Repository: incubator-ranger Updated Branches: refs/heads/stack 8d0378c56 -> d7bf8e09d
RANGER-203: HDFS Plugin - remove unused sources from previous version Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ce1808af Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ce1808af Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ce1808af Branch: refs/heads/stack Commit: ce1808afe7e904b0d3f3da9fea762e5102f178e7 Parents: 8d0378c Author: Madhan Neethiraj <[email protected]> Authored: Mon Jan 26 16:03:02 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Jan 26 16:03:02 2015 -0800 ---------------------------------------------------------------------- .../ranger/pdp/hdfs/AdminPolicyChecker.java | 183 ------- .../ranger/pdp/hdfs/RangerAuthorizer.java | 40 -- .../apache/ranger/pdp/hdfs/URLBasedAuthDB.java | 479 ------------------- .../ranger/pdp/hdfs/PolicyCacheStoreTest.java | 170 ------- .../ranger/pdp/hdfs/URLBasedAuthDBTest.java | 66 --- ...asedAuthDB_IsAuditLogEnabledByACL_PTest.java | 340 ------------- 6 files changed, 1278 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce1808af/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/AdminPolicyChecker.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/AdminPolicyChecker.java b/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/AdminPolicyChecker.java deleted file mode 100644 index 919a7a1..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/AdminPolicyChecker.java +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package org.apache.ranger.pdp.hdfs; - -import java.util.ArrayList; -import java.util.List; -import java.util.Random; - -import org.apache.commons.io.FilenameUtils; - -public class AdminPolicyChecker { - - private static final String PATH_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrst0123456789-_." ; - private static char[] PATH_CHAR_SET = PATH_CHARS.toCharArray() ; - private static int PATH_CHAR_SET_LEN = PATH_CHAR_SET.length ; - - - public static List<String> adminUserList = new ArrayList<String>() ; // "[email protected]" - public static List<String> adminGroupList = new ArrayList<String>() ; - - static { - adminUserList.add("[email protected]") ; - adminGroupList.add("policymgradmin") ; - } - - - public void checkAdminAccessForResource(String selectedResourcePath, boolean isRecursiveFlag, String username) { - - if (adminUserList.contains(username)) { - return ; - } - - List<String> groups = getUserGroupsForUser(username) ; - - if (adminGroupList.contains(groups)) { - - } - - checkAdminAccessForResource(new Path(selectedResourcePath, isRecursiveFlag), username) ; - } - - private void checkAdminAccessForResource(Path resourcePath, String username) { - - List<Path> adminPathList = getAdminPathFromDB(username) ; - - if (!adminPathList.isEmpty()) { - for(Path adminPath : adminPathList ) { - if (adminPath.isMatched(resourcePath)) { - return ; - } - } - } - - throw new SecurityException("User [" + username + "] does not have admin privileges on path [" + resourcePath + "]") ; - - } - - class Path { - String fullPath ; - boolean recursiveFlag ; - - Path(String fullPath, boolean recursiveFlag) { - this.fullPath = fullPath; - this.recursiveFlag = recursiveFlag; - } - - public boolean isMatched(Path resourcePath) { - // Since it is a Regular Expression Compared with Regular Expression - // We will expand the resourcepath to a normalized form and see if it matches with the fullpath using a WildCardMatch - // THIS IS JUST A WORK-AROUND. Need more permanent solution - 11/19/2013 - - String expandedPath = repaceMetaChars(resourcePath) ; - - if (recursiveFlag) { - return URLBasedAuthDB.isRecursiveWildCardMatch(expandedPath, fullPath) ; - } - else { - return FilenameUtils.wildcardMatch(expandedPath, fullPath) ; - } - } - - private String repaceMetaChars(Path regEx) { - - String expandedPath = regEx.fullPath ; - - if (expandedPath.contains("*")) { - String replacement = getRandomString(5,60) ; - expandedPath.replaceAll("\\*", replacement) ; - } - - if (expandedPath.contains("?")) { - String replacement = getRandomString(1,1) ; - expandedPath.replaceAll("\\?", replacement) ; - } - - if (regEx.recursiveFlag) { - int level = getRandomInt(3,10) ; - if (! expandedPath.endsWith("/")) { - expandedPath = expandedPath + "/" ; - } - expandedPath = expandedPath + getRandomString(5,60) ; - - for(int i = 1 ; i < level ; i++) { - expandedPath = expandedPath + "/" + getRandomString(5,60) ; - } - } - return expandedPath ; - } - - - private Random random = new Random() ; - - private String getRandomString(int minLen, int maxLen) { - StringBuilder sb = new StringBuilder() ; - int len = getRandomInt(minLen,maxLen) ; - for(int i = 0 ; i < len ; i++) { - int charIdx = random.nextInt(PATH_CHAR_SET_LEN) ; - sb.append( PATH_CHAR_SET[charIdx] ) ; - } - return null; - } - - private int getRandomInt(int min, int max) { - if (min == max) { - return min ; - } - else { - int interval = max - min ; - return ((random.nextInt() % interval) + min) ; - } - } - - } - - - private List<Path> getAdminPathFromDB(String username) { - - List<Path> ret = new ArrayList<Path>() ; - - // - // TODO: database work to get ACL .... - // - - // Get all policy acl where the user has ADMIN permission + - // Get all policy acl where group associated with user has ADMIN permission - // For each of the acl - // For path in acl.getResourcePath().splitBy(",") - // ret.add(new Path(path, acl.recursiveFlag)) ; - - return ret; - } - - - private List<String> getUserGroupsForUser(String username) { - List<String> groupList = new ArrayList<String>() ; - - // - // TODO: database work to get List of groups .... - // - - return groupList ; - } - - - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce1808af/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/RangerAuthorizer.