Repository: incubator-ranger Updated Branches: refs/heads/master 03d1dec38 -> d4f2eb20f
RANGER-305 validate the recursiveSupported and excludesSupported values; move validation files to plugin-commons package Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d4f2eb20 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d4f2eb20 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d4f2eb20 Branch: refs/heads/master Commit: d4f2eb20f5d8c03e61a4967b96a39935a5e4c65a Parents: 03d1dec Author: Alok Lal <[email protected]> Authored: Thu Mar 12 14:14:33 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Fri Mar 13 19:06:08 2015 -0700 ---------------------------------------------------------------------- .../ranger/rest/RangerPolicyValidator.java | 78 ++++++++++++++++-- .../ranger/rest/RangerServiceValidator.java | 1 + .../org/apache/ranger/rest/RangerValidator.java | 17 ++++ .../ranger/rest/RangerValidatorFactory.java | 5 +- .../ranger/rest/TestRangerPolicyValidator.java | 74 ++++++++++++++--- .../rest/TestRangerServiceDefValidator.java | 2 + .../ranger/rest/TestRangerServiceValidator.java | 2 + .../apache/ranger/rest/TestRangerValidator.java | 5 +- .../rest/TestServiceRESTForValidation.java | 1 + .../apache/ranger/rest/ValidationTestUtils.java | 87 ++++++++++++++++---- 10 files changed, 238 insertions(+), 34 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d4f2eb20/security-admin/src/main/java/org/apache/ranger/rest/RangerPolicyValidator.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RangerPolicyValidator.java b/security-admin/src/main/java/org/apache/ranger/rest/RangerPolicyValidator.java index 281b32d..21d14e2 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RangerPolicyValidator.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RangerPolicyValidator.java @@ -6,7 +6,7 @@ import java.util.Map; import java.util.Set; import org.apache.commons.collections.CollectionUtils; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.plugin.model.RangerPolicy; @@ -15,6 +15,7 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.store.ServiceStore; import com.google.common.collect.Sets; @@ -226,10 +227,8 @@ public class RangerPolicyValidator extends RangerValidator { valid = false; } Map<String, RangerPolicyResource> resourceMap = policy.getResources(); - // errors about if empty resource collection is ok or not has already happened above, this check is still needed - if (resourceMap != null && !resourceMap.isEmpty()) { - valid = isValidResourceValues(resourceMap, failures, serviceDef) && valid; - } + valid = isValidResourceValues(resourceMap, failures, serviceDef) && valid; + valid = isValidResourceFlags(resourceMap, failures, serviceDef.getResources(), serviceDefName, policyName) && valid; } } @@ -239,6 +238,75 @@ public class RangerPolicyValidator extends RangerValidator { return valid; } + boolean isValidResourceFlags(final Map<String, RangerPolicyResource> inputPolicyResources, final List<ValidationFailureDetails> failures, + final List<RangerResourceDef> resourceDefs, final String serviceDefName, final String policyName) { + if(LOG.isDebugEnabled()) { + LOG.debug(String.format("==> RangerPolicyValidator.isValidResourceFlags(%s, %s, %s, %s, %s)", inputPolicyResources, failures, resourceDefs, serviceDefName, policyName)); + } + + boolean valid = true; + if (inputPolicyResources == null) { + LOG.debug("isValidResourceFlags: resourceMap is null"); + } else if (resourceDefs == null) { + LOG.debug("isValidResourceFlags: service Def is null"); + } else { + Map<String, RangerPolicyResource> policyResources = getPolicyResourceWithLowerCaseKeys(inputPolicyResources); + for (RangerResourceDef resourceDef : resourceDefs) { + if (resourceDef == null) { + failures.add(new ValidationFailureDetailsBuilder() + .field("resource-def") + .isAnInternalError() + .becauseOf("a resource-def on resource def collection of service-def[" + serviceDefName + "] was null") + .build()); + valid = false; + } else if (StringUtils.isBlank(resourceDef.getName())) { + failures.add(new ValidationFailureDetailsBuilder() + .field("resource-def-name") + .isAnInternalError() + .becauseOf("name of a resource-def on resource def collection of service-def[" + serviceDefName + "] was null") + .build()); + valid = false; + } else { + String resourceName = resourceDef.getName().toLowerCase(); + RangerPolicyResource policyResource = policyResources.get(resourceName); + if (policyResource == null) { + if (LOG.isDebugEnabled()) { + LOG.debug("a policy-resource object for resource[" + resourceName + "] on policy [" + policyName + "] was null"); + } + } else { + boolean excludesSupported = Boolean.TRUE.equals(resourceDef.getExcludesSupported()); // could be null + boolean policyIsExcludes = Boolean.TRUE.equals(policyResource.getIsExcludes()); // could be null + if (policyIsExcludes && !excludesSupported) { + failures.add(new ValidationFailureDetailsBuilder() + .field("isExcludes") + .subField(resourceName) + .isSemanticallyIncorrect() + .becauseOf("isExcludes specified as [" + policyIsExcludes + "] for resource [" + resourceName + "] which doesn't support isExcludes") + .build()); + valid = false; + } + boolean recursiveSupported = Boolean.TRUE.equals(resourceDef.getRecursiveSupported()); + boolean policyIsRecursive = Boolean.TRUE.equals(policyResource.getIsRecursive()); + if (policyIsRecursive && !recursiveSupported) { + failures.add(new ValidationFailureDetailsBuilder() + .field("isRecursive") + .subField(resourceName) + .isSemanticallyIncorrect() + .becauseOf("isRecursive specified as [" + policyIsRecursive + "] for resource [" + resourceName + "] which doesn't support isRecursive") + .build()); + valid = false; + } + } + } + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug(String.format("<== RangerPolicyValidator.isValidResourceFlags(%s, %s, %s, %s, %s): %s", inputPolicyResources, failures, resourceDefs, serviceDefName, policyName, valid)); + } + return valid; + } + boolean isValidResourceValues(Map<String, RangerPolicyResource> resourceMap, List<ValidationFailureDetails> failures, RangerServiceDef serviceDef) { if(LOG.isDebugEnabled()) { LOG.debug(String.format("==> RangerPolicyValidator.isValidResourceValues(%s, %s, %s)", resourceMap, failures, serviceDef)); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d4f2eb20/security-admin/src/main/java/org/apache/ranger/rest/RangerServiceValidator.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RangerServiceValidator.java b/security-admin/src/main/java/org/apache/ranger/rest/RangerServiceValidator.java index 8e02f25..3a55638 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RangerServiceValidator.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RangerServiceValidator.java @@ -183,6 +183,7 @@ public class RangerServiceValidator extends RangerValidator { } } if (nameSpecified && serviceDef != null) { + // check if required parameters were specified Set<String> reqiredParameters = getRequiredParameters(serviceDef); Set<String> inputParameters = getServiceConfigParameters(service); Set<String> missingParameters = Sets.difference(reqiredParameters, inputParameters); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d4f2eb20/security-admin/src/main/java/org/apache/ranger/rest/RangerValidator.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RangerValidator.java b/security-admin/src/main/java/org/apache/ranger/rest/RangerValidator.java index cec40fd..dc8ea65 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RangerValidator.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RangerValidator.java @@ -34,6 +34,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; @@ -460,4 +461,20 @@ public abstract class RangerValidator { } } + /** + * Returns a copy of the policy resource map where all keys (resource-names) are lowercase + * @param input + * @return + */ + Map<String, RangerPolicyResource> getPolicyResourceWithLowerCaseKeys(Map<String, RangerPolicyResource> input) { + if (input == null) { + return null; + } + Map<String, RangerPolicyResource> output = new HashMap<String, RangerPolicyResource>(input.size()); + for (Map.Entry<String, RangerPolicyResource> entry : input.entrySet()) { + output.put(entry.getKey().toLowerCase(), entry.getValue()); + } + return output; + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d4f2eb20/security-admin/src/main/java/org/apache/ranger/rest/RangerValidatorFactory.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RangerValidatorFactory.java b/security-admin/src/main/java/org/apache/ranger/rest/RangerValidatorFactory.java index 025595d..9ca52f3 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RangerValidatorFactory.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RangerValidatorFactory.java @@ -19,7 +19,6 @@ package org.apache.ranger.rest; -import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.plugin.store.ServiceStore; public class RangerValidatorFactory { @@ -27,11 +26,11 @@ public class RangerValidatorFactory { return new RangerServiceValidator(store); } - public RangerPolicyValidator getPolicyValidator(ServiceDBStore store) { + public RangerPolicyValidator getPolicyValidator(ServiceStore store) { return new RangerPolicyValidator(store); } - public RangerServiceDefValidator getServiceDefValidator(ServiceDBStore store) { + public RangerServiceDefValidator getServiceDefValidator(ServiceStore store) { return new RangerServiceDefValidator(store); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d4f2eb20/security-admin/src/test/java/org/apache/ranger/rest/TestRangerPolicyValidator.