTERSECTS; } - ret = scriptEngine.eval(script, bindings); + if (JavaScriptEdits.hasDoubleBrackets(script)) { + script = JavaScriptEdits.replaceDoubleBrackets(script); + } + + ret = scriptEngine.eval(preExec + script, bindings); } catch (NullPointerException nullp) { LOG.error("RangerRequestScriptEvaluator.evaluateScript(): eval called with NULL argument(s)", nullp); - - } catch (ScriptException exception) { - LOG.error("RangerRequestScriptEvaluator.evaluateScript(): failed to evaluate script," + - " exception=" + exception); + } catch (ScriptException excp) { + LOG.error("RangerRequestScriptEvaluator.evaluateScript(): failed to evaluate script", excp); } catch (Throwable t) { LOG.error("RangerRequestScriptEvaluator.evaluateScript(): failed to evaluate script", t); } finally { @@ -269,10 +274,8 @@ public final class RangerRequestScriptEvaluator { private String toJson() { RangerPerfTracer perf = null; - long requestHash = accessRequest.hashCode(); - if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_CONDITION_SCRIPT_TOJSON)) { - perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_CONDITION_SCRIPT_TOJSON, "RangerRequestScriptEvaluator.toJson(requestHash=" + requestHash + ")"); + perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_CONDITION_SCRIPT_TOJSON, "RangerRequestScriptEvaluator.toJson(requestHash=" + accessRequest.hashCode() + ")"); } Map<String, Object> ret = new HashMap<>(); @@ -1393,5 +1396,4 @@ public final class RangerRequestScriptEvaluator { return ret; } } - } diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java index 8081dd346..8dbc7eedd 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java @@ -175,13 +175,13 @@ public class RangerCommonConstants { " Array.prototype, 'intersects', {\n" + " value: function (x) {\n" + " if (x == null) {return false;}\n" + - " var o = Object(this);\n" + - " var len = o.length >>> 0;\n" + - " if (len === 0) { return false; }\n" + - " var result = o.filter(function(n) { return x.indexOf(n) > -1;})\n" + - " return result.length != 0;\n" + + " var o = Object(this);\n" + + " var len = o.length >>> 0;\n" + + " if (len === 0) { return false; }\n" + + " var result = o.filter(function(n) { return x.indexOf(n) > -1;})\n" + + " return result.length != 0;\n" + " }\n" + " }\n" + - " )\n" + + " );\n" + "}; "; } diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java index 9440d7676..0caa4f0e0 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java @@ -98,14 +98,14 @@ public class RangerRequestExprResolver { String ret = str; if (hasTokens) { - RangerRequestScriptEvaluator scriptEvaluator = new RangerRequestScriptEvaluator(request); ScriptEngine scriptEngine = ScriptEngineUtil.createScriptEngine(serviceType); + RangerRequestScriptEvaluator scriptEvaluator = new RangerRequestScriptEvaluator(request, scriptEngine, RangerRequestScriptEvaluator.needsJsonCtxEnabled(str)); StringBuffer sb = new StringBuffer(); Matcher matcher = PATTERN.matcher(str); while (matcher.find()) { String expr = matcher.group(REGEX_GROUP_EXPR); - String val = Objects.toString(scriptEvaluator.evaluateScript(scriptEngine, expr)); + String val = Objects.toString(scriptEvaluator.evaluateScript(expr)); matcher.appendReplacement(sb, val); } diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java index d3e343480..0059bef88 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java @@ -52,303 +52,303 @@ public class RangerRequestScriptEvaluatorTest { RangerTag tagPII = new RangerTag("PII", Collections.singletonMap("attr1", "PII_value")); RangerTag tagPCI = new RangerTag("PCI", Collections.singletonMap("attr1", "PCI_value")); RangerAccessRequest request = createRequest("test-user", new HashSet<>(Arrays.asList("test-group1", "test-group2")), new HashSet<>(Arrays.asList("test-role1", "test-role2")), Arrays.asList(tagPII, tagPCI)); - RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request); - - Assert.assertEquals("test: UG_NAMES_CSV", "test-group1,test-group2", evaluator.evaluateScript(scriptEngine, "UG_NAMES_CSV")); - Assert.assertEquals("test: UR_NAMES_CSV", "test-role1,test-role2", evaluator.evaluateScript(scriptEngine, "UR_NAMES_CSV")); - Assert.assertEquals("test: TAG_NAMES_CSV", "PCI,PII", evaluator.evaluateScript(scriptEngine, "TAG_NAMES_CSV")); - Assert.assertEquals("test: USER_ATTR_NAMES_CSV", "state", evaluator.evaluateScript(scriptEngine, "USER_ATTR_NAMES_CSV")); - Assert.assertEquals("test: UG_ATTR_NAMES_CSV", "dept,site", evaluator.evaluateScript(scriptEngine, "UG_ATTR_NAMES_CSV")); - Assert.assertEquals("test: TAG_ATTR_NAMES_CSV", "attr1", evaluator.evaluateScript(scriptEngine, "TAG_ATTR_NAMES_CSV")); - Assert.assertEquals("test: GET_UG_ATTR_CSV('dept')", "ENGG,PROD", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_CSV('dept')")); - Assert.assertEquals("test: GET_UG_ATTR_CSV('site')", "10,20", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_CSV('site')")); - Assert.assertEquals("test: GET_TAG_ATTR_CSV('attr1')", "PCI_value,PII_value", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_CSV('attr1')")); - - Assert.assertEquals("test: UG_NAMES_Q_CSV", "'test-group1','test-group2'", evaluator.evaluateScript(scriptEngine, "UG_NAMES_Q_CSV")); - Assert.assertEquals("test: UR_NAMES_Q_CSV", "'test-role1','test-role2'", evaluator.evaluateScript(scriptEngine, "UR_NAMES_Q_CSV")); - Assert.assertEquals("test: TAG_NAMES_Q_CSV", "'PCI','PII'", evaluator.evaluateScript(scriptEngine, "TAG_NAMES_Q_CSV")); - Assert.assertEquals("test: USER_ATTR_NAMES_Q_CSV", "'state'", evaluator.evaluateScript(scriptEngine, "USER_ATTR_NAMES_Q_CSV")); - Assert.assertEquals("test: UG_ATTR_NAMES_Q_CSV", "'dept','site'", evaluator.evaluateScript(scriptEngine, "UG_ATTR_NAMES_Q_CSV")); - Assert.assertEquals("test: TAG_ATTR_NAMES_Q_CSV", "'attr1'", evaluator.evaluateScript(scriptEngine, "TAG_ATTR_NAMES_Q_CSV")); - Assert.assertEquals("test: GET_UG_ATTR_Q_CSV('dept')", "'ENGG','PROD'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q_CSV('dept')")); - Assert.assertEquals("test: GET_UG_ATTR_Q_CSV('site')", "'10','20'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q_CSV('site')")); - Assert.assertEquals("test: GET_TAG_ATTR_Q_CSV('attr1')", "'PCI_value','PII_value'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q_CSV('attr1')")); - - Assert.assertTrue("test: USER._name is 'test-user'", (Boolean) evaluator.evaluateScript(scriptEngine, "USER._name == 'test-user'")); - Assert.assertTrue("test: HAS_USER_ATTR(state)", (Boolean)evaluator.evaluateScript(scriptEngine, "HAS_USER_ATTR('state')")); - Assert.assertFalse("test: HAS_USER_ATTR(notExists)", (Boolean)evaluator.evaluateScript(scriptEngine, "HAS_USER_ATTR('notExists')")); - Assert.assertTrue("test: USER['state'] is 'CA'", (Boolean) evaluator.evaluateScript(scriptEngine, "USER['state'] == 'CA'")); - Assert.assertTrue("test: USER.state is 'CA'", (Boolean) evaluator.evaluateScript(scriptEngine, "USER.state == 'CA'")); - - Assert.assertTrue("test: IS_IN_GROUP(test-group1)", (Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_GROUP('test-group1')")); - Assert.assertTrue("test: IS_IN_GROUP(test-group2)", (Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_GROUP('test-group2')")); - Assert.assertFalse("test: IS_IN_GROUP(notExists)", (Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_GROUP('notExists')")); - Assert.assertTrue("test: IS_IN_ANY_GROUP", (Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_ANY_GROUP")); - Assert.assertFalse("test: IS_NOT_IN_ANY_GROUP", (Boolean)evaluator.evaluateScript(scriptEngine, "IS_NOT_IN_ANY_GROUP")); - - Assert.assertTrue("test: UG['test-group1'].dept is 'ENGG'", (Boolean) evaluator.evaluateScript(scriptEngine, "UG['test-group1'].dept == 'ENGG'")); - Assert.assertTrue("test: UG['test-group1'].site is 10", (Boolean) evaluator.evaluateScript(scriptEngine, "UG['test-group1'].site == 10")); - Assert.assertTrue("test: UG['test-group2'].dept is 'PROD'", (Boolean) evaluator.evaluateScript(scriptEngine, "UG['test-group2'].dept == 'PROD'")); - Assert.assertTrue("test: UG['test-group2'].site is 20", (Boolean) evaluator.evaluateScript(scriptEngine, "UG['test-group2'].site == 20")); - Assert.assertTrue("test: UG['test-group3'] is null", (Boolean) evaluator.evaluateScript(scriptEngine, "UG['test-group3'] == null")); - Assert.assertTrue("test: UG['test-group1'].notExists is null", (Boolean) evaluator.evaluateScript(scriptEngine, "UG['test-group1'].notExists == null")); - - Assert.assertTrue("test: IS_IN_ROLE(test-role1)", (Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_ROLE('test-role1')")); - Assert.assertTrue("test: IS_IN_ROLE(test-role2)", (Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_ROLE('test-role2')")); - Assert.assertFalse("test: IS_IN_ROLE(notExists)", (Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_ROLE('notExists')")); - Assert.assertTrue("test: IS_IN_ANY_ROLE", (Boolean)evaluator.evaluateScript(scriptEngine, "IS_IN_ANY_ROLE")); - Assert.assertFalse("test: IS_NOT_IN_ANY_ROLE", (Boolean)evaluator.evaluateScript(scriptEngine, "IS_NOT_IN_ANY_ROLE")); - - Assert.assertTrue("test: UGA.sVal['dept'] is 'ENGG'", (Boolean)evaluator.evaluateScript(scriptEngine, "UGA.sVal['dept'] == 'ENGG'")); - Assert.assertTrue("test: UGA.sVal['site'] is 10", (Boolean) evaluator.evaluateScript(scriptEngine, "UGA.sVal['site'] == 10")); - Assert.assertTrue("test: UGA.sVal['notExists'] is null", (Boolean) evaluator.evaluateScript(scriptEngine, "UGA.sVal['notExists'] == null")); - Assert.assertTrue("test: UGA.mVal['dept'] is [\"ENGG\", \"PROD\"]", (Boolean) evaluator.evaluateScript(scriptEngine, "J(UGA.mVal['dept']) == '[\"ENGG\",\"PROD\"]'")); - Assert.assertTrue("test: UGA.mVal['site'] is [10, 20]", (Boolean) evaluator.evaluateScript(scriptEngine, "J(UGA.mVal['site']) == '[\"10\",\"20\"]'")); - Assert.assertTrue("test: UGA.mVal['notExists'] is null", (Boolean) evaluator.evaluateScript(scriptEngine, "UGA.mVal['notExists'] == null")); - Assert.assertTrue("test: UGA.mVal['dept'] has 'ENGG'", (Boolean) evaluator.evaluateScript(scriptEngine, "UGA.mVal['dept'].indexOf('ENGG') != -1")); - Assert.assertTrue("test: UGA.mVal['dept'] has 'PROD'", (Boolean) evaluator.evaluateScript(scriptEngine, "UGA.mVal['dept'].indexOf('PROD') != -1")); - Assert.assertTrue("test: