Started including some of the testcode in PMD
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1a2f3f33 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1a2f3f33 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1a2f3f33 Branch: refs/heads/master Commit: 1a2f3f33c938f9f9176208d2278d512fab222afe Parents: 9918c8d Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Aug 31 10:29:57 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Aug 31 10:29:57 2016 +0100 ---------------------------------------------------------------------- .../conditionevaluator/RangerIpMatcherTest.java | 177 +++++++-------- .../RangerTimeOfDayMatcherTest.java | 42 ++-- .../TestRangerPolicyResourceSignature.java | 44 ++-- .../validation/TestRangerPolicyValidator.java | 156 +++++++------ .../validation/TestRangerServiceValidator.java | 34 ++- .../model/validation/TestRangerValidator.java | 227 +++++++++---------- .../model/validation/ValidationTestUtils.java | 16 +- .../ranger/plugin/store/TestServiceStore.java | 1 - .../ranger/plugin/store/TestTagStore.java | 1 - .../credentialapi/TestCredentialReader.java | 2 - .../ranger/credentialapi/Testbuildks.java | 4 - .../hbase/AuthorizationSessionTest.java | 65 +++--- .../authorization/hbase/ColumnIteratorTest.java | 16 +- .../RangerAuthorizationCoprocessorTest.java | 2 - .../hbase/RangerAuthorizationFilterTest.java | 4 - .../authorization/hbase/TestPolicyEngine.java | 5 - .../services/hbase/TestRangerServiceHBase.java | 8 - .../services/hive/HIVERangerAuthorizerTest.java | 39 ++-- pom.xml | 1 + .../test/Impl/TestChildFistClassLoader.java | 1 - .../plugin/classloader/test/TestPlugin.java | 2 +- 21 files changed, 398 insertions(+), 449 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1a2f3f33/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java index 1e82c65..cd9c4d4 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java @@ -20,10 +20,6 @@ package org.apache.ranger.plugin.conditionevaluator; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -33,6 +29,7 @@ import java.util.List; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; import org.junit.After; +import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -53,24 +50,24 @@ public class RangerIpMatcherTest { // this documents some unexpected behavior of the ip matcher RangerIpMatcher ipMatcher = createMatcher(new String[]{"1.2.3.*"} ); // NOTE: absurd and downright illegal ipv4 address would match too! - assertTrue(ipMatcher.isMatched(createRequest("1.2.3.123567"))); - assertTrue(ipMatcher.isMatched(createRequest("1.2.3..123567"))); - assertTrue(ipMatcher.isMatched(createRequest("1.2.3.boo"))); - assertTrue(ipMatcher.isMatched(createRequest("1.2.3."))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3.123567"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3..123567"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3.boo"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3."))); // wildcard match happens only at the end ipMatcher = createMatcher(new String[]{"1.*.3.4"} ); - assertFalse(ipMatcher.isMatched(createRequest("1.3.3.4"))); - assertFalse(ipMatcher.isMatched(createRequest("1.1.3.4"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("1.3.3.4"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("1.1.3.4"))); // it becomes a literal match! - assertTrue(ipMatcher.isMatched(createRequest("1.*.3.4"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.*.3.4"))); // same is true of ipv6 ipMatcher = createMatcher(new String[]{"99:a9:b9:c9:*"} ); // NOTE: absurd and downright illegal ipv4 address would match too! - assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9:*"))); - assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9:1.3.4"))); - assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9: <:-) "))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9:*"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9:1.3.4"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9: <:-) "))); } @Test @@ -78,73 +75,73 @@ public class RangerIpMatcherTest { List<String> ips = Arrays.asList("1.2.3.", "1.3.", "2.", "a0:b0:c0:", "a0:b1:", "a2:"); RangerIpMatcher matcher = new RangerIpMatcher(); - assertTrue(matcher.isWildcardMatched(ips, "1.2.3.4")); - assertTrue(matcher.isWildcardMatched(ips, "1.3.3.4")); - assertTrue(matcher.isWildcardMatched(ips, "2.3.3.4")); + Assert.assertTrue(matcher.isWildcardMatched(ips, "1.2.3.4")); + Assert.assertTrue(matcher.isWildcardMatched(ips, "1.3.3.4")); + Assert.assertTrue(matcher.isWildcardMatched(ips, "2.3.3.4")); - assertTrue(matcher.isWildcardMatched(ips, "A0:B0:C0:D0:E0:F0")); - assertTrue(matcher.isWildcardMatched(ips, "A0:B1:C0:D0:E0:F0")); - assertTrue(matcher.isWildcardMatched(ips, "A2:B0:C1:D2:E3:F4")); + Assert.assertTrue(matcher.isWildcardMatched(ips, "A0:B0:C0:D0:E0:F0")); + Assert.assertTrue(matcher.isWildcardMatched(ips, "A0:B1:C0:D0:E0:F0")); + Assert.assertTrue(matcher.isWildcardMatched(ips, "A2:B0:C1:D2:E3:F4")); - assertFalse(matcher.isWildcardMatched(ips, "1.2.33.4")); - assertFalse(matcher.isWildcardMatched(ips, "1.33.3.4")); - assertFalse(matcher.isWildcardMatched(ips, "22.3.3.4")); + Assert.assertFalse(matcher.isWildcardMatched(ips, "1.2.33.4")); + Assert.assertFalse(matcher.isWildcardMatched(ips, "1.33.3.4")); + Assert.assertFalse(matcher.isWildcardMatched(ips, "22.3.3.4")); - assertFalse(matcher.isWildcardMatched(ips, "A0:B0:00:D0:E0:F0")); - assertFalse(matcher.isWildcardMatched(ips, "A0:B2:C0:D0:E0:F0")); - assertFalse(matcher.isWildcardMatched(ips, "22:B0:C1:D2:E3:F4")); + Assert.assertFalse(matcher.isWildcardMatched(ips, "A0:B0:00:D0:E0:F0")); + Assert.assertFalse(matcher.isWildcardMatched(ips, "A0:B2:C0:D0:E0:F0")); + Assert.assertFalse(matcher.isWildcardMatched(ips, "22:B0:C1:D2:E3:F4")); } @Test public void test_isExactlyMatched() { List<String> ips = Arrays.asList("1.2.3.1", "1.2.3.11", "1.2.3.111", "a0:b0:c0:d0:e0:f0", "a0:b0:c0:d0:e0:f1", "a0:b0:c0:d0:e0:f2"); RangerIpMatcher matcher = new RangerIpMatcher(); - assertTrue(matcher.isExactlyMatched(ips, "1.2.3.1")); - assertTrue(matcher.isExactlyMatched(ips, "1.2.3.111")); - assertTrue(matcher.isExactlyMatched(ips, "A0:B0:C0:D0:E0:F1")); - assertTrue(matcher.isExactlyMatched(ips, "a0:b0:c0:d0:e0:f1")); + Assert.assertTrue(matcher.isExactlyMatched(ips, "1.2.3.1")); + Assert.assertTrue(matcher.isExactlyMatched(ips, "1.2.3.111")); + Assert.assertTrue(matcher.isExactlyMatched(ips, "A0:B0:C0:D0:E0:F1")); + Assert.assertTrue(matcher.isExactlyMatched(ips, "a0:b0:c0:d0:e0:f1")); - assertFalse(matcher.isExactlyMatched(ips, "1.2.3.2")); - assertFalse(matcher.isExactlyMatched(ips, "a0:b0:c0:d0:e0:f3")); + Assert.assertFalse(matcher.isExactlyMatched(ips, "1.2.3.2")); + Assert.assertFalse(matcher.isExactlyMatched(ips, "a0:b0:c0:d0:e0:f3")); } @Test public void test_extractIp() { RangerIpMatcher matcher = new RangerIpMatcher(); - assertNull(matcher.extractIp(null)); + Assert.assertNull(matcher.extractIp(null)); RangerAccessRequest request = mock(RangerAccessRequest.class); when(request.getClientIPAddress()).thenReturn(null); - assertNull(matcher.extractIp(request)); + Assert.assertNull(matcher.extractIp(request)); when(request.getClientIPAddress()).thenReturn("anIp"); // note ip address is merely a string. It can be any string. - assertEquals("anIp", matcher.extractIp(request)); + Assert.assertEquals("anIp", matcher.extractIp(request)); } @Test public void test_digestIp() { // comlete wildcards get reduced to empty string. RangerIpMatcher matcher = new RangerIpMatcher(); - assertEquals("", matcher.digestPolicyIp("*")); - assertEquals("", matcher.digestPolicyIp("*.