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/RangerAuthorizer.java b/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/RangerAuthorizer.java deleted file mode 100644 index da6dd65..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/RangerAuthorizer.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package org.apache.ranger.pdp.hdfs; - -import java.util.Set; - -import org.apache.ranger.authorization.hadoop.HDFSAccessVerifier; - -public class RangerAuthorizer implements HDFSAccessVerifier { - - private static URLBasedAuthDB authDB = URLBasedAuthDB.getInstance() ; - - @Override - public boolean isAccessGranted(String aPathName, String aPathOwnerName, String access, String username, Set<String> groups) { - return authDB.isAccessGranted(aPathName, aPathOwnerName, access, username, groups); - } - - @Override - public boolean isAuditLogEnabled(String aPathName) { - return authDB.isAuditLogEnabled(aPathName) ; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce1808af/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDB.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDB.java b/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDB.java deleted file mode 100644 index 4136c6d..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDB.java +++ /dev/null @@ -1,479 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.pdp.hdfs; - -import java.io.File; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Set; -import java.util.TreeSet; - -import org.apache.commons.io.FilenameUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.log4j.Level; -import org.apache.log4j.LogManager; -import org.apache.ranger.authorization.hadoop.HDFSAccessVerifier; -import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; -import org.apache.ranger.pdp.config.PolicyChangeListener; -import org.apache.ranger.pdp.config.PolicyRefresher; -import org.apache.ranger.pdp.constants.RangerConstants; -import org.apache.ranger.pdp.model.Policy; -import org.apache.ranger.pdp.model.PolicyContainer; -import org.apache.ranger.pdp.model.ResourcePath; -import org.apache.ranger.pdp.model.RolePermission; - -public class URLBasedAuthDB implements HDFSAccessVerifier, PolicyChangeListener { - - private static final Log LOG = LogFactory.getLog(URLBasedAuthDB.class) ; - - private static URLBasedAuthDB me = null; - - private PolicyRefresher refresher = null ; - - private PolicyContainer policyContainer = null; - - private HashMap<String,Boolean> cachedAuditFlag = new HashMap<String,Boolean>() ; // needs to be cleaned when ruleList changes - - private static final long MAX_NO_OF_AUDIT_CACHE_ENTRIES = 1000L ; - - - public static URLBasedAuthDB getInstance() { - if (me == null) { - synchronized (URLBasedAuthDB.class) { - URLBasedAuthDB temp = me; - if (temp == null) { - me = new URLBasedAuthDB(); - me.init() ; - } - } - } - return me; - } - - private URLBasedAuthDB() { - String url = RangerConfiguration.getInstance().get(RangerConstants.RANGER_HDFS_POLICYMGR_URL_PROP); - long refreshInMilli = RangerConfiguration.getInstance().getLong( - RangerConstants.RANGER_HDFS_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP , - RangerConstants.RANGER_HDFS_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT); - String sslConfigFileName = RangerConfiguration.getInstance().get(RangerConstants.RANGER_HDFS_POLICYMGR_SSL_CONFIG_FILE_PROP) ; - - String lastStoredFileName = RangerConfiguration.getInstance().get(RangerConstants.RANGER_HDFS_LAST_SAVED_POLICY_FILE_PROP) ; - - refresher = new PolicyRefresher(url, refreshInMilli,sslConfigFileName,lastStoredFileName) ; - - String saveAsFileName = RangerConfiguration.getInstance().get(RangerConstants.RANGER_HDFS_POLICYMGR_URL_SAVE_FILE_PROP) ; - if (saveAsFileName != null) { - refresher.setSaveAsFileName(saveAsFileName) ; - } - - if (lastStoredFileName != null) { - refresher.setLastStoredFileName(lastStoredFileName); - } - } - - private void init() { - refresher.setPolicyChangeListener(this); - } - - @Override - public void OnPolicyChange(PolicyContainer aPolicyContainer) { - setPolicyContainer(aPolicyContainer); - } - - - @Override - public boolean isAccessGranted(String aPathName, String pathOwnerName, String access, String username, Set<String> groups) { - - PolicyContainer pc = getPolicyContainer() ; - - if (pc == null) { - return false ; - } - - for(Policy acl : pc.getAcl()) { - - if (! acl.isEnabled()) { - LOG.debug("Diabled acl found [" + acl + "]. Skipping this acl ...") ; - continue ; - } - - for(ResourcePath resource : acl.getResourceList()) { - - String path = resource.getPath() ; - - boolean rulePathMatched = false ; - - if (acl.getRecursiveInd() == 1) { - if (resource.isWildcardPath()) { - rulePathMatched = isRecursiveWildCardMatch(aPathName, path) ; - } - else { - rulePathMatched = aPathName.startsWith(path) ; - } - } - else { - if (resource.isWildcardPath()) { - rulePathMatched = FilenameUtils.wildcardMatch(aPathName, path) ; - } - else { - rulePathMatched = aPathName.equals(path) ; - } - } - - - if (rulePathMatched) { - for (RolePermission rp : acl.getPermissions()) { - if (rp.getAccess().contains(access)) { - if ( rp.getUsers().contains(username) ) { - return true ; - } - for(String ug : groups) { - if ( rp.getGroups().contains(ug)) { - return true ; - } - } - if (rp.getGroups().contains(RangerConstants.PUBLIC_ACCESS_ROLE)) { - return true ; - } - } - } - } - - } - } - - return false ; - - } - - public static boolean isRecursiveWildCardMatch(String pathToCheck, String wildcardPath) { - if (pathToCheck != null) { - StringBuilder sb = new StringBuilder() ; - for(String p : pathToCheck.split(File.separator) ) { - sb.append(p) ; - boolean matchFound = FilenameUtils.wildcardMatch(sb.toString(), wildcardPath) ; - if (matchFound) { - return true ; - } - sb.append(File.separator) ; - } - sb = null; - } - return false; - } - - public PolicyContainer getPolicyContainer() { - return policyContainer; - } - - private synchronized void setPolicyContainer(PolicyContainer aPolicyContainer) { - - for(Policy p : aPolicyContainer.getAcl()) { - for(RolePermission rp : p.getPermissions()) { - List<String> rpaccess = rp.getAccess() ; - if (rpaccess != null && rpaccess.size() > 0) { - List<String> temp = new ArrayList<String>() ; - for(String s : rpaccess) { - temp.add(s.toLowerCase()) ; - } - rp.setAccess(temp); - } - } - } - - this.policyContainer = aPolicyContainer ; - this.cachedAuditFlag.clear(); - } - - - - public UserPermission printPermissionInfo(UserGroupInformation ugi) { - return printPermissionInfo(ugi, null) ; - } - - public UserPermission printPermissionInfo(UserGroupInformation ugi, String aPathName) { - - String username = ugi.getShortUserName() ; - - String[] groups = ugi.getGroupNames() ; - - UserPermission up = new UserPermission(username,groups, aPathName) ; - - PolicyContainer pc = getPolicyContainer() ; - - if (pc != null) { - - for(Policy acl : pc.getAcl()) { - - for(ResourcePath resource : acl.getResourceList()) { - - String path = resource.getPath() ; - - boolean rulePathMatched = false ; - - if (acl.getRecursiveInd() == 1) { - if (resource.isWildcardPath()) { - rulePathMatched = isRecursiveWildCardMatch(aPathName, path) ; - } - else { - rulePathMatched = aPathName.startsWith(path) ; - } - } - else { - if (resource.isWildcardPath()) { - rulePathMatched = FilenameUtils.wildcardMatch(aPathName, path) ; - } - else { - rulePathMatched = aPathName.equals(path) ; - } - } - - - if (rulePathMatched) { - for (RolePermission rp : acl.getPermissions()) { - boolean isAccessGranted = false ; - if (! isAccessGranted ) { - if ( rp.getUsers().contains(username) ) { - up.add(resource, acl.getRecursiveInd(), username, null, rp.getAccess()); - isAccessGranted = true ; - } - } - if ( ! isAccessGranted ) { - for(String ug : groups) { - if ( rp.getGroups().contains(ug)) { - up.add(resource, acl.getRecursiveInd(), null, ug, rp.getAccess()); - } - } - } - if (! isAccessGranted ) { - if (rp.getGroups().contains(RangerConstants.PUBLIC_ACCESS_ROLE)) { - up.add(resource, acl.getRecursiveInd(), null, RangerConstants.PUBLIC_ACCESS_ROLE, rp.getAccess()); - } - } - } - } - } - } - } - - return up ; - } - - - class UserPermission { - - private String userName ; - private String groups ; - private String pathName ; - private HashMap<String,HashSet<String>> userPermissionMap = new HashMap<String,HashSet<String>>() ; - - public UserPermission(String userName, String[] groupList, String pathName) { - this.userName = userName ; - this.pathName = pathName ; - StringBuilder sb = new StringBuilder() ; - boolean first = true ; - TreeSet<String> gl = new TreeSet<String>() ; - for(String g : groupList) { - gl.add(g) ; - } - for(String group : gl) { - if (first) { - first = false ; - } - else { - sb.append(",") ; - } - sb.append(group) ; - } - this.groups = sb.toString() ; - } - - - public void add(ResourcePath resource, int recursiveInd, String userName, String groupName, List<String> accessList) { - - String path = resource.getPath() ; - - if (recursiveInd == 1) { - if (path.endsWith("/")) { - path = path + "**" ; - } - else { - path = path + "/" + "**" ; - } - } - - HashSet<String> permMap = userPermissionMap.get(path) ; - - if (permMap == null) { - permMap = new HashSet<String>() ; - userPermissionMap.put(path,permMap) ; - } - - for(String access : accessList) { - if (! permMap.contains(access)) { - permMap.add(access) ; - } - } - - } - - public void printUserInfo() { - System.out.println("# USER INFORMATION") ; - System.out.println("USER: " + userName ) ; - System.out.println("GROUPS: " + groups ) ; - } - - public void print() { - if (pathName != null) { - System.out.println("# PERMISSION INFORMATION FOR PATH [" + pathName + "]" + (userPermissionMap.size() == 0 ? " - NO RULES FOUND" : "")) ; - } - else { - System.out.println("# PERMISSION INFORMATION" + (userPermissionMap.size() == 0 ? " - NO RULES FOUND" : "")) ; - } - - - if (userPermissionMap.size() > 0) { - TreeSet<String> pathSet = new TreeSet<String>() ; - pathSet.addAll(userPermissionMap.keySet()) ; - StringBuilder sb = new StringBuilder(); - for(String path : pathSet) { - sb.setLength(0) ; - sb.append(String.format("%-50s", path)).append("|") ; - TreeSet<String> permSet = new TreeSet<String>() ; - permSet.addAll(userPermissionMap.get(path)) ; - boolean first = true ; - for(String perm: permSet) { - if (! first) { - sb.append(",") ; - } - else { - first = false ; - } - sb.append(perm) ; - } - System.out.println(sb.toString()) ; - } - } - - } - } - - - @Override - public boolean isAuditLogEnabled(String aPathName) { - boolean ret = false ; - - HashMap<String,Boolean> tempCachedAuditFlag = cachedAuditFlag ; - - Boolean auditResult = (tempCachedAuditFlag == null ? null : tempCachedAuditFlag.get(aPathName)) ; - - if (auditResult != null) { - ret = auditResult ; - } - else { - ret = isAuditLogEnabledByACL(aPathName) ; - if (tempCachedAuditFlag != null) { - // tempCachedAuditFlag.put(aPathName,Boolean.valueOf(ret)) ; - synchronized(tempCachedAuditFlag) { - if (tempCachedAuditFlag.size() > MAX_NO_OF_AUDIT_CACHE_ENTRIES) { - tempCachedAuditFlag.clear(); - } - tempCachedAuditFlag.put(aPathName,Boolean.valueOf(ret)) ; - } - } - } - - return ret ; - - } - - - public boolean isAuditLogEnabledByACL(String aPathName) { - - boolean ret = false ; - - PolicyContainer pc = getPolicyContainer() ; - - if (pc == null) { - return false ; - } - - for(Policy acl : pc.getAcl()) { - - for(ResourcePath resource : acl.getResourceList()) { - - String path = resource.getPath() ; - - boolean rulePathMatched = false ; - - if (acl.getRecursiveInd() == 1) { - if (resource.isWildcardPath()) { - rulePathMatched = isRecursiveWildCardMatch(aPathName, path) ; - } - else { - rulePathMatched = aPathName.startsWith(path) ; - } - } - else { - if (resource.isWildcardPath()) { - rulePathMatched = FilenameUtils.wildcardMatch(aPathName, path) ; - } - else { - rulePathMatched = aPathName.equals(path) ; - } - } - - - if (rulePathMatched) { - ret = ( acl.getAuditInd() == 1) ; - break ; - } - } - } - - return ret ; - } - - public static void main(String[] args) throws Throwable { - LogManager.getLogger(URLBasedAuthDB.class).setLevel(Level.ERROR); - URLBasedAuthDB authDB = URLBasedAuthDB.getInstance() ; - UserPermission up = null; - if (args.length == 0) { - up = authDB.printPermissionInfo(UserGroupInformation.getCurrentUser()); - up.printUserInfo() ; - up.print(); - } - else { - up = authDB.printPermissionInfo(UserGroupInformation.getCurrentUser()); - up.printUserInfo() ; - for(String path : args) { - up = authDB.printPermissionInfo(UserGroupInformation.getCurrentUser(), path); - up.print(); - System.out.println(); - } - } - System.exit(0); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce1808af/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/PolicyCacheStoreTest.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/PolicyCacheStoreTest.java b/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/PolicyCacheStoreTest.java deleted file mode 100644 index ad1f472..0000000 --- a/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/PolicyCacheStoreTest.java +++ /dev/null @@ -1,170 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.pdp.hdfs; - -import java.io.BufferedReader; -import java.io.FileNotFoundException; -import java.io.FileReader; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.pdp.config.ConfigWatcher; -import org.apache.ranger.pdp.config.PolicyRefresher; -import org.apache.ranger.pdp.hdfs.URLBasedAuthDB; -import org.apache.ranger.pdp.model.Policy; -import org.apache.ranger.pdp.model.PolicyContainer; -import org.apache.ranger.pdp.model.RolePermission; -import org.junit.Before; -import org.junit.After; -import org.junit.Test; - -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; - -import static org.junit.Assert.assertEquals; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.spy; -import static org.mockito.Mockito.when; - - -public class PolicyCacheStoreTest { - URLBasedAuthDB authDB = null; - ConfigWatcher watcherDaemon = null; - PolicyRefresher pr = null; - PolicyContainer policyContainer=null; - String url=null; - String sslConfigFileName=null; - String lastStoredFileName=null; - Long refreshInterval =0L; - private static final Log LOG = LogFactory.getLog(PolicyCacheStoreTest.class); - @Before - public void setup(){ - authDB = URLBasedAuthDB.getInstance(); - - } - - @After - public void teardown(){ - authDB = null; - PolicyRefresher pr = null; - } - - @Test - public void testHdfsPolicyCacheStore(){ - //Check if the policy cache gets created when agent get created; - url="dummyurl"; - refreshInterval=10L; - sslConfigFileName = "dummyConfigFileName.xml"; - lastStoredFileName = System.getProperty("user.home") +"/"+ "haooopPolicyCache.json"; - policyContainer = buildPolicyContainer( - "/demo/data", - 1, - asList("allow"), - asList("guest"), - asList("sales"), - null, // ipAddress - true, // policyEnabled - true); // auditEnabled - authDB.OnPolicyChange(policyContainer); - pr = spy(new PolicyRefresher(url,refreshInterval,sslConfigFileName,lastStoredFileName)); - pr.setPolicyContainer(policyContainer); - pr.setPolicyChangeListener(authDB); - PolicyContainer newPr = readPolicyCache(lastStoredFileName); - assertEquals(policyToString(policyContainer),policyToString(newPr)); - } - - private static PolicyContainer buildPolicyContainer(String resource, - int recursiveInd, List<String> accessTypes, List<String> users, - List<String> groups, List<String> ipAddresses, - boolean policyEnabled, boolean auditEnabled) { - - PolicyContainer policyContainer = new PolicyContainer(); - policyContainer.setRepositoryName("hadoopdev"); - - List<Policy> policies = new ArrayList<Policy>(); - - Policy policy = new Policy(); - policy.setResource(resource); - policy.setRecursiveInd(recursiveInd); - policy.setPolicyStatus(policyEnabled ? "Enabled" : "NotEnabled"); - policy.setAuditInd(auditEnabled ? 1 : 0); - - List<RolePermission> rolePermissions = new ArrayList<RolePermission>(); - - RolePermission rolePermission = new RolePermission(); - - rolePermissions.add(rolePermission); - rolePermission.setAccess(accessTypes); - rolePermission.setUsers(users); - rolePermission.setGroups(groups); - rolePermission.setIpAddress(ipAddresses); - - policy.setPermissions(rolePermissions); - - policies.add(policy); - - policyContainer.setAcl(policies); - - return policyContainer; - } - - private static Set<String> asSet(String... a) { - Set<String> vals = new HashSet<String>(); - for (String s : a) { - vals.add(s); - } - return vals; - } - - private static List<String> asList(String... a) { - List<String> vals = new ArrayList<String>(); - for (String s : a) { - vals.add(s); - } - return vals; - } - - - private PolicyContainer readPolicyCache(String lastStoreFileName) { - BufferedReader jsonString = null; - try { - jsonString = new BufferedReader(new FileReader(lastStoredFileName)); - } catch (FileNotFoundException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - Gson gson = new GsonBuilder().create(); - PolicyContainer newPolicyContainer = gson.fromJson(jsonString, PolicyContainer.class); - return newPolicyContainer; - } - - private String policyToString(PolicyContainer pc) { - Gson gson = new GsonBuilder().create() ; - String policyAsJson = gson.toJson(policyContainer) ; - return policyAsJson; - } - - -} - http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce1808af/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDBTest.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDBTest.java b/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDBTest.java deleted file mode 100644 index 19023b6..0000000 --- a/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDBTest.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ranger.pdp.hdfs; - -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.spy; -import static org.mockito.Mockito.when; - -import java.util.ArrayList; -import java.util.List; - -import org.apache.ranger.pdp.hdfs.URLBasedAuthDB; -import org.apache.ranger.pdp.model.Policy; -import org.apache.ranger.pdp.model.PolicyContainer; -import org.apache.ranger.pdp.model.ResourcePath; -import org.junit.Test; - -public class URLBasedAuthDBTest { - - @Test - public void testIsAuditLogEnabledByACL_emptyPolicyContainer() { - - // audit can't be enabled if authdb isn't initialized - assertFalse(mAuthDB.isAuditLogEnabledByACL("blah")); - - // or if the policy container in is null! - URLBasedAuthDB spy = spy(mAuthDB); - when(spy.getPolicyContainer()).thenReturn(null); - assertFalse(mAuthDB.isAuditLogEnabledByACL("blah")); - - // of if policy container is empty, i.e. has no policies! - List<Policy> policies = new ArrayList<Policy>(); - PolicyContainer policyContainer = mock(PolicyContainer.class); - when(policyContainer.getAcl()).thenReturn(policies); - when(spy.getPolicyContainer()).thenReturn(policyContainer); - assertFalse(mAuthDB.isAuditLogEnabledByACL("blah")); - - // or if all policies are empty, i.e. no acls! - Policy aPolicy = mock(Policy.class); - when(aPolicy.getResourceList()).thenReturn(new ArrayList<ResourcePath>()); - policies.add(aPolicy); - when(policyContainer.getAcl()).thenReturn(policies); - when(spy.getPolicyContainer()).thenReturn(policyContainer); - assertFalse(spy.isAuditLogEnabledByACL("blah")); - } - - private final URLBasedAuthDB mAuthDB = URLBasedAuthDB.getInstance(); -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce1808af/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDB_IsAuditLogEnabledByACL_PTest.