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestRangerPolicyValidator.java b/security-admin/src/test/java/org/apache/ranger/rest/TestRangerPolicyValidator.java index c3fdf30..2fb82ce 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestRangerPolicyValidator.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRangerPolicyValidator.java @@ -21,6 +21,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.store.ServiceStore; import org.apache.ranger.plugin.util.SearchFilter; +import org.apache.ranger.rest.RangerPolicyValidator; +import org.apache.ranger.rest.ValidationFailureDetails; import org.apache.ranger.rest.RangerValidator.Action; import org.junit.Before; import org.junit.Test; @@ -61,20 +63,25 @@ public class TestRangerPolicyValidator { String[] accessTypes = new String[] { "r", "w", "x", "A" }; // mix of lower and upper case String[] accessTypes_bad = new String[] { "r", "w", "xx", }; // two missing (x, a), one new that isn't on bad (xx) - final Object[][] resourceDefData = new Object[][] { - { "db", true, "db\\d+" }, // valid: db1, db22, db983, etc.; invalid: db, db12x, ttx11, etc. - { "tbl", true, null }, // anything goes - { "col", false, "col\\d{1,2}" } // valid: col1, col47, etc.; invalid: col, col238, col1, etc. + private final Object[][] resourceDefData = new Object[][] { + // { name, mandatory, reg-exp, excludesSupported, recursiveSupported } + { "db", true, "db\\d+", null, null }, // valid values: db1, db22, db983, etc.; invalid: db, db12x, ttx11, etc.; null => false for excludes and recursive + { "tbl", true, null, true, true }, // regex == null => anything goes; excludes == true, recursive == true + { "col", false, "col\\d{1,2}", false, true } // valid: col1, col47, etc.; invalid: col, col238, col1, etc., excludes == false, recursive == true }; - final Map<String, String[]> policyResourceMap_good = ImmutableMap.of( - "db", new String[] { "db1", "db2" }, - "TBL", new String[] { "tbl1", "tbl2" } ); // case should not matter + private final Object[][] policyResourceMap_good = new Object[][] { + // resource-name, values, excludes, recursive + { "db", new String[] { "db1", "db2" }, null, null }, + { "TBL", new String[] { "tbl1", "tbl2" }, true, false } // case should not matter + }; - final Map<String, String[]> policyResourceMap_bad = ImmutableMap.of( - "db", new String[] { "db1", "db2" }, // mandatory "tbl" missing - "col", new String[] { "col12", "col 1" }, // wrong format of value for "col" - "extra", new String[] { "extra1", "extra2" } ); // spurious "extra" specified + private final Object[][] policyResourceMap_bad = new Object[][] { + // resource-name, values, excludes, recursive + { "db", new String[] { "db1", "db2" }, null, true }, // mandatory "tbl" missing; recursive==true specified when resource-def does not support it (null) + {"col", new String[] { "col12", "col 1" }, true, true }, // wrong format of value for "col"; excludes==true specified when resource-def does not allow it (false) + {"extra", new String[] { "extra1", "extra2" }, null, null } // spurious "extra" specified + }; @Test public final void testIsValid_long() throws Exception { @@ -332,6 +339,8 @@ public class TestRangerPolicyValidator { _utils.checkFailureForMissingValue(_failures, "resources", "tbl"); // for missing resource: tbl _utils.checkFailureForSemanticError(_failures, "resources", "extra"); // for spurious resource: "extra" _utils.checkFailureForSemanticError(_failures, "resource-values", "col"); // for spurious resource: "extra" + _utils.checkFailureForSemanticError(_failures, "isRecursive", "db"); // for specifying it as true when def did not allow it + _utils.checkFailureForSemanticError(_failures, "isExcludes", "col"); // for specifying it as true when def did not allow it } } @@ -462,6 +471,49 @@ public class TestRangerPolicyValidator { _failures.clear(); assertFalse(_validator.isValidPolicyItemAccess(access, _failures, validAccesses)); _utils.checkFailureForSemanticError(_failures, "policy item access type"); } + + final Object[][] resourceDef_happyPath = new Object[][] { + // { "resource-name", "isExcludes", "isRecursive" } + { "db", true, true }, + { "tbl", null, true }, + { "col", true, false }, + }; + + private Object[][] policyResourceMap_happyPath = new Object[][] { + // { "resource-name", "isExcludes", "isRecursive" } + { "db", null, true }, // null should be treated as false + { "tbl", false, false }, // set to false where def is null and