*")); - assertEquals("", matcher.digestPolicyIp("*.*.*")); - assertEquals("", matcher.digestPolicyIp("*.*.*.*")); - assertEquals("", matcher.digestPolicyIp("*:*:*:*")); - assertEquals("", matcher.digestPolicyIp("*:*:*:*:*:*")); + Assert.assertEquals("", matcher.digestPolicyIp("*")); + Assert.assertEquals("", matcher.digestPolicyIp("*.*")); + Assert.assertEquals("", matcher.digestPolicyIp("*.*.*")); + Assert.assertEquals("", matcher.digestPolicyIp("*.*.*.*")); + Assert.assertEquals("", matcher.digestPolicyIp("*:*:*:*")); + Assert.assertEquals("", matcher.digestPolicyIp("*:*:*:*:*:*")); // wildcard parts get dropped; retails trailing ./: to avoid doing partial number match - assertEquals("10.", matcher.digestPolicyIp("10.*")); - assertEquals("10.", matcher.digestPolicyIp("10.*.*")); - assertEquals("10.", matcher.digestPolicyIp("10.*.*.*")); - assertEquals("10.20.", matcher.digestPolicyIp("10.20.*")); - assertEquals("10.20.", matcher.digestPolicyIp("10.20.*.*")); - assertEquals("10.20.30.", matcher.digestPolicyIp("10.20.30.*")); + Assert.assertEquals("10.", matcher.digestPolicyIp("10.*")); + Assert.assertEquals("10.", matcher.digestPolicyIp("10.*.*")); + Assert.assertEquals("10.", matcher.digestPolicyIp("10.*.*.*")); + Assert.assertEquals("10.20.", matcher.digestPolicyIp("10.20.*")); + Assert.assertEquals("10.20.", matcher.digestPolicyIp("10.20.*.*")); + Assert.assertEquals("10.20.30.", matcher.digestPolicyIp("10.20.30.*")); // ipv6 digested values are also lower cased to ensure sensible comparison later - assertEquals("a0:", matcher.digestPolicyIp("A0:*")); - assertEquals("a0:", matcher.digestPolicyIp("a0:*:*")); - assertEquals("a0:", matcher.digestPolicyIp("A0:*:*:*")); - assertEquals("a0:b0:c0:", matcher.digestPolicyIp("A0:B0:C0:*")); + Assert.assertEquals("a0:", matcher.digestPolicyIp("A0:*")); + Assert.assertEquals("a0:", matcher.digestPolicyIp("a0:*:*")); + Assert.assertEquals("a0:", matcher.digestPolicyIp("A0:*:*:*")); + Assert.assertEquals("a0:b0:c0:", matcher.digestPolicyIp("A0:B0:C0:*")); } @Test @@ -152,76 +149,76 @@ public class RangerIpMatcherTest { RangerIpMatcher ipMatcher = createMatcher(null); // Matcher initialized with null policy should behave sensibly! It matches everything! - assertTrue(ipMatcher.isMatched(createRequest("1.2.3.4"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3.4"))); // empty ip-address list is same as null, i.e. matchs anything! ipMatcher = createMatcher(new String[]{}); - assertTrue(ipMatcher.isMatched(createRequest("1.2.3.4"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3.4"))); // wildcard address will match anything -- ipv4 and ipv6 addresses ipMatcher = createMatcher(new String[]{"*"}); - assertTrue(ipMatcher.isMatched(createRequest("1.2.3.4"))); - assertTrue(ipMatcher.isMatched(createRequest("1:2:3:4:5:6"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3.4"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1:2:3:4:5:6"))); // partial wildcard matches work as expected. ipMatcher = createMatcher(new String[]{"1.2.3.*"} ); - assertTrue(ipMatcher.isMatched(createRequest("1.2.3.4"))); - assertTrue(ipMatcher.isMatched(createRequest("1.2.3.123"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3.4"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3.123"))); // NOTE: absurd ipv4 address but it should match too! - assertTrue(ipMatcher.isMatched(createRequest("1.2.3.123567"))); - assertTrue(ipMatcher.isMatched(createRequest("1.2.3..123567"))); - assertTrue(ipMatcher.isMatched(createRequest("1.2.3.boo"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3.123567"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3..123567"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("1.2.3.boo"))); // mismatches caught correctly - assertFalse(ipMatcher.isMatched(createRequest("1.2.31.123567"))); - assertFalse(ipMatcher.isMatched(createRequest("1.2.33.123567"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("1.2.31.123567"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("1.2.33.123567"))); // no address has special meaning - assertFalse(ipMatcher.isMatched(createRequest("1.2.0.0"))); - assertFalse(ipMatcher.isMatched(createRequest("1.2.255.255"))); - assertFalse(ipMatcher.isMatched(createRequest("1.2.254.254"))); - assertFalse(ipMatcher.isMatched(createRequest("0.0.0.0"))); - assertFalse(ipMatcher.isMatched(createRequest("255.255.255.255"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("1.2.0.0"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("1.2.255.255"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("1.2.254.254"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("0.0.0.0"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("255.255.255.255"))); // wild card can be more than one octets ipMatcher = createMatcher(new String[]{"11.22.*.*"} ); - assertTrue(ipMatcher.isMatched(createRequest("11.22.33.4"))); - assertTrue(ipMatcher.isMatched(createRequest("11.22.33.44"))); - assertTrue(ipMatcher.isMatched(createRequest("11.22.253.190"))); - assertTrue(ipMatcher.isMatched(createRequest("11.22.253.190"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("11.22.33.4"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("11.22.33.44"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("11.22.253.190"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("11.22.253.190"))); // mismatches - assertFalse(ipMatcher.isMatched(createRequest("11.222.253.190"))); - assertFalse(ipMatcher.isMatched(createRequest("11.21.253.190"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("11.222.253.190"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("11.21.253.190"))); // one need't provide all the octets; missing ones are treaetd as wild cards ipMatcher = createMatcher(new String[]{"193.214.*"} ); // note just 3 octets in pattern - assertTrue(ipMatcher.isMatched(createRequest("193.214.3.4"))); - assertFalse(ipMatcher.isMatched(createRequest("193.21.253.190"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("193.214.3.4"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("193.21.253.190"))); // can't match ipv6 address using a ipv4 policy - assertFalse(ipMatcher.isMatched(createRequest("193:214:3:4"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("193:214:3:4"))); // same holds for ipv6 addresses ipMatcher = createMatcher(new String[]{"193:214:*"} ); - assertTrue(ipMatcher.isMatched(createRequest("193:214:3:4:5:6"))); - assertTrue(ipMatcher.isMatched(createRequest("193:214:13:94:a90:b4f"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("193:214:3:4:5:6"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("193:214:13:94:a90:b4f"))); // mismatches work as expected - assertFalse(ipMatcher.isMatched(createRequest("193:215:13:94:a90:b4f"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("193:215:13:94:a90:b4f"))); // can't match ipv4 address against ipv6 policy - assertFalse(ipMatcher.isMatched(createRequest("193.214.3.4"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("193.214.3.4"))); // direct match works as expected ipMatcher = createMatcher(new String[]{"99:a9:b9:c9:d9:e9"} ); - assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9:d9:e9"))); - assertFalse(ipMatcher.isMatched(createRequest("99:a9:b9:c9:d0:e9"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9:d9:e9"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("99:a9:b9:c9:d0:e9"))); // Matcher can support multiple patterns of different domains - a mix of ipv4 and ipv6 addresses ipMatcher = createMatcher(new String[]{"10.20.30.