UGA.mVal['dept'] doesn't have 'EXEC'", (Boolean) evaluator.evaluateScript(scriptEngine, "UGA.mVal['dept'].indexOf('EXEC') == -1")); - Assert.assertTrue("test: HAS_UG_ATTR(dept)", (Boolean)evaluator.evaluateScript(scriptEngine, "HAS_UG_ATTR('dept')")); - Assert.assertTrue("test: HAS_UG_ATTR(site)", (Boolean)evaluator.evaluateScript(scriptEngine, "HAS_UG_ATTR('site')")); - Assert.assertFalse("test: HAS_UG_ATTR(notExists)", (Boolean)evaluator.evaluateScript(scriptEngine, "HAS_UG_ATTR('notExists')")); - - Assert.assertTrue("test: REQ.accessTyp is 'select'", (Boolean) evaluator.evaluateScript(scriptEngine, "REQ.accessType == 'select'")); - Assert.assertTrue("test: REQ.action is 'query'", (Boolean) evaluator.evaluateScript(scriptEngine, "REQ.action == 'query'")); - - Assert.assertTrue("test: RES._ownerUser is 'testUser'", (Boolean) evaluator.evaluateScript(scriptEngine, "RES._ownerUser == 'testUser'")); - Assert.assertTrue("test: RES.database is 'db1'", (Boolean) evaluator.evaluateScript(scriptEngine, "RES.database == 'db1'")); - Assert.assertTrue("test: RES.table is 'tbl1'", (Boolean) evaluator.evaluateScript(scriptEngine, "RES.table == 'tbl1'")); - Assert.assertTrue("test: RES.column is 'col1'", (Boolean) evaluator.evaluateScript(scriptEngine, "RES.column == 'col1'")); - - Assert.assertTrue("test: TAG._type is 'PII'", (Boolean) evaluator.evaluateScript(scriptEngine, "TAG._type == 'PII'")); - Assert.assertTrue("test: TAG.attr1 is 'PII_value'", (Boolean) evaluator.evaluateScript(scriptEngine, "TAG.attr1 == 'PII_value'")); - Assert.assertTrue("test: TAGS.length is 2", (Boolean) evaluator.evaluateScript(scriptEngine, "Object.keys(TAGS).length == 2")); - Assert.assertEquals("test: TAG PII has attr1=PII_value", evaluator.evaluateScript(scriptEngine, "TAGS['PII'].attr1"), "PII_value"); - Assert.assertEquals("test: TAG PCI has attr1=PCI_value", evaluator.evaluateScript(scriptEngine, "TAGS['PCI'].attr1"), "PCI_value"); - Assert.assertTrue("test: TAG PII doesn't have PII.notExists", (Boolean) evaluator.evaluateScript(scriptEngine, "TAGS['PII'].notExists == undefined")); - Assert.assertTrue("test: HAS_TAG_ATTR(attr1)", (Boolean) evaluator.evaluateScript(scriptEngine, "HAS_TAG_ATTR('attr1')")); - Assert.assertFalse("test: HAS_TAG_ATTR(notExists)", (Boolean) evaluator.evaluateScript(scriptEngine, "HAS_TAG_ATTR('notExists')")); - - Assert.assertTrue("test: TAGNAMES.length is 2", (Boolean) evaluator.evaluateScript(scriptEngine, "TAGNAMES.length == 2")); - Assert.assertTrue("test: HAS_TAG(PII)", (Boolean) evaluator.evaluateScript(scriptEngine, "HAS_TAG('PII')")); - Assert.assertTrue("test: HAS_TAG(PCI)", (Boolean) evaluator.evaluateScript(scriptEngine, "HAS_TAG('PCI')")); - Assert.assertFalse("test: HAS_TAG(notExists)", (Boolean) evaluator.evaluateScript(scriptEngine, "HAS_TAG('notExists')")); - Assert.assertTrue("test: HAS_ANY_TAG", (Boolean) evaluator.evaluateScript(scriptEngine, "HAS_ANY_TAG")); - Assert.assertFalse("test: HAS_NO_TAG", (Boolean) evaluator.evaluateScript(scriptEngine, "HAS_NO_TAG")); - - Assert.assertEquals("GET_TAG_NAMES()", "PCI,PII", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES()")); - Assert.assertEquals("GET_TAG_NAMES(null)", "PCI,PII", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES(null)")); - Assert.assertEquals("GET_TAG_NAMES(null, '|')", "PCI|PII", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES(null, '|')")); - Assert.assertEquals("GET_TAG_NAMES(null, null)", "PCIPII", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES(null, null)")); - - Assert.assertEquals("GET_TAG_NAMES_Q()", "'PCI','PII'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q()")); - Assert.assertEquals("GET_TAG_NAMES_Q(null)", "'PCI','PII'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null)")); - Assert.assertEquals("GET_TAG_NAMES_Q(null, '|')", "'PCI'|'PII'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null, '|')")); - Assert.assertEquals("GET_TAG_NAMES_Q(null, null)", "'PCI''PII'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null, null)")); - Assert.assertEquals("GET_TAG_NAMES_Q(null, '|', null)", "PCI|PII", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null, '|', null)")); - Assert.assertEquals("GET_TAG_NAMES_Q(null, ',', '{', '}')", "{PCI},{PII}", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null, ',', '{', '}')")); - - Assert.assertEquals("GET_TAG_ATTR_NAMES()", "attr1", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES()")); - Assert.assertEquals("GET_TAG_ATTR_NAMES(null)", "attr1", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES(null)")); - Assert.assertEquals("GET_TAG_ATTR_NAMES(null, '|',)", "attr1", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES(null, '|')")); - Assert.assertEquals("GET_TAG_ATTR_NAMES(null, null)", "attr1", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES(null, null)")); - - Assert.assertEquals("GET_TAG_ATTR_NAMES_Q()", "'attr1'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q()")); - Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null)", "'attr1'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q(null)")); - Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, '|')", "'attr1'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q(null, '|')")); - Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, null)", "'attr1'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q(null, null)")); - Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, '|', null)", "attr1", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q(null, '|', null)")); - Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, ',', '{', '}')", "{attr1}", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_NAMES_Q(null, ',', '{', '}')")); - - Assert.assertEquals("GET_TAG_ATTR('attr1')", "PCI_value,PII_value", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('attr1')")); - Assert.assertEquals("GET_TAG_ATTR('attr1', null)", "PCI_value,PII_value", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('attr1', null)")); - Assert.assertEquals("GET_TAG_ATTR('attr1', null, '|')", "PCI_value|PII_value", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('attr1', null, '|')")); - Assert.assertEquals("GET_TAG_ATTR('attr1', null, null)", "PCI_valuePII_value", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('attr1', null, null)")); - - Assert.assertEquals("GET_TAG_ATTR_Q('attr1')", "'PCI_value','PII_value'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('attr1')")); - Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null)", "'PCI_value','PII_value'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('attr1', null)")); - Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, null)", "'PCI_value''PII_value'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('attr1', null, null)")); - Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, '|')", "'PCI_value'|'PII_value'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('attr1', null, '|')")); - Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, ',', null)", "PCI_value,PII_value", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('attr1', null, ',', null)")); - Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, ',', '{', '}')", "{PCI_value},{PII_value}", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('attr1', null, ',', '{', '}')")); - - Assert.assertEquals("GET_UG_NAMES()", "test-group1,test-group2", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES()")); - Assert.assertEquals("GET_UG_NAMES(null)", "test-group1,test-group2", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES(null)")); - Assert.assertEquals("GET_UG_NAMES(null, '|')", "test-group1|test-group2", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES(null, '|')")); - Assert.assertEquals("GET_UG_NAMES(null, null)", "test-group1test-group2", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES(null, null)")); - - Assert.assertEquals("GET_UG_NAMES_Q()", "'test-group1','test-group2'", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q()")); - Assert.assertEquals("GET_UG_NAMES_Q(null)", "'test-group1','test-group2'", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q(null)")); - Assert.assertEquals("GET_UG_NAMES_Q(null, null)", "'test-group1''test-group2'", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q(null, null)")); - Assert.assertEquals("GET_UG_NAMES_Q(null, '|')", "'test-group1'|'test-group2'", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q(null, '|')")); - Assert.assertEquals("GET_UG_NAMES_Q(null, ',', null)", "test-group1,test-group2", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q(null, ',', null)")); - Assert.assertEquals("GET_UG_NAMES_Q(null, ',', '{', '}')", "{test-group1},{test-group2}", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q(null, ',', '{', '}')")); - - Assert.assertEquals("GET_UG_ATTR_NAMES()", "dept,site", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES()")); - Assert.assertEquals("GET_UG_ATTR_NAMES(null)", "dept,site", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES(null)")); - Assert.assertEquals("GET_UG_ATTR_NAMES(null, '|')", "dept|site", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES(null, '|')")); - Assert.assertEquals("GET_UG_ATTR_NAMES(null, null)", "deptsite", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES(null, null)")); - - Assert.assertEquals("GET_UG_ATTR_NAMES_Q()", "'dept','site'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES_Q()")); - Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null)", "'dept','site'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES_Q(null)")); - Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, null)", "'dept''site'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES_Q(null, null)")); - Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, '|')", "'dept'|'site'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES_Q(null, '|')")); - Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, ',', null)", "dept,site", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES_Q(null, ',', null)")); - Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, ',', '{', '}')", "{dept},{site}", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_NAMES_Q(null, ',', '{', '}')")); - - Assert.assertEquals("GET_UG_ATTR('dept')", "ENGG,PROD", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('dept')")); - Assert.assertEquals("GET_UG_ATTR('dept', null)", "ENGG,PROD", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('dept', null)")); - Assert.assertEquals("GET_UG_ATTR('dept', null, '|')", "ENGG|PROD", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('dept', null, '|')")); - Assert.assertEquals("GET_UG_ATTR('dept', null, null)", "ENGGPROD", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('dept', null, null)")); - - Assert.assertEquals("GET_UG_ATTR_Q('dept')", "'ENGG','PROD'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept')")); - Assert.assertEquals("GET_UG_ATTR_Q('dept', null)", "'ENGG','PROD'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept', null)")); - Assert.assertEquals("GET_UG_ATTR_Q('dept', null, null)", "'ENGG''PROD'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept', null, null)")); - Assert.assertEquals("GET_UG_ATTR_Q('dept', null, '|')", "'ENGG'|'PROD'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept', null, '|')")); - Assert.assertEquals("GET_UG_ATTR_Q('dept', null, ',', null)", "ENGG,PROD", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept', null, ',', null)")); - Assert.assertEquals("GET_UG_ATTR_Q('dept', null, ',', '{', '}')", "{ENGG},{PROD}", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('dept', null, ',', '{', '}')")); - - Assert.assertEquals("GET_UG_ATTR('site')", "10,20", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('site')")); - Assert.assertEquals("GET_UG_ATTR('site', null)", "10,20", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('site', null)")); - Assert.assertEquals("GET_UG_ATTR('site', null, '|')", "10|20", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('site', null, '|')")); - Assert.assertEquals("GET_UG_ATTR('site', null, null)", "1020", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('site', null, null)")); - - Assert.assertEquals("GET_UG_ATTR_Q('site')", "'10','20'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site')")); - Assert.assertEquals("GET_UG_ATTR_Q('site', null)", "'10','20'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site', null)")); - Assert.assertEquals("GET_UG_ATTR_Q('site', null, null)", "'10''20'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site', null, null)")); - Assert.assertEquals("GET_UG_ATTR_Q('site', null, '|')", "'10'|'20'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site', null, '|')")); - Assert.assertEquals("GET_UG_ATTR_Q('site', null, ',', null)", "10,20", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site', null, ',', null)")); - Assert.assertEquals("GET_UG_ATTR_Q('site', null, ',', '{', '}')", "{10},{20}", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('site', null, ',', '{', '}')")); - - Assert.assertEquals("GET_UR_NAMES()", "test-role1,test-role2", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES()")); - Assert.assertEquals("GET_UR_NAMES(null)", "test-role1,test-role2", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES(null)")); - Assert.assertEquals("GET_UR_NAMES(null, '|')", "test-role1|test-role2", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES(null, '|')")); - Assert.assertEquals("GET_UR_NAMES(null, null)", "test-role1test-role2", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES(null, null)")); - - Assert.assertEquals("GET_UR_NAMES_Q()", "'test-role1','test-role2'", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q()")); - Assert.assertEquals("GET_UR_NAMES_Q(null)", "'test-role1','test-role2'", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q(null)")); - Assert.assertEquals("GET_UR_NAMES_Q(null, null)", "'test-role1''test-role2'", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q(null, null)")); - Assert.assertEquals("GET_UR_NAMES_Q(null, '|')", "'test-role1'|'test-role2'", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q(null, '|')")); - Assert.assertEquals("GET_UR_NAMES_Q(null, ',', null)", "test-role1,test-role2", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q(null, ',', null)")); - Assert.assertEquals("GET_UR_NAMES_Q(null, ',', '{', '}')", "{test-role1},{test-role2}", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q(null, ',', '{', '}')")); - - Assert.assertEquals("GET_USER_ATTR_NAMES()", "state", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES()")); - Assert.assertEquals("GET_USER_ATTR_NAMES(null)", "state", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES(null)")); - Assert.assertEquals("GET_USER_ATTR_NAMES(null, '|')", "state", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES(null, '|')")); - Assert.assertEquals("GET_USER_ATTR_NAMES(null, null)", "state", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES(null, null)")); - - Assert.assertEquals("GET_USER_ATTR_NAMES_Q()", "'state'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q()")); - Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null)", "'state'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q(null)")); - Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, null)", "'state'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q(null, null)")); - Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, '|')", "'state'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q(null, '|')")); - Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, ',', null)", "state", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q(null, ',', null)")); - Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, ',', '{', '}')", "{state}", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_NAMES_Q(null, ',', '{', '}')")); - - Assert.assertEquals("GET_USER_ATTR('state')", "CA", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('state')")); - Assert.assertEquals("GET_USER_ATTR('state', null)", "CA", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('state', null)")); - Assert.assertEquals("GET_USER_ATTR('state', null, '|')", "CA", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('state', null, '|')")); - Assert.assertEquals("GET_USER_ATTR('state', null, null)", "CA", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('state', null, null)")); - - Assert.assertEquals("GET_USER_ATTR_Q('state')", "'CA'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state')")); - Assert.assertEquals("GET_USER_ATTR_Q('state', null)", "'CA'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state', null)")); - Assert.assertEquals("GET_USER_ATTR_Q('state', null, null)", "'CA'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state', null, null)")); - Assert.assertEquals("GET_USER_ATTR_Q('state', null, '|')", "'CA'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state', null, '|')")); - Assert.assertEquals("GET_USER_ATTR_Q('state', null, ',', null)", "CA", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state', null, ',', null)")); - Assert.assertEquals("GET_USER_ATTR_Q('state', null, ',', '{', '}')", "{CA}", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('state', null, ',', '{', '}')")); + RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request, scriptEngine); + + Assert.assertEquals("test: UG_NAMES_CSV", "test-group1,test-group2", evaluator.evaluateScript("UG_NAMES_CSV")); + Assert.assertEquals("test: UR_NAMES_CSV", "test-role1,test-role2", evaluator.evaluateScript("UR_NAMES_CSV")); + Assert.assertEquals("test: TAG_NAMES_CSV", "PCI,PII", evaluator.evaluateScript("TAG_NAMES_CSV")); + Assert.assertEquals("test: USER_ATTR_NAMES_CSV", "state", evaluator.evaluateScript("USER_ATTR_NAMES_CSV")); + Assert.assertEquals("test: UG_ATTR_NAMES_CSV", "dept,site", evaluator.evaluateScript("UG_ATTR_NAMES_CSV")); + Assert.assertEquals("test: TAG_ATTR_NAMES_CSV", "attr1", evaluator.evaluateScript("TAG_ATTR_NAMES_CSV")); + Assert.assertEquals("test: GET_UG_ATTR_CSV('dept')", "ENGG,PROD", evaluator.evaluateScript("GET_UG_ATTR_CSV('dept')")); + Assert.assertEquals("test: GET_UG_ATTR_CSV('site')", "10,20", evaluator.evaluateScript("GET_UG_ATTR_CSV('site')")); + Assert.assertEquals("test: GET_TAG_ATTR_CSV('attr1')", "PCI_value,PII_value", evaluator.evaluateScript("GET_TAG_ATTR_CSV('attr1')")); + + Assert.assertEquals("test: UG_NAMES_Q_CSV", "'test-group1','test-group2'", evaluator.evaluateScript("UG_NAMES_Q_CSV")); + Assert.assertEquals("test: UR_NAMES_Q_CSV", "'test-role1','test-role2'", evaluator.evaluateScript("UR_NAMES_Q_CSV")); + Assert.assertEquals("test: TAG_NAMES_Q_CSV", "'PCI','PII'", evaluator.evaluateScript("TAG_NAMES_Q_CSV")); + Assert.assertEquals("test: USER_ATTR_NAMES_Q_CSV", "'state'", evaluator.evaluateScript("USER_ATTR_NAMES_Q_CSV")); + Assert.assertEquals("test: UG_ATTR_NAMES_Q_CSV", "'dept','site'", evaluator.evaluateScript("UG_ATTR_NAMES_Q_CSV")); + Assert.assertEquals("test: TAG_ATTR_NAMES_Q_CSV", "'attr1'", evaluator.evaluateScript("TAG_ATTR_NAMES_Q_CSV")); + Assert.assertEquals("test: GET_UG_ATTR_Q_CSV('dept')", "'ENGG','PROD'", evaluator.evaluateScript("GET_UG_ATTR_Q_CSV('dept')")); + Assert.assertEquals("test: GET_UG_ATTR_Q_CSV('site')", "'10','20'", evaluator.evaluateScript("GET_UG_ATTR_Q_CSV('site')")); + Assert.assertEquals("test: GET_TAG_ATTR_Q_CSV('attr1')", "'PCI_value','PII_value'", evaluator.evaluateScript("GET_TAG_ATTR_Q_CSV('attr1')")); + + Assert.assertTrue("test: USER._name is 'test-user'", (Boolean) evaluator.evaluateScript("USER._name == 'test-user'")); + Assert.assertTrue("test: HAS_USER_ATTR(state)", (Boolean)evaluator.evaluateScript("HAS_USER_ATTR('state')")); + Assert.assertFalse("test: HAS_USER_ATTR(notExists)", (Boolean)evaluator.evaluateScript("HAS_USER_ATTR('notExists')")); + Assert.assertTrue("test: USER['state'] is 'CA'", (Boolean) evaluator.evaluateScript("USER['state'] == 'CA'")); + Assert.assertTrue("test: USER.state is 'CA'", (Boolean) evaluator.evaluateScript("USER.state == 'CA'")); + + Assert.assertTrue("test: IS_IN_GROUP(test-group1)", (Boolean)evaluator.evaluateScript("IS_IN_GROUP('test-group1')")); + Assert.assertTrue("test: IS_IN_GROUP(test-group2)", (Boolean)evaluator.evaluateScript("IS_IN_GROUP('test-group2')")); + Assert.assertFalse("test: IS_IN_GROUP(notExists)", (Boolean)evaluator.evaluateScript("IS_IN_GROUP('notExists')")); + Assert.assertTrue("test: IS_IN_ANY_GROUP", (Boolean)evaluator.evaluateScript("IS_IN_ANY_GROUP")); + Assert.assertFalse("test: IS_NOT_IN_ANY_GROUP", (Boolean)evaluator.evaluateScript("IS_NOT_IN_ANY_GROUP")); + + Assert.assertTrue("test: UG['test-group1'].dept is 'ENGG'", (Boolean) evaluator.evaluateScript("UG['test-group1'].dept == 'ENGG'")); + Assert.assertTrue("test: UG['test-group1'].site is 10", (Boolean) evaluator.evaluateScript("UG['test-group1'].site == 10")); + Assert.assertTrue("test: UG['test-group2'].dept is 'PROD'", (Boolean) evaluator.evaluateScript("UG['test-group2'].dept == 'PROD'")); + Assert.assertTrue("test: UG['test-group2'].site is 20", (Boolean) evaluator.evaluateScript("UG['test-group2'].site == 20")); + Assert.assertTrue("test: UG['test-group3'] is null", (Boolean) evaluator.evaluateScript("UG['test-group3'] == null")); + Assert.assertTrue("test: UG['test-group1'].notExists is null", (Boolean) evaluator.evaluateScript("UG['test-group1'].notExists == null")); + + Assert.assertTrue("test: IS_IN_ROLE(test-role1)", (Boolean)evaluator.evaluateScript("IS_IN_ROLE('test-role1')")); + Assert.assertTrue("test: IS_IN_ROLE(test-role2)", (Boolean)evaluator.evaluateScript("IS_IN_ROLE('test-role2')")); + Assert.assertFalse("test: IS_IN_ROLE(notExists)", (Boolean)evaluator.evaluateScript("IS_IN_ROLE('notExists')")); + Assert.assertTrue("test: IS_IN_ANY_ROLE", (Boolean)evaluator.evaluateScript("IS_IN_ANY_ROLE")); + Assert.assertFalse("test: IS_NOT_IN_ANY_ROLE", (Boolean)evaluator.evaluateScript("IS_NOT_IN_ANY_ROLE")); + + Assert.assertTrue("test: UGA.sVal['dept'] is 'ENGG'", (Boolean)evaluator.evaluateScript("UGA.sVal['dept'] == 'ENGG'")); + Assert.assertTrue("test: UGA.sVal['site'] is 10", (Boolean) evaluator.evaluateScript("UGA.sVal['site'] == 10")); + Assert.assertTrue("test: UGA.sVal['notExists'] is null", (Boolean) evaluator.evaluateScript("UGA.sVal['notExists'] == null")); + Assert.assertTrue("test: UGA.mVal['dept'] is [\"ENGG\", \"PROD\"]", (Boolean) evaluator.evaluateScript("J(UGA.mVal['dept']) == '[\"ENGG\",\"PROD\"]'")); + Assert.assertTrue("test: UGA.mVal['site'] is [10, 20]", (Boolean) evaluator.evaluateScript("J(UGA.mVal['site']) == '[\"10\",\"20\"]'")); + Assert.assertTrue("test: UGA.mVal['notExists'] is null", (Boolean) evaluator.evaluateScript("UGA.mVal['notExists'] == null")); + Assert.assertTrue("test: UGA.mVal['dept'] has 'ENGG'", (Boolean) evaluator.evaluateScript("UGA.mVal['dept'].indexOf('ENGG') != -1")); + Assert.assertTrue("test: UGA.mVal['dept'] has 'PROD'", (Boolean) evaluator.evaluateScript("UGA.mVal['dept'].indexOf('PROD') != -1")); + Assert.assertTrue("test: UGA.mVal['dept'] doesn't have 'EXEC'", (Boolean) evaluator.evaluateScript("UGA.mVal['dept'].indexOf('EXEC') == -1")); + Assert.assertTrue("test: HAS_UG_ATTR(dept)", (Boolean)evaluator.evaluateScript("HAS_UG_ATTR('dept')")); + Assert.assertTrue("test: HAS_UG_ATTR(site)", (Boolean)evaluator.evaluateScript("HAS_UG_ATTR('site')")); + Assert.assertFalse("test: HAS_UG_ATTR(notExists)", (Boolean)evaluator.evaluateScript("HAS_UG_ATTR('notExists')")); + + Assert.assertTrue("test: REQ.accessTyp is 'select'", (Boolean) evaluator.evaluateScript("REQ.accessType == 'select'")); + Assert.assertTrue("test: REQ.action is 'query'", (Boolean) evaluator.evaluateScript("REQ.action == 'query'")); + + Assert.assertTrue("test: RES._ownerUser is 'testUser'", (Boolean) evaluator.evaluateScript("RES._ownerUser == 'testUser'")); + Assert.assertTrue("test: RES.database is 'db1'", (Boolean) evaluator.evaluateScript("RES.database == 'db1'")); + Assert.assertTrue("test: RES.table is 'tbl1'", (Boolean) evaluator.evaluateScript("RES.table == 'tbl1'")); + Assert.assertTrue("test: RES.column is 'col1'", (Boolean) evaluator.evaluateScript("RES.column == 'col1'")); + + Assert.assertTrue("test: TAG._type is 'PII'", (Boolean) evaluator.evaluateScript("TAG._type == 'PII'")); + Assert.assertTrue("test: TAG.attr1 is 'PII_value'", (Boolean) evaluator.evaluateScript("TAG.attr1 == 'PII_value'")); + Assert.assertTrue("test: TAGS.length is 2", (Boolean) evaluator.evaluateScript("Object.keys(TAGS).length == 2")); + Assert.assertEquals("test: TAG PII has attr1=PII_value", evaluator.evaluateScript("TAGS['PII'].attr1"), "PII_value"); + Assert.assertEquals("test: TAG PCI has attr1=PCI_value", evaluator.evaluateScript("TAGS['PCI'].attr1"), "PCI_value"); + Assert.assertTrue("test: TAG PII doesn't have PII.notExists", (Boolean) evaluator.evaluateScript("TAGS['PII'].notExists == undefined")); + Assert.assertTrue("test: HAS_TAG_ATTR(attr1)", (Boolean) evaluator.evaluateScript("HAS_TAG_ATTR('attr1')")); + Assert.assertFalse("test: HAS_TAG_ATTR(notExists)", (Boolean) evaluator.evaluateScript("HAS_TAG_ATTR('notExists')")); + + Assert.assertTrue("test: TAGNAMES.length is 2", (Boolean) evaluator.evaluateScript("TAGNAMES.length == 2")); + Assert.assertTrue("test: HAS_TAG(PII)", (Boolean) evaluator.evaluateScript("HAS_TAG('PII')")); + Assert.assertTrue("test: HAS_TAG(PCI)", (Boolean) evaluator.evaluateScript("HAS_TAG('PCI')")); + Assert.assertFalse("test: HAS_TAG(notExists)", (Boolean) evaluator.evaluateScript("HAS_TAG('notExists')")); + Assert.assertTrue("test: HAS_ANY_TAG", (Boolean) evaluator.evaluateScript("HAS_ANY_TAG")); + Assert.assertFalse("test: HAS_NO_TAG", (Boolean) evaluator.evaluateScript("HAS_NO_TAG")); + + Assert.assertEquals("GET_TAG_NAMES()", "PCI,PII", evaluator.evaluateScript("GET_TAG_NAMES()")); + Assert.assertEquals("GET_TAG_NAMES(null)", "PCI,PII", evaluator.evaluateScript("GET_TAG_NAMES(null)")); + Assert.assertEquals("GET_TAG_NAMES(null, '|')", "PCI|PII", evaluator.evaluateScript("GET_TAG_NAMES(null, '|')")); + Assert.assertEquals("GET_TAG_NAMES(null, null)", "PCIPII", evaluator.evaluateScript("GET_TAG_NAMES(null, null)")); + + Assert.assertEquals("GET_TAG_NAMES_Q()", "'PCI','PII'", evaluator.evaluateScript("GET_TAG_NAMES_Q()")); + Assert.assertEquals("GET_TAG_NAMES_Q(null)", "'PCI','PII'", evaluator.evaluateScript("GET_TAG_NAMES_Q(null)")); + Assert.assertEquals("GET_TAG_NAMES_Q(null, '|')", "'PCI'|'PII'", evaluator.evaluateScript("GET_TAG_NAMES_Q(null, '|')")); + Assert.assertEquals("GET_TAG_NAMES_Q(null, null)", "'PCI''PII'", evaluator.evaluateScript("GET_TAG_NAMES_Q(null, null)")); + Assert.assertEquals("GET_TAG_NAMES_Q(null, '|', null)", "PCI|PII", evaluator.evaluateScript("GET_TAG_NAMES_Q(null, '|', null)")); + Assert.assertEquals("GET_TAG_NAMES_Q(null, ',', '{', '}')", "{PCI},{PII}", evaluator.evaluateScript("GET_TAG_NAMES_Q(null, ',', '{', '}')")); + + Assert.assertEquals("GET_TAG_ATTR_NAMES()", "attr1", evaluator.evaluateScript("GET_TAG_ATTR_NAMES()")); + Assert.assertEquals("GET_TAG_ATTR_NAMES(null)", "attr1", evaluator.evaluateScript("GET_TAG_ATTR_NAMES(null)")); + Assert.assertEquals("GET_TAG_ATTR_NAMES(null, '|',)", "attr1", evaluator.evaluateScript("GET_TAG_ATTR_NAMES(null, '|')")); + Assert.assertEquals("GET_TAG_ATTR_NAMES(null, null)", "attr1", evaluator.evaluateScript("GET_TAG_ATTR_NAMES(null, null)")); + + Assert.assertEquals("GET_TAG_ATTR_NAMES_Q()", "'attr1'", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q()")); + Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null)", "'attr1'", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q(null)")); + Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, '|')", "'attr1'", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q(null, '|')")); + Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, null)", "'attr1'", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q(null, null)")); + Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, '|', null)", "attr1", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q(null, '|', null)")); + Assert.assertEquals("GET_TAG_ATTR_NAMES_Q(null, ',', '{', '}')", "{attr1}", evaluator.evaluateScript("GET_TAG_ATTR_NAMES_Q(null, ',', '{', '}')")); + + Assert.assertEquals("GET_TAG_ATTR('attr1')", "PCI_value,PII_value", evaluator.evaluateScript("GET_TAG_ATTR('attr1')")); + Assert.assertEquals("GET_TAG_ATTR('attr1', null)", "PCI_value,PII_value", evaluator.evaluateScript("GET_TAG_ATTR('attr1', null)")); + Assert.assertEquals("GET_TAG_ATTR('attr1', null, '|')", "PCI_value|PII_value", evaluator.evaluateScript("GET_TAG_ATTR('attr1', null, '|')")); + Assert.assertEquals("GET_TAG_ATTR('attr1', null, null)", "PCI_valuePII_value", evaluator.evaluateScript("GET_TAG_ATTR('attr1', null, null)")); + + Assert.assertEquals("GET_TAG_ATTR_Q('attr1')", "'PCI_value','PII_value'", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1')")); + Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null)", "'PCI_value','PII_value'", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1', null)")); + Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, null)", "'PCI_value''PII_value'", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1', null, null)")); + Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, '|')", "'PCI_value'|'PII_value'", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1', null, '|')")); + Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, ',', null)", "PCI_value,PII_value", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1', null, ',', null)")); + Assert.assertEquals("GET_TAG_ATTR_Q('attr1', null, ',', '{', '}')", "{PCI_value},{PII_value}", evaluator.evaluateScript("GET_TAG_ATTR_Q('attr1', null, ',', '{', '}')")); + + Assert.assertEquals("GET_UG_NAMES()", "test-group1,test-group2", evaluator.evaluateScript("GET_UG_NAMES()")); + Assert.assertEquals("GET_UG_NAMES(null)", "test-group1,test-group2", evaluator.evaluateScript("GET_UG_NAMES(null)")); + Assert.assertEquals("GET_UG_NAMES(null, '|')", "test-group1|test-group2", evaluator.evaluateScript("GET_UG_NAMES(null, '|')")); + Assert.assertEquals("GET_UG_NAMES(null, null)", "test-group1test-group2", evaluator.evaluateScript("GET_UG_NAMES(null, null)")); + + Assert.assertEquals("GET_UG_NAMES_Q()", "'test-group1','test-group2'", evaluator.evaluateScript("GET_UG_NAMES_Q()")); + Assert.assertEquals("GET_UG_NAMES_Q(null)", "'test-group1','test-group2'", evaluator.evaluateScript("GET_UG_NAMES_Q(null)")); + Assert.assertEquals("GET_UG_NAMES_Q(null, null)", "'test-group1''test-group2'", evaluator.evaluateScript("GET_UG_NAMES_Q(null, null)")); + Assert.assertEquals("GET_UG_NAMES_Q(null, '|')", "'test-group1'|'test-group2'", evaluator.evaluateScript