def is true + { "col", true, null} // set to null where def is false + }; + + @Test + public final void test_isValidResourceFlags_happyPath() { + // passing null values effectively bypasses the filter + assertTrue(_validator.isValidResourceFlags(null, _failures, null, "a-service-def", "a-policy")); + // so does passing in empty collections + Map<String, RangerPolicyResource> resourceMap = _utils.createPolicyResourceMap2(policyResourceMap_happyPath); + List<RangerResourceDef> resourceDefs = _utils.createResourceDefs2(resourceDef_happyPath); + when(_serviceDef.getResources()).thenReturn(resourceDefs); + assertTrue(_validator.isValidResourceFlags(resourceMap, _failures, resourceDefs, "a-service-def", "a-policy")); + } + + private Object[][] policyResourceMap_failures = new Object[][] { + // { "resource-name", "isExcludes", "isRecursive" } + { "db", true, true }, // ok: def has true for both + { "tbl", true, null }, // excludes: def==false, policy==true + { "col", false, true } // recursive: def==null (i.e. false), policy==true + }; + + @Test + public final void test_isValidResourceFlags_failures() { + // passing true when def says false/null + List<RangerResourceDef> resourceDefs = _utils.createResourceDefs2(resourceDef_happyPath); + Map<String, RangerPolicyResource> resourceMap = _utils.createPolicyResourceMap2(policyResourceMap_failures); + when(_serviceDef.getResources()).thenReturn(resourceDefs); + assertFalse(_validator.isValidResourceFlags(resourceMap, _failures, resourceDefs, "a-service-def", "a-policy")); + _utils.checkFailureForSemanticError(_failures, "isExcludes", "tbl"); + _utils.checkFailureForSemanticError(_failures, "isRecursive", "col"); + } private ValidationTestUtils _utils = new ValidationTestUtils(); private List<ValidationFailureDetails> _failures = new ArrayList<ValidationFailureDetails>(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d4f2eb20/security-admin/src/test/java/org/apache/ranger/rest/TestRangerServiceDefValidator.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestRangerServiceDefValidator.java b/security-admin/src/test/java/org/apache/ranger/rest/TestRangerServiceDefValidator.java index b621673..8702509 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestRangerServiceDefValidator.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRangerServiceDefValidator.java @@ -15,6 +15,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef; import org.apache.ranger.plugin.store.ServiceStore; +import org.apache.ranger.rest.RangerServiceDefValidator; +import org.apache.ranger.rest.ValidationFailureDetails; import org.apache.ranger.rest.RangerValidator.Action; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d4f2eb20/security-admin/src/test/java/org/apache/ranger/rest/TestRangerServiceValidator.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestRangerServiceValidator.java b/security-admin/src/test/java/org/apache/ranger/rest/TestRangerServiceValidator.java index 3bad133..6465cca 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestRangerServiceValidator.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRangerServiceValidator.java @@ -33,6 +33,8 @@ import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; import org.apache.ranger.plugin.store.ServiceStore; +import org.apache.ranger.rest.RangerServiceValidator; +import org.apache.ranger.rest.ValidationFailureDetails; import org.apache.ranger.rest.RangerValidator.Action; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d4f2eb20/security-admin/src/test/java/org/apache/ranger/rest/TestRangerValidator.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestRangerValidator.java b/security-admin/src/test/java/org/apache/ranger/rest/TestRangerValidator.java index 7da6672..cbaaf60 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestRangerValidator.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRangerValidator.java @@ -26,7 +26,9 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; -import static org.mockito.Mockito.*; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; import java.util.ArrayList; import java.util.Arrays; @@ -46,6 +48,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; import org.apache.ranger.plugin.store.ServiceStore; import org.apache.ranger.plugin.util.SearchFilter; +import org.apache.ranger.rest.RangerValidator; import org.apache.ranger.rest.RangerValidator.Action; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d4f2eb20/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java index d112b83..5a2ba80 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java @@ -38,6 +38,7 @@ import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.rest.ServiceREST; import org.apache.ranger.rest.RangerValidator.Action; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d4f2eb20/security-admin/src/test/java/org/apache/ranger/rest/ValidationTestUtils.