*", "99:a9:b9:c9:d9:*"} ); - assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9:d9:e9"))); - assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9:d9:e9"))); - assertFalse(ipMatcher.isMatched(createRequest("99:a9:b9:c9:dd:e9"))); - assertFalse(ipMatcher.isMatched(createRequest("89:a9:b9:c9:d9:e9"))); - assertTrue(ipMatcher.isMatched(createRequest("10.20.30.10"))); - assertTrue(ipMatcher.isMatched(createRequest("10.20.30.20"))); - assertFalse(ipMatcher.isMatched(createRequest("10.20.3.10"))); - assertFalse(ipMatcher.isMatched(createRequest("10.20.33.10"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9:d9:e9"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("99:a9:b9:c9:d9:e9"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("99:a9:b9:c9:dd:e9"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("89:a9:b9:c9:d9:e9"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("10.20.30.10"))); + Assert.assertTrue(ipMatcher.isMatched(createRequest("10.20.30.20"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("10.20.3.10"))); + Assert.assertFalse(ipMatcher.isMatched(createRequest("10.20.33.10"))); } RangerIpMatcher createMatcher(String[] ipArray) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1a2f3f33/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java index 7e8ef0a..3611896 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java @@ -19,11 +19,6 @@ package org.apache.ranger.plugin.conditionevaluator; -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -37,6 +32,7 @@ import java.util.regex.Pattern; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; +import org.junit.Assert; import org.junit.Test; import com.google.common.collect.Lists; @@ -85,9 +81,9 @@ public class RangerTimeOfDayMatcherTest { for (String aDuration : durations) { Matcher matcher = p.matcher(aDuration); if (match) { - assertTrue(aDuration, matcher.matches()); + Assert.assertTrue(aDuration, matcher.matches()); } else { - assertFalse(aDuration, matcher.matches()); + Assert.assertFalse(aDuration, matcher.matches()); } } } @@ -113,14 +109,14 @@ public class RangerTimeOfDayMatcherTest { void checkGroups(String[][] input) { for (String[] data : input) { Matcher m = p.matcher(data[0]); - assertTrue(data[0], m.matches()); - assertEquals(8, m.groupCount()); - assertEquals(data[1], m.group(1)); - assertEquals(data[2], m.group(3)); - assertEquals(data[3], m.group(4)); - assertEquals(data[4], m.group(5)); - assertEquals(data[5], m.group(7)); - assertEquals(data[6], m.group(8)); + Assert.assertTrue(data[0], m.matches()); + Assert.assertEquals(8, m.groupCount()); + Assert.assertEquals(data[1], m.group(1)); + Assert.assertEquals(data[2], m.group(3)); + Assert.assertEquals(data[3], m.group(4)); + Assert.assertEquals(data[4], m.group(5)); + Assert.assertEquals(data[5], m.group(7)); + Assert.assertEquals(data[6], m.group(8)); } } @@ -143,9 +139,9 @@ public class RangerTimeOfDayMatcherTest { if (expectedToMatch) { int start = (Integer)data[2]; int end = (Integer)data[3]; - assertArrayEquals(new int[] { start, end }, duration); + Assert.assertArrayEquals(new int[] { start, end }, duration); } else { - assertNull(duration); + Assert.assertNull(duration); } } } @@ -174,9 +170,9 @@ public class RangerTimeOfDayMatcherTest { boolean matchExpected = (boolean)data[1]; boolean result = matcher.durationMatched(durations, hour, 0); if (matchExpected) { - assertTrue("" + hour, result); + Assert.assertTrue("" + hour, result); } else { - assertFalse("" + hour, result); + Assert.assertFalse("" + hour, result); } } } @@ -220,9 +216,9 @@ public class RangerTimeOfDayMatcherTest { when(request.getAccessTime()).thenReturn(aDate); boolean matchExpected = (boolean)data[2]; if (matchExpected) { - assertTrue("" + hour, matcher.isMatched(request)); + Assert.assertTrue("" + hour, matcher.isMatched(request)); } else { - assertFalse("" + hour, matcher.isMatched(request)); + Assert.assertFalse("" + hour, matcher.isMatched(request)); } } } @@ -264,9 +260,9 @@ public class RangerTimeOfDayMatcherTest { when(request.getAccessTime()).thenReturn(aDate); boolean matchExpected = (boolean)data[2]; if (matchExpected) { - assertTrue("" + hour, matcher.isMatched(request)); + Assert.assertTrue("" + hour, matcher.isMatched(request)); } else { - assertFalse("" + hour, matcher.isMatched(request)); + Assert.assertFalse("" + hour, matcher.isMatched(request)); } } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1a2f3f33/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java index 8c8c4c0..62cd547 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java @@ -19,9 +19,6 @@ package org.apache.ranger.plugin.model; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -34,6 +31,7 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.model.RangerPolicyResourceSignature.ResourceSerializer; import org.apache.ranger.plugin.model.RangerPolicyResourceSignature.PolicySerializer; import org.apache.ranger.plugin.model.validation.ValidationTestUtils; +import org.junit.Assert; import org.junit.Test; public class TestRangerPolicyResourceSignature { @@ -43,22 +41,22 @@ public class TestRangerPolicyResourceSignature { // null resource RangerPolicyResource resource = null; ResourceSerializer serializer = new ResourceSerializer(resource); - assertEquals("{}", serializer.toString()); + Assert.assertEquals("{}", serializer.toString()); // non-null policy resource with null values/recursive flag resource = createPolicyResource(null, null, null); serializer = new ResourceSerializer(resource); - assertEquals("{values=,excludes=false,recursive=false}", serializer.toString()); + Assert.assertEquals("{values=,excludes=false,recursive=false}", serializer.toString()); // valid values in non-asending order resource = createPolicyResource(new String[]{"b", "a", "d", "c"}, true, false); serializer = new ResourceSerializer(resource); - assertEquals("{values=[a, b, c, d],excludes=false,recursive=true}", serializer.toString()); + Assert.assertEquals("{values=[a, b, c, d],excludes=false,recursive=true}", serializer.toString()); // recursive flag is false and different variation of values to show lexicographic ordering resource = createPolicyResource(new String[]{"9", "A", "e", "_"}, false, true); serializer = new ResourceSerializer(resource); - assertEquals("{values=[9, A, _, e],excludes=true,recursive=false}", serializer.toString()); + Assert.assertEquals("{values=[9, A, _, e],excludes=true,recursive=false}", serializer.toString()); } RangerPolicyResource createPolicyResource(String[] values, Boolean recursive, Boolean excludes) { @@ -80,33 +78,33 @@ public class TestRangerPolicyResourceSignature { // null policy is invalid RangerPolicy rangerPolicy = null; PolicySerializer policySerializer = new PolicySerializer(rangerPolicy); - assertFalse("policy==null", policySerializer.isPolicyValidForResourceSignatureComputation()); + Assert.assertFalse("policy==null", policySerializer.isPolicyValidForResourceSignatureComputation()); // null resource map is invalid rangerPolicy = mock(RangerPolicy.class); when(rangerPolicy.getResources()).thenReturn(null); policySerializer = new PolicySerializer(rangerPolicy); - assertFalse("policy.getResources()==null", policySerializer.isPolicyValidForResourceSignatureComputation()); + Assert.assertFalse("policy.getResources()==null", policySerializer.isPolicyValidForResourceSignatureComputation()); // empty resources map is ok! Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>(); when(rangerPolicy.getResources()).thenReturn(policyResources); policySerializer = new PolicySerializer(rangerPolicy); - assertTrue("policy.getResources().isEmpty()", policySerializer.isPolicyValidForResourceSignatureComputation()); + Assert.assertTrue("policy.getResources().isEmpty()", policySerializer.isPolicyValidForResourceSignatureComputation()); // but having a resource map with null key is not ok! RangerPolicyResource aPolicyResource = mock(RangerPolicyResource.class); policyResources.put(null, aPolicyResource); policySerializer = new PolicySerializer(rangerPolicy); - assertFalse("policy.getResources().contains(null)", policySerializer.isPolicyValidForResourceSignatureComputation()); + Assert.assertFalse("policy.getResources().contains(null)", policySerializer.isPolicyValidForResourceSignatureComputation()); } @Test public void test_RangerPolicyResourceSignature() { // String rep of a null policy is an empty string! and its hash is sha of empty string! RangerPolicyResourceSignature signature = new RangerPolicyResourceSignature((String)null); - assertEquals("", signature.asString()); - assertEquals(DigestUtils.md5Hex(""), signature.getSignature()); + Assert.assertEquals("", signature.asString()); + Assert.assertEquals(DigestUtils.md5Hex(""), signature.getSignature()); } /* @@ -154,7 +152,7 @@ public class TestRangerPolicyResourceSignature { // null policy returns signature of empty resource RangerPolicy policy = null; PolicySerializer serializer = new PolicySerializer(policy); - assertTrue("Null policy", serializer.toString() == ""); + Assert.assertTrue("Null policy", serializer.toString() == ""); policy = mock(RangerPolicy.class); when(policy.getPolicyType()).thenReturn(null); @@ -170,17 +168,17 @@ public class TestRangerPolicyResourceSignature { "}"; String serializationFormat = "{%s,%s,resource=%s}"; String expectedFull = String.format(serializationFormat, expectedVersion, expectedType, expectedResource); - assertEquals(expectedFull, serializer.toString()); + Assert.assertEquals(expectedFull, serializer.toString()); // order of values should not matter policyResources = _utils.createPolicyResourceMap(data_second); when(policy.getResources()).thenReturn(policyResources); - assertEquals(expectedFull, serializer.toString()); + Assert.assertEquals(expectedFull, serializer.toString()); // changing the policy type has expected changes when(policy.getPolicyType()).thenReturn(1); expectedType="type=1"; expectedFull = String.format(serializationFormat, expectedVersion, expectedType, expectedResource); - assertEquals(expectedFull, serializer.toString()); + Assert.assertEquals(expectedFull, serializer.toString()); } @@ -191,7 +189,7 @@ public class TestRangerPolicyResourceSignature { RangerPolicy policy2 = createPolicy(first_recursive_null_or_false); RangerPolicyResourceSignature signature1 = new RangerPolicyResourceSignature(policy1); RangerPolicyResourceSignature signature2 = new RangerPolicyResourceSignature(policy2); - assertEquals("Recursive flag: null is same as false", signature1.toString(), signature2.toString()); + Assert.assertEquals("Recursive flag: null is same as false", signature1.toString(), signature2.toString()); } @Test @@ -201,7 +199,7 @@ public class TestRangerPolicyResourceSignature { RangerPolicy policy2 = createPolicy(first_recursive_flag_different); RangerPolicyResourceSignature signature1 = new RangerPolicyResourceSignature(policy1); RangerPolicyResourceSignature signature2 = new RangerPolicyResourceSignature(policy2); - assertFalse("Resources differ only by recursive flag true vs false/null", signature1.toString().equals(signature2.toString())); + Assert.assertFalse("Resources differ only by recursive flag true vs false/null", signature1.toString().equals(signature2.toString())); } @Test @@ -211,7 +209,7 @@ public class TestRangerPolicyResourceSignature { RangerPolicy policy2 = createPolicy(first_excludes_null_or_false); RangerPolicyResourceSignature signature1 = new RangerPolicyResourceSignature(policy1); RangerPolicyResourceSignature signature2 = new RangerPolicyResourceSignature(policy2); - assertEquals("Excludes flag: null is same as false", signature1.toString(), signature2.toString()); + Assert.assertEquals("Excludes flag: null is same as false", signature1.toString(), signature2.toString()); } @Test @@ -221,7 +219,7 @@ public class TestRangerPolicyResourceSignature { RangerPolicy policy2 = createPolicy(first_excludes_flag_different); RangerPolicyResourceSignature signature1 = new RangerPolicyResourceSignature(policy1); RangerPolicyResourceSignature signature2 = new RangerPolicyResourceSignature(policy2); - assertFalse("Resources differ only by excludes flag true vs false/null", signature1.toString().equals(signature2.toString())); + Assert.assertFalse("Resources differ only by excludes flag true vs false/null", signature1.toString().equals(signature2.toString())); } RangerPolicy createPolicy(Object[][] data) { @@ -243,8 +241,8 @@ public class TestRangerPolicyResourceSignature { resources = _utils.createPolicyResourceMap(data_second); when(anotherPolicy.getResources()).thenReturn(resources); RangerPolicyResourceSignature anotherSignature = new RangerPolicyResourceSignature(anotherPolicy); - assertTrue(signature.equals(anotherSignature)); - assertTrue(anotherSignature.equals(signature)); + Assert.assertTrue(signature.equals(anotherSignature)); + Assert.assertTrue(anotherSignature.equals(signature)); } ValidationTestUtils _utils = new ValidationTestUtils(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1a2f3f33/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java index c757a0b..fecb67a 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java @@ -19,9 +19,6 @@ package org.apache.ranger.plugin.model.validation; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; import static org.mockito.Matchers.argThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -46,6 +43,7 @@ import org.apache.ranger.plugin.model.validation.RangerValidator.Action; import org.apache.ranger.plugin.store.ServiceStore; import org.apache.ranger.plugin.util.RangerObjectFactory; import org.apache.ranger.plugin.util.SearchFilter; +import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.mockito.ArgumentMatcher; @@ -158,11 +156,11 @@ public class TestRangerPolicyValidator { @Test public final void testIsValid_long() throws Exception { // this validation should be removed if we start supporting other than delete action - assertFalse(_validator.isValid(3L, Action.CREATE, _failures)); + Assert.assertFalse(_validator.isValid(3L, Action.CREATE, _failures)); _utils.checkFailureForInternalError(_failures); // should fail with appropriate error message if id is null - _failures.clear(); _failures.clear(); assertFalse(_validator.isValid((Long)null, Action.DELETE, _failures)); + _failures.clear(); _failures.clear(); Assert.assertFalse(_validator.isValid((Long)null, Action.DELETE, _failures)); _utils.checkFailureForMissingValue(_failures, "id"); // should not fail if policy can't be found for the specified id @@ -170,14 +168,14 @@ public class