incubator-ranger git commit: RANGER-274: Fixed tag-servicedef-impl and unit tests

Tue, 07 Jul 2015 19:44:53 -0700 

Repository: incubator-ranger
Updated Branches:
  refs/heads/tag-policy 024dfbf09 -> 4bbf3906b


RANGER-274: Fixed tag-servicedef-impl and unit tests

Signed-off-by: Madhan Neethiraj <[email protected]>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/4bbf3906
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/4bbf3906
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/4bbf3906

Branch: refs/heads/tag-policy
Commit: 4bbf3906b080c9d5f31eec10344a7680ea97d8ca
Parents: 024dfbf
Author: Abhay Kulkarni <[email protected]>
Authored: Tue Jul 7 13:28:09 2015 -0700
Committer: Madhan Neethiraj <[email protected]>
Committed: Wed Jul 8 07:28:13 2015 +0530

----------------------------------------------------------------------
 .../ranger/admin/client/RangerAdminRESTClient.java     |  9 +++++----
 .../ranger/plugin/policyengine/TestPolicyEngine.java   | 13 +++++++++++--
 .../policyengine/test_policyengine_tag_hive.json       |  9 ++++++---
 3 files changed, 22 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bbf3906/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
----------------------------------------------------------------------
diff --git 
a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
 
b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
index 4f07489..edc0e63 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
@@ -79,11 +79,12 @@ public class RangerAdminRESTClient implements 
RangerAdminClient {
                String sslConfigFileName = 
RangerConfigPropertyRepository.getProperty(propertyPrefix + 
".policy.rest.ssl.config.file");
 
                if (url == null) {
-                       // Use externalurl
-                       if(LOG.isDebugEnabled()) {
-                               LOG.info("RangerAdminRESTClient.init() : null 
url found for property " + propertyPrefix + ".policy.rest.url, using value of 
ranger.externalurl property instead.");
-                               url = 
RangerConfigPropertyRepository.getProperty("ranger.externalurl");
+
+                       if(LOG.isInfoEnabled()) {
+                               LOG.info("RangerAdminRESTClient.init() : no 
such property " + propertyPrefix + ".policy.rest.url, using value of 
ranger.externalurl property instead.");
                        }
+
+                       url = 
RangerConfigPropertyRepository.getProperty("ranger.externalurl");
                }
 
                if(LOG.isDebugEnabled()) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bbf3906/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git 
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
 
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
index 23c8809..e5b2f77 100644
--- 
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++ 
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -214,6 +214,7 @@ public class TestPolicyEngine {
                RangerAccessRequest request = null;
 
                for(TestData test : testCase.tests) {
+
                        if 
(test.request.getContext().containsKey(RangerPolicyEngine.KEY_CONTEXT_TAGS)) {
                                // Create a new AccessRequest
                                RangerAccessRequestImpl newRequest =
@@ -244,16 +245,24 @@ public class TestPolicyEngine {
                                        }
                                }
 
-
                                newRequest.setContext(context);
 
+                               // accessResource.ServiceDef is set here, so 
that we can skip call to policyEngine.preProcess() which
+                               // sets the serviceDef in the resource AND 
calls enrichers. We dont want enrichers to be called when
+                               // context already contains tags -- This may 
change when we want enrichers to enrich request in the
+                               // presence of tags!!!
+
+                               // Safe cast
+                               RangerAccessResourceImpl accessResource = 
(RangerAccessResourceImpl) test.request.getResource();
+                               
accessResource.setServiceDef(testCase.serviceDef);
+
                                request = newRequest;
 
                        }
                        else {
                                request = test.request;
+                               policyEngine.preProcess(request);
                        }
-                       policyEngine.preProcess(request);
 
                        RangerAccessResult expected = test.result;
                        RangerAccessResultProcessor auditHandler = new 
RangerDefaultAuditHandler();

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bbf3906/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
----------------------------------------------------------------------
diff --git 
a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json 
b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
index ebe788b..e6e137d 100644
--- 
a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
+++ 
b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
@@ -130,7 +130,7 @@
           "itemId": 1,
           "name" : "TagEnricher",
           "enricher" : 
"org.apache.ranger.plugin.contextenricher.RangerTagProvider",
-          "enricherOptions" : {"tagProviderType":"RANGER_ADMIN_TAG_PROVIDER", 
"pollingInterval":-1, "useTestTagProvider":"true", 
"dataFile":"/etc/ranger/data/resourceTags.txt"}
+          "enricherOptions" : 
{"tagProviderType":"FILESTORE_BASED_TAG_PROVIDER", "pollingInterval":-1, 
"useTestTagProvider":"true", "dataFile":"/etc/ranger/data/resourceTags.txt"}
         }
       ],
       "policyConditions": [
@@ -204,14 +204,17 @@
     {"name":"ALLOW 'select name from employee.personal;' for user1 - no tag",
       "request":{
         "resource":{"elements":{"database":"employee", "table":"personal", 
"column":"name"}},
-        
"accessType":"select","user":"user1","userGroups":[],"requestData":"select name 
from employee.personal;' for user1"
+        
"accessType":"select","user":"user1","userGroups":[],"requestData":"select name 
from employee.personal;' for user1",
+        "context": {"TAGS":""}
+
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":101}
     },
     {"name":"ALLOW 'select name from employee.personal;' for user2 - no tag",
       "request":{
         "resource":{"elements":{"database":"employee", "table":"personal", 
"column":"name"}},
-        
"accessType":"select","user":"user2","userGroups":[],"requestData":"select name 
from employee.personal;' for user2"
+        
"accessType":"select","user":"user2","userGroups":[],"requestData":"select name 
from employee.personal;' for user2",
+        "context": {"TAGS":""}
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":101}
     },

Reply via email to