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDB_IsAuditLogEnabledByACL_PTest.java b/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDB_IsAuditLogEnabledByACL_PTest.java deleted file mode 100644 index d2dfe96..0000000 --- a/agents-impl/src/test/java/org/apache/ranger/pdp/hdfs/URLBasedAuthDB_IsAuditLogEnabledByACL_PTest.java +++ /dev/null @@ -1,340 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ranger.pdp.hdfs; - -import static org.hamcrest.Matchers.is; -import static org.junit.Assert.assertThat; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.spy; -import static org.mockito.Mockito.when; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.List; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.pdp.hdfs.URLBasedAuthDB; -import org.apache.ranger.pdp.model.Policy; -import org.apache.ranger.pdp.model.PolicyContainer; -import org.apache.ranger.pdp.model.ResourcePath; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; -import org.junit.runners.Parameterized.Parameters; - -@RunWith(Parameterized.class) -public class URLBasedAuthDB_IsAuditLogEnabledByACL_PTest { - - static class PolicyIs { - static final boolean wildcard = true; - static final boolean audited = true; - static final boolean recursive = true; - - static final boolean notWildcard = false; - static final boolean notAudited = false; - static final boolean notRecursive = false; - } - - static final class PolicyPath { - static final String path1 = "aPath"; - static final String path1Child1 = PolicyPath.path1 + "/" + "child1"; - static final String path1Child2 = PolicyPath.path1 + "/" + "child2"; - - static final String path2 = "anotherPath"; - } - static final class TestPath { - static final String path1 = PolicyPath.path1; - static final String beginsWithPath1 = PolicyPath.path1 + "_"; - static final String path1Child1 = PolicyPath.path1Child1; - static final String path1Child2 = PolicyPath.path1Child2; - static final String path1GrandChild1 = String.format("%s/%s/%s", path1, path1Child1, "grandChild1"); - static final String path1GrandChild2 = String.format("%s/%s/%s", path1, path1Child1, "grandChild2"); - - static final String path2 = PolicyPath.path2; - static final String beginsWithPath2 = PolicyPath.path2 + "_"; - static final String path2Child1 = PolicyPath.path2 + "/" + "child1"; - static final String path2Child2 = PolicyPath.path2 + "/" + "child2"; - } - - static class ExpectedResult { - static final class AuditEnabled { - static final boolean yes = true; - static final boolean no = false; - } - } - - static class TestDataIndex { - static final int ExpectedResult = 6; - static final int Audited = 3; - public static final int TestName = 0; - public static final int wildCard = 2; - } - - - /** - * ASSUMPTION: set of tests passed as such that they require wildcard flag to be set for them to return audit enabled. - * So turn wildcard flag of them off to assert that they no-longer work. Of course, those that don't work even with wildcard - * should also continue to not work when wildcard is turned off! - */ - private static List<Object[]> turnWildcardOffForTestsThatRequireWildcard(List<Object[]> tests) { - - // in the worse case we would generate one test for each existing test - List<Object[]> newTests = new ArrayList<Object[]>(tests.size()); - for (Object[] aTest: tests) { - boolean isPolicyWildcard = (Boolean) aTest[TestDataIndex.wildCard]; - if (isPolicyWildcard == PolicyIs.wildcard) { - Object[] newTest = Arrays.copyOf(aTest, aTest.length); - // Change the policy of this test so that Audit is disabled at policy level and accordingly change the expected result - newTest[TestDataIndex.wildCard] = PolicyIs.notWildcard; - newTest[TestDataIndex.ExpectedResult] = ExpectedResult.AuditEnabled.no; - // for debugging purposes alter the test description, too - String testName = (String) newTest[TestDataIndex.TestName]; - newTest[TestDataIndex.TestName] = "[Wildcard-ed base test with wildcard flag turned off] " + testName; - newTests.add(newTest); - } - } - return newTests; - } - - /** - * wildcard - policy flag says wildcard by the policy path itself does not have any wildcards worth expanding. - * This should work exactly the same as if wildcard was turned off! - */ - private static List<Object[]> turnWildcardOnForNonWildcardTests(List<Object[]> tests) { - - // in the worse case we would generate one test for each existing test - List<Object[]> newTests = new ArrayList<Object[]>(tests.size()); - /* - * If a test currently does not have wildcard set on it, then expectation is changing wildcard flag - * true shouldn't change the result. ASSUMPTION here, of course, is that "base tests" don't use any - * wild-card characters in their resource paths that would make an otherwise disabled audit to return enabled. - */ - for (Object[] aTest: tests) { - boolean isPolicyWildcard = (Boolean) aTest[TestDataIndex.wildCard]; - if (isPolicyWildcard == PolicyIs.notWildcard) { - Object[] newTest = Arrays.copyOf(aTest, aTest.length); - // Change the policy of this test so that Audit is disabled at policy level and accordingly change the expected result - newTest[TestDataIndex.wildCard] = PolicyIs.wildcard; - // for debugging purposes alter the test description, too - String testName = (String) newTest[TestDataIndex.TestName]; - newTest[TestDataIndex.TestName] = "[Base test with wildcard enabled] " + testName; - newTests.add(newTest); - } - } - return