TestRangerPolicyValidator { when(_store.getPolicy(2L)).thenThrow(new Exception()); RangerPolicy existingPolicy = mock(RangerPolicy.class); when(_store.getPolicy(3L)).thenReturn(existingPolicy); - _failures.clear(); assertTrue(_validator.isValid(1L, Action.DELETE, _failures)); - assertTrue(_failures.isEmpty()); - _failures.clear(); assertTrue(_validator.isValid(2L, Action.DELETE, _failures)); - assertTrue(_failures.isEmpty()); + _failures.clear(); Assert.assertTrue(_validator.isValid(1L, Action.DELETE, _failures)); + Assert.assertTrue(_failures.isEmpty()); + _failures.clear(); Assert.assertTrue(_validator.isValid(2L, Action.DELETE, _failures)); + Assert.assertTrue(_failures.isEmpty()); // if policy exists then delete validation should pass, too! - _failures.clear(); assertTrue(_validator.isValid(3L, Action.DELETE, _failures)); - assertTrue(_failures.isEmpty()); + _failures.clear(); Assert.assertTrue(_validator.isValid(3L, Action.DELETE, _failures)); + Assert.assertTrue(_failures.isEmpty()); } @Test @@ -189,7 +187,7 @@ public class TestRangerPolicyValidator { when(_policy.getService()).thenReturn("non-existing-service-name"); when(_store.getServiceByName("non-existing-service-name")).thenReturn(null); - assertFalse(action.toString(), _validator.isValid(_policy, action, isAdmin, _failures)); + Assert.assertFalse(action.toString(), _validator.isValid(_policy, action, isAdmin, _failures)); // 2. update a policy to change the service-name RangerPolicy existingPolicy = mock(RangerPolicy.class); @@ -210,7 +208,7 @@ public class TestRangerPolicyValidator { when(_store.getServiceByName("service-name2")).thenReturn(service2); action = Action.UPDATE; - assertFalse(action.toString(), _validator.isValid(_policy, action, isAdmin, _failures)); + Assert.assertFalse(action.toString(), _validator.isValid(_policy, action, isAdmin, _failures)); // 3. update a policy to change the policy-type when(existingPolicy.getId()).thenReturn(8L); @@ -221,7 +219,7 @@ public class TestRangerPolicyValidator { when(_policy.getService()).thenReturn("service-name"); when(_policy.getPolicyType()).thenReturn(Integer.valueOf(1)); - assertFalse(action.toString(), _validator.isValid(_policy, action, isAdmin, _failures)); + Assert.assertFalse(action.toString(), _validator.isValid(_policy, action, isAdmin, _failures)); } @Test @@ -264,18 +262,18 @@ public class TestRangerPolicyValidator { if (action == Action.CREATE) { when(_policy.getId()).thenReturn(7L); when(_policy.getName()).thenReturn("policy-name-1"); - assertTrue("" + action + ", " + auditEnabled, _validator.isValid(_policy, action, isAdmin, _failures)); - assertTrue(_failures.isEmpty()); + Assert.assertTrue("" + action + ", " + auditEnabled, _validator.isValid(_policy, action, isAdmin, _failures)); + Assert.assertTrue(_failures.isEmpty()); } else { // update should work both when by-name is found or not, since nothing found by-name means name is being updated. when(_policy.getId()).thenReturn(8L); when(_policy.getName()).thenReturn("policy-name-1"); - assertTrue("" + action + ", " + auditEnabled, _validator.isValid(_policy, action, isAdmin, _failures)); - assertTrue(_failures.isEmpty()); + Assert.assertTrue("" + action + ", " + auditEnabled, _validator.isValid(_policy, action, isAdmin, _failures)); + Assert.assertTrue(_failures.isEmpty()); when(_policy.getName()).thenReturn("policy-name-2"); - assertTrue("" + action + ", " + auditEnabled, _validator.isValid(_policy, action, isAdmin, _failures)); - assertTrue(_failures.isEmpty()); + Assert.assertTrue("" + action + ", " + auditEnabled, _validator.isValid(_policy, action, isAdmin, _failures)); + Assert.assertTrue(_failures.isEmpty()); } } } @@ -293,8 +291,8 @@ public class TestRangerPolicyValidator { when(_policy.getId()).thenReturn(8L); when(_policy.getName()).thenReturn("policy-name-2"); } - assertTrue("" + action , _validator.isValid(_policy, action, isAdmin, _failures)); - assertTrue(_failures.isEmpty()); + Assert.assertTrue("" + action , _validator.isValid(_policy, action, isAdmin, _failures)); + Assert.assertTrue(_failures.isEmpty()); } } @@ -320,8 +318,8 @@ public class TestRangerPolicyValidator { when(_policy.getId()).thenReturn(8L); when(_policy.getName()).thenReturn("policy-name-2"); } - assertTrue("" + action , _validator.isValid(_policy, action, true, _failures)); // since policy resource has excludes admin privilages would be required - assertTrue(_failures.isEmpty()); + Assert.assertTrue("" + action , _validator.isValid(_policy, action, true, _failures)); // since policy resource has excludes admin privilages would be required + Assert.assertTrue(_failures.isEmpty()); } } @@ -333,7 +331,7 @@ public class TestRangerPolicyValidator { for (boolean isAdmin : new boolean[] { true, false}) { _failures.clear(); - assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); switch (errorType) { case "missing": _utils.checkFailureForMissingValue(_failures, field, subField); @@ -345,7 +343,7 @@ public class TestRangerPolicyValidator { _utils.checkFailureForInternalError(_failures); break; default: - fail("Unsupported errorType[" + errorType + "]"); + Assert.fail("Unsupported errorType[" + errorType + "]"); break; } } @@ -409,7 +407,7 @@ public class TestRangerPolicyValidator { existingPolicy = mock(RangerPolicy.class); existingPolicies.add(existingPolicy); for (boolean isAdmin : new boolean[] { true, false }) { - _failures.clear(); assertFalse(_validator.isValid(_policy, Action.UPDATE, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, Action.UPDATE, isAdmin, _failures)); _utils.checkFailureForInternalError(_failures); } @@ -418,11 +416,11 @@ public class TestRangerPolicyValidator { for (Action action : cu) { for (boolean isAdmin : new boolean[] { true, false }) { when(_policy.getService()).thenReturn(null); - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForMissingValue(_failures, "service name"); when(_policy.getService()).thenReturn(""); - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForMissingValue(_failures, "service name"); } } @@ -433,19 +431,19 @@ public class TestRangerPolicyValidator { for (Action action : cu) { for (boolean isAdmin : new boolean[] { true, false }) { when(_policy.getService()).thenReturn(null); - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForMissingValue(_failures, "service name"); when(_policy.getService()).thenReturn(null); - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForMissingValue(_failures, "service name"); when(_policy.getService()).thenReturn("service-name"); - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForSemanticError(_failures, "service name"); when(_policy.getService()).thenReturn("another-service-name"); - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForSemanticError(_failures, "service name"); } } @@ -459,11 +457,11 @@ public class TestRangerPolicyValidator { for (boolean isAdmin : new boolean[] { true, false }) { // when it is null when(_policy.getPolicyItems()).thenReturn(null); - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForMissingValue(_failures, "policy items"); // or when it is not null but empty. when(_policy.getPolicyItems()).thenReturn(policyItems); - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForMissingValue(_failures, "policy items"); } } @@ -476,7 +474,7 @@ public class TestRangerPolicyValidator { when(_store.getServiceDefByName("service-type")).thenReturn(null); for (Action action : cu) { for (boolean