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/ValidationTestUtils.java b/security-admin/src/test/java/org/apache/ranger/rest/ValidationTestUtils.java index 6c71502..3c1c463 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/ValidationTestUtils.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/ValidationTestUtils.java @@ -41,8 +41,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; - -import com.google.common.collect.Lists; +import org.apache.ranger.rest.ValidationFailureDetails; public class ValidationTestUtils { @@ -220,7 +219,13 @@ public class ValidationTestUtils { String name = null; Boolean mandatory = null; String regExPattern = null; + Boolean isExcludesSupported = null; + Boolean isRecursiveSupported = null; switch(row.length) { + case 5: + isRecursiveSupported = (Boolean)row[4]; + case 4: + isExcludesSupported = (Boolean)row[3]; case 3: regExPattern = (String)row[2]; case 2: @@ -232,6 +237,38 @@ public class ValidationTestUtils { when(aDef.getName()).thenReturn(name); when(aDef.getMandatory()).thenReturn(mandatory); when(aDef.getValidationRegEx()).thenReturn(regExPattern); + when(aDef.getExcludesSupported()).thenReturn(isExcludesSupported); + when(aDef.getRecursiveSupported()).thenReturn(isRecursiveSupported); + } + defs.add(aDef); + } + return defs; + } + + List<RangerResourceDef> createResourceDefs2(Object[][] data) { + // if data itself is null then return null back + if (data == null) { + return null; + } + List<RangerResourceDef> defs = new ArrayList<RangerResourceDef>(); + for (Object[] row : data) { + RangerResourceDef aDef = null; + if (row != null) { + String name = null; + Boolean isExcludesSupported = null; + Boolean isRecursiveSupported = null; + switch(row.length) { + case 3: + isRecursiveSupported = (Boolean)row[2]; // note: falls through to next case + case 2: + isExcludesSupported = (Boolean)row[1]; // note: falls through to next case + case 1: + name = (String)row[0]; + } + aDef = mock(RangerResourceDef.class); + when(aDef.getName()).thenReturn(name); + when(aDef.getExcludesSupported()).thenReturn(isExcludesSupported); + when(aDef.getRecursiveSupported()).thenReturn(isRecursiveSupported); } defs.add(aDef); } @@ -258,22 +295,21 @@ public class ValidationTestUtils { return defs; } - Map<String, RangerPolicyResource> createPolicyResourceMap(Map<String, String[]> input) { + Map<String, RangerPolicyResource> createPolicyResourceMap2(Object[][] input) { if (input == null) { return null; } - Map<String, RangerPolicyResource> resourceMap = new HashMap<String, RangerPolicyResource>(); - for (Map.Entry<String, String[]> entry : input.entrySet()) { - String key = entry.getKey(); - String[] inputValues = entry.getValue(); - RangerPolicyResource policyResource = mock(RangerPolicyResource.class); - if (inputValues != null) { - List<String> values = Lists.newArrayList(inputValues); - when(policyResource.getValues()).thenReturn(values); - } - resourceMap.put(key, policyResource); + Map<String, RangerPolicyResource> result = new HashMap<String, RangerPolicyResource>(input.length); + for (Object[] row : input) { + String resourceName = (String)row[0]; + Boolean isExcludes = (Boolean)row[1]; + Boolean isRecursive = (Boolean)row[2]; + RangerPolicyResource aResource = mock(RangerPolicyResource.class); + when(aResource.getIsExcludes()).thenReturn(isExcludes); + when(aResource.getIsRecursive()).thenReturn(isRecursive); + result.put(resourceName, aResource); } - return resourceMap; + return result; } List<RangerEnumElementDef> createEnumElementDefs(String[] input) { @@ -309,4 +345,27 @@ public class ValidationTestUtils { } return defs; } + + Map<String, RangerPolicyResource> createPolicyResourceMap(Object[][] input) { + if (input == null) { + return null; + } + Map<String, RangerPolicyResource> result = new HashMap<String, RangerPolicyResource>(input.length); + for (Object[] row : input) { + String resourceName = (String)row[0]; + String[] valuesArray = (String[])row[1]; + Boolean isExcludes = (Boolean)row[2]; + Boolean isRecursive = (Boolean)row[3]; + RangerPolicyResource aResource = mock(RangerPolicyResource.class); + if (valuesArray == null) { + when(aResource.getValues()).thenReturn(null); + } else { + when(aResource.getValues()).thenReturn(Arrays.asList(valuesArray)); + } + when(aResource.getIsExcludes()).thenReturn(isExcludes); + when(aResource.getIsRecursive()).thenReturn(isRecursive); + result.put(resourceName, aResource); + } + return result; + } }