newTests; - } - - /** - * Disabled audit on every test that expects result to be yes to ensure that no matter what answer should be false if policy says that audit is disabled! - */ - private static List<Object[]> disableAuditForBaseTests(List<Object[]> tests) { - - List<Object[]> newTests = new ArrayList<Object[]>(tests.size()); - - for (Object[] aTest : tests) { - boolean expectedResult = (Boolean) aTest[TestDataIndex.ExpectedResult]; - boolean isPolicyAuditEnabled = (Boolean) aTest[TestDataIndex.Audited]; - - if (expectedResult == ExpectedResult.AuditEnabled.yes - && isPolicyAuditEnabled == PolicyIs.audited) { - Object[] newTest = Arrays.copyOf(aTest, aTest.length); - // Change the policy of this test so that Audit is disabled at policy level and accordingly change the expected result - newTest[TestDataIndex.Audited] = PolicyIs.notAudited; - newTest[TestDataIndex.ExpectedResult] = ExpectedResult.AuditEnabled.no; - // for debugging purposes alter the test description, too - String testName = (String) newTest[TestDataIndex.TestName]; - newTest[TestDataIndex.TestName] = "[Base tests with audit disabled] " + testName; - newTests.add(newTest); - } - } - - return newTests; - } - - @Parameters - public static Collection<Object[]> data() { - Object[][] baseTestData = new Object[][] { - - // no-recursive paths - return true if paths match - {"policypath(path1) == testpath(path1) => yes", - PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.notRecursive, TestPath.path1, ExpectedResult.AuditEnabled.yes}, - {"policypath(path2) == testpath(path2) => yes", - PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.notRecursive, TestPath.path2, ExpectedResult.AuditEnabled.yes}, - - // no-recursive paths - return false if paths don't match! - {"policypath(path1) != testPath(path2) => no", - PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.notRecursive, TestPath.path2, ExpectedResult.AuditEnabled.no}, - {"policypath(path2) != testPath(path1) => no", - PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.notRecursive, TestPath.path1, ExpectedResult.AuditEnabled.no}, - - // recursive path policy - should work at least as well as non-recursive, i.e. match when same and not otherwise! - {"recursive, policypath(path1) == testpath(path1)", - PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1, ExpectedResult.AuditEnabled.yes}, - {"recursive, policypath(path2) == testpath(path2)", - PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2, ExpectedResult.AuditEnabled.yes}, - {"recursive, policypath(path1) == testpath(path2)", - PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2, ExpectedResult.AuditEnabled.no}, - {"recursive, policypath(path1) == testpath(path2)", - PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1, ExpectedResult.AuditEnabled.no}, - - // recursive path policy - should match children - {"recursive, policypath(path1) == testpath(path1/child1)", - PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1Child1, ExpectedResult.AuditEnabled.yes}, - {"recursive, policypath(path1) == testpath(path1/child2)", - PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1Child2, ExpectedResult.AuditEnabled.yes}, - {"recursive, policypath(path1) == testpath(path1/child1)", - PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2Child1, ExpectedResult.AuditEnabled.yes}, - {"recursive, policypath(path1) == testpath(path1/child2)", - PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2Child2, ExpectedResult.AuditEnabled.yes}, - - // recursive path policy - should match grand children, too! - {"recursive, policypath(path1) == testpath(path1/child1/grandChild1)", - PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1GrandChild1, ExpectedResult.AuditEnabled.yes}, - {"recursive, policypath(path1) == testpath(path1/child1/grandChild2)", - PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1GrandChild2, ExpectedResult.AuditEnabled.yes}, - - // recursive path policy - shouldn't match child in some other directory - {"recursive, policypath(path1) == testpath(path1/child1)", - PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2Child1, ExpectedResult.AuditEnabled.no}, - {"recursive, policypath(path1) == testpath(path1/child2)", - PolicyPath.path1, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path2Child2, ExpectedResult.AuditEnabled.no}, - {"recursive, policypath(path1) == testpath(path1/child1)", - PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1Child1, ExpectedResult.AuditEnabled.no}, - {"recursive, policypath(path1) == testpath(path1/child2)", - PolicyPath.path2, PolicyIs.notWildcard, PolicyIs.audited, PolicyIs.recursive, TestPath.path1Child2, ExpectedResult.AuditEnabled.no}, - - }; - - Object[][] wildCardTestData = new Object[][] { - // Pattern contains exact substring - {"Wildcard, Pattern contains substring of tested path - 1", - "aPath*", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath", ExpectedResult.AuditEnabled.yes}, - {"Wildcard, Pattern contains substring of tested path - 2", - "*aPath", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath", ExpectedResult.AuditEnabled.yes}, - {"Wildcard, Pattern