isAdmin : new boolean[] { true, false }) { - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForInternalError(_failures, "policy service def"); } } @@ -486,7 +484,7 @@ public class TestRangerPolicyValidator { when(_store.getServiceDefByName("service-type")).thenReturn(_serviceDef); for (Action action : cu) { for (boolean isAdmin : new boolean[] { true, false }) { - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForSemanticError(_failures, "policy item access type"); } } @@ -508,7 +506,7 @@ public class TestRangerPolicyValidator { when(_store.getPoliciesByResourceSignature("service-name", "hash-1", true)).thenReturn(null); // store does not have any policies for that signature hash for (Action action : cu) { for (boolean isAdmin : new boolean[] { true, false }) { - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForSemanticError(_failures, "resource-values", "col"); // for spurious resource: "extra" _utils.checkFailureForSemanticError(_failures, "isRecursive", "db"); // for specifying it as true when def did not allow it _utils.checkFailureForSemanticError(_failures, "isExcludes", "col"); // for specifying it as true when def did not allow it @@ -519,7 +517,7 @@ public class TestRangerPolicyValidator { when(_store.getPoliciesByResourceSignature("service-name", "hash-1", true)).thenReturn(existingPolicies); for (Action action : cu) { for (boolean isAdmin : new boolean[] { true, false }) { - _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures)); _utils.checkFailureForSemanticError(_failures, "policy resources"); } } @@ -540,26 +538,26 @@ public class TestRangerPolicyValidator { List<RangerResourceDef> resourceDefs = _utils.createResourceDefs(resourceDefData); when(_serviceDef.getResources()).thenReturn(resourceDefs); Map<String, RangerPolicyResource> policyResources = _utils.createPolicyResourceMap(policyResourceMap_bad); - assertFalse(_validator.isValidResourceValues(policyResources, _failures, _serviceDef)); + Assert.assertFalse(_validator.isValidResourceValues(policyResources, _failures, _serviceDef)); _utils.checkFailureForSemanticError(_failures, "resource-values", "col"); policyResources = _utils.createPolicyResourceMap(policyResourceMap_good); - assertTrue(_validator.isValidResourceValues(policyResources, _failures, _serviceDef)); + Assert.assertTrue(_validator.isValidResourceValues(policyResources, _failures, _serviceDef)); } @Test public void test_isValidPolicyItems_failures() { // null/empty list is good because there is nothing - assertTrue(_validator.isValidPolicyItems(null, _failures, _serviceDef)); + Assert.assertTrue(_validator.isValidPolicyItems(null, _failures, _serviceDef)); _failures.isEmpty(); List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicy.RangerPolicyItem>(); - assertTrue(_validator.isValidPolicyItems(policyItems, _failures, _serviceDef)); + Assert.assertTrue(_validator.isValidPolicyItems(policyItems, _failures, _serviceDef)); _failures.isEmpty(); // null elements in the list are flagged policyItems.add(null); - assertFalse(_validator.isValidPolicyItems(policyItems, _failures, _serviceDef)); + Assert.assertFalse(_validator.isValidPolicyItems(policyItems, _failures, _serviceDef)); _utils.checkFailureForMissingValue(_failures, "policy item"); } @@ -569,12 +567,12 @@ public class TestRangerPolicyValidator { // empty access collections are invalid RangerPolicyItem policyItem = mock(RangerPolicyItem.class); when(policyItem.getAccesses()).thenReturn(null); - _failures.clear(); assertFalse(_validator.isValidPolicyItem(policyItem, _failures, _serviceDef)); + _failures.clear(); Assert.assertFalse(_validator.isValidPolicyItem(policyItem, _failures, _serviceDef)); _utils.checkFailureForMissingValue(_failures, "policy item accesses"); List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicy.RangerPolicyItemAccess>(); when(policyItem.getAccesses()).thenReturn(accesses); - _failures.clear(); assertFalse(_validator.isValidPolicyItem(policyItem, _failures, _serviceDef)); + _failures.clear(); Assert.assertFalse(_validator.isValidPolicyItem(policyItem, _failures, _serviceDef)); _utils.checkFailureForMissingValue(_failures, "policy item accesses"); // both user and groups can't be null @@ -582,7 +580,7 @@ public class TestRangerPolicyValidator { accesses.add(access); when(policyItem.getUsers()).thenReturn(null); when(policyItem.getGroups()).thenReturn(new ArrayList<String>()); - _failures.clear(); assertFalse(_validator.isValidPolicyItem(policyItem, _failures, _serviceDef)); + _failures.clear(); Assert.assertFalse(_validator.isValidPolicyItem(policyItem, _failures, _serviceDef)); _utils.checkFailureForMissingValue(_failures, "policy item users/user-groups"); } @@ -595,8 +593,8 @@ public class TestRangerPolicyValidator { // create a non-empty user-list List<String> users = Arrays.asList("user1"); when(policyItem.getUsers()).thenReturn(users); - _failures.clear(); assertTrue(_validator.isValidPolicyItem(policyItem, _failures, _serviceDef)); - assertTrue(_failures.isEmpty()); + _failures.clear(); Assert.assertTrue(_validator.isValidPolicyItem(policyItem, _failures, _serviceDef)); + Assert.assertTrue(_failures.isEmpty()); } @Test public void test_isValidItemAccesses_happyPath() { @@ -609,8 +607,8 @@ public class TestRangerPolicyValidator { }; List<RangerPolicyItemAccess> accesses = _utils.createItemAccess(data); _serviceDef = _utils.createServiceDefWithAccessTypes(new String[] { "a", "b", "c", "d" }); - assertTrue(_validator.isValidItemAccesses(accesses, _failures, _serviceDef)); - assertTrue(_failures.isEmpty()); + Assert.assertTrue(_validator.isValidItemAccesses(accesses, _failures, _serviceDef)); + Assert.assertTrue(_failures.isEmpty()); } @Test @@ -619,7 +617,7 @@ public class TestRangerPolicyValidator { // null policy item access values are an error List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>(); accesses.add(null); - _failures.clear(); assertFalse(_validator.isValidItemAccesses(accesses, _failures, _serviceDef)); + _failures.clear(); Assert.assertFalse(_validator.isValidItemAccesses(accesses, _failures, _serviceDef)); _utils.checkFailureForMissingValue(_failures, "policy item access"); // all items must be valid for this call to be valid @@ -630,7 +628,7 @@ public class TestRangerPolicyValidator { }; accesses = _utils.createItemAccess(data); _serviceDef = _utils.createServiceDefWithAccessTypes(new String[] { "a", "b", "c", "d" }); - _failures.clear(); assertFalse(_validator.isValidItemAccesses(accesses, _failures, _serviceDef)); + _failures.clear(); Assert.assertFalse(_validator.isValidItemAccesses(accesses, _failures, _serviceDef)); } @Test @@ -644,8 +642,8 @@ public class TestRangerPolicyValidator { // both null or true access types are the same and valid for (Boolean allowed : new Boolean[] { null, true } ) { when(access.getIsAllowed()).thenReturn(allowed); - assertTrue(_validator.isValidPolicyItemAccess(access, _failures, validAccesses)); - assertTrue(_failures.isEmpty()); + Assert.assertTrue(_validator.isValidPolicyItemAccess(access, _failures, validAccesses)); + Assert.assertTrue(_failures.isEmpty()); } } @@ -659,19 +657,19 @@ public class TestRangerPolicyValidator { for (String type : new String[] { null, " "}) { when(access.getType()).thenReturn(type); // invalid // null/empty validAccess set skips all checks - assertTrue(_validator.isValidPolicyItemAccess(access, _failures, null)); - assertTrue(_validator.isValidPolicyItemAccess(access, _failures, new