Repository: incubator-atlas Updated Branches: refs/heads/master 34f51a2a2 -> a963e9806
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a963e980/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java b/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java new file mode 100644 index 0000000..5041e6f --- /dev/null +++ b/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java @@ -0,0 +1,185 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.atlas.authorize; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.testng.AssertJUnit; +import org.testng.annotations.Test; + + +public class SimpleAtlasAuthorizerTest { + + private static Logger LOG = LoggerFactory.getLogger(SimpleAtlasAuthorizerTest.class); + + @Test + public void testAccessAllowedForUserAndGroup() { + + Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; + Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; + List<String> policies = new ArrayList<String>(); + policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:*abc,type:PII"); + + List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); + PolicyUtil policyUtil = new PolicyUtil(); + // group read map + groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); + // creating user readMap + userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER); + + List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>(); + resourceType.add(AtlasResourceTypes.TYPE); + String resource = "xsdfhjabc"; + AtlasActionTypes action = AtlasActionTypes.READ; + String user = "usr1"; + + List<String> userGroups = new ArrayList<String>(); + userGroups.add("grp3"); + AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups); + SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance(); + + authorizer.setResourcesForTesting(userReadMap, groupReadMap, action); + + try { + boolean isAccessAllowed = authorizer.isAccessAllowed(request); + // getUserReadMap + AssertJUnit.assertEquals(true, isAccessAllowed); + } catch (AtlasAuthorizationException e) { + if (LOG.isErrorEnabled()) { + LOG.error("AtlasAuthorizationException in Unit Test", e); + } + } + + } + + @Test + public void testAccessAllowedForGroup() { + + Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; + Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; + List<String> policies = new ArrayList<String>(); + policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII"); + + List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); + PolicyUtil policyUtil = new PolicyUtil(); + // creating group read map + groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); + // creating user readMap + userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER); + + List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>(); + resourceType.add(AtlasResourceTypes.TYPE); + String resource = "PII"; + AtlasActionTypes action = AtlasActionTypes.READ; + String user = "usr3"; + List<String> userGroups = new ArrayList<String>(); + userGroups.add("grp1"); + AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups); + SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance(); + authorizer.setResourcesForTesting(userReadMap, groupReadMap, action); + + try { + boolean isAccessAllowed = authorizer.isAccessAllowed(request); + AssertJUnit.assertEquals(true, isAccessAllowed); + } catch (AtlasAuthorizationException e) { + if (LOG.isErrorEnabled()) { + LOG.error("AtlasAuthorizationException in Unit Test", e); + } + + } + + } + + @Test + public void testResourceNotAvailableInPolicy() { + + Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; + Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; + List<String> policies = new ArrayList<String>(); + policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII"); + + List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); + PolicyUtil policyUtil = new PolicyUtil(); + // group read map + groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); + // creating user readMap + userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER); + + List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>(); + resourceType.add(AtlasResourceTypes.TYPE); + String resource = "abc"; + AtlasActionTypes action = AtlasActionTypes.READ; + String user = "usr1"; + List<String> userGroups = new ArrayList<String>(); + userGroups.add("grp1"); + AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups); + SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance(); + authorizer.setResourcesForTesting(userReadMap, groupReadMap, action); + + try { + boolean isAccessAllowed = authorizer.isAccessAllowed(request); + AssertJUnit.assertEquals(false, isAccessAllowed); + } catch (AtlasAuthorizationException e) { + if (LOG.isErrorEnabled()) { + LOG.error("AtlasAuthorizationException in Unit Test", e); + } + } + + } + + @Test + public void testAccessNotAllowedForUserAndGroup() { + + Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; + Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; + List<String> policies = new ArrayList<String>(); + policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII"); + + List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); + PolicyUtil policyUtil = new PolicyUtil(); + // group read map + groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); + // creating user readMap + userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER); + + List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>(); + resourceType.add(AtlasResourceTypes.TYPE); + String resource = "PII"; + AtlasActionTypes action = AtlasActionTypes.READ; + String user = "usr3"; + List<String> userGroups = new ArrayList<String>(); + userGroups.add("grp3"); + AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups); + SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance(); + authorizer.setResourcesForTesting(userReadMap, groupReadMap, action); + + try { + boolean isAccessAllowed = authorizer.isAccessAllowed(request); + AssertJUnit.assertEquals(false, isAccessAllowed); + } catch (AtlasAuthorizationException e) { + if (LOG.isErrorEnabled()) { + LOG.error("AtlasAuthorizationException in Unit Test", e); + } + } + + } + +} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a963e980/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java b/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java index ae98b61..a07874a 100644 --- a/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java +++ b/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java @@ -60,7 +60,7 @@ public class FileAuthenticationTest { public void setup() throws Exception { String persistDir = TestUtils.getTempDirectory(); - + setUpPolicyStore(persistDir); setupUserCredential(persistDir); setUpAltasApplicationProperties(persistDir); @@ -75,15 +75,15 @@ public class FileAuthenticationTest { } - private void setUpAltasApplicationProperties(String persistDir) throws Exception{ + private void setUpAltasApplicationProperties(String persistDir) throws Exception { final PropertiesConfiguration configuration = new PropertiesConfiguration(); configuration.setProperty("atlas.login.method", "FILE"); configuration.setProperty("atlas.login.credentials.file", persistDir + "/users-credentials"); - + configuration.setProperty("atlas.auth.policy.file",persistDir + + "/policy-store.txt" ); TestUtils.writeConfiguration(configuration, persistDir + File.separator + ApplicationProperties.APPLICATION_PROPERTIES); - } private void setupUserCredential(String tmpDir) throws Exception { @@ -98,6 +98,15 @@ public class FileAuthenticationTest { FileUtils.write(credentialFile, credentialFileStr.toString()); } + private void setUpPolicyStore(String tmpDir) throws Exception { + StringBuilder policyStr = new StringBuilder(1024); + policyStr.append("adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*"); + File policyFile = new File(tmpDir, "policy-store.txt"); + FileUtils.write(policyFile, policyStr.toString()); + } + + + @Test public void testValidUserLogin() {