contains substring of tested path - 3", - "aPa*th", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath", ExpectedResult.AuditEnabled.yes}, - {"Wildcard, Pattern contains substring of tested path - 4", - "aP*at*h", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath", ExpectedResult.AuditEnabled.yes}, - - // Pattern should match - {"Wildcard, Pattern should match - 1", - "aPath*", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath_", ExpectedResult.AuditEnabled.yes}, - {"Wildcard, Pattern should match - 2", - "aPath*", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aPath_longSuffix", ExpectedResult.AuditEnabled.yes}, - {"Wildcard, Pattern should match - 3", - "*aPath", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "_aPath", ExpectedResult.AuditEnabled.yes}, - {"Wildcard, Pattern should match - 4", - "*aPath", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "longPrefix_aPath", ExpectedResult.AuditEnabled.yes}, - {"Wildcard, Pattern should match - 5", - "*aPath", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "_aPath", ExpectedResult.AuditEnabled.yes}, - {"Wildcard, Pattern should match - 6", - "*aPath", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "longPrefix_aPath", ExpectedResult.AuditEnabled.yes}, - {"Wildcard, Pattern should match - 5", - "a*Path", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "a___Path", ExpectedResult.AuditEnabled.yes}, - {"Wildcard, Pattern should match - 6", - "a*Path", PolicyIs.wildcard, PolicyIs.audited, PolicyIs.recursive, "aMiddlePath", ExpectedResult.AuditEnabled.yes}, - }; - - // in the worst case all tests have a corresponding audit disabled test - List<Object[]> baseTests = Arrays.asList(baseTestData); - List<Object[]> result = new ArrayList<Object[]>(baseTests); - - // answer is false no matter what if policy is set to not audit - List<Object[]> additionalTests = disableAuditForBaseTests(baseTests); - result.addAll(additionalTests); - - // turning wildcard flag on when policy path itself does not have wildcard characters in it shouldn't change the result! - additionalTests = turnWildcardOnForNonWildcardTests(baseTests); - result.addAll(additionalTests); - - List<Object[]> wildcardBaseTests = Arrays.asList(wildCardTestData); - result.addAll(wildcardBaseTests); - - additionalTests = turnWildcardOffForTestsThatRequireWildcard(wildcardBaseTests); - result.addAll(additionalTests); - return result; - } - - public URLBasedAuthDB_IsAuditLogEnabledByACL_PTest(String testName, String policyPath, boolean wildCard, boolean audited, boolean recursive, String testPath, boolean expectedResult) { - _testName = testName; - _policyPath = policyPath; - _policyPathWildcard = wildCard; - _policyAudited = audited; - _policyRecursive = recursive; - _testPath = testPath; - _expectedResult = expectedResult; - } - - private final String _testName; - private final String _policyPath; - private final boolean _policyPathWildcard; - private final boolean _policyAudited; - private final boolean _policyRecursive; - private final String _testPath; - private final boolean _expectedResult; - - @Test - public void testIsAuditLogEnabledByACL() { - - if (LOG.isDebugEnabled()) { - LOG.debug(String.format("Test: %sPolicy Path: %s, isWildcard: %b, isAudited: %b, isRecursive: %b, TestPath: %s", - _testName, _policyPath, _policyPathWildcard, _policyAudited, _policyRecursive, _testPath)); - } - - // A policy can have several paths, so let's first stuff our path into a collection - ResourcePath path = mock(ResourcePath.class); - when(path.getPath()).thenReturn(_policyPath); - when(path.isWildcardPath()).thenReturn(_policyPathWildcard); - List<ResourcePath> resourcePaths = new ArrayList<ResourcePath>(); - resourcePaths.add(path); - - // wire it into the policy and set other aspects of the policy - Policy aPolicy = mock(Policy.class); - when(aPolicy.getResourceList()).thenReturn(resourcePaths); - - int recursiveIndicator = _policyRecursive ? 1 : 0; - when(aPolicy.getRecursiveInd()).thenReturn(recursiveIndicator); - - int auditedIndicator = _policyAudited ? 1 : 0; - when(aPolicy.getAuditInd()).thenReturn(auditedIndicator); - - // a container can have several policies to first we stuff our policy into a container - List<Policy> policies = new ArrayList<Policy>(); - policies.add(aPolicy); - // now wire the policy into the container - PolicyContainer policyContainer = mock(PolicyContainer.class); - when(policyContainer.getAcl()).thenReturn(policies); - - // finally wire the policy container into the authdb - URLBasedAuthDB spy = spy(mAuthDB); - when(spy.getPolicyContainer()).thenReturn(policyContainer); - - // assert the result - boolean result = spy.isAuditLogEnabledByACL(_testPath); - assertThat(_testName, result, is(_expectedResult)); - if (LOG.isDebugEnabled()) { - LOG.debug(String.format(", Expected Result (Audit enabled?): %b Result: %b\n", _expectedResult, result)); - } - } - - private final URLBasedAuthDB mAuthDB = URLBasedAuthDB.getInstance(); - private static final Log LOG = LogFactory.getLog(URLBasedAuthDB_IsAuditLogEnabledByACL_PTest.class) ; -}