HashSet<String>())); - _failures.clear(); assertFalse(_validator.isValidPolicyItemAccess(access, _failures, validAccesses)); + Assert.assertTrue(_validator.isValidPolicyItemAccess(access, _failures, null)); + Assert.assertTrue(_validator.isValidPolicyItemAccess(access, _failures, new HashSet<String>())); + _failures.clear(); Assert.assertFalse(_validator.isValidPolicyItemAccess(access, _failures, validAccesses)); _utils.checkFailureForMissingValue(_failures, "policy item access type"); } when(access.getType()).thenReturn("anAccess"); // valid when(access.getIsAllowed()).thenReturn(false); // invalid - _failures.clear();assertFalse(_validator.isValidPolicyItemAccess(access, _failures, validAccesses)); + _failures.clear();Assert.assertFalse(_validator.isValidPolicyItemAccess(access, _failures, validAccesses)); _utils.checkFailureForSemanticError(_failures, "policy item access type allowed"); when(access.getType()).thenReturn("newAccessType"); // invalid - _failures.clear(); assertFalse(_validator.isValidPolicyItemAccess(access, _failures, validAccesses)); + _failures.clear(); Assert.assertFalse(_validator.isValidPolicyItemAccess(access, _failures, validAccesses)); _utils.checkFailureForSemanticError(_failures, "policy item access type"); } @@ -696,10 +694,10 @@ public class TestRangerPolicyValidator { Map<String, RangerPolicyResource> resourceMap = _utils.createPolicyResourceMap(policyResourceMap_happyPath); List<RangerResourceDef> resourceDefs = _utils.createResourceDefs(resourceDef_happyPath); when(_serviceDef.getResources()).thenReturn(resourceDefs); - assertTrue(_validator.isValidResourceFlags(resourceMap, _failures, resourceDefs, "a-service-def", "a-policy", true)); + Assert.assertTrue(_validator.isValidResourceFlags(resourceMap, _failures, resourceDefs, "a-service-def", "a-policy", true)); // Since one of the resource has excludes set to true, without admin privilages it should fail and contain appropriate error messages - assertFalse(_validator.isValidResourceFlags(resourceMap, _failures, resourceDefs, "a-service-def", "a-policy", false)); + Assert.assertFalse(_validator.isValidResourceFlags(resourceMap, _failures, resourceDefs, "a-service-def", "a-policy", false)); _utils.checkFailureForSemanticError(_failures, "isExcludes", "isAdmin"); } @@ -718,7 +716,7 @@ public class TestRangerPolicyValidator { Map<String, RangerPolicyResource> resourceMap = _utils.createPolicyResourceMap(policyResourceMap_failures); when(_serviceDef.getResources()).thenReturn(resourceDefs); // should not error out on - assertFalse(_validator.isValidResourceFlags(resourceMap, _failures, resourceDefs, "a-service-def", "a-policy", false)); + Assert.assertFalse(_validator.isValidResourceFlags(resourceMap, _failures, resourceDefs, "a-service-def", "a-policy", false)); _utils.checkFailureForSemanticError(_failures, "isExcludes", "tbl"); _utils.checkFailureForSemanticError(_failures, "isRecursive", "col"); _utils.checkFailureForSemanticError(_failures, "isExcludes", "isAdmin"); @@ -737,8 +735,8 @@ public class TestRangerPolicyValidator { when(_store.getPoliciesByResourceSignature("service-name", hash, true)).thenReturn(policies); policies = new ArrayList<RangerPolicy>(); for (Action action : cu) { - assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, action)); - assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, action)); + Assert.assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, action)); + Assert.assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, action)); } /* * If store has a policy with matching signature then the check should fail with appropriate error message. @@ -748,39 +746,39 @@ public class TestRangerPolicyValidator { RangerPolicy policy1 = mock(RangerPolicy.class); policies.add(policy1); when(_store.getPoliciesByResourceSignature("service-name", hash, true)).thenReturn(policies); when(_policy.getIsEnabled()).thenReturn(true); // ensure policy is enabled - _failures.clear(); assertFalse(_validator.isPolicyResourceUnique(_policy, _failures, Action.CREATE)); + _failures.clear(); Assert.assertFalse(_validator.isPolicyResourceUnique(_policy, _failures, Action.CREATE)); _utils.checkFailureForSemanticError(_failures, "resources"); // same check should pass if the policy is disabled when(_policy.getIsEnabled()).thenReturn(false); - _failures.clear(); assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, Action.CREATE)); - assertTrue("failures collection wasn't empty!", _failures.isEmpty()); + _failures.clear(); Assert.assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, Action.CREATE)); + Assert.assertTrue("failures collection wasn't empty!", _failures.isEmpty()); // For Update match with itself is not a problem as long as it isn't itself, i.e. same id. when(_policy.getIsEnabled()).thenReturn(true); // ensure policy is enabled when(policy1.getId()).thenReturn(103L); when(_policy.getId()).thenReturn(103L); - assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, Action.UPDATE)); + Assert.assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, Action.UPDATE)); // matching policy can't be some other policy (i.e. different id) because that implies a conflict. when(policy1.getId()).thenReturn(104L); - assertFalse(_validator.isPolicyResourceUnique(_policy, _failures, Action.UPDATE)); + Assert.assertFalse(_validator.isPolicyResourceUnique(_policy, _failures, Action.UPDATE)); _utils.checkFailureForSemanticError(_failures, "resources"); // same check should pass if the policy is disabled when(_policy.getIsEnabled()).thenReturn(false); - _failures.clear(); assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, Action.UPDATE)); - assertTrue("failures collection wasn't empty!", _failures.isEmpty()); + _failures.clear(); Assert.assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, Action.UPDATE)); + Assert.assertTrue("failures collection wasn't empty!", _failures.isEmpty()); // And validation should never pass if there are more than one policies with matching signature, regardless of their ID!! RangerPolicy policy2 = mock(RangerPolicy.class); when(policy2.getId()).thenReturn(103L); // has same id as the policy being tested (_policy) policies.add(policy2); when(_policy.getIsEnabled()).thenReturn(true); // ensure policy is enabled - assertFalse(_validator.isPolicyResourceUnique(_policy, _failures, Action.UPDATE)); + Assert.assertFalse(_validator.isPolicyResourceUnique(_policy, _failures, Action.UPDATE)); _utils.checkFailureForSemanticError(_failures, "resources"); // same check should pass if the policy is disabled when(_policy.getIsEnabled()).thenReturn(false); - _failures.clear(); assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, Action.UPDATE)); - assertTrue("failures collection wasn't empty!", _failures.isEmpty()); + _failures.clear(); Assert.assertTrue(_validator.isPolicyResourceUnique(_policy, _failures, Action.UPDATE)); + Assert.assertTrue("failures collection wasn't empty!", _failures.isEmpty()); } @Test @@ -795,7 +793,7 @@ public class TestRangerPolicyValidator { // setup policy Map<String, RangerPolicyResource> policyResources = _utils.createPolicyResourceMap(policyResourceMap_goodMultipleHierarchies); when(_policy.getResources()).thenReturn(policyResources); - assertTrue(_validator.isValidResourceNames(_policy, _failures, _serviceDef)); + Assert.assertTrue(_validator.isValidResourceNames(_policy, _failures, _serviceDef)); } @Test @@ -810,19 +808,19 @@ public class TestRangerPolicyValidator { // setup policy Map<String, RangerPolicyResource> policyResources = _utils.createPolicyResourceMap(policyResourceMap_bad); when(_policy.getResources()).thenReturn(policyResources); - assertFalse("Missing required resource and unknown resource", _validator.isValidResourceNames(_policy, _failures, _serviceDef)); + Assert.assertFalse("Missing required resource and unknown resource", _validator.isValidResourceNames(_policy, _failures, _serviceDef)); _utils.checkFailureForSemanticError(_failures, "policy resources"); // another bad resource map that straddles multiple hierarchies policyResources = _utils.createPolicyResourceMap(policyResourceMap_bad_multiple_hierarchies); when(_policy.getResources()).thenReturn(policyResources); - _failures.clear(); assertFalse("Policy with resources for multiple hierarchies", _validator.isValidResourceNames(_policy, _failures, _serviceDef)); + _failures.clear(); Assert.assertFalse("Policy with resources for multiple hierarchies", _validator.isValidResourceNames(_policy, _failures, _serviceDef)); _utils.checkFailureForSemanticError(_failures, "policy resources", "incompatible"); // another bad policy resource map that could match multiple hierarchies but is short on mandatory resources for all of those matches policyResources = _utils.createPolicyResourceMap(policyResourceMap_bad_multiple_hierarchies_missing_mandatory); when(_policy.getResources()).thenReturn(policyResources); - _failures.clear(); assertFalse("Policy with resources for multiple hierarchies missing mandatory resources for all pontential matches", _validator.isValidResourceNames(_policy, _failures, _serviceDef)); + _failures.clear(); Assert.assertFalse("Policy with resources for multiple hierarchies missing mandatory resources for all pontential matches", _validator.isValidResourceNames(_policy, _failures, _serviceDef)); _utils.checkFailureForSemanticError(_failures, "policy resources", "missing mandatory"); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1a2f3f33/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceValidator.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceValidator.java index b83a932..c0f906b 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceValidator.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceValidator.java @@ -19,9 +19,6 @@ package org.apache.ranger.plugin.model.validation; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -32,10 +29,9 @@ import java.util.Map; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; -import org.apache.ranger.plugin.model.validation.RangerServiceValidator; -import org.apache.ranger.plugin.model.validation.ValidationFailureDetails; import org.apache.ranger.plugin.model.validation.RangerValidator.Action; import org.apache.ranger.plugin.store.ServiceStore; +import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -58,7 +54,7 @@ public class TestRangerServiceValidator { void checkFailure_isValid(RangerServiceValidator validator, RangerService service, Action action, List<ValidationFailureDetails> failures, String errorType, String field, String subField) { failures.clear(); - assertFalse(validator.isValid(service, action, failures)); + Assert.assertFalse(validator.isValid(service, action, failures)); switch (errorType) { case "missing": _utils.checkFailureForMissingValue(failures, field, subField); @@ -70,7 +66,7 @@ public class TestRangerServiceValidator { _utils.checkFailureForInternalError(failures); break; default: - fail("Unsupported errorType[" + errorType + "]"); + Assert.fail("Unsupported errorType[" + errorType + "]"); break; } } @@ -79,13 +75,13 @@ public class TestRangerServiceValidator { public void testIsValid_failures() throws Exception { RangerService service = mock(RangerService.class); // passing in a null service to the check itself is an error - assertFalse(_validator.isValid((RangerService)null, _action, _failures)); + Assert.assertFalse(_validator.isValid((RangerService)null, _action, _failures)); _utils.checkFailureForMissingValue(_failures, "service"); // id is required for update when(service.getId()).thenReturn(null); // let's verify the failure and the sort of error information that is returned (for one of these) - // assert that among the failure reason is one about id being missing. + // Assert.assert that among the failure reason is one about id being missing. checkFailure_isValid(_validator, service, Action.UPDATE, _failures, "missing", "id"); when(service.getId()).thenReturn(7L); @@ -190,7 +186,7 @@ public class TestRangerServiceValidator { // service def exists when(_store.getServiceDefByName("aType")).thenReturn(serviceDef); - assertTrue(_validator.isValid(service, Action.CREATE, _failures)); + Assert.assertTrue(_validator.isValid(service, Action.CREATE, _failures)); // for update to work the only additional requirement is that id is required and service should exist // if name is not null and it points to a service then it should match the id @@ -199,29 +195,29 @@ public class TestRangerServiceValidator { when(existingService.getId()).thenReturn(Long.valueOf(7L)); when(_store.getService(7L)).thenReturn(existingService); when(_store.getServiceByName("aName")).thenReturn(existingService); - assertTrue(_validator.isValid(service, Action.UPDATE, _failures)); + Assert.assertTrue(_validator.isValid(service, Action.UPDATE, _failures)); // name need not point to a service for update to work, of course. when(_store.getServiceByName("aName")).thenReturn(null); - assertTrue(_validator.isValid(service, Action.UPDATE, _failures)); + Assert.assertTrue(_validator.isValid(service, Action.UPDATE, _failures)); } @Test public void test_isValid_withId_errorConditions() throws Exception { // api that takes in long is only supported for delete currently - assertFalse(_validator.isValid(1L, Action.CREATE, _failures)); + Assert.assertFalse(_validator.isValid(1L, Action.CREATE, _failures)); _utils.checkFailureForInternalError(_failures); // passing in a null id is a failure! _validator = new RangerServiceValidator(_store); - _failures.clear(); assertFalse(_validator.isValid((Long)null, Action.DELETE, _failures)); + _failures.clear(); Assert.assertFalse(_validator.isValid((Long)null, Action.DELETE, _failures)); _utils.checkFailureForMissingValue(_failures, "id"); // if service with that id does not exist then that, is ok because delete is idempotent when(_store.getService(1L)).thenReturn(null); when(_store.getService(2L)).thenThrow(new Exception()); - _failures.clear(); assertTrue(_validator.isValid(1L, Action.DELETE, _failures)); - assertTrue(_failures.isEmpty()); + _failures.clear(); Assert.assertTrue(_validator.isValid(1L, Action.DELETE, _failures)); + Assert.assertTrue(_failures.isEmpty()); - _failures.clear(); assertTrue(_validator.isValid(2L, Action.DELETE, _failures)); - assertTrue(_failures.isEmpty()); + _failures.clear(); Assert.assertTrue(_validator.isValid(2L, Action.DELETE, _failures)); + Assert.assertTrue(_failures.isEmpty()); } @Test @@ -229,7 +225,7 @@ public class TestRangerServiceValidator { _validator = new RangerServiceValidator(_store); RangerService service = mock(RangerService.class); when(_store.getService(1L)).thenReturn(service); - assertTrue(_validator.isValid(1L, Action.DELETE, _failures)); + Assert.assertTrue(_validator.isValid(1L, Action.DELETE, _failures)); } private ServiceStore _store;