("GET_UG_NAMES_Q(null, '|')")); + Assert.assertEquals("GET_UG_NAMES_Q(null, ',', null)", "test-group1,test-group2", evaluator.evaluateScript("GET_UG_NAMES_Q(null, ',', null)")); + Assert.assertEquals("GET_UG_NAMES_Q(null, ',', '{', '}')", "{test-group1},{test-group2}", evaluator.evaluateScript("GET_UG_NAMES_Q(null, ',', '{', '}')")); + + Assert.assertEquals("GET_UG_ATTR_NAMES()", "dept,site", evaluator.evaluateScript("GET_UG_ATTR_NAMES()")); + Assert.assertEquals("GET_UG_ATTR_NAMES(null)", "dept,site", evaluator.evaluateScript("GET_UG_ATTR_NAMES(null)")); + Assert.assertEquals("GET_UG_ATTR_NAMES(null, '|')", "dept|site", evaluator.evaluateScript("GET_UG_ATTR_NAMES(null, '|')")); + Assert.assertEquals("GET_UG_ATTR_NAMES(null, null)", "deptsite", evaluator.evaluateScript("GET_UG_ATTR_NAMES(null, null)")); + + Assert.assertEquals("GET_UG_ATTR_NAMES_Q()", "'dept','site'", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q()")); + Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null)", "'dept','site'", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q(null)")); + Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, null)", "'dept''site'", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q(null, null)")); + Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, '|')", "'dept'|'site'", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q(null, '|')")); + Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, ',', null)", "dept,site", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q(null, ',', null)")); + Assert.assertEquals("GET_UG_ATTR_NAMES_Q(null, ',', '{', '}')", "{dept},{site}", evaluator.evaluateScript("GET_UG_ATTR_NAMES_Q(null, ',', '{', '}')")); + + Assert.assertEquals("GET_UG_ATTR('dept')", "ENGG,PROD", evaluator.evaluateScript("GET_UG_ATTR('dept')")); + Assert.assertEquals("GET_UG_ATTR('dept', null)", "ENGG,PROD", evaluator.evaluateScript("GET_UG_ATTR('dept', null)")); + Assert.assertEquals("GET_UG_ATTR('dept', null, '|')", "ENGG|PROD", evaluator.evaluateScript("GET_UG_ATTR('dept', null, '|')")); + Assert.assertEquals("GET_UG_ATTR('dept', null, null)", "ENGGPROD", evaluator.evaluateScript("GET_UG_ATTR('dept', null, null)")); + + Assert.assertEquals("GET_UG_ATTR_Q('dept')", "'ENGG','PROD'", evaluator.evaluateScript("GET_UG_ATTR_Q('dept')")); + Assert.assertEquals("GET_UG_ATTR_Q('dept', null)", "'ENGG','PROD'", evaluator.evaluateScript("GET_UG_ATTR_Q('dept', null)")); + Assert.assertEquals("GET_UG_ATTR_Q('dept', null, null)", "'ENGG''PROD'", evaluator.evaluateScript("GET_UG_ATTR_Q('dept', null, null)")); + Assert.assertEquals("GET_UG_ATTR_Q('dept', null, '|')", "'ENGG'|'PROD'", evaluator.evaluateScript("GET_UG_ATTR_Q('dept', null, '|')")); + Assert.assertEquals("GET_UG_ATTR_Q('dept', null, ',', null)", "ENGG,PROD", evaluator.evaluateScript("GET_UG_ATTR_Q('dept', null, ',', null)")); + Assert.assertEquals("GET_UG_ATTR_Q('dept', null, ',', '{', '}')", "{ENGG},{PROD}", evaluator.evaluateScript("GET_UG_ATTR_Q('dept', null, ',', '{', '}')")); + + Assert.assertEquals("GET_UG_ATTR('site')", "10,20", evaluator.evaluateScript("GET_UG_ATTR('site')")); + Assert.assertEquals("GET_UG_ATTR('site', null)", "10,20", evaluator.evaluateScript("GET_UG_ATTR('site', null)")); + Assert.assertEquals("GET_UG_ATTR('site', null, '|')", "10|20", evaluator.evaluateScript("GET_UG_ATTR('site', null, '|')")); + Assert.assertEquals("GET_UG_ATTR('site', null, null)", "1020", evaluator.evaluateScript("GET_UG_ATTR('site', null, null)")); + + Assert.assertEquals("GET_UG_ATTR_Q('site')", "'10','20'", evaluator.evaluateScript("GET_UG_ATTR_Q('site')")); + Assert.assertEquals("GET_UG_ATTR_Q('site', null)", "'10','20'", evaluator.evaluateScript("GET_UG_ATTR_Q('site', null)")); + Assert.assertEquals("GET_UG_ATTR_Q('site', null, null)", "'10''20'", evaluator.evaluateScript("GET_UG_ATTR_Q('site', null, null)")); + Assert.assertEquals("GET_UG_ATTR_Q('site', null, '|')", "'10'|'20'", evaluator.evaluateScript("GET_UG_ATTR_Q('site', null, '|')")); + Assert.assertEquals("GET_UG_ATTR_Q('site', null, ',', null)", "10,20", evaluator.evaluateScript("GET_UG_ATTR_Q('site', null, ',', null)")); + Assert.assertEquals("GET_UG_ATTR_Q('site', null, ',', '{', '}')", "{10},{20}", evaluator.evaluateScript("GET_UG_ATTR_Q('site', null, ',', '{', '}')")); + + Assert.assertEquals("GET_UR_NAMES()", "test-role1,test-role2", evaluator.evaluateScript("GET_UR_NAMES()")); + Assert.assertEquals("GET_UR_NAMES(null)", "test-role1,test-role2", evaluator.evaluateScript("GET_UR_NAMES(null)")); + Assert.assertEquals("GET_UR_NAMES(null, '|')", "test-role1|test-role2", evaluator.evaluateScript("GET_UR_NAMES(null, '|')")); + Assert.assertEquals("GET_UR_NAMES(null, null)", "test-role1test-role2", evaluator.evaluateScript("GET_UR_NAMES(null, null)")); + + Assert.assertEquals("GET_UR_NAMES_Q()", "'test-role1','test-role2'", evaluator.evaluateScript("GET_UR_NAMES_Q()")); + Assert.assertEquals("GET_UR_NAMES_Q(null)", "'test-role1','test-role2'", evaluator.evaluateScript("GET_UR_NAMES_Q(null)")); + Assert.assertEquals("GET_UR_NAMES_Q(null, null)", "'test-role1''test-role2'", evaluator.evaluateScript("GET_UR_NAMES_Q(null, null)")); + Assert.assertEquals("GET_UR_NAMES_Q(null, '|')", "'test-role1'|'test-role2'", evaluator.evaluateScript("GET_UR_NAMES_Q(null, '|')")); + Assert.assertEquals("GET_UR_NAMES_Q(null, ',', null)", "test-role1,test-role2", evaluator.evaluateScript("GET_UR_NAMES_Q(null, ',', null)")); + Assert.assertEquals("GET_UR_NAMES_Q(null, ',', '{', '}')", "{test-role1},{test-role2}", evaluator.evaluateScript("GET_UR_NAMES_Q(null, ',', '{', '}')")); + + Assert.assertEquals("GET_USER_ATTR_NAMES()", "state", evaluator.evaluateScript("GET_USER_ATTR_NAMES()")); + Assert.assertEquals("GET_USER_ATTR_NAMES(null)", "state", evaluator.evaluateScript("GET_USER_ATTR_NAMES(null)")); + Assert.assertEquals("GET_USER_ATTR_NAMES(null, '|')", "state", evaluator.evaluateScript("GET_USER_ATTR_NAMES(null, '|')")); + Assert.assertEquals("GET_USER_ATTR_NAMES(null, null)", "state", evaluator.evaluateScript("GET_USER_ATTR_NAMES(null, null)")); + + Assert.assertEquals("GET_USER_ATTR_NAMES_Q()", "'state'", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q()")); + Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null)", "'state'", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q(null)")); + Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, null)", "'state'", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q(null, null)")); + Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, '|')", "'state'", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q(null, '|')")); + Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, ',', null)", "state", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q(null, ',', null)")); + Assert.assertEquals("GET_USER_ATTR_NAMES_Q(null, ',', '{', '}')", "{state}", evaluator.evaluateScript("GET_USER_ATTR_NAMES_Q(null, ',', '{', '}')")); + + Assert.assertEquals("GET_USER_ATTR('state')", "CA", evaluator.evaluateScript("GET_USER_ATTR('state')")); + Assert.assertEquals("GET_USER_ATTR('state', null)", "CA", evaluator.evaluateScript("GET_USER_ATTR('state', null)")); + Assert.assertEquals("GET_USER_ATTR('state', null, '|')", "CA", evaluator.evaluateScript("GET_USER_ATTR('state', null, '|')")); + Assert.assertEquals("GET_USER_ATTR('state', null, null)", "CA", evaluator.evaluateScript("GET_USER_ATTR('state', null, null)")); + + Assert.assertEquals("GET_USER_ATTR_Q('state')", "'CA'", evaluator.evaluateScript("GET_USER_ATTR_Q('state')")); + Assert.assertEquals("GET_USER_ATTR_Q('state', null)", "'CA'", evaluator.evaluateScript("GET_USER_ATTR_Q('state', null)")); + Assert.assertEquals("GET_USER_ATTR_Q('state', null, null)", "'CA'", evaluator.evaluateScript("GET_USER_ATTR_Q('state', null, null)")); + Assert.assertEquals("GET_USER_ATTR_Q('state', null, '|')", "'CA'", evaluator.evaluateScript("GET_USER_ATTR_Q('state', null, '|')")); + Assert.assertEquals("GET_USER_ATTR_Q('state', null, ',', null)", "CA", evaluator.evaluateScript("GET_USER_ATTR_Q('state', null, ',', null)")); + Assert.assertEquals("GET_USER_ATTR_Q('state', null, ',', '{', '}')", "{CA}", evaluator.evaluateScript("GET_USER_ATTR_Q('state', null, ',', '{', '}')")); } @Test public void testNonExistentValues() { RangerAccessRequest request = createRequest("test-user", Collections.emptySet(), Collections.emptySet(), Collections.emptyList()); - RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request); + RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request, scriptEngine); // empty TAG names - Assert.assertEquals("GET_TAG_NAMES()", "", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES()")); - Assert.assertEquals("GET_TAG_NAMES(null)", "", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES(null)")); - Assert.assertEquals("GET_TAG_NAMES('empty')", "empty", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES('empty')")); - Assert.assertEquals("GET_TAG_NAMES('empty', '|')", "empty", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES('empty', '|')")); - Assert.assertEquals("GET_TAG_NAMES('empty', null)", "empty", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES('empty', null)")); + Assert.assertEquals("GET_TAG_NAMES()", "", evaluator.evaluateScript("GET_TAG_NAMES()")); + Assert.assertEquals("GET_TAG_NAMES(null)", "", evaluator.evaluateScript("GET_TAG_NAMES(null)")); + Assert.assertEquals("GET_TAG_NAMES('empty')", "empty", evaluator.evaluateScript("GET_TAG_NAMES('empty')")); + Assert.assertEquals("GET_TAG_NAMES('empty', '|')", "empty", evaluator.evaluateScript("GET_TAG_NAMES('empty', '|')")); + Assert.assertEquals("GET_TAG_NAMES('empty', null)", "empty", evaluator.evaluateScript("GET_TAG_NAMES('empty', null)")); // empty TAG names - Assert.assertEquals("GET_TAG_NAMES_Q()", "", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q()")); - Assert.assertEquals("GET_TAG_NAMES_Q(null)", "", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q(null)")); - Assert.assertEquals("GET_TAG_NAMES_Q('empty')", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q('empty')")); - Assert.assertEquals("GET_TAG_NAMES_Q('empty', ',')", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q('empty', ',')")); - Assert.assertEquals("GET_TAG_NAMES_Q('empty', '|', null)", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q('empty', '|')")); - Assert.assertEquals("GET_TAG_NAMES_Q('empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript(scriptEngine, "GET_TAG_NAMES_Q('empty', ',', '{', '}')")); + Assert.assertEquals("GET_TAG_NAMES_Q()", "", evaluator.evaluateScript("GET_TAG_NAMES_Q()")); + Assert.assertEquals("GET_TAG_NAMES_Q(null)", "", evaluator.evaluateScript("GET_TAG_NAMES_Q(null)")); + Assert.assertEquals("GET_TAG_NAMES_Q('empty')", "'empty'", evaluator.evaluateScript("GET_TAG_NAMES_Q('empty')")); + Assert.assertEquals("GET_TAG_NAMES_Q('empty', ',')", "'empty'", evaluator.evaluateScript("GET_TAG_NAMES_Q('empty', ',')")); + Assert.assertEquals("GET_TAG_NAMES_Q('empty', '|', null)", "'empty'", evaluator.evaluateScript("GET_TAG_NAMES_Q('empty', '|')")); + Assert.assertEquals("GET_TAG_NAMES_Q('empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript("GET_TAG_NAMES_Q('empty', ',', '{', '}')")); // empty UG names - Assert.assertEquals("GET_UG_NAMES()", "", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES()")); - Assert.assertEquals("GET_UG_NAMES(null)", "", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES(null)")); - Assert.assertEquals("GET_UG_NAMES('empty')", "empty", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES('empty')")); - Assert.assertEquals("GET_UG_NAMES('empty', '|')", "empty", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES('empty', '|')")); - Assert.assertEquals("GET_UG_NAMES('empty', null)", "empty", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES('empty', null)")); + Assert.assertEquals("GET_UG_NAMES()", "", evaluator.evaluateScript("GET_UG_NAMES()")); + Assert.assertEquals("GET_UG_NAMES(null)", "", evaluator.evaluateScript("GET_UG_NAMES(null)")); + Assert.assertEquals("GET_UG_NAMES('empty')", "empty", evaluator.evaluateScript("GET_UG_NAMES('empty')")); + Assert.assertEquals("GET_UG_NAMES('empty', '|')", "empty", evaluator.evaluateScript("GET_UG_NAMES('empty', '|')")); + Assert.assertEquals("GET_UG_NAMES('empty', null)", "empty", evaluator.evaluateScript("GET_UG_NAMES('empty', null)")); // empty UG names - Assert.assertEquals("GET_UG_NAMES_Q()", "", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q()")); - Assert.assertEquals("GET_UG_NAMES_Q(null)", "", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q(null)")); - Assert.assertEquals("GET_UG_NAMES_Q('empty')", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q('empty')")); - Assert.assertEquals("GET_UG_NAMES_Q('empty', ',')", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q('empty', ',')")); - Assert.assertEquals("GET_UG_NAMES_Q('empty', '|', null)", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q('empty', '|')")); - Assert.assertEquals("GET_UG_NAMES_Q('empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript(scriptEngine, "GET_UG_NAMES_Q('empty', ',', '{', '}')")); + Assert.assertEquals("GET_UG_NAMES_Q()", "", evaluator.evaluateScript("GET_UG_NAMES_Q()")); + Assert.assertEquals("GET_UG_NAMES_Q(null)", "", evaluator.evaluateScript("GET_UG_NAMES_Q(null)")); + Assert.assertEquals("GET_UG_NAMES_Q('empty')", "'empty'", evaluator.evaluateScript("GET_UG_NAMES_Q('empty')")); + Assert.assertEquals("GET_UG_NAMES_Q('empty', ',')", "'empty'", evaluator.evaluateScript("GET_UG_NAMES_Q('empty', ',')")); + Assert.assertEquals("GET_UG_NAMES_Q('empty', '|', null)", "'empty'", evaluator.evaluateScript("GET_UG_NAMES_Q('empty', '|')")); + Assert.assertEquals("GET_UG_NAMES_Q('empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript("GET_UG_NAMES_Q('empty', ',', '{', '}')")); // empty UR names - Assert.assertEquals("GET_UR_NAMES()", "", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES()")); - Assert.assertEquals("GET_UR_NAMES(null)", "", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES(null)")); - Assert.assertEquals("GET_UR_NAMES('empty')", "empty", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES('empty')")); - Assert.assertEquals("GET_UR_NAMES('empty', '|')", "empty", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES('empty', '|')")); - Assert.assertEquals("GET_UR_NAMES('empty', null)", "empty", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES('empty', null)")); + Assert.assertEquals("GET_UR_NAMES()", "", evaluator.evaluateScript("GET_UR_NAMES()")); + Assert.assertEquals("GET_UR_NAMES(null)", "", evaluator.evaluateScript("GET_UR_NAMES(null)")); + Assert.assertEquals("GET_UR_NAMES('empty')", "empty", evaluator.evaluateScript("GET_UR_NAMES('empty')")); + Assert.assertEquals("GET_UR_NAMES('empty', '|')", "empty", evaluator.evaluateScript("GET_UR_NAMES('empty', '|')")); + Assert.assertEquals("GET_UR_NAMES('empty', null)", "empty", evaluator.evaluateScript("GET_UR_NAMES('empty', null)")); // empty UR names - Assert.assertEquals("GET_UR_NAMES_Q()", "", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q()")); - Assert.assertEquals("GET_UR_NAMES_Q(null)", "", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q(null)")); - Assert.assertEquals("GET_UR_NAMES_Q('empty')", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q('empty')")); - Assert.assertEquals("GET_UR_NAMES_Q('empty', ',')", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q('empty', ',')")); - Assert.assertEquals("GET_UR_NAMES_Q('empty', '|', null)", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q('empty', '|')")); - Assert.assertEquals("GET_UR_NAMES_Q('empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript(scriptEngine, "GET_UR_NAMES_Q('empty', ',', '{', '}')")); + Assert.assertEquals("GET_UR_NAMES_Q()", "", evaluator.evaluateScript("GET_UR_NAMES_Q()")); + Assert.assertEquals("GET_UR_NAMES_Q(null)", "", evaluator.evaluateScript("GET_UR_NAMES_Q(null)")); + Assert.assertEquals("GET_UR_NAMES_Q('empty')", "'empty'", evaluator.evaluateScript("GET_UR_NAMES_Q('empty')")); + Assert.assertEquals("GET_UR_NAMES_Q('empty', ',')", "'empty'", evaluator.evaluateScript("GET_UR_NAMES_Q('empty', ',')")); + Assert.assertEquals("GET_UR_NAMES_Q('empty', '|', null)", "'empty'", evaluator.evaluateScript("GET_UR_NAMES_Q('empty', '|')")); + Assert.assertEquals("GET_UR_NAMES_Q('empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript("GET_UR_NAMES_Q('empty', ',', '{', '}')")); // non-existent attribute - Assert.assertEquals("GET_TAG_ATTR('noattr')", "", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('noattr')")); - Assert.assertEquals("GET_TAG_ATTR('noattr', null)", "", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('noattr', null)")); - Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty')", "empty", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('noattr', 'empty')")); - Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty', '|')", "empty", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('noattr', 'empty', '|')")); - Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty', null)", "empty", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR('noattr', 'empty', null)")); + Assert.assertEquals("GET_TAG_ATTR('noattr')", "", evaluator.evaluateScript("GET_TAG_ATTR('noattr')")); + Assert.assertEquals("GET_TAG_ATTR('noattr', null)", "", evaluator.evaluateScript("GET_TAG_ATTR('noattr', null)")); + Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty')", "empty", evaluator.evaluateScript("GET_TAG_ATTR('noattr', 'empty')")); + Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty', '|')", "empty", evaluator.evaluateScript("GET_TAG_ATTR('noattr', 'empty', '|')")); + Assert.assertEquals("GET_TAG_ATTR('noattr', 'empty', null)", "empty", evaluator.evaluateScript("GET_TAG_ATTR('noattr', 'empty', null)")); // non-existent attribute - Assert.assertEquals("GET_TAG_ATTR_Q('noattr')", "", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr')")); - Assert.assertEquals("GET_TAG_ATTR_Q('noattr', null)", "", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr', null)")); - Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty')", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr', 'empty')")); - Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', ',')", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr', 'empty', ',')")); - Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', '|', null)", "empty", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr', 'empty', '|', null)")); - Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript(scriptEngine, "GET_TAG_ATTR_Q('noattr', 'empty', ',', '{', '}')")); + Assert.assertEquals("GET_TAG_ATTR_Q('noattr')", "", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr')")); + Assert.assertEquals("GET_TAG_ATTR_Q('noattr', null)", "", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr', null)")); + Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty')", "'empty'", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr', 'empty')")); + Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', ',')", "'empty'", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr', 'empty', ',')")); + Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', '|', null)", "empty", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr', 'empty', '|', null)")); + Assert.assertEquals("GET_TAG_ATTR_Q('noattr', 'empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript("GET_TAG_ATTR_Q('noattr', 'empty', ',', '{', '}')")); // non-existent attribute - Assert.assertEquals("GET_UG_ATTR('noattr')", "", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('noattr')")); - Assert.assertEquals("GET_UG_ATTR('noattr', null)", "", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('noattr', null)")); - Assert.assertEquals("GET_UG_ATTR('noattr', 'empty', '|')", "empty", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('noattr', 'empty', '|')")); - Assert.assertEquals("GET_UG_ATTR('noattr', 'empty', null)", "empty", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR('noattr', 'empty', null)")); + Assert.assertEquals("GET_UG_ATTR('noattr')", "", evaluator.evaluateScript("GET_UG_ATTR('noattr')")); + Assert.assertEquals("GET_UG_ATTR('noattr', null)", "", evaluator.evaluateScript("GET_UG_ATTR('noattr', null)")); + Assert.assertEquals("GET_UG_ATTR('noattr', 'empty', '|')", "empty", evaluator.evaluateScript("GET_UG_ATTR('noattr', 'empty', '|')")); + Assert.assertEquals("GET_UG_ATTR('noattr', 'empty', null)", "empty", evaluator.evaluateScript("GET_UG_ATTR('noattr', 'empty', null)")); // non-existent attribute - Assert.assertEquals("GET_UG_ATTR_Q('noattr')", "", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr')")); - Assert.assertEquals("GET_UG_ATTR_Q('noattr', null)", "", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr', null)")); - Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', null)", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr', 'empty', null)")); - Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', '|')", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr', 'empty', '|')")); - Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', ',', null)", "empty", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr', 'empty', ',', null)")); - Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript(scriptEngine, "GET_UG_ATTR_Q('noattr', 'empty', ',', '{', '}')")); + Assert.assertEquals("GET_UG_ATTR_Q('noattr')", "", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr')")); + Assert.assertEquals("GET_UG_ATTR_Q('noattr', null)", "", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr', null)")); + Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', null)", "'empty'", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr', 'empty', null)")); + Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', '|')", "'empty'", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr', 'empty', '|')")); + Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', ',', null)", "empty", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr', 'empty', ',', null)")); + Assert.assertEquals("GET_UG_ATTR_Q('noattr', 'empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript("GET_UG_ATTR_Q('noattr', 'empty', ',', '{', '}')")); // non-existent attribute - Assert.assertEquals("GET_USER_ATTR('noattr')", "", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('noattr')")); - Assert.assertEquals("GET_USER_ATTR('noattr', null)", "", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('noattr', null)")); - Assert.assertEquals("GET_USER_ATTR('noattr', 'empty', '|')", "empty", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('noattr', 'empty', '|')")); - Assert.assertEquals("GET_USER_ATTR('noattr', 'empty', null)", "empty", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR('noattr', 'empty', null)")); + Assert.assertEquals("GET_USER_ATTR('noattr')", "", evaluator.evaluateScript("GET_USER_ATTR('noattr')")); + Assert.assertEquals("GET_USER_ATTR('noattr', null)", "", evaluator.evaluateScript("GET_USER_ATTR('noattr', null)")); + Assert.assertEquals("GET_USER_ATTR('noattr', 'empty', '|')", "empty", evaluator.evaluateScript("GET_USER_ATTR('noattr', 'empty', '|')")); + Assert.assertEquals("GET_USER_ATTR('noattr', 'empty', null)", "empty", evaluator.evaluateScript("GET_USER_ATTR('noattr', 'empty', null)")); // non-existent attribute - Assert.assertEquals("GET_USER_ATTR_Q('noattr')", "", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('noattr')")); - Assert.assertEquals("GET_USER_ATTR_Q('noattr', null)", "", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('noattr', null)")); - Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', null)", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('noattr', 'empty', null)")); - Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', '|')", "'empty'", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('noattr', 'empty', '|')")); - Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', ',', null)", "empty", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('noattr', 'empty', ',', null)")); - Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript(scriptEngine, "GET_USER_ATTR_Q('noattr', 'empty', ',', '{', '}')")); + Assert.assertEquals("GET_USER_ATTR_Q('noattr')", "", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr')")); + Assert.assertEquals("GET_USER_ATTR_Q('noattr', null)", "", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr', null)")); + Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', null)", "'empty'", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr', 'empty', null)")); + Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', '|')", "'empty'", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr', 'empty', '|')")); + Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', ',', null)", "empty", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr', 'empty', ',', null)")); + Assert.assertEquals("GET_USER_ATTR_Q('noattr', 'empty', ',', '{', '}')", "{empty}", evaluator.evaluateScript("GET_USER_ATTR_Q('noattr', 'empty', ',', '{', '}')")); } @Test @@ -356,111 +356,111 @@ public class RangerRequestScriptEvaluatorTest { RangerTag tagPartners = new RangerTag("PARTNERS", Collections.singletonMap("names", "partner-1,partner-2")); RangerTag tagDepts = new RangerTag("DEPTS", Collections.singletonMap("names", "ENGG,SALES")); RangerAccessRequest request = createRequest("test-user2", Collections.singleton("test-group2"), Collections.singleton("test-role2"), Arrays.asList(tagPartners, tagDepts)); - RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request); - - Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['sales'])", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].intersects(['sales'])")); - Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['mktg'])", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].intersects(['mktg'])")); - Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['products'])", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].intersects(['products'])")); - Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['sales', 'engineering'])", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].intersects(['sales', 'engineering'])")); - Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['mktg', 'engineering'])", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].intersects(['mktg', 'engineering'])")); - Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['products', 'engineering'])", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].intersects(['products', 'engineering'])")); - Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['engineering', 'hr', 'sales'])", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].intersects(['engineering', 'hr', 'sales'])")); - Assert.assertFalse("test: ['sales', 'mktg', 'products'].intersects(['engineering'])", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].intersects(['engineering'])")); - Assert.assertFalse("test: ['sales', 'mktg', 'products'].intersects([])", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].intersects([])")); - Assert.assertFalse("test: ['sales', 'mktg', 'products'].intersects(null)", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].intersects(null)")); - Assert.assertFalse("test: [].intersects(['engineering'])", (Boolean) evaluator.evaluateScript(scriptEngine, "[].intersects(['engineering'])")); - Assert.assertFalse("test: [].intersects([])", (Boolean) evaluator.evaluateScript(scriptEngine, "[].intersects([])")); + RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request, scriptEngine); + + Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['sales'])", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['sales'])")); + Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['mktg'])", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['mktg'])")); + Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['products'])", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['products'])")); + Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['sales', 'engineering'])", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['sales', 'engineering'])")); + Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['mktg', 'engineering'])", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['mktg', 'engineering'])")); + Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['products', 'engineering'])", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['products', 'engineering'])")); + Assert.assertTrue("test: ['sales', 'mktg', 'products'].intersects(['engineering', 'hr', 'sales'])", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['engineering', 'hr', 'sales'])")); + Assert.assertFalse("test: ['sales', 'mktg', 'products'].intersects(['engineering'])", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(['engineering'])")); + Assert.assertFalse("test: ['sales', 'mktg', 'products'].intersects([])", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects([])")); + Assert.assertFalse("test: ['sales', 'mktg', 'products'].intersects(null)", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].intersects(null)")); + Assert.assertFalse("test: [].intersects(['engineering'])", (Boolean) evaluator.evaluateScript("[].intersects(['engineering'])")); + Assert.assertFalse("test: [].intersects([])", (Boolean) evaluator.evaluateScript("[].intersects([])")); /* TAGS.PARTNERS.names = partner-1,partner-2 USER.partners = partner-1,partner-2,partners-3 */ - Assert.assertTrue("test: TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean) evaluator.evaluateScript(scriptEngine, "HAS_USER_ATTR('partners') && TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))")); + Assert.assertTrue("test: TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean) evaluator.evaluateScript("HAS_USER_ATTR('partners') && TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))")); - Assert.assertTrue("test: ['sales', 'mktg', 'products'].includes('sales')", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].includes('sales')")); - Assert.assertTrue("test: ['sales', 'mktg', 'products'].includes('mktg')", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].includes('mktg')")); - Assert.assertTrue("test: ['sales', 'mktg', 'products'].includes('products')", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].includes('products')")); - Assert.assertFalse("test: ['sales', 'mktg', 'products'].includes(['engineering'])", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].includes('engineering')")); - Assert.assertFalse("test: ['sales', 'mktg', 'products'].includes('')", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].includes('')")); - Assert.assertFalse("test: ['sales', 'mktg', 'products'].includes(null)", (Boolean) evaluator.evaluateScript(scriptEngine, "['sales', 'mktg', 'products'].includes(null)")); - Assert.assertFalse("test: [].includes('engineering')", (Boolean) evaluator.evaluateScript(scriptEngine, "[].includes('engineering')")); - Assert.assertFalse("test: [].includes([])", (Boolean) evaluator.evaluateScript(scriptEngine, "[].includes([])")); + Assert.assertTrue("test: ['sales', 'mktg', 'products'].includes('sales')", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].includes('sales')")); + Assert.assertTrue("test: ['sales', 'mktg', 'products'].includes('mktg')", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].includes('mktg')")); + Assert.assertTrue("test: ['sales', 'mktg', 'products'].includes('products')", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].includes('products')")); + Assert.assertFalse("test: ['sales', 'mktg', 'products'].includes(['engineering'])", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].includes('engineering')")); + Assert.assertFalse("test: ['sales', 'mktg', 'products'].includes('')", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].includes('')")); + Assert.assertFalse("test: ['sales', 'mktg', 'products'].includes(null)", (Boolean) evaluator.evaluateScript("['sales', 'mktg', 'products'].includes(null)")); + Assert.assertFalse("test: [].includes('engineering')", (Boolean) evaluator.evaluateScript("[].includes('engineering')")); + Assert.assertFalse("test: [].includes([])", (Boolean) evaluator.evaluateScript("[].includes([])")); /* TAGS.DEPTS.names = ENGG,SALES USER.dept = ENGG */ - Assert.assertTrue("test: TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean) evaluator.evaluateScript(scriptEngine, "TAGS.DEPTS.names.split(',').includes(USER.dept)")); + Assert.assertTrue("test: TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean) evaluator.evaluateScript("TAGS.DEPTS.names.split(',').includes(USER.dept)")); // switch context to user test-user3, who has different attribute values for partners and dept request = createRequest("test-user3", Collections.singleton("test-group3"), Collections.singleton("test-role3"), Arrays.asList(tagPartners, tagDepts)); - evaluator = new RangerRequestScriptEvaluator(request); + evaluator = new RangerRequestScriptEvaluator(request, scriptEngine); /* TAGS.PARTNERS.names = partner-1,partner-2 USER.partners = partner-3 */ - Assert.assertFalse("test: TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean) evaluator.evaluateScript(scriptEngine, "HAS_USER_ATTR('partners') && TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))")); + Assert.assertFalse("test: TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean) evaluator.evaluateScript("HAS_USER_ATTR('partners') && TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))")); /* TAGS.DEPTS.names = ENGG,SALES USER.dept = MKTG */ - Assert.assertFalse("test: TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean) evaluator.evaluateScript(scriptEngine, "TAGS.DEPTS.names.split(',').includes(USER.dept)")); + Assert.assertFalse("test: TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean) evaluator.evaluateScript("TAGS.DEPTS.names.split(',').includes(USER.dept)")); // switch context to user test-user4, who doesn't have attribute partners and dept request = createRequest("test-user4", Collections.singleton("test-group4"), Collections.singleton("test-role4"), Arrays.asList(tagPartners, tagDepts)); - evaluator = new RangerRequestScriptEvaluator(request); + evaluator = new RangerRequestScriptEvaluator(request, scriptEngine); /* TAGS.PARTNERS.names = partner-1,partner-2 USER.partners = null */ - Assert.assertFalse("test: TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean) evaluator.evaluateScript(scriptEngine, "HAS_USER_ATTR('partners') && TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))")); + Assert.assertFalse("test: TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))", (Boolean) evaluator.evaluateScript("HAS_USER_ATTR('partners') && TAGS.PARTNERS.names.split(',').intersects(USER.partners.split(','))")); /* TAGS.DEPTS.names = ENGG,SALES USER.dept = null */ - Assert.assertFalse("test: TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean) evaluator.evaluateScript(scriptEngine, "TAGS.DEPTS.names.split(',').includes(USER.dept)")); + Assert.assertFalse("test: TAGS.DEPTS.names.split(',').includes(USER.dept)", (Boolean) evaluator.evaluateScript("TAGS.DEPTS.names.split(',').includes(USER.dept)")); } @Test public void testBlockJavaClassReferences() { RangerAccessRequest request = createRequest("test-user", Collections.EMPTY_SET, Collections.EMPTY_SET, Collections.EMPTY_LIST); - RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request); + RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request, scriptEngine, false); - Assert.assertNull("test: java.lang.System.out.println(\"test\");", evaluator.evaluateScript(scriptEngine, "java.lang.System.out.println(\"test\");")); - Assert.assertNull("test: java.lang.Runtime.getRuntime().exec(\"bash\");", evaluator.evaluateScript(scriptEngine, "java.lang.Runtime.getRuntime().exec(\"bash\");")); + Assert.assertNull("test: java.lang.System.out.println(\"test\");", evaluator.evaluateScript("java.lang.System.out.println(\"test\");")); + Assert.assertNull("test: java.lang.Runtime.getRuntime().exec(\"bash\");", evaluator.evaluateScript("java.lang.Runtime.getRuntime().exec(\"bash\");")); } @Test public void testIsTimeMacros() { RangerAccessRequest request = createRequest("test-user", Collections.emptySet(), Collections.emptySet(), Collections.emptyList()); - RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request); + RangerRequestScriptEvaluator evaluator = new RangerRequestScriptEvaluator(request, scriptEngine, false); // Date - Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_AFTER('2020/01/01')")); - Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_AFTER('2020/01/01', 'GMT')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BEFORE('2100/01/01')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BEFORE('2100/01/01', 'GMT')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01', 'GMT')")); + Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01')")); + Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01', 'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01', 'GMT')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01', 'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01', 'GMT')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01', 'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01', '2100/01/01', 'GMT')")); // Date hh:mm - Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_AFTER('2020/01/01 15:00')")); - Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_AFTER('2020/01/01 15:00', 'GMT')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BEFORE('2100/01/01 15:00')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BEFORE('2100/01/01 15:00', 'GMT')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00', '2100/01/01 15:00')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00', '2100/01/01 15:00')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00', '2100/01/01 15:00', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00', '2100/01/01 15:00', 'GMT')")); + Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01 15:00')")); + Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00', 'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01 15:00', 'GMT')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01 15:00')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00', 'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01 15:00', 'GMT')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00', '2100/01/01 15:00')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00', '2100/01/01 15:00')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00', '2100/01/01 15:00', 'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00', '2100/01/01 15:00', 'GMT')")); // Date hh:mm:ss - Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42')")); - Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42', 'GMT')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42', 'GMT')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42', '2100/01/01 15:00:42')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42', '2100/01/01 15:00:42')")); - Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42', '2100/01/01 15:00:42', 'GMT')", (Boolean) evaluator.evaluateScript(scriptEngine, "IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42', '2100/01/01 15:00:42', 'GMT')")); + Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42')")); + Assert.assertTrue("test: IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42', 'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_AFTER('2020/01/01 15:00:42', 'GMT')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42', 'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BEFORE('2100/01/01 15:00:42', 'GMT')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42', '2100/01/01 15:00:42')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42', '2100/01/01 15:00:42')")); + Assert.assertTrue("test: IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42', '2100/01/01 15:00:42', 'GMT')", (Boolean) evaluator.evaluateScript("IS_ACCESS_TIME_BETWEEN('2010/01/01 15:00:42', '2100/01/01 15:00:42', 'GMT')")); } RangerAccessRequest createRequest(String userName, Set<String> userGroups, Set<String> userRoles, List<RangerTag> resourceTags) { diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java index 6d5edc04c..a062f0e9b 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java @@ -42,6 +42,7 @@ public class RangerRequestExprResolverTest { exprValue.put("s3://mybucket/users/${{USER._name}}/${{USER.state}}/test.txt", "s3://mybucket/users/test-user/CA/test.txt"); exprValue.put("state == '${{USER.state}}' AND dept == '${{UGA.sVal.dept}}'", "state == 'CA' AND dept == 'ENGG'"); + exprValue.put("state == '${{USER.state}}' AND group IN (${{GET_UG_NAMES_Q()}})", "state == 'CA' AND group IN ('test-group1','test-group2')"); exprValue.put("attr1 == '${{TAG.attr1}}'", "attr1 == 'PII_value'"); exprValue.put("${{USER